Sam Hartsfield wrote:
On Mon, Nov 16, 2009 at 10:16 AM, Rich Megginson rmegg...@redhat.com wrote:
Sam Hartsfield wrote:
On Thu, Nov 12, 2009 at 3:38 PM, Rich Megginson rmegg...@redhat.com
wrote:
Sam Hartsfield wrote:
I am using FreeIPA 1.2.2 and trying
?? ? wrote:
Hello!
I'am using freeIPA on fedora 9 - Master server, on replica fedora 11.
after ipa-replica-install on fedora 11 I'm try to start dirsrv and see
next message:
KBTM-SPB-RU...[11/Dec/2009:16:30:56 +0300] dse - The entry cn=schema in
file
1dc5c758d22e77f2
Packager: Fedora Project
URL : http://port389.org/
Summary : 389 Directory Server (base)
Was this an upgrade from an earlier installation?
В Птн, 11/12/2009 в 08:23 -0700, Rich Megginson пишет:
?? ? wrote:
Hello!
I'am using freeIPA on fedora
Rob Crittenden wrote:
Виктор Сергеевич wrote:
On fedora 11:
Name: 389-ds-base Relocations: (not
relocatable)
Version : 1.2.2 Vendor: Fedora Project
Release : 1.fc11Build Date: Wed 26 Aug 2009
12:07:44 AM MSD
reset by peer.)
This usually indicates some low level error. Let's try this:
/usr/lib64/mozldap/ldapsearch -h sbtaddc001.bmitest.com -D
CN=administrator,CN=users,DC=bmitest,DC=com -w secretpw -s base -b
objectclass=*
Does that work?
On Mon, Mar 8, 2010 at 6:30 PM, Rich Megginson rmegg
: Invalid credentials
ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903AA,
comment: AcceptSecurityContext error, data 52e, v1771
You are not providing the correct password.
On Tue, Mar 9, 2010 at 6:16 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote
, and the password should be the
password for that user.
On Tue, Mar 9, 2010 at 6:32 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Shan Kumaraswamy wrote:
When I try to run this command I am getting this error:
[r...@sbttipa001 ~]# /usr/lib64/mozldap
-BMITEST-COM/cert8.db -h sbtaddc001.bmitest.com
http://sbtaddc001.bmitest.com -p 636 -D
CN=administrator,CN=users,DC=bmitest,DC=com -w secretpw -s base -b
objectclass=*
On Tue, Mar 9, 2010 at 7:03 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Shan
to provide a password for this
On Tue, Mar 9, 2010 at 7:38 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Shan Kumaraswamy wrote:
Yes I can get the output when I ran this step:
Command: /usr/lib64/mozldap/ldapsearch -ZZ -P
/etc/dirsrv
Shan Kumaraswamy wrote:
Rob,
I am using RHDS (redhat-ds-base-devel = 8.1.0)
It will definitely not work with RHDS.
On Wed, Aug 11, 2010 at 5:31 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Shan Kumaraswamy wrote:
Hi Rob,
I am trying
Shan Kumaraswamy wrote:
Rob,
How about RHDS 8.2? or I have to rebuild 389-ds against RHEL 6.0 beta?
RHDS 8.2 won't work either. You'll have to use 389-ds-base 1.2.6 or later.
On Wed, Aug 11, 2010 at 5:38 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Shan
Shan Kumaraswamy wrote:
Hi,
I have deployed FreeIPA 1.2.1 in RHEL 5.5 and I want to sync with
Active Directory (windows 2008 R2). Can please anyone have
step-by-step configuration doc and share to me? Previously I have done
the same exercise, but now that is not working for me and I am
password
On Mon, Aug 16, 2010 at 6:06 PM, Rich Megginson
rmegg...@redhat.com mailto:rmegg...@redhat.com wrote:
Shan Kumaraswamy wrote:
Rich,
While installing IPA its creates its won CA cert right?
(cacert.p12),
Right
-COM -L -n Imported CA
On Tue, Aug 17, 2010 at 6:35 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Shan Kumaraswamy wrote:
After this error, I have triyed your the following steps:
/usr/lib64/mozldap/ldapsearch -h windows.test.ad
http
...@gmail.com wrote:
done, and it came the output also, can plz let me know the next step.
