[Freeipa-users] Managing AD Users in IPA

Mon, 16 Jan 2017 01:29:05 -0800 

Hi FreeIpa Community,

i'm actually new to the software and have some basic questions. We have linux 
users in in active directory.

To be more flexible, we would like to install freeipa, import all users from ad 
and manage all the stuff like ssh, sudo etc. from ipa.

1. Do i need establish a trust first like mentioned here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#trust-one-two-way

2. Or can we just create a sync to import all "linux-users" from ad into ipa 
and manage them just like ipa-users:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/managing-sync-agmt.html

3. ipa-replica-manage connect --winsync --binddn  
cn=administrator,cn=users,dc=example,dc=com  --bindpw "***" --passsync "***" 
--cacert /root/dc1.crt dc1.example.com -v

getting an error:

Traceback (most recent call last):
  File "/usr/sbin/ipa-replica-manage", line 1607, in <module>
    main(options, args)
  File "/usr/sbin/ipa-replica-manage", line 1566, in main
    add_link(realm, replica1, replica2, dirman_passwd, options)
  File "/usr/sbin/ipa-replica-manage", line 1118, in add_link
    if not ds.add_ca_cert(options.cacert):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 
1018, in add_ca_cert
    certdb.load_cacert(cacert_fname, 'C,,')
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 261, 
in load_cacert
    (rdn, subject_dn) = get_cert_nickname(cert)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 67, 
in get_cert_nickname
    return (str(dn[0]), dn)
  File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1170, in 
__getitem__
    return self._get_rdn(self.rdns[key])
IndexError: list index out of range
Unexpected error: list index out of range

[root@ipa01<mailto:root@ipa01> ~]# uname -r
3.10.0-327.el7.x86_64
[root@ipa01<mailto:root@ipa01> ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)

We would appreciate any help,

greets,
Denis

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to