Re: [Freeipa-users] host name too long for Web interface

2012-05-09 Thread Petr Vobornik
if you know how it should look. 3) in browser JavaScript console execute: IPA.nav.show_page('host', 'search') Note: the params are: entity name, page name, primary key. -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https

Re: [Freeipa-users] sudo documentation 6.3beta documentation page 279 section 13.2.1.1.

2012-06-05 Thread Petr Vobornik
, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users

Re: [Freeipa-users] How can I change my password from a python script?

2012-06-28 Thread Petr Vobornik
: sys.exit('ERROR: something bad happened #3') But I was wondering whether there was a better using the IPA API. Is there a way for me to do that? Any help or insights would be greatly appreciated. Thanks, Joe -- Petr Vobornik

Re: [Freeipa-users] self service password reset

2012-07-12 Thread Petr Vobornik
] https://fedorahosted.org/freeipa/ticket/2755 -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] 2.20 dirsrv memory usage

2012-07-18 Thread Petr Vobornik
can (at own risk) replace line /usr/share/ipa/ui/facet.js:538 that.pagination = spec.pagination === undefined ? true : spec.pagination; with: that.pagination = false; Note: It will break some other parts of the UI - so for testing only. Steve -- Petr Vobornik

Re: [Freeipa-users] 2.20 dirsrv memory usage

2012-07-19 Thread Petr Vobornik
On 07/18/2012 08:59 PM, Stephen Ingram wrote: On Wed, Jul 18, 2012 at 6:45 AM, Petr Vobornik pvobo...@redhat.com wrote: On 07/17/2012 11:43 PM, Stephen Ingram wrote: 8-- I'm beginning to think this is just the Web UI itself instead of 389 although it is really difficult to tell. I've

Re: [Freeipa-users] 3.0 beta1 install on Fedora 17 - No DNS Zones

2012-07-26 Thread Petr Vobornik
- - Any pointers? Thanks, Mike I think you are experiencing https://fedorahosted.org/freeipa/ticket/2906 It's a bug introduced by dns per-domain permissions https://fedorahosted.org/freeipa/ticket/2511. As you see in track, it should be fixed in beta 2. -- Petr Vobornik

Re: [Freeipa-users] User Administrator role from the web UI

2012-08-02 Thread Petr Vobornik
in browser's console (press F12 in most browsers or CTRL+SHIFT+K in latest Firefox in Fedora) after successful login. Look for 'admin' in memberof_group, memberofindirect_group or anything in memberof_role. -- Petr Vobornik ___ Freeipa-users mailing

Re: [Freeipa-users] Default Expiry on IPA?

2012-08-28 Thread Petr Vobornik
by following command: # ipa pwpolicy-mod --maxlife=1000 Or in Web UI: Policy/Password Policies/global_policy When user resets his password this policy will be applied on it. IPA CLI and Web UI don't have options to set user password's expiration date directly. Regards -- Petr Vobornik

Re: [Freeipa-users] how do i apply patch?

2013-01-09 Thread Petr Vobornik
/reset_password.js and the modifications in install/ui/ipa.css from the changeset you linked. In any case I do not recommend to such modifications. They have high potential to break things. HTH -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users

Re: [Freeipa-users] JSON-RPC documentation?

2013-01-15 Thread Petr Vobornik
@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Upgrade to 3.1.2: web UI no longer works

2013-02-05 Thread Petr Vobornik
be filled http header named X-IPA-Rejection-Reason. If you manage to get session, check expiration of ipa_session cookie. -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Account Expiration

2013-02-07 Thread Petr Vobornik
knowledge of Web UI code. It's easier to modify user page source codes. For simple edit (just textbox, no calendar widget) it may be just one line of code (in WebUI, server plugin will require more work). I know that Petr Vobornik is already working in better extensibility of the UI

Re: [Freeipa-users] The htaccess login pop-up window appears but login never succeeds

2013-02-11 Thread Petr Vobornik
. Is it possible, that you, or some other application on the machine modified apache configuration and enabled it? HTH -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Account Expiration