On Tue, Aug 17, 2010 at 7:00 PM, Rich Megginson
rmegg...@redhat.com mailto:rmegg...@redhat.com wrote:
Shan Kumaraswamy wrote:
Rich,
Please find the below out put
Or are you asking because you don't know how it got in there in the
first place, or forgot?
On Wed, Aug 18, 2010 at 4:44 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Shan Kumaraswamy wrote:
Rich,
Can I know command to trust IPA genearated CA cert
Brian LaMere wrote:
The ACIs are defined inside the underlaying Directory Server. See
details and syntax are here
http://directory.fedoraproject.org/wiki/Howto:AccessControl
The ACIs as you see can be group based. One does not need a
hierarchical
ou user structure in the
this issue.
On Mon, Sep 20, 2010 at 6:31 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Shan Kumaraswamy wrote:
Rich,
I am again facing some issue with IPA+AD Sync and I tested all
the levels:
Windows PassSync entry exists
.
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Wednesday, 22 September 2010 2:45 p.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re
Dan Scott wrote:
Hi,
Recently I have been seeing a constant stream of entries in my dirsrv
logs for my Fedora 11 FreeIPA master:
Replica has a different generation ID than the local data.
I'm also seeing issues which appear to be related to incorrect
replication. e.g. User changes password
Steven Jones wrote:
8---
Can you reliably reproduce this behavior after restarting directory server?
Please file a bug with the necessary steps to reproduce the issue.
8
Yes it appears so..
=error
[22/Sep/2010:15:58:16 +1200] - slapd shutting down -
Dan Scott wrote:
Hi,
Thanks for the reply.
On Wed, Sep 22, 2010 at 11:56, Rich Megginson rmegg...@redhat.com wrote:
Recently I have been seeing a constant stream of entries in my dirsrv
logs for my Fedora 11 FreeIPA master:
Replica has a different generation ID than the local data.
I'm
Dan Scott wrote:
Hi,
Sorry, I just checked the manpage myself and I see that there's an
init option to ipa-replica-manage.
On Wed, Sep 22, 2010 at 12:08, Rich Megginson rmegg...@redhat.com wrote:
Initialization is the initial copy of data from the master - The slave
server (curie) has been
Steven Jones wrote:
Hi,
Bug 634561 has been fixed...
How do I get this into/onto my setup please?
We're working on a 389-ds-base 1.2.6.1 release. Should be in testing
very soon.
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New
-Original Message-
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Friday, 24 September 2010 8:20 a.m.
To: Steven Jones
Cc: freeipa-users
Subject: Re: [Freeipa-users] bug 634561
Steven Jones wrote:
Hi,
Bug 634561 has been fixed...
How do I get this into/onto my setup please
Dan Scott wrote:
Hi,
On Wed, Oct 6, 2010 at 18:30, Rich Megginson rmegg...@redhat.com wrote:
Dan Scott wrote:
I'm not sure which group this is referring to. Admins only contains 3
users, no nested groups.
The problem appears to be related to the users, rather than the
groups. None
Dan Scott wrote:
On Fri, Oct 8, 2010 at 13:18, Rich Megginson rmegg...@redhat.com wrote:
Dan Scott wrote:
On Fri, Oct 8, 2010 at 11:39, James Roman james.ro...@ssaihq.com wrote:
So does anyone have any more suggestions? Or should I just configure a
new replica with new
Kambiz Aghaiepour wrote:
Currently running ipa-server-1.2.1-4 with fedora-ds-base-1.1.3-6. I
attempted to upgrade to 389-ds-base-1.2.6.1-2 (and supporting packages)
and the procedure took an extremely long time (at least 2 hours). There
appears to be an upgrade script that runs as part of
Kambiz Aghaiepour wrote:
Would there be any way to identify what causes this during replication
creation (versions ipa-server-1.2.1-4 and fedora-ds-base-1.1.3, on
centos-5.4):
389-ds-base-1.2.6.1 cannot replicate to previous versions of 389/fedora ds
389-ds-base-1.2.7.a3 fixes this problem
the
directory, including several test accounts used by our nagios, as well
as the company CEO's account. :(
We believe this is also a bug that has been fixed by 1.2.7.a3
So I reverted to fedora-ds-1.1.3.
