date:20180829

[Freeipa-users] Re: Jira and Confluence user authentication with FreeIPA

2018-08-29 Thread Simo Sorce via FreeIPA-users

You can use something like KeyCloak or Ipsilon as an Idp to which you
auth via kerberos, and then use their SAML or OIDC tokens to auth to
Atlassian products.

The net effect is Single Sign On, it works without issues.

On Wed, 2018-08-29 at 10:22 -0500, Jacob Block via FreeIPA-users wrote:
> Thanks for sharing this. As a follow-up, is there currently a path
> for SSO with Jira + Confluence + Crucible and FreeIPA? It seems like
> there is a shortcoming of Atlassian products missing Kerberos
> support.
> 
> On Tue, Aug 28, 2018 at 4:14 PM Jacob Jenner Rasmussen via FreeIPA-users 
>  wrote:
> > I have just setup my Jira and Confluence instances to use my FreeIPA 
> > instance as their user directory. I'm leaving this message on how I did it 
> > in the hope somebody else find it useful.
> > 
> > Note: I did this with Confluence version 6.10.1 and Jira version 7.12.0
> > 
> > For confluence you should create the groups "confluence-administrators" and 
> > "confluence-users", and for Jira you should create the groups 
> > "jira-software-administrators" and "jira-software-users"
> > 
> > Please note that only users that are part of confluence-users or 
> > jira-software-users will be recognized by Confluence and Jira respectively. 
> > If you wan't a different set of users to appear in Confluence and Jira 
> > change the User Object Filter field appropriately.
> > 
> > Add a new LDAP user directory and configure as follows. This applied to 
> > both Confluence and Jira:
> > 
> > Server Settings:
> >  - Namel: FreeIPA
> >  - Directory Type: OpenLDAP
> >  - Server: example.com
> >  - Port: 389
> >  - Use SLL: false # Believe that you gonna to add the FreeIPA CA to the jdk 
> > cert store in order to enable this
> >  - Username: uid=admin,cn=users,cn=accounts,dc=example,dc=com# change 
> > admin to a service specfic account
> >  - Password: 
> > 
> > LDAP Schema:
> >  - Base DN: dc=example,dc=com
> >  - Additional User DN: cn=users,cn=accounts
> >  - Additional Group DN: cn=groups,cn=accounts
> > 
> > LDAP Permissions: Read Only
> > 
> > Advanced Settings: 
> > 
> > User Schema Settings:
> >  - User Object Class: inetorgperson
> >  - User Object Filter:
> >- for confluence: 
> > (&(objectclass=inetorgperson)(memberOf=cn=confluence-users,cn=groups,cn=accounts,dc=example,dc=com))
> >- for jira: 
> > (&(objectclass=inetorgperson)(memberOf=cn=jira-software-users,cn=groups,cn=accounts,dc=example,dc=com))
> >  - User Name Attribute: uid
> >  - User Name RDN Attribute: uid
> >  - User First Name Attriute: givenName  # This is wrong, FreeIPA doesn't 
> > seem to have anything fits this field
> >  - User Last Name Attribute: sn
> >  - User Display Name Attribute: displayName
> >  - User Email Attribute: mail
> >  - User Password Attribute: userPassword
> >  - User Password Encryption: SHA
> >  - User Unique ID Attribute: ipaUniqueID
> > 
> > Group Schema Settings:
> >  - Group Object Class: groupofnames
> >  - Group Object Filter: (objectclass=groupofnames)
> > Note: "groupofnames" should be all lowercase
> >  - Group Name Attribute: cn
> >  - Group Description Attribute: description
> > 
> > Membership Schema Settings:
> >  - Group Members Attribute: member
> >  - User Membership Attribute: memberOf
> >  - Use the User Membership Attribute: false   # I'm not sure what to set 
> > this to, but this works
> > 
> > 
> > One thing I haven't looked into that might be relevant to set under 
> > Advanced Settings is the Enabled Nested Groups setting.
> > ___
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives: 
> > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> 
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Switch CA from Internal (IPA) to AD

2018-08-29 Thread Florence Blanc-Renaud via FreeIPA-users

On 08/28/2018 05:57 PM, Alexander Bokovoy via FreeIPA-users wrote:

On ti, 28 elo 2018, Peter Tselios via FreeIPA-users wrote:

Hello,
I have a FreeIPA installation (4.5.4). There is a one-way trust with
the ActiveDirectory server.