2013-03-25 Thread Petr Vobornik
text_widget, override create method and probably do some format conversion in update and save methods. Register the new widget to widget repository. Then, one has to modify spec of appropriate facets to use it. HTH 2013/2/7 Petr Vobornik pvobo...@redhat.com mailto:pvobo...@redhat.com

Re: [Freeipa-users] User Roles and access in GUI

2013-04-16 Thread Petr Vobornik
modification of url and thus showing details of another user. Perhaps it's better to just put together a new WebUI using the Python API, however, with the fantastic new password reset page in 3.x, I've become lazy and let users access IPA directly. Steve -- Petr Vobornik

Re: [Freeipa-users] Updating the WebUI user form

2013-06-24 Thread Petr Vobornik
creation is described in extension guide[4]. [1] http://www.freeipa.org/page/V3/WebUI_plugins [2] http://pvoborni.fedorapeople.org/doc/ [3] http://www.redhat.com/archives/freeipa-devel/2013-April/msg00423.html [4] http://abbra.fedorapeople.org/guide.html#sec-4 -- Petr Vobornik

Re: [Freeipa-users] new issue with ssh key in the interface

2013-07-17 Thread Petr Vobornik
(ssh-rsa) Each fingerprint is followed by 'Show/Set key' and 'Delete' buttons. I can't comment the CLI part without more information: key and exact command you used. HTH -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https

Re: [Freeipa-users] new issue with ssh key in the interface

2013-07-17 Thread Petr Vobornik
procedure for a host, got the same exact results. Tried to ssh as the user to the host that has keys set via command line, get the message that the keys could not be validated. Thanks. -Kenny On Wed, 2013-07-17 at 10:33 +0200, Petr Vobornik wrote: On 07/16/2013 07:24 PM, Armstrong, Kenneth

Re: [Freeipa-users] How to communicate IPA with PHP

2013-07-26 Thread Petr Vobornik
the PHP scripts. The native API is json/xml-rpc. They are currently equivalent. In the near future we are going to mark xml-rpc as deprecated and it will start to fall behind in features, and eventually we may drop it altogether. rob -- Petr Vobornik

Re: [Freeipa-users] IPA Server UI Behind Proxy

2013-08-14 Thread Petr Vobornik
of the issue. HTH -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] IPA Server UI Behind Proxy

2013-08-14 Thread Petr Vobornik
://bugzilla.redhat.com/show_bug.cgi?id=747710 Andrew On Wed, Aug 14, 2013 at 5:36 PM, Petr Vobornik pvobo...@redhat.com wrote: On 08/14/2013 08:00 AM, Andrew Lau wrote: Hi, I've got my FreeIPA setup in an internal infrastructure, but I want to be able to have users access the web UI externally

Re: [Freeipa-users] Form Based Login

2014-01-10 Thread Petr Vobornik
. Screenshot may help us to determine what's the problem. -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Form Based Login

2014-01-10 Thread Petr Vobornik
the username and password into the fields on the form and hit 'enter' key. Btw, if you don't specify password, it will try negotiate method. -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo

Re: [Freeipa-users] Grey button in Reset password in the gui

2014-02-19 Thread Petr Vobornik
group so all full access right. thks Barry Hello, This link is enabled when logged in user has write permission for userpassword attribute. HTH -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman

Re: [Freeipa-users] Theming FreeIPA

2014-05-19 Thread Petr Vobornik
On 19.5.2014 09:05, Martin Kosek wrote: On 05/17/2014 04:27 PM, Christopher Swingler wrote: Short and to the point, but I have the same question. :) On May 16, 2014, at 9:08 PM, Chris Whittle cwhi...@gmail.com wrote: Is there a doc anywhere? CC-ing Petr Vobornik to help with that. You can

Re: [Freeipa-users] Getting Samba3 and FreeIPAv3 working together

2014-05-22 Thread Petr Vobornik
but will probably use RHEL/CentOS 7 when available for production. FreeIPA versions 3.0.0 on CentOS 6.5 and 3.3.5 on Fedora 20. -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Export user and host list to a csv or text file