But I really need to get the remote replica up and running.
Kambiz
Rich Megginson wrote
On 01/25/2011 01:58 PM, James Roman wrote:
On 1/25/11 2:44 PM, Simo Sorce wrote:
On Tue, 25 Jan 2011 14:33:14 -0500
James Romanjames.ro...@ssaihq.com wrote:
On 01/25/2011 12:42 PM, Simo Sorce wrote:
On Tue, 25 Jan 2011 12:04:25 -0500
James Romanjames.ro...@ssaihq.com wrote:
I noticed
On 01/26/2011 09:32 AM, James Roman wrote:
Simo Sorce wrote:
On Tue, 25 Jan 2011 15:58:35 -0500
James Romanjames.ro...@ssaihq.com wrote:
On 1/25/11 2:44 PM, Simo Sorce wrote:
On Tue, 25 Jan 2011 14:33:14 -0500
James Romanjames.ro...@ssaihq.com wrote:
On 01/25/2011
On 01/27/2011 07:47 AM, Dan Scott wrote:
Hi,
I have a FreeIPA server running on Fedora 14
[root@ohm ~]# rpm -qa|grep ipa-server
ipa-server-selinux-1.2.2-5.fc14.x86_64
ipa-server-1.2.2-5.fc14.x86_64
For the past few weeks, the dirsrv service has been 'crashing'.
Randomly, as far as I can
On 02/01/2011 12:51 PM, Peter Doherty wrote:
On Feb 1, 2011, at 14:43 , Dmitri Pal wrote:
On 02/01/2011 02:30 PM, Peter Doherty wrote:
I hope someone can help with this.
I've got a freeipa server running the 1.9 alpha release.
It's broken, (the x509 cert expired and can't be renewed) and I
On 03/09/2011 06:20 AM, tomasz.napier...@allegro.pl wrote:
Hi,
Recently we had to move our freeipa master into separate infrastructure.
Because we use KVM, server was shutdown, gzipped, scped nad restored on other
KVM host. It looks like since then replication stopped completely.
On the slave
On 03/09/2011 09:15 AM, tomasz.napier...@allegro.pl wrote:
On 2011-03-09, at 15:09, Rich Megginson wrote:
8-
[04/Mar/2011:14:59:17 +0100] NSMMReplicationPlugin - agmt=cn=meToMASTER636
(XXX:636): Missing data encountered
[04/Mar/2011:14:59:17 +0100] NSMMReplicationPlugin - agmt
On 03/29/2011 02:02 PM, Steven Jones wrote:
Hi,
My Windows person suggests because this is a self signed cert, the client needs
to be forced to trust it?
can you paste the output of
openssl x509 -in /home/jonesst1/domaincert.cer -text
?
regards
Steven
On 04/07/2011 05:13 PM, Stephen Ingram wrote:
I'm trying to register the ipa directory server with
register-ds-admin.pl so that I may use the ds-console to view the
directory. As I see that the ipa portion of the directory is meant to
be managed by ipa, I don't intend on touching that part of
On 05/13/2011 09:37 AM, Adam Young wrote:
On 05/13/2011 06:11 AM, Charlie Derwent wrote:
Hi
First time posting on the mailing list so go easy on me :-)
I've installed freeipa on our network and noticed that no real user
owns the folders /var/log/dirsrv/slapd-PKI-IPA and
On 05/16/2011 08:43 AM, Sigbjorn Lie wrote:
On 05/16/2011 03:52 PM, Simo Sorce wrote:
On Sat, 2011-05-14 at 16:46 +0200, Sigbjorn Lie wrote:
I've noticed that if the machine running IPA is very busy at startup,
the IPA services will not be online when the machine is started.
