[Freeipa-users] Re: Extending FreeIPA (Schema, CI, UI)
On pe, 20 touko 2022, Leo O via FreeIPA-users wrote: Yes I know and in case I continue on that, I will of course upload my findings and results (maybe on my public GitHub account or get in touch with you to find a good place). I mean that's the least I can do. The only issue right now is, I'm working on weekdays in an external freelancer project, on weekends for my own company. Unfortunately I can't make up some time for another project like a deep dive into e.g. FreeIPA. Nevertheless, maybe a bit off but still connected to this topic. I saw you are also involved in the alternative to FreeIPA, Samba AD DC (with cockpit UI). In terms of stability, security and of course extensibility compared to FreeIPA. Any preference here from you? My personal feeling is, FreeIPA super easy setup (at least when using the docker container), but as soon as you have to extend it, it's getting tricky. Cannot say that much about security and stability so far. Hope this is not too off, and looking forward to hear your personal opinion about samba AD DC + cockpit compared to FreeIPA. I think you'd need to separate the two. Samba AD DC is a fine solution to handle Windows systems. FreeIPA does not address that part at all, intentionally, to avoid doing double work. Cockpit plugin to Samba AD is not ready for any production use, it is a prototype at best. FreeIPA relies in a lot of areas on the work of Samba Team, so we are tightly collaborating here and there but at the same time we focus on different target audiences. FreeIPA is focused on making Linux systems usable with all the features you'd need from them in today's world. Samba AD solves a problem of making the life with Windows workstations scalable to different directions than what Microsoft intended. It has less integration for features that might be more needed in a Linux-only environments. They both can integrate through the forest trust support, with FreeIPA treating Samba AD as, well, Active Directory deployment, and vice versa. There are few missing bits to complete this integration but the point is that FreeIPA intentionally is not focusing on those Windows systems that can be put at Samba AD control instead. We choose what to focus on and coordinate a lot. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: Extending FreeIPA (Schema, CI, UI)
Yes I know and in case I continue on that, I will of course upload my findings and results (maybe on my public GitHub account or get in touch with you to find a good place). I mean that's the least I can do. The only issue right now is, I'm working on weekdays in an external freelancer project, on weekends for my own company. Unfortunately I can't make up some time for another project like a deep dive into e.g. FreeIPA. Nevertheless, maybe a bit off but still connected to this topic. I saw you are also involved in the alternative to FreeIPA, Samba AD DC (with cockpit UI). In terms of stability, security and of course extensibility compared to FreeIPA. Any preference here from you? My personal feeling is, FreeIPA super easy setup (at least when using the docker container), but as soon as you have to extend it, it's getting tricky. Cannot say that much about security and stability so far. Hope this is not too off, and looking forward to hear your personal opinion about samba AD DC + cockpit compared to FreeIPA. Thanks a lot ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: Extending FreeIPA (Schema, CI, UI)
On pe, 20 touko 2022, Leo O via FreeIPA-users wrote: Hello Alexander, oh that's a pity. I would have expected that there are at least some notes, maybe some technical explanations about such general things, anything which helps to speed up the process and not making a newcomer having to read the source code. I mean, it looks like FreeIPA isn't a small project, it is used by Red Hat IDM, somewhere in Fedora and as community FreeIPA. I really expected more than an almost non existing documentation and/ or really outdated pdfs. What can you do with the best application of the world if "nobody knows how to set it up for their needs" to exagerate that statement a bit ;) Hope there are plans to improve on that in the near future, I would say that's more important than new features. Lot's of tests and documentation for the win. Anyways, thanks for the quick reply, I still think this is a great software package which could reach way more projects, teams, businesses, github stars etc. with just having a better documentation. There is no such thing as 'just having a better documentation' for what is effectively a development process. One needs to understand that one and reading source code is the best way to do that right now. There are plenty of comments in ipalib/*, ipapython/*, ipaserver/plugins/* and in related places, code and git commit messages are the developer documentation at this point. Documentation writers aren't developers themselves, with very little exceptions, and cannot replace developers in writing that knowledge base. There is always a balance between fixing bugs and working full time on producing a documentation you are asking for. Having large number of customer- and community-driven deployments sometimes skews priorities towards more realistic tasks. You are welcome to contribute to developer documentation as you go through a journey to discover how to extend IPA. It certainly will be beneficial to everyone. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: Extending FreeIPA (Schema, CI, UI)