2014-05-23 Thread Petr Vobornik
] ~ This will print one host for each new line. Martin -- Petr Vobornik ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Getting Samba3 and FreeIPAv3 working together

2014-05-26 Thread Petr Vobornik
. BTW, the version of Samba I'm testing against is 3.6.9-168 on CentOS 6.5. Thanks again for your information and patience, Dylan. On 22 May 2014 14:19, Petr Vobornik pvobo...@redhat.com wrote: On 22.5.2014 14:19, Sumit Bose wrote: On Tue, May 20, 2014 at 02:00:18PM +0100, Dylan Evans wrote

Re: [Freeipa-users] PatternFly questions

2014-07-18 Thread Petr Vobornik
://www.redhat.com/archives/freeipa-devel/2012-August/msg00295.html Still a huge improvement though - these are just niggles. Cheers D -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more

Re: [Freeipa-users] add solaris attribiutes to IPA

2014-07-28 Thread Petr Vobornik
provides. When IPA started there was no common access control mechanism across *nixes. We looked at the available options and ended up rolling our own which we called HBAC. rob -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman

Re: [Freeipa-users] add solaris attribiutes to IPA

2014-07-29 Thread Petr Vobornik
and RHEL/CentOS 7. From: Petr Vobornik pvobo...@redhat.com To: mohammad sereshki mohammadseres...@yahoo.com; Rob Crittenden rcrit...@redhat.com; freeipa-users@redhat.com freeipa-users@redhat.com Sent: Monday, July 28, 2014 8:10 PM Subject: Re: [Freeipa-users] add

Re: [Freeipa-users] FreeIPA Web UI error: Service Unavailable

2014-09-11 Thread Petr Vobornik
/ipa.conf , reason should be in the log Have you any idea? -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] FreeIPA Web UI error: Service Unavailable

2014-09-11 Thread Petr Vobornik
access Web UI, but it doesn't work). Does CLI work on the server? On 11-09-2014 14:18, Petr Vobornik wrote: Hello Tevfik, comments inline On 11.9.2014 12:24, Tevfik Ceydeliler wrote: Hi all, I tried to do single sign on for FreeIPa Web UI according to 4.3.3. Configuring the Browser I did

Re: [Freeipa-users] users in groups but user entry does not show groups

2014-09-18 Thread Petr Vobornik
or somewhere else. When you run CLI command: ipa user-show brogOBFUSCATED Does it list 'p309-mm' or any other group name in 'Member of groups' line? On the second screenshot the obfuscated user login looks like it has space in it. I hope it's just an illusion. HTH -- Petr Vobornik

Re: [Freeipa-users] Extending FreeIPA 3

2014-09-18 Thread Petr Vobornik
limited extensibility support. User can add his own code to /share/ipa/ui/ext/extension.js but usually it's more easy to edit webui code in /share/ipa/ui/ directly. This approach brings other issues so use at your own risk. [1] https://fedorahosted.org/freeipa/ticket/3235 HTH -- Petr Vobornik

[Freeipa-users] Announcing FreeIPA 4.1.0

2014-10-23 Thread Petr Vobornik
idviews: Make sure only regular IPA objects are allowed to be overriden idviews: Create Default Trust View for upgraded servers idviews: Fix typo in upgrade handling of the Default Trust View spec: Bump SSSD requires to 1.12.2 -- Petr Vobornik -- Manage your subscription

[Freeipa-users] Announcing FreeIPA 4.0.4

2014-10-23 Thread Petr Vobornik
to be resolvable * test_forced_client_reenrollment: Don't check for host certificates * sudo integration test: Remove the local user test === Petr Vobornik (4) === * webui-ci: case-insensitive record check * dns: fix privileges' memberof during dns install * build: increase java stack size for all

[Freeipa-users] Announcing FreeIPA 4.0.5

2014-11-06 Thread Petr Vobornik
after OTP validation === Petr Vobornik (1) === * Become IPA 4.0.5 === Thierry bordaz (tbordaz) (1) === * Deadlock in schema compat plugin (between automember_update_membership task and dse update) -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https