I noticed this is
On 05/17/2011 06:40 AM, Sigbjorn Lie wrote:
On 05/16/2011 04:56 PM, Rich Megginson wrote:
On 05/16/2011 08:43 AM, Sigbjorn Lie wrote:
On 05/16/2011 03:52 PM, Simo Sorce wrote:
On Sat, 2011-05-14 at 16:46 +0200, Sigbjorn Lie wrote:
I've noticed that if the machine running IPA is very busy
On 05/17/2011 09:36 PM, Steven Jones wrote:
the dirsrv isnt running...
its giving me line 50: ulimit: open files: cannot modify limit: operation not
permitted dirsrv unix-vuw-ac-nz is stopped...
What is the number of files that ulimit is attempting to use?
What does
grep file-max
@vuwunicoipamt01 ipa]$
From: Rich Megginson [rmegg...@redhat.com]
Sent: Thursday, 19 May 2011 1:22 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] RHEL client to IPA
On 05/17/2011 09:36 PM, Steven Jones wrote:
the dirsrv isnt running
On 06/07/2011 03:03 PM, Steven Jones wrote:
Hi,
Is it possible to set some users so they will not psswoard sync with AD while
most do?
Do you want the user data to sync, just not the passwords?
regards
___
Freeipa-users mailing list
classes?
Password history checking?
regards
From: Rich Megginson [rmegg...@redhat.com]
Sent: Wednesday, 8 June 2011 9:20 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] sync passwords with AD or not per user
On 06/07/2011 03
On 06/07/2011 03:36 PM, Steven Jones wrote:
What sort of password control? Minimum length? Character classes?
Password history checking?
yes, yes and yes...
regards
With plain old 389, you can do all of these and more. IPA has its own
password checking plugin, so it may differ slightly.
policy.
regards
From: Rich Megginson [rmegg...@redhat.com]
Sent: Wednesday, 8 June 2011 9:36 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] sync passwords with AD or not per user
On 06/07/2011 03:36 PM, Steven Jones wrote
On 06/20/2011 09:37 AM, Attila Bogár wrote:
Hi,
I'm trying to set up the AD-FreeIPA sync agreement and I'm always
getting this error:
# ipa-replica-manage connect --winsync --binddn cn=IPA
Sync,cn=Users,dc=win,dc=example,dc=com --bindpw JamesBond007 --cacert
/root/dc1.cer --passsync
On 06/21/2011 07:24 AM, Attila Bogár wrote:
Dear List,
I'd like to sync extra attributes from AD - FreeIPA.
These are namely: employeeNumber and employeeType.
The following .ldif is always adding value unknown instead of syncing
the value in AD.
-- 8 --
dn:
On 06/21/2011 09:17 AM, Attila Bogár wrote:
Dear List,
winsync is working between AD and FreeIPA.
If I disable a user in FreeIPA, it automatically disables on the AD side.
Though, if I disable on the AD side, nothing happens on the FreeIPA side.
Sounds like a bug.
Moreover, if I get a
On 06/23/2011 09:06 AM, Rich Megginson wrote:
On 06/23/2011 08:02 AM, Attila Bogár wrote:
Hi,
I deleted more than 50 users from AD and expected IPA to do the same.
However the EXAMPLE-COM 389-ds instance just crashed and I can't
start it anymore.
Could you please help with this issue
On 07/25/2011 07:38 AM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 07/25/2011 09:12 AM, Rob Crittenden wrote:
2011-07-23 09:10:06,110 DEBUG stderr=Can't locate Setup.pm in @INC
(@INC
contains: /usr/lib64/dirsrv/perl /usr/local/lib64/perl5
/usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
On 07/27/2011 03:40 PM, Steven Jones wrote:
regards
Thanks. To follow up from IRC:
If Steven starts up dirsrv manually, then krb, then named then httpd,
everything works fine. Not sure what the ipa script is doing that kills
dirsrv immediately upon startup.
