[Freeipa-users] support for rfc2307AIX schema in IPA server

2017-02-21 Thread Iulian Roman
Hello, Does anybody know if the rfc2307aix schema is supported in IPA server (i use red hat IDM version) ? If yes, is there any documentation available ? Was it tested ? I plan for a big migration and full support of the AIX user attributes is one of the prerequisites. -- Manage your

Re: [Freeipa-users] support for rfc2307AIX schema in IPA server

2017-02-21 Thread Iulian Roman
On Tue, Feb 21, 2017 at 4:31 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > Iulian Roman wrote: > > Hello, > > > > Does anybody know if the rfc2307aix schema is supported in IPA server (i > > use red hat IDM version) ? If yes, is there any documentat

[Freeipa-users] WEB UI - wrong fonts or incomplete page loaded

2017-02-24 Thread Iulian Roman
Hello, After a successful installation of the ipa-server when i try to login via WEB UI i've noticed that the web page looks strange (wrong fonts and page seems not completely/correctly loaded). The network debugger in chrome/firefox does display 2 errors : - json /ipa/session/ 401 Unauthorized

Re: [Freeipa-users] WEB UI - wrong fonts or incomplete page loaded

2017-02-24 Thread Iulian Roman
On Fri, Feb 24, 2017 at 4:55 PM, Petr Vobornik <pvobo...@redhat.com> wrote: > On 02/24/2017 12:15 PM, Iulian Roman wrote: > >> Hello, >> >> After a successful installation of the ipa-server when i try to login via >> WEB UI >> i've noticed that the we

Re: [Freeipa-users] WEB UI - wrong fonts or incomplete page loaded

2017-02-24 Thread Iulian Roman
On Fri, Feb 24, 2017 at 5:41 PM, Petr Vobornik <pvobo...@redhat.com> wrote: > On 02/24/2017 05:13 PM, Iulian Roman wrote: > >> >> >> On Fri, Feb 24, 2017 at 4:55 PM, Petr Vobornik <pvobo...@redhat.com >> <mailto:pvobo...@redhat.com>> wrote: >

[Freeipa-users] integrated DNS vs external DNS

2017-02-23 Thread Iulian Roman
Despite reading the freeipa and Redhat IdM documentation regarding the DNS , it is still unclear to me if and when is integrated DNS mandatory . We do have an environment with a pretty complex DNS setup , which is in place for years and there are no plans to change it. if i understood correctly

Re: [Freeipa-users] support for rfc2307AIX schema in IPA server

2017-02-22 Thread Iulian Roman
On Wed, Feb 22, 2017 at 6:03 PM, Michael Ströder <mich...@stroeder.com> wrote: > Iulian Roman wrote: > > On Tue, Feb 21, 2017 at 4:31 PM, Rob Crittenden <rcrit...@redhat.com > > <mailto:rcrit...@redhat.com>> wrote: > > > > Iulian Roman wrote: >

Re: [Freeipa-users] support for rfc2307AIX schema in IPA server

2017-02-23 Thread Iulian Roman
On Wed, Feb 22, 2017 at 9:02 PM, Michael Ströder <mich...@stroeder.com> wrote: > Iulian Roman wrote: > > On Wed, Feb 22, 2017 at 6:03 PM, Michael Ströder <mich...@stroeder.com > > <mailto:mich...@stroeder.com>> wrote: > > > > Iulian Roman wrote: &

[Freeipa-users] staging area and group membership

2017-03-28 Thread Iulian Roman
Hello, Is it possible to directly add a user to certain groups when the user is defined in staging area ? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] compat and nested groups for Unix system

2017-03-20 Thread Iulian Roman
On Mon, Mar 20, 2017 at 4:24 PM, Alexander Bokovoy <aboko...@redhat.com> wrote: > On ma, 20 maalis 2017, Iulian Roman wrote: > >> On Mon, Mar 20, 2017 at 4:00 PM, Alexander Bokovoy <aboko...@redhat.com> >> wrote: >> >> On ma, 20 maalis 2017, Iulian Roman

[Freeipa-users] ldap connector from IIQ to ipa

2017-03-20 Thread Iulian Roman
Hello, We do plan to integrate IPA with IdentityIQ (sailpoint) for user provisioning. Because IPA does abstract all the ldap commands via new set of commands and APIs, i am not sure if the standard ldap connector is the right option and if it is supported ( taking into consideration that a

[Freeipa-users] compat and nested groups for Unix system

2017-03-20 Thread Iulian Roman
Hello, I noticed that nested group feature do not work with the unix ldap clients (AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If i use the cn=compat and change the mapping the nested groups are listed properly. My question is if it is allowed to mix the compat and

Re: [Freeipa-users] compat and nested groups for Unix system

2017-03-20 Thread Iulian Roman
On Mon, Mar 20, 2017 at 4:00 PM, Alexander Bokovoy <aboko...@redhat.com> wrote: > On ma, 20 maalis 2017, Iulian Roman wrote: > >> Hello, >> >> I noticed that nested group feature do not work with the unix ldap clients >> (AIX) if the default groupbasedn (c

[Freeipa-users] ipa-getkeytab client equivalent for Unix

2017-04-06 Thread Iulian Roman
Hello, Can anybody explain briefly what ipa-getkeytab runs under the hood in order to use similar logic for unix clients (will help in automating the registration to IPA server) ? Thank You ! -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] pam_hbac for aix

2017-03-06 Thread Iulian Roman
On Mon, Mar 6, 2017 at 12:20 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > On Mon, Mar 06, 2017 at 10:59:12AM +0100, Iulian Roman wrote: > > Hello, > > > > Does anyone know what is the status with the support for AIX in the > > pam_hbac tool ?

[Freeipa-users] pam_hbac for aix

2017-03-06 Thread Iulian Roman
Hello, Does anyone know what is the status with the support for AIX in the pam_hbac tool ? I've heard from a RH presentation that it is available, although on the project site it does not seem to be supported yet. I would like to know if there are any plans in that direction , because our

Re: [Freeipa-users] IPA Compat + ID Views + AIX 7.1

2017-05-12 Thread Iulian Roman
On Fri, May 12, 2017 at 3:31 PM, wrote: > The shell is shown correctly as ksh in lsuser, so that doesnt appear to be > an issue for the ID view. > My advice would be to start simple ,prove that your authentication works and you can develop a more elaborated setup

Re: [Freeipa-users] IPA Compat + ID Views + AIX 7.1

2017-05-12 Thread Iulian Roman
On Fri, May 12, 2017 at 2:32 PM, wrote: > Hi All, > > > > We’re running a POC to integrate IPA and AIX using AIX KRB5LDAP compound > module. > > All the moving parts seem to be working on their own, however logging in > doesn’t work with SSH on AIX reporting Failed

Re: [Freeipa-users] IPA Compat + ID Views + AIX 7.1

2017-05-12 Thread Iulian Roman
unprivileged user, but su has some different > issues altogether, it doesn’t like @ in usernames which we need at the next > stage (integrating AD Trust) > > > > > > *From:* Iulian Roman [mailto:iulian.ro...@gmail.com] > *Sent:* vrijdag 12 mei 2017 15:56 > *To:* Hummelin

[Freeipa-users] ipa replica between different environments

2017-05-01 Thread Iulian Roman
Hello, is it possible/supported to _clone_ an ipa setup between different environments , disconnect the replicas and use them independently (ex. clone ST to ET and use them as separate IPA servers for ST respective ET clients ? ) or does the disconnect remove the data ? -- Manage your