[Freeipa-users] Announcing FreeIPA 4.1.1

2014-11-06 Thread Petr Vobornik
validation === Petr Spacek (1) === * Fix zone name to directory name conversion in BINDMgr. === Petr Vobornik (2) === * build: increase java stack size for all arches * Become IPA 4.1.1 === Thierry bordaz (tbordaz) (1) === * Deadlock in schema compat plugin (between automember_update_membership task

Re: [Freeipa-users] Free ipa Configurations

2014-11-11 Thread Petr Vobornik
skipped this thread b/c the subject didn't look like it was SSSD-related. I think we need to examine SSSD logs... -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info

[Freeipa-users] Announcing FreeIPA 4.1.2

2014-11-27 Thread Petr Vobornik
for various cli tools -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA V3 Backup and recovery

2014-11-28 Thread Petr Vobornik
. Hello Eldo, sounds like: https://fedorahosted.org/freeipa/ticket/4726 try to run: sudo -u apache kdestroy after the restore -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org

Re: [Freeipa-users] WebUI authentication problems

2015-02-20 Thread Petr Vobornik
check the pointers on this page though. If none of them help, it may help to show us: - the Kerberos ticket and default encryptions: $ kinit $ klist -e - any related Kerberos errors from /var/log/krb5kdc.log Martin -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list

Re: [Freeipa-users] Renaming Sudo rule name

2015-02-10 Thread Petr Vobornik
=a37f5faa-b0ff-11e4-a92e-001a4a22218e,cn=sudorules,cn=sudo,dc=example,dc=com changetype: modify replace: cn cn: newName Though, I'm not sure if it would cause some undesired side effects. https://fedorahosted.org/freeipa/ticket/2466 https://fedorahosted.org/freeipa/ticket/2911 HTH -- Petr Vobornik

Re: [Freeipa-users] admin password is always expired

2015-02-10 Thread Petr Vobornik
ldappasswd won't help if the culprit is global or other IPA password policy. You can change the policy in LDAP as Directory Manager. It's located in: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com then you can try to kinit and set the new password. -- Petr Vobornik -- Manage your

[Freeipa-users] Announcing FreeIPA 4.1.4

2015-03-26 Thread Petr Vobornik
DNA and slapi-nis -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Announcing FreeIPA 4.1.3

2015-02-25 Thread Petr Vobornik
for referential integrity plugin applied on ipaAssignedIDView * ipatests: Fix old command references in the ID views tests * ipatests: Fix incorrect assumptions in idviews tests -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-users] Web UI plugins or other extensions

2015-02-25 Thread Petr Vobornik
it from top of my head). HTH -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] web interface for FREEIPA runtime error

2015-04-21 Thread Petr Vobornik
procude any other error notification. E.g. an error dialog with some message. If you open a browser developer tools/console tab. Do you see there any errors? Does it work if you hard-reload the web page (usually ctrl+F5). -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing

Re: [Freeipa-users] FreeIPA WebUI Logout logs back in

2015-04-29 Thread Petr Vobornik
different and unexpected. I've created a new ticket: https://fedorahosted.org/freeipa/ticket/5008 -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] FreeIPA WebUI Logout logs back in

2015-04-29 Thread Petr Vobornik
-expired TGT ticket which could be then used to obtain ticket for principal HTTP/myipa.my.domain@MY.REALM (IPA server API - backend of webui). Cheers Chris From: Petr Vobornik pvobo...@redhat.com To: d...@redhat.com, Rob Crittenden rcrit...@redhat.com, Christopher Lamb

Re: [Freeipa-users] Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

2015-04-30 Thread Petr Vobornik
-- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

2015-05-04 Thread Petr Vobornik
= Date.now() - date.getTime(); var minutes = diff / 1000 / 60; new ticket: https://fedorahosted.org/freeipa/ticket/5015 [1] https://tools.ietf.org/html/rfc2616#section-14.18 [2] https://tools.ietf.org/html/rfc2616#section-3.3.1 -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing

Re: [Freeipa-users] IPA Web UI - blank screen

2015-04-07 Thread Petr Vobornik
? https://pvoborni.fedorapeople.org/doc/#!/guide/Debugging -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] blank user screen? (web UI)

2015-06-22 Thread Petr Vobornik
On 06/22/2015 04:15 PM, Janelle wrote: On 6/22/15 5:15 AM, Petr Vobornik wrote: On 06/21/2015 08:35 AM, Janelle wrote: Hi, Sure. Just login as a normal user to the WEB UI. screen is blank: Of course, if you click on Actions - you will see those and you can click on them, but you can't do

Re: [Freeipa-users] blank user screen? (web UI)

2015-06-22 Thread Petr Vobornik
On 06/22/2015 06:39 PM, Janelle wrote: On 6/22/15 9:25 AM, Petr Vobornik wrote: On 06/22/2015 04:15 PM, Janelle wrote: On 6/22/15 5:15 AM, Petr Vobornik wrote: On 06/21/2015 08:35 AM, Janelle wrote: Hi, Sure. Just login as a normal user to the WEB UI. screen is blank: Of course, if you

Re: [Freeipa-users] blank user screen? (web UI)

2015-06-22 Thread Petr Vobornik
to http://freeipa.org for more info on the project -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] invalid 'permission': cannot add permission System: Read HBAC Rules with bindtype all to a privilege

2015-06-23 Thread Petr Vobornik
stuff. Exception is DNS (and maybe some other entries). DNS is not readable by everybody by default. -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Announcing FreeIPA 4.2.0 Alpha 1

2015-06-22 Thread Petr Vobornik
option in plugins * replica-manage: Properly delete nested entries * Add Domain Level feature -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] SEC_ERROR_LEGACY_DATABASE

2015-05-29 Thread Petr Vobornik
. SEC_ERROR_LEGACY_DATABASE error suggests that it fails on initialization of NSS database which is not dependent on stored certificate. Thanks! David On May 29, 2015, at 1:35 AM, Petr Vobornik pvobo...@redhat.com wrote: On 05/29/2015 10:02 AM, Martin Kosek wrote: On 05/29/2015 01:27 AM, David Lin wrote

Re: [Freeipa-users] SEC_ERROR_LEGACY_DATABASE

2015-05-29 Thread Petr Vobornik
notice that when i do ipa host-show there is no certificate listed. If you are using FreeIPA 4.1+, this is expected: https://fedorahosted.org/freeipa/ticket/4449 Martin -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo

Re: [Freeipa-users] SEC_ERROR_LEGACY_DATABASE

2015-05-29 Thread Petr Vobornik
load_certificate function in /usr/lib/python2.7/site-packages/ipalib/x509.py, line ~ 112 ouput will be in /var/log/httpd/error_log Thanks, David On 05/29/2015 02:05 AM, Petr Vobornik wrote: On 05/29/2015 10:45 AM, David Lin wrote: ipa host-find produces this ipa: ERROR: Certificate format error

Re: [Freeipa-users] problem with keytab for ipa user-add

2015-06-01 Thread Petr Vobornik
On 06/01/2015 11:36 AM, Bob Hinton wrote: On 01/06/2015 09:55, Petr Vobornik wrote: On 05/31/2015 12:21 PM, Bob Hinton wrote: Hello, I've written a Ruby script to add IPA users from CSV files. This works fine when specifying a username and password. However, using a keytab produces an error

Re: [Freeipa-users] problem with keytab for ipa user-add

2015-06-01 Thread Petr Vobornik
settings, access control information) and Audit (events, : logs, analysis thereof). If you are installing an IPA server you need : to install this package (in other words, most people should NOT install : this package). -- Petr Vobornik -- Manage your

Re: [Freeipa-users] Web interface session timeout

2015-05-26 Thread Petr Vobornik
' -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ERROR: Operations error: Allocation of a new value for range cn=posix ids, cn=distributed numeric assignment plugin, cn=plugins, cn=config failed! Unable to proceed.