We had setup 2 different CAs (one for the Linux domain and one for the
AD). However, the management decided to use only the AD CA, thus I need
to convert the FreeIPA CA to an AD subordinate CA. So, I am looking
for a way to replace the CA in the FreeIPA without re-installing it.
Is it possible?
If so, can you please point me to the correct documentation? (What I
found so far is for installation, not migration).

There is a tool 'ipa-cacert-manage' that allows to do changes of CA
certificates.

One of tests we have in FreeIPA is testing a switch of integrated CA to
an externally signed one:

https://pagure.io/freeipa/blob/master/f/ipatests/test_integration/test_external_ca.py#_190-214

It is done in two steps:

1. Run 'ipa-cacert-manage renew --external-ca --external-ca-type=ms-cs'
to generate a signing

request. Pass that CSR to AD CA to sign. See man page for the tool for
more options and details.

2. Run 'ipa-cacert-manage renew --external-cert-file=FILE` to provide
the resulting signed certificate back to IPA.

You'd need to experiment with the tool on a test setup to see how it
behaves and what is needed to properly go through the process.

I will also add that this procedure will replace FreeIPA CA but will not
replace the certificates already delivered by the previous FreeIPA CA.

flo
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Jira and Confluence user authentication with FreeIPA

2018-08-29 Thread Jacob Block via FreeIPA-users

Thanks for sharing this. As a follow-up, is there currently a path for SSO
with Jira + Confluence + Crucible and FreeIPA? It seems like there is a
shortcoming of Atlassian products missing Kerberos support.

On Tue, Aug 28, 2018 at 4:14 PM Jacob Jenner Rasmussen via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> I have just setup my Jira and Confluence instances to use my FreeIPA
> instance as their user directory. I'm leaving this message on how I did it
> in the hope somebody else find it useful.
>
> Note: I did this with Confluence version 6.10.1 and Jira version 7.12.0
>
> For confluence you should create the groups "confluence-administrators"
> and "confluence-users", and for Jira you should create the groups
> "jira-software-administrators" and "jira-software-users"
>
> Please note that only users that are part of confluence-users or
> jira-software-users will be recognized by Confluence and Jira respectively.
> If you wan't a different set of users to appear in Confluence and Jira
> change the User Object Filter field appropriately.
>
> Add a new LDAP user directory and configure as follows. This applied to
> both Confluence and Jira:
>
> Server Settings:
>  - Namel: FreeIPA
>  - Directory Type: OpenLDAP
>  - Server: example.com
>  - Port: 389
>  - Use SLL: false # Believe that you gonna to add the FreeIPA CA to the
> jdk cert store in order to enable this
>  - Username: uid=admin,cn=users,cn=accounts,dc=example,dc=com# change
> admin to a service specfic account
>  - Password: 
>
> LDAP Schema:
>  - Base DN: dc=example,dc=com
>  - Additional User DN: cn=users,cn=accounts
>  - Additional Group DN: cn=groups,cn=accounts
>
> LDAP Permissions: Read Only
>
> Advanced Settings: 
>
> User Schema Settings:
>  - User Object Class: inetorgperson
>  - User Object Filter:
>- for confluence:
> (&(objectclass=inetorgperson)(memberOf=cn=confluence-users,cn=groups,cn=accounts,dc=example,dc=com))
>- for jira:
> (&(objectclass=inetorgperson)(memberOf=cn=jira-software-users,cn=groups,cn=accounts,dc=example,dc=com))
>  - User Name Attribute: uid
>  - User Name RDN Attribute: uid
>  - User First Name Attriute: givenName  # This is wrong, FreeIPA doesn't
> seem to have anything fits this field
>  - User Last Name Attribute: sn
>  - User Display Name Attribute: displayName
>  - User Email Attribute: mail
>  - User Password Attribute: userPassword
>  - User Password Encryption: SHA
>  - User Unique ID Attribute: ipaUniqueID
>
> Group Schema Settings:
>  - Group Object Class: groupofnames
>  - Group Object Filter: (objectclass=groupofnames)
> Note: "groupofnames" should be all lowercase
>  - Group Name Attribute: cn
>  - Group Description Attribute: description
>
> Membership Schema Settings:
>  - Group Members Attribute: member
>  - User Membership Attribute: memberOf
>  - Use the User Membership Attribute: false   # I'm not sure what to set
> this to, but this works
>
>
> One thing I haven't looked into that might be relevant to set under
> Advanced Settings is the Enabled Nested Groups setting.
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: HBAC rule for http service

2018-08-29 Thread Alexander Bokovoy via FreeIPA-users


On ke, 29 elo 2018, Jan Gardian via FreeIPA-users wrote:

Hello Alexander,

Thanks for help.
I found that I have to name pam.d service with same name as HBAC 
service in IPA and it works.