Steven Jones
Technical
On 07/28/2011 05:30 AM, Simo Sorce wrote:
On Wed, 2011-07-27 at 15:53 -0600, Rich Megginson wrote:
On 07/27/2011 03:40 PM, Steven Jones wrote:
regards
Thanks. To follow up from IRC:
If Steven starts up dirsrv manually, then krb, then named then httpd,
everything works fine. Not sure what
On 08/02/2011 10:20 AM, Robert M. Albrecht wrote:
Hi,
from /var/log/messages
Aug 2 18:03:14 zerberus systemd-tmpfiles[2148]:
[/etc/tmpfiles.d/dirsrv-PKI-IPA.conf:1] Unknown user 'pkisrv'.
Aug 2 18:03:14 zerberus systemd-tmpfiles[2148]:
[/etc/tmpfiles.d/dirsrv-PKI-IPA.conf:2] Unknown user
On 08/04/2011 02:05 PM, Ian Stokes-Rees wrote:
On 8/3/11 6:13 PM, Dmitri Pal wrote:
On 08/03/2011 10:10 AM, Ian Stokes-Rees wrote:
If there were some way to securely embed an arbitrary string in the
user profile, that would go a long way to solving this problem. At
least 4KB to cover a 2048
On 09/29/2011 03:35 PM, Steven Jones wrote:
4.3.1.2. Backing up All Databases from the Command Line
To avoid shutting down the server when running a backup, use the db2bak.pl Perl
script instead of the bd2bak tool. These are both located in the
/usr/lib[64]/dirsrv/slapd-example directory.
From: Rich Megginson [rmegg...@redhat.com]
Sent: Friday, 30 September 2011 10:40 a.m.
To: Steven Jones
Cc: Deon Lackey; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] backing up and restoring the backend
On 09/29/2011 03:35 PM, Steven Jones wrote:
4.3.1.2
On 11/04/2011 04:51 PM, Dan Scott wrote:
Hi,
On Fri, Nov 4, 2011 at 18:13, Rob Crittendenrcrit...@redhat.com wrote:
Dan Scott wrote:
Hi,
On Fri, Nov 4, 2011 at 17:38, Stephen Ingramsbing...@gmail.comwrote:
On Fri, Nov 4, 2011 at 2:12 PM, Dan Scottdanieljamessc...@gmail.com
wrote:
On 11/04/2011 05:12 PM, Dan Scott wrote:
On Fri, Nov 4, 2011 at 19:07, Rich Megginsonrmegg...@redhat.com wrote:
On 11/04/2011 04:51 PM, Dan Scott wrote:
Hi,
On Fri, Nov 4, 2011 at 18:13, Rob Crittendenrcrit...@redhat.comwrote:
Dan Scott wrote:
Hi,
On Fri, Nov 4, 2011 at 17:38, Stephen
On 11/09/2011 05:11 PM, JR Aquino wrote:
Upon a FreeIPA Replica install, I am failing at:
Configuring Kerberos KDC: Estimated time 30 seconds
[1/9]: adding sasl mappings to the directory
[2/9]: writing stash file from DS
[3/9]: configuring KDC
[4/9]: creating a keytab for the
into Windows AD certificate
store.
On Fri, Nov 11, 2011 at 3:33 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 11/11/2011 01:11 PM, Jimmy wrote:
I am trying to get FreeIPA synchronizing with AD. The
instructions I have found on the web go through
On 11/14/2011 01:08 PM, Dan Scott wrote:
Hi,
On Mon, Nov 14, 2011 at 13:06, Alexander Bokovoyaboko...@redhat.com wrote:
On Mon, 14 Nov 2011, Dan Scott wrote:
In any case, the process is still failing to start. Do I need to
create a link in dirsrv.target.wants to somewhere?
You need to do
On 11/15/2011 07:44 AM, Boris Epstein wrote:
On Mon, Nov 14, 2011 at 7:16 PM, Nalin Dahyabhai na...@redhat.com
mailto:na...@redhat.com wrote:
On Mon, Nov 14, 2011 at 05:19:44PM -0500, Boris Epstein wrote:
Hello all,
I am using the FreeIPA to run NIS via a plugin.