2015-05-26 Thread Petr Vobornik
tool. -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] users- ssh keys self service

2015-08-14 Thread Petr Vobornik
that is on the ACTION button, which remains visible. Are there any troubleshooting suggestions for this? I have not customized anything. Thank you ~J -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-16 Thread Petr Vobornik
for me. Up plz. Is there anything related to the connection error in dirsrv logs? /var/log/dirsrv/slapd-EXAMPLE-COM/errors /var/log/dirsrv/slapd-EXAMPLE-COM/access -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-20 Thread Petr Vobornik
ipa.mydomain.org -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] REST/JSON API: Howto add a user that is not expired

2015-11-12 Thread Petr Vobornik
:0,"method":"user_add"} The user is added to IPA, but the user is still forced to change it's password. In the response I could see that my krbpasswordexpiration is ignored. Any ideas what I'm doing wrong? Thanks Oliver -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Announcing FreeIPA 4.2.3

2015-11-02 Thread Petr Vobornik
omains tests * idoverride: Ignore ValidationErrors when converting the anchor * tests: Add tests for idoverride object integrity * trusts: Make trust_show.get_dn raise properly formatted NotFound * trustdomain: Perform validation of the trust domain first -- Petr Vobornik -- Manage your subscript

Re: [Freeipa-users] unable to delete dead freeipa replica

2015-11-06 Thread Petr Vobornik
rce flag, remove leftover references to an already deleted master. -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] unable to delete dead freeipa replica

2015-11-06 Thread Petr Vobornik
-prod-a-033.cloud.foo.com. Then you can try to check DNS settings, easy in Web UI, and remove references to old server if there are any. Cheers, Andrew On 6 November 2015 at 15:28, Petr Vobornik <pvobo...@redhat.com> wrote: On 11/05/2015 05:32 PM, Andrew Holway wrote: Actual

[Freeipa-users] Announcing FreeIPA 4.2.2

2015-10-08 Thread Petr Vobornik
e collisions in the names of external groups -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA 3.0.0) servers

2015-10-06 Thread Petr Vobornik
On 09/22/2015 01:03 AM, Craig White wrote: -Original Message- From: Petr Vobornik [mailto:pvobo...@redhat.com] Sent: Friday, September 18, 2015 1:44 AM To: Craig White; Martin Kosek; freeipa-users@redhat.com; Jan Cholasta Subject: Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA

[Freeipa-users] Announcing FreeIPA 4.2.0

2015-07-10 Thread Petr Vobornik
* Hide topology and domainlevel features * dcerpc: Raise ACIError correctly * adtrustinstance: Enable and start oddjobd * upgrade: Enable and start oddjobd if adtrust is available -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo

Re: [Freeipa-users] Announcing FreeIPA 4.2.0

2015-07-10 Thread Petr Vobornik
On 07/10/2015 02:40 PM, Jan Pazdziora wrote: On Fri, Jul 10, 2015 at 10:26:11AM +0200, Petr Vobornik wrote: The FreeIPA team is proud to announce FreeIPA v4.2.0 release! It can be downloaded from http://www.freeipa.org/page/Downloads. The builds for Fedora 22 and Fedora Rawhide

Re: [Freeipa-users] Announcing FreeIPA 4.2.0

2015-07-10 Thread Petr Vobornik
On 07/10/2015 04:51 PM, Jan Pazdziora wrote: On Fri, Jul 10, 2015 at 04:09:45PM +0200, Petr Vobornik wrote: Some of the dependencies are still in updates-testing repository. They have been added to the COPR repository. Now FreeIPA 4.2 could be installed even with the updates-testing repo

Re: [Freeipa-users] Announcing FreeIPA 4.2.0

2015-07-10 Thread Petr Vobornik
On 07/10/2015 02:55 PM, Jan Pazdziora wrote: On Fri, Jul 10, 2015 at 02:40:58PM +0200, Jan Pazdziora wrote: On Fri, Jul 10, 2015 at 10:26:11AM +0200, Petr Vobornik wrote: The FreeIPA team is proud to announce FreeIPA v4.2.0 release! It can be downloaded from http://www.freeipa.org/page