My mistake when reading documentation.

Glad that you got it working.

Yes, HBAC service name is the PAM service name in the context of a
system authorization when pam_sss.so does the check.


--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: HBAC rule for http service

2018-08-29 Thread Jan Gardian via FreeIPA-users


Hello Alexander,

Thanks for help.
I found that I have to name pam.d service with same name as HBAC service 
in IPA and it works.

My mistake when reading documentation.

With kind regards,
Jan Gardian

On 08/28/2018 05:44 PM, Alexander Bokovoy wrote:

On ti, 28 elo 2018, Jan Gardian via FreeIPA-users wrote:

Hello,

Could you please be so kind provide me advice how to setup HBAC rule 
to allow user authentication/authorization to web service but not to 
server where this web run.


Our ipa runs at Centos 7.5.1804, version of IPA 4.5.4, API_VERSION: 
2.228.


Web service runs at Ubuntu 16.06.5 LTS on Apache2.


In Apache configuration is setup kerberos authentication and 
authorization is directed to pam_sss.so SSSD module which we use for 
server login.

   
    AuthType     Kerberos
    AuthName  "Kerberos Login"
    KrbMethodNegotiate   On
    KrbAuthoritative  On
    KrbMethodK5Passwd   Off
    KrbServiceName HTTP/web_server.domain.com
    KrbAuthRealms   DOMAIN.COM
    Krb5KeyTab /etc/apache2/http-web_server.keytab
    KrbVerifyKDC  Off
    KrbSaveCredentials    On
    KrbLocalUserMapping On
    Require   pam-account crm-production
    

/etc/pam.d/crm-production:
auth    required   pam_sss.so    # pam_sss.so for SSSD
account required   pam_sss.so    # or other PAM module

---
HBAC rule with bellow setting works but it allow any service.
Specified User and Groups
* testuser

Specified Hosts and Groups
* web_server.domain.com

Any Service


How can I tell in HBAC rule to allow only HTTP/web_server.domain.com?

Did you disable allow_all HBAC rule? That rule allows access to any
service on any machine by default. You'd need to create specific rules
for specific users/groups/hosts/services when allow_all rule is
disabled.



___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Audit Log Replication

2018-08-29 Thread Alexander Bokovoy via FreeIPA-users


On ke, 29 elo 2018, Ludwig Krispenz via FreeIPA-users wrote:


On 08/29/2018 08:56 AM, Alexander Bokovoy via FreeIPA-users wrote:

On ke, 29 elo 2018, Quan Zhou via FreeIPA-users wrote:
I have a similar question, should the audit logs be enabled on the 
master
or replicas? If it's only enabled on replicas would the date be 
consistent

with the actual date of change or just the "date" replication happens?

Each IPA master/replica is standalone with regards to audit logging.
There is no aggregation so if you need all details from everywhere, you
should be configuring aggregation yourself.
since all changes are replicated in the end the audit logs on all 
replicas should contain the same set of changes, but the order could 
be different.

And there are some changes which are excluded from replication.

And you should be aware that the audit log contains the changes in the 
order they are received and applied, but update resolution ensures 
that the changes are effective in the order of their creation (tagged 
by the csn).

Right. To add to that, httpd's error_log, krb5kdc.lo, kadmind.log and
dogtag logs are not replicated and has to be aggregated manually. If you
want all IPA logs, some sort of a centralized log infrastructure would
be required.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Audit Log Replication

2018-08-29 Thread Ludwig Krispenz via FreeIPA-users



On 08/29/2018 08:56 AM, Alexander Bokovoy via FreeIPA-users wrote:

On ke, 29 elo 2018, Quan Zhou via FreeIPA-users wrote:
I have a similar question, should the audit logs be enabled on the 
master
or replicas? If it's only enabled on replicas would the date be 
consistent

with the actual date of change or just the "date" replication happens?