/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service
On Fri, Nov 11, 2011 at 4:55 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Rich Megginson wrote:
On 11/11/2011 02:23 PM, Jimmy wrote:
I do have the AD SSL cert installed
On 12/15/2011 08:41 AM, Dan Scott wrote:
Hi,
On my Fedora 15 FreeIPA server, I'm having some problems with
stability. The server appears to 'hang' and stops responding to LDAP
lookups. When I restart the dirsrv service, I get:
Dec 15 09:40:02 ohm kernel: [254566.011404] ns-slapd[28910]:
On 12/19/2011 09:01 AM, Dan Scott wrote:
On Thu, Dec 15, 2011 at 11:51, Rich Megginsonrmegg...@redhat.com wrote:
On 12/15/2011 09:48 AM, Dan Scott wrote:
Hi,
On Thu, Dec 15, 2011 at 10:58, Rich Megginsonrmegg...@redhat.comwrote:
On 12/15/2011 08:41 AM, Dan Scott wrote:
Hi,
On my
On 12/19/2011 09:13 AM, Dan Scott wrote:
On Mon, Dec 19, 2011 at 11:03, Rich Megginsonrmegg...@redhat.com wrote:
On 12/19/2011 09:01 AM, Dan Scott wrote:
On Thu, Dec 15, 2011 at 11:51, Rich Megginsonrmegg...@redhat.comwrote:
On 12/15/2011 09:48 AM, Dan Scott wrote:
Hi,
On Thu, Dec 15,
On 01/04/2012 11:35 AM, Dan Scott wrote:
Hi,
Recently I've had some crash/hang problems with my FreeIPA 2
installation which appear solved using the updates-testing version of
freeipa-server (2.1.4-2.fc16.x86_64) which I'm currently running on
both servers (as a quick aside, does anyone know
On 01/11/2012 11:22 AM, Jimmy wrote:
We need to be able to replicate user/pass between Windows 2008 AD and
FreeIPA.
That's what IPA Windows Sync is supposed to do.
I have followed many different documents and posted here about it and
from what I've read and procedures I've followed we are
://directory.fedoraproject.org/wiki/Howto:WindowsSync
Jimmy
On Wed, Jan 11, 2012 at 3:32 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 01/11/2012 11:22 AM, Jimmy wrote:
We need to be able to replicate user/pass between Windows 2008 AD
and FreeIPA.
That's
the search base is incorrect or not found. You can
look at the 389 access log to see what it was using as the search criteria.
On Fri, Jan 20, 2012 at 12:23 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 01/20/2012 10:23 AM, Jimmy wrote:
You are correct. I
:
attempting to sync password for testuser3
searching for (ntuserdomainid=testuser3)
There are no entries that match: testuser3
deferring password change for testuser3
On Fri, Jan 20, 2012 at 2:46 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 01/20/2012 12:46 PM
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=sync user,cn=config
nsDS5ReplicaBindCredentials: {DES}ffGad646dT0nnsT8nJOaMA==
nsDS5ReplicaTransportInfo: TLS
winSyncInterval: 1200
On Fri, Jan 20, 2012 at 3:28 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 01/20/2012 01:08
still
be working on this issue some. I'll take VM's of the servers on my
laptop to be able to keep working.
-Jimmy
On Thu, Jan 19, 2012 at 5:04 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 01/19/2012 02:59 PM, Jimmy wrote:
ok. I started from scratch
On 02/10/2012 04:01 AM, David Juran wrote:
Hello
I wonder if it's somehow possible to sync AD-users more selectively then
just by sub-tree. In my case, I'm dealing with a very large organisation
where the users that are to be synced to IPA aren't grouped by a subtree
in AD but rather spread
On 02/10/2012 11:41 AM, Dmitri Pal wrote:
On 02/10/2012 10:28 AM, Rich Megginson wrote:
On 02/10/2012 04:01 AM, David Juran wrote:
Hello
I wonder if it's somehow possible to sync AD-users more selectively then
just by sub-tree. In my case, I'm dealing with a very large organisation
where
On 02/10/2012 12:18 PM, Dmitri Pal wrote:
On 02/10/2012 01:46 PM, Rich Megginson wrote:
On 02/10/2012 11:41 AM, Dmitri Pal wrote:
On 02/10/2012 10:28 AM, Rich Megginson wrote:
On 02/10/2012 04:01 AM, David Juran wrote:
Hello
I wonder if it's somehow possible to sync AD-users more
On 02/12/2012 04:01 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 02/12/2012 03:49 PM, Marco Pizzoli wrote:
Hi guys,
a couple of questions about AD synchronization.