Hello Alexander, oh that's a pity. I would have expected that there are at least some notes, maybe some technical explanations about such general things, anything which helps to speed up the process and not making a newcomer having to read the source code. I mean, it looks like FreeIPA isn't a small project, it is used by Red Hat IDM, somewhere in Fedora and as community FreeIPA. I really expected more than an almost non existing documentation and/ or really outdated pdfs. What can you do with the best application of the world if "nobody knows how to set it up for their needs" to exagerate that statement a bit ;) Hope there are plans to improve on that in the near future, I would say that's more important than new features. Lot's of tests and documentation for the win. Anyways, thanks for the quick reply, I still think this is a great software package which could reach way more projects, teams, businesses, github stars etc. with just having a better documentation. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: expired Server-cert
Hello again I was so hoping the story to end but nope. ipa-cert-fix managed to renew one of the certs but failed on the following ones Enter "yes" to proceed: yes Proceeding. ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=pki-server cert-fix --ldapi-socket /var/run/slapd-...socket --agent-uid ipara --cert subsystem --cert ca_ocsp_signing --extra-cert 268304408 --extra-cert 268304410 ipapython.ipautil: DEBUG: Process finished, return code=1 ipapython.ipautil: DEBUG: stdout=ERROR: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:618) ipapython.ipautil: DEBUG: stderr=INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Fixing the following system certs: ['subsystem', 'ca_ocsp_signing'] INFO: Renewing the following additional certs: ['268304408', '268304410'] SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 INFO: Stopping the instance to proceed with system cert renewal INFO: Configuring LDAP password authentication INFO: Setting pkidbuser password via ldappasswd SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 INFO: Selftests disabled for subsystems: ca INFO: Resetting password for uid=ipara,ou=people,o=ipaca SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 INFO: Starting the instance INFO: Sleeping for 10 seconds to allow server time to start... INFO: Requesting new cert for subsystem INFO: Getting subsystem cert info for ca INFO: Trying to setup a secure connection to CA subsystem. INFO: Starting new HTTPS connection (1): myhost.com INFO: Stopping the instance INFO: Selftests enabled for subsystems: ca INFO: Restoring previous LDAP configuration ipapython.admintool: DEBUG: File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_cert_fix.py", line 128, in run replicate_dogtag_certs(subject_base, ca_subject_dn, certs) File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_cert_fix.py", line 251, in replicate_dogtag_certs cert = x509.load_certificate_from_file(cert_path) File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 425, in load_certificate_from_file with open(filename, mode='rb') as f: ipapython.admintool: DEBUG: The ipa-cert-fix command failed, exception: IOError: [Errno 2] No such file or directory: '/etc/pki/pki-tomcat/certs/subsystem.crt' ipapython.admintool: ERROR: [Errno 2] No such file or directory: '/etc/pki/pki-tomcat/certs/subsystem.crt' ipapython.admintool: ERROR: The ipa-cert-fix command failed. The csr for subsystem was added according to https://access.redhat.com/solutions/4852721 At the time of the above failure in /var/log/pki/pki-tomcat/ca/debug: [20/May/2022:07:43:59][localhost-startStop-1]: Certutils.verifySystemCertValidityByNickname: failed : java.lang.Exception: Certutils.verifySystemCertValidityByNickname: failed: nickname: ocspSigningCert cert-pki-ca [20/May/2022:07:43:59][localhost-startStop-1]: CertUtils: verifySystemCertsByTag() failed: java.lang.Exception: Certutils.verifySystemCertValidityByNickname: faliled: nickname: ocspSigningCert cert-pki-c acause: java.lang.Exception: Certutils.verifySystemCertValidityByNickname: failed: nickname: ocspSigningCert cert-pki-ca [20/May/2022:07:43:59][localhost-startStop-1]: SignedAuditLogger: event CIMC_CERT_VERIFICATION [20/May/2022:07:43:59][localhost-startStop-1]: SignedAuditLogger: event CIMC_CERT_VERIFICATION java.lang.Exception: Certutils.verifySystemCertValidityByNickname: faliled: nickname: ocspSigningCert cert-pki-cacause: java.lang.Exception: Certutils.verifySystemCertValidityByNickname: failed: nicknam e: ocspSigningCert cert-pki-ca at com.netscape.cmscore.cert.CertUtils.verifySystemCertValidityByNickname(CertUtils.java:839) Nothing else suspicious Kindly assist ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: Extending FreeIPA (Schema, CI, UI)
On pe, 20 touko 2022, Leo O via FreeIPA-users wrote: Hello, running on the FreeIPA rocky-8-4.9.6 docker container. I would like to extend FreeIPA with the postfix-book schema. I need it for a mail server. Unfortunately I can't find any documentation about that. Just some old presentation (FreeIPA 3.3 Training Series) + also some old, maybe still valid, example: https://github.com/abbra/freeipa-userstatus-plugin. A documentation would be really good and helpful. Does anyone have some Notes, doesn't have to be a full polished documentation, some notes maybe some more examples for the current FreeIPA version? There is no documentation other than what is in IPA source code. You can look at other plugins on my github, like the one for FleetCommander integration. But you'd learn more by looking at the IPA's source code, especially checking git history and changes that introduce individual plugins. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: hostgroup automember rules
Hi Angus,
On pe, 20 touko 2022, Angus Clarke via FreeIPA-users wrote:
Hello
FreeIPA 4.6.8
We are very happy with hostgroup automember rules based on servername
attribute however one of our internal customers uses a generic
servername template for all of their servers regardless of its
function.
So I'm wondering what other attributes I might use for hostgroup
automember - perhaps some of the attributes can be configured by the
ipa-client-install (the host's "description" field perhaps) although I
don't see such mention in the man page ... Presumably they could use a
different enrollment user ("enrolledby") for each of their hostgroup
functions (not ideal.)
