Re: [Freeipa-users] cn=deleted users,cn=accounts

2016-10-30 Thread Pavel Vomacka
Hello Michael, Yes, the deleter dialog on details page was extended in version 4.4 ( https://fedorahosted.org/freeipa/ticket/5370 ). On 10/27/2016 02:45 PM, Michael Ströder wrote: Michael Ströder wrote: I wonder which action in the FreeIPA Web UI (4.2.0) moves an active user to this containe

Re: [Freeipa-users] PWM password self-service integration with FreeIPA

2016-10-30 Thread Elwell, Jason
I have updated the gist using the PWM documentation I found to do just that. Let me know if that is more acceptable. I'm feeling my way through this, please pardon my lack of savoir-faire. See latest at https://gist.github.com/PowerWagon/d794a1233d7943f1614d2ae5223e678a *Jason Elwell* *Office:

Re: [Freeipa-users] Setting "preserve" as default action when deleting in webUI

2016-10-30 Thread Petr Vobornik
On 10/21/2016 02:13 PM, Sébastien Julliot wrote: > Hi everyone, > > > In order to prevent administrators to make mistakes that could have > > silly consequences, I would like to set "preserve" as the default selected > > action in freeipa's webui. > > What do you think would be the best way to

Re: [Freeipa-users] FreeIPA domains and sub-domains

2016-10-30 Thread Brian Candler
On 27/10/2016 10:07, Brian Candler wrote: To the OP: in that case, I'd still recommend that you choose a distinct kerberos realm like IPA.YOURCOMPANY.COM, with associated primary domain "ipa.yourcompany.com", and let FreeIPA manage that domain so that it sets up all the right SRV records for a

Re: [Freeipa-users] ipa automount bug?

2016-10-30 Thread William Muriithi
Rob, >>> >>> 2. How would one import an existing maps to ipa auto.home map. Import >>> seem to be only capable of importing to auto.master, which make its >>> utility doubtful >>> >>> [root@hydrogen ~]# ipa automountlocation-import default >>> /tmp/2016-10-26/auto.home >>> >>> Imported maps: >>>

[Freeipa-users] is ipa-client-automount idempotent?

2016-10-30 Thread William Muriithi
Morning, I am curious to know if ipa-client-automount would be safe to rerun multiple times. I have done a bit of google search and this don't seem to have been discussed previously in this list. I have attempted to rerun it on a system multiple time and don't seem to break anything, but that do

Re: [Freeipa-users] is ipa-client-automount idempotent?

2016-10-30 Thread William Muriithi
Hi On 30 October 2016 at 03:26, William Muriithi wrote: > Morning, > > I am curious to know if ipa-client-automount would be safe to rerun > multiple times. I have done a bit of google search and this don't > seem to have been discussed previously in this list. > Ignore this question please. I

[Freeipa-users] OTP: using external validation server for Yubikeys?

2016-10-30 Thread Jochen Hein
Hi, I'm running my own privacyidea instance to manage my Yubikey and other OTP tokens. Right now I have to decide, in which system my Yubikey is managed - right now it is in privacyidea. My token is in yubico mode, so no HOTP/TOTP for now. For now I run a FreeRADIUS as a frontend to privacyidea