Re: [Freeipa-users] Troubles with extending FreeIPA Web UI to fit my environment

2015-09-01 Thread Petr Vobornik
e comparison by an entity name would help. Best regards Mateusz Małek Intelligent Information Systems Group Department of Computer Science AGH University of Science and Technology, Kraków, Poland -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://w

Re: [Freeipa-users] Troubles with extending FreeIPA Web UI to fit my environment

2015-09-09 Thread Petr Vobornik
On 09/05/2015 09:12 PM, Mateusz Małek wrote: W dniu 01.09.2015 o 13:27, Petr Vobornik pisze: On 08/27/2015 05:17 AM, Mateusz Małek wrote: We're trying to adjust FreeIPA to our environment... quite a bit. Here are some bullet points: (...) For points 3, 5, 6 and to limit available choices

Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA 3.0.0) servers

2015-09-17 Thread Petr Vobornik
/tree/ipaserver/install/replication.py#n1185 2) File a ticket to avoid get_ruv function exit the whole "del" command when --force is in play to fix this long-term https://fedorahosted.org/freeipa/ticket/5307 -- Petr Vobornik -- Manage your subscription for the Freeipa-users ma

[Freeipa-users] Announcing FreeIPA 4.2.1

2015-09-17 Thread Petr Vobornik
nstall: Correctly determine 4.2 FreeIPA servers * trusts: Detect domain clash with IPA domain when adding a AD trust * trusts: Detect missing Samba instance * winsync-migrate: Add warning about passsync * winsync-migrate: Expand the man page === Yuri Chornoivan (1) === * Fix minor typos -- Petr Voborn

Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA 3.0.0) servers

2015-09-18 Thread Petr Vobornik
On 09/17/2015 06:19 PM, Craig White wrote: -Original Message- From: Petr Vobornik [mailto:pvobo...@redhat.com] Sent: Thursday, September 17, 2015 4:59 AM To: Martin Kosek; Craig White; freeipa-users@redhat.com; Jan Cholasta Subject: Re: [Freeipa-users] last step in retiring old RHEL 6

Re: [Freeipa-users] Cannot connect to FreeIPA web UI anymore

2015-10-05 Thread Petr Vobornik
freeipa-users Go to http://freeipa.org for more info on the project -- / Alexander Bokovoy -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- / Alex

[Freeipa-users] Announcing FreeIPA 4.3.0

2015-12-18 Thread Petr Vobornik
d hostmask detection for sudo rules validating on hostmask * replicainstall: Add check for domain if server is specified * replicainstall: Make sure the enrollment state is preserved === Yuri Chornoivan (2) === * Fix minor typos * Fix minor typos -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Want faster user-add

2015-12-22 Thread Petr Vobornik
with one call and save some network calls. Example could be seen in this ugly script: https://pvoborni.fedorapeople.org/scripts/ipa-generate-users.sh -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http

Re: [Freeipa-users] web ui runtime error

2015-11-23 Thread Petr Vobornik
negroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:9085 tn@https://moria.menegroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:8961 nn@https://moria.menegroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:9025 ln/i@https://moria.menegroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:10123 p.injectUrl/i@https://moria.menegroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:12306 Do I have to do something to enable username/password auth for this version of IPA? -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] [FreeIPA 4.3.0] Limits exceeded for this query

2016-06-08 Thread Petr Vobornik
- what is the size and time limit configured -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Replica without CA: implications?

2016-06-08 Thread Petr Vobornik
ords You need to identify which one is INCORRECT and then run ipa-replica-manage clean-ruv $incorrect command. The CORRECT one can identified with: ldapsearch -ZZ -h ipa2.localdomain.local -D "cn=Directory Manager" -W -b "dc=localdomain,dc=local" "(&(objectclass=ns

Re: [Freeipa-users] Unable to access to web ui

2016-06-03 Thread Petr Vobornik
y/2016:12:14:10 +0200] NSACLPlugin - The ACL target > cn=automember > > rebuild membership,cn=tasks,cn=config does not exist > > [26/May/2016:12:14:10 +0200] - Skipping CoS Definition cn=Password > > Policy,cn=accounts,dc=bioinf,dc=local--no CoS Templates found, w