I read in the guide these points:
- A synchronization operation runs every five minutes. -- I read that
it can be triggered on
On 02/14/2012 07:18 AM, David Juran wrote:
Hello!
On fre, 2012-02-10 at 08:28 -0700, Rich Megginson wrote:
On 02/10/2012 04:01 AM, David Juran wrote:
I wonder if it's somehow possible to sync AD-users more selectively then
just by sub-tree. In my case, I'm dealing with a very large
On 02/10/2012 01:00 PM, Ian Levesque wrote:
On Feb 10, 2012, at 1:36 PM, Rich Megginson wrote:
This may be related to https://fedorahosted.org/389/ticket/273 and
https://fedorahosted.org/389/ticket/274 which have been fixed in
1.2.10
In this case Ian please open a bugzilla, it looks like we
On 02/16/2012 08:26 AM, Dan Scott wrote:
Hi,
I have recently upgraded one of my FreeIPA servers (Fedora 16) with
the latest package versions:
Feb 15 14:10:19 Updated: libselinux-2.1.6-6.fc16.x86_64
Feb 15 14:10:20 Updated: krb5-libs-1.9.2-6.fc16.x86_64
Feb 15 14:10:21 Updated:
On 02/16/2012 09:12 AM, Dan Scott wrote:
Hi,
On Thu, Feb 16, 2012 at 10:37, Rich Megginsonrmegg...@redhat.com wrote:
On 02/16/2012 08:26 AM, Dan Scott wrote:
Hi,
I have recently upgraded one of my FreeIPA servers (Fedora 16) with
the latest package versions:
Feb 15 14:10:19 Updated:
On 02/16/2012 01:12 PM, Dan Scott wrote:
On Thu, Feb 16, 2012 at 14:24, Rich Megginsonrmegg...@redhat.com wrote:
On 02/16/2012 10:40 AM, Dan Scott wrote:
Hi,
On Thu, Feb 16, 2012 at 11:56, Rich Megginsonrmegg...@redhat.comwrote:
On 02/16/2012 09:12 AM, Dan Scott wrote:
Hi,
On Thu, Feb
On 02/16/2012 12:38 PM, Ian Levesque wrote:
On Feb 15, 2012, at 7:22 PM, Rich Megginson wrote:
Sorry for not getting back to you sooner. I can't say for sure, but it does
look like you are running into some of the tombstone issues we have fixed in
1.2.10.1-1 (now in updates-testing)
OK
On 02/24/2012 09:45 AM, Dan Scott wrote:
Hi,
I have another replica install problem.
I ran into some issues a couple of weeks ago when
389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server
is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make
sure I have some
On 02/24/2012 01:34 PM, Dan Scott wrote:
On Fri, Feb 24, 2012 at 13:43, Rob Crittendenrcrit...@redhat.com wrote:
Dan Scott wrote:
Hi,
I have an idea for a new feature. I've been having a lot of problems
with replication recently and I think the following would be useful.
Can we show the
On 02/24/2012 01:59 PM, Dan Scott wrote:
On Fri, Feb 24, 2012 at 15:48, Rich Megginsonrmegg...@redhat.com wrote:
On 02/24/2012 01:34 PM, Dan Scott wrote:
On Fri, Feb 24, 2012 at 13:43, Rob Crittendenrcrit...@redhat.comwrote:
Dan Scott wrote:
Hi,
I have an idea for a new feature. I've
On 02/24/2012 03:23 PM, Dan Scott wrote:
On Fri, Feb 24, 2012 at 15:47, Rich Megginsonrmegg...@redhat.com wrote:
On 02/24/2012 09:45 AM, Dan Scott wrote:
Hi,
I have another replica install problem.
I ran into some issues a couple of weeks ago when
389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was
On 03/11/2012 03:45 PM, Steven Jones wrote:
Hi,
If I have a winsync agreement from AD to IPA, and this does uni-directional
password from AD to IPA and for some reason this temporarily breaks, say a
network failure.