Each IPA master/replica is standalone with regards to audit logging.
There is no aggregation so if you need all details from everywhere, you
should be configuring aggregation yourself.
since all changes are replicated in the end the audit logs on all 
replicas should contain the same set of changes, but the order could be 
different.

And there are some changes which are excluded from replication.

And you should be aware that the audit log contains the changes in the 
order they are received and applied, but update resolution ensures that 
the changes are effective in the order of their creation (tagged by the 
csn).






On Wed, Aug 29, 2018 at 7:05 AM Joshua Ruybal via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:


Hi,

This is more a question than a problem, however I was unable to find 
the

answer anywhere in the documentation.

I've enabled audit logs on one of my three replicated IPA servers. I
noticed that Audit logs are not enabled on either of the other two 
servers.


In order to cover all changes to LDAP for auditing purposes, do I 
need to

enable and collect audit logs on all three servers?

--


*Joshua Ruybal *Systems Engineer
o: 206.607.4944 c: 206.724.4549
e: jru...@owneriq.com


 
 
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to 
freeipa-users-le...@lists.fedorahosted.org

Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org 






--
Regards,

Quan Zhou

E271C0D1BD90012B8D8EECF6F822BC9F8E1C35C8
quanzhou...@gmail.com
https://keybase.io/qzhou



___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to 
freeipa-users-le...@lists.fedorahosted.org

Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org





--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Audit Log Replication

2018-08-29 Thread Alexander Bokovoy via FreeIPA-users


On ke, 29 elo 2018, Quan Zhou via FreeIPA-users wrote:

I have a similar question, should the audit logs be enabled on the master
or replicas? If it's only enabled on replicas would the date be consistent
with the actual date of change or just the "date" replication happens?

Each IPA master/replica is standalone with regards to audit logging.
There is no aggregation so if you need all details from everywhere, you
should be configuring aggregation yourself.





On Wed, Aug 29, 2018 at 7:05 AM Joshua Ruybal via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:


Hi,

This is more a question than a problem, however I was unable to find the
answer anywhere in the documentation.

I've enabled audit logs on one of my three replicated IPA servers. I
noticed that Audit logs are not enabled on either of the other two servers.

In order to cover all changes to LDAP for auditing purposes, do I need to
enable and collect audit logs on all three servers?

--


*Joshua Ruybal *Systems Engineer
o: 206.607.4944 c: 206.724.4549
e: jru...@owneriq.com


  
  
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org




--
Regards,

Quan Zhou

E271C0D1BD90012B8D8EECF6F822BC9F8E1C35C8
quanzhou...@gmail.com
https://keybase.io/qzhou



___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org



--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Audit Log Replication

2018-08-29 Thread Quan Zhou via FreeIPA-users

I have a similar question, should the audit logs be enabled on the master
or replicas? If it's only enabled on replicas would the date be consistent
with the actual date of change or just the "date" replication happens?

On Wed, Aug 29, 2018 at 7:05 AM Joshua Ruybal via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Hi,
>
> This is more a question than a problem, however I was unable to find the
> answer anywhere in the documentation.
>
> I've enabled audit logs on one of my three replicated IPA servers. I
> noticed that Audit logs are not enabled on either of the other two servers.
>
> In order to cover all changes to LDAP for auditing purposes, do I need to
> enable and collect audit logs on all three servers?
>
> --
> 
>
> *Joshua Ruybal *Systems Engineer
> o: 206.607.4944 c: 206.724.4549
> e: jru...@owneriq.com
>
> 
>   
>   
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>


-- 
Regards,

Quan Zhou

E271C0D1BD90012B8D8EECF6F822BC9F8E1C35C8
quanzhou...@gmail.com
https://keybase.io/qzhou
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Jira and Confluence user authentication with FreeIPA

[Freeipa-users] Re: Switch CA from Internal (IPA) to AD

[Freeipa-users] Re: Jira and Confluence user authentication with FreeIPA

[Freeipa-users] Re: HBAC rule for http service

[Freeipa-users] Re: HBAC rule for http service

[Freeipa-users] Re: Audit Log Replication

[Freeipa-users] Re: Audit Log Replication

[Freeipa-users] Re: Audit Log Replication

[Freeipa-users] Re: Audit Log Replication

9 matches

Site Navigation

Mail list logo

Footer information