Re: [Freeipa-users] FreeIPA 4.2.0: An error has occurred (IPA Error 4301: CertificateOperationError)

2016-06-13 Thread Petr Vobornik
ert-signing master? > > Thanks, > > Dan > > /This message and any attachments may contain confidential or privileged > > information and are only for the use of the intended recipient of this > > message. If you are not the intended recipient, please notify the sender > > by return email, and delete or destroy this and all copies of this > > message and all attachments. Any unauthorized disclosure, use, > > distribution, or reproduction of this message or any attachments is > > prohibited and may be unlawful./ > > *From: *Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> > > *Date: *Friday, June 10, 2016 at 14:48 > > *To: *Daniel Finkestein <dan.finkelst...@high5games.com > <mailto:dan.finkelst...@high5games.com>>, > > "freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>" > <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>> > > *Subject: *Re: [Freeipa-users] FreeIPA 4.2.0: An error has occurred (IPA > > Error 4301: CertificateOperationError) > > I'd reinstall some rpms to properly create these: > > tomcat > > pki-base > > pki-server > > I'm not positive it will fix permissions, rpm -V on the same may point > > out problems as well. > > rob > > > -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Multiple issues (weblogin, DNS) with 4.3.1

2016-06-17 Thread Petr Vobornik
d[22469]: WARNING: yacc > table file version is out of date > May 27 14:08:29 kaitain.pipebreaker.pl ipa-dnskeysyncd[22469]: WARNING: > Couldn't create 'pycparser.yacctab'. [Errno 13] Permission denied: > 'yacctab.py' > > Also (related?) error during 'ipactl' invocations: > $ ipactl

[Freeipa-users] Announcing FreeIPA 4.4.0 alpha1

2016-06-21 Thread Petr Vobornik
ipa-adtrust-install: Allow dash in the NETBIOS name spec: Bump required sssd version to 1.13.3-5 adtrustinstance: Make sure smb.conf exists l10n: Remove Transifex configuration ipalib: Fix user certificate docstrings idviews: Add user certificate attribute to user

Re: [Freeipa-users] Browser login to IPA "Authentication Required" prompt

2016-01-18 Thread Petr Vobornik
ed as a 2 factor authentication for browser login? CCing Petr to be aware of this question. But first, I would be curious - what browser version do you use and what FreeIPA version do you use? Do you see the same troubling behavior with FreeIPA demo [1]? [1] http://www.freeipa.org/page/Demo -- Petr Vob

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

2016-01-18 Thread Petr Vobornik
/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 947, in error_handler raise errors.DuplicateEntry() 2016-01-18T03:29:55Z DEBUG The ipa-replica-install command failed, exception: DuplicateEntry: This entry already exists 2016-01-18T03:29:55Z ERROR This entry already exists 2016-01-18T03:29:55Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Browser login to IPA "Authentication Required" prompt

2016-01-18 Thread Petr Vobornik
On 01/18/2016 04:34 PM, Petr Vobornik wrote: On 01/18/2016 04:01 PM, Adam Kaczka wrote: This happens with FreeIPA version 4.2.0 and also version 3.0.0 with latest Chrome (47.0.2526.111 m) and IE 11 (11.63.10586.0). The issue does not occur with FF (43.0.4). I tried the demo page and same

Re: [Freeipa-users] OS migration from Fedora to CentOS?

2016-02-05 Thread Petr Vobornik
using ipa-server-install --uninstall 2. Do we have to update to intermediate versions and if so how? Should not be necessary. Could we do anything else? Thank you for any hints, Kind regards, — Christophe -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing

Re: [Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your session has expired

2016-02-02 Thread Petr Vobornik
Bokovoy <aboko...@redhat.com> To: Christopher Lamb/Switzerland/IBM@IBMCH Cc: Petr Vobornik <pvobo...@redhat.com>, freeipa-users@redhat.com, wodel youchi <wodel.you...@gmail.com> Date: 02.02.2016 09:32 Subject:Re: [Freeipa-users] [Centos7.2 Freeipa 4

  1   2   3   >