If you are talking about password sync from AD to IPA, and only that,
On 03/12/2012 01:34 AM, Martin Kosek wrote:
On Sun, 2012-03-11 at 17:55 -0400, Dmitri Pal wrote:
On 03/11/2012 04:22 PM, Stephen Ingram wrote:
Now I've made it to the WebUI. Login works great (also via the new
form auth). Click on IPA Server tab and then Configuration yields:
IPA Error 4208 -
On 03/12/2012 11:06 AM, Stephen Ingram wrote:
On Mon, Mar 12, 2012 at 7:19 AM, Rich Megginsonrmegg...@redhat.com wrote:
On 03/12/2012 01:34 AM, Martin Kosek wrote:
On Sun, 2012-03-11 at 17:55 -0400, Dmitri Pal wrote:
On 03/11/2012 04:22 PM, Stephen Ingram wrote:
Now I've made it to the
On 03/12/2012 01:39 PM, Dmitri Pal wrote:
On 03/12/2012 03:20 PM, Rich Megginson wrote:
On 03/12/2012 12:40 PM, Dmitri Pal wrote:
On 03/12/2012 01:23 PM, Rich Megginson wrote:
On 03/12/2012 11:06 AM, Stephen Ingram wrote:
On Mon, Mar 12, 2012 at 7:19 AM, Rich Megginsonrmegg...@redhat.com
On 03/14/2012 02:45 PM, Jimmy wrote:
In response to the last to suggestions, here's what I see:
hostname
ipa.abc.xyz
/etc/hosts:
192.168.201.102 ipa.abc.xyz ipa
ldapsearch -x -b cn=masters,cn=ipa,cn=etc,dc=abc,dc=xyz
# extended LDIF
#
# LDAPv3
# basecn=masters,cn=ipa,cn=etc,dc=abc,dc=xyz
On 03/14/2012 02:49 PM, Jimmy wrote:
rpm -qi 389-ds-base
Name: 389-ds-base
Version : 1.2.10.3
Release : 1.fc15
Architecture: x86_64
Install Date: Wed 04 Jan 2012 12:06:20 AM UTC
Group : System Environment/Daemons
Size: 4816676
License : GPLv2 with exceptions
On 03/14/2012 03:05 PM, Jimmy wrote:
This doesn't appear to be very good. If I drop the `grep` I see the
data I would expect to see.
dbscan -f /var/lib/dirsrv/slapd-YOUR-DOMAIN/db/userRoot/entryrdn.db4|grep cn=etc
22:cn=etc
ID: 22; RDN: cn=etc; NRDN: cn=etc
ID: 22; RDN: cn=etc; NRDN:
On 03/14/2012 03:13 PM, Jimmy wrote:
bdb/4.8/libback-ldbm/newidl/rdn-format-2/dn-4514
bdb/4.8/libback-ldbm/newidl/rdn-format-2/dn-4514
It appears that the entryrdn upgrade didn't work. Can you sanitize your
/var/log/dirsrv/slapd-DOMAIN/errors file and post it to fpaste.org?
On Wed, Mar 14,
On 03/14/2012 03:26 PM, Jimmy wrote:
http://fpaste.org/nSWh/
Thanks. Looks like you are going to have to export your database to
ldif, re-import it, and then re-initialize all of your replicas.
On 03/20/2012 01:16 PM, Jimmy wrote:
I was able to do this:
/usr/lib64/dirsrv/slapd-PKI-IPA/db2ldif -n ipaca -a /dbexport/ipaca-output.ldif
/usr/lib64/dirsrv/slapd-PKI-IPA/ldif2db -n ipaca -i /dbexport/ipaca-output.ldif
ok - let's make sure this step worked - any errors in
On 03/26/2012 03:28 PM, Steven Jones wrote:
Hi,
Our policy is to have the security manager hold the top most password of AD.
There is a requirement that we do the same thing for IPA if possible/practical.
So, is there any reason apart from resetting the admin password or replication
that I
1 - 100 of 494 matches
Mail list logo