There are various attribute fields in the WebUI but I don't find much
documentation for them. What is the "|" field - perhaps I can exploit
this somehow?
Few years ago a customer of mine asked a similar question. Here is what
I answered:
--
You can use nsHardwarePlatform attribute (part of nsHost objectclass).
It is exposed as '--platform' in IPA CLI for 'ipa host-*' commands.
Originally it was supposed to be filled by the IPA client join process
to 'uname -m' value. ipa-join tools still sends it to the server but the
value is ignored completely by the join process. As the result,
nsHardwarePlatform attribute is never set on the host object.
I don't see any code in IPA itself that would rely on the content of
nsHardwarePlatform attribute. We have web UI tests upstream that modify
the field to test that you can modify it but that's all.
Alternatively, one can use userClass attribute (--class in IPA CLI for
host-* commands). This one is also not utilized and is left specifically
for the customers to define its semantics.
Another alternative is nsHostLocation attribute (--location in IPA CLI for
host-*
commands). Again, the semantics is totally left for customers to define.
--
There are two ways of setting these fields:
- prior to enrollment, by pre-creating a host and setting the
attributes at that time.
- after the enrollment, right from the host using host keytab
The former can be done by a designated user/service account and can be
tuned with custom permissions to allow such modification. The latter
relies on the fact that the host principal has some write rights
already:
# kinit -k
# ipa host-show `hostname` --rights --all
dn: fqdn=dc.ipa.test,cn=computers,cn=accounts,dc=ipa,dc=test
Host name: dc.ipa.test
Principal name: host/dc.ipa.t...@ipa.test
Principal alias: host/dc.ipa.t...@ipa.test
SSH public key: [skip]
SSH public key fingerprint: [skip]
Requires pre-authentication: True
Trusted for delegation: False
Trusted to authenticate as user: False
Password: False
Member of host-groups: ipaservers
Keytab: True
Managed by: dc.ipa.test
Managing: dc.ipa.test
attributelevelrights: {'aci': '', 'cn': 'rscwo', 'description': 'rscwo',
'enrolledby': 'rsc', 'fqdn': 'rsc', 'ipaassignedidview': 'rsc',
'ipaclientversion': 'rsc', 'ipakrbauthzdata': 'rsc', 'ipasshpubkey': 'rscwo',
'ipauniqueid': 'rsc', 'krballowedtodelegateto': '',
'krbauthindmaxrenewableage': '', 'krbauthindmaxticketlife': '',
'krbcanonicalname': 'rsc', 'krbextradata': '', 'krblastadminunlock': '',
'krblastfailedauth': '', 'krblastpwdchange': 'rscwo', 'krblastsuccessfulauth':
'', 'krbloginfailedcount': '', 'krbmaxrenewableage': '', 'krbmaxticketlife':
'', 'krbobjectreferences': '', 'krbpasswordexpiration': 'rsc',
'krbprincipalaliases': 'rsc', 'krbprincipalauthind': 'rsc',
'krbprincipalexpiration': 'rsc', 'krbprincipalkey': 'swo', 'krbprincipalname':
'rsc', 'krbprincipaltype': '', 'krbpwdhistory': '', 'krbpwdpolicyreference':
'', 'krbticketflags': '', 'krbticketpolicyreference': '', 'krbupenabled': '',
'l': 'rscwo', 'managedby': 'rsc', 'memberof': 'rsc', 'nsaccountlock': '',
'nshardwareplatform': 'rscwo', 'nshostlocation': 'rscwo', 'nsosversion':
'rscwo', 'objectclass': 'rsc', 'serverhostname': 'rsc', 'usercertificate':
'rscwo', 'userclass': 'rsc', 'userpassword': 'swo'}
cn: dc.ipa.test
ipauniqueid: b179f1ea-c4b8-11ec-9e86-52540083ff9d
krblastpwdchange: 20220425165647Z
objectclass: top, ipaobject, nshost, ipahost, ipaservice, pkiuser,
krbprincipalaux, krbprincipal, krbticketpolicyaux, ipasshhost,
ipaSshGroupOfPubKeys
serverhostname: dc
So, the host/dc.ipa.t...@ipa.test principal can write to:
- nsHardwarePlatform
- nsHostLocation
- nsOSVersion
- l (locality)
- description
but it cannot write to 'userClass' attribute.
A handy mapping between attributes and command parameters is
'show-mappings' command:
# ipa show-mappings host-mod
Parameter : LDAP attribute
= : ==
desc : description?
locality : l?
location : nshostlocation?
platform : nshardwareplatform?
os
[Freeipa-users] Extending FreeIPA (Schema, CI, UI)
Hello, running on the FreeIPA rocky-8-4.9.6 docker container. I would like to extend FreeIPA with the postfix-book schema. I need it for a mail server. Unfortunately I can't find any documentation about that. Just some old presentation (FreeIPA 3.3 Training Series) + also some old, maybe still valid, example: https://github.com/abbra/freeipa-userstatus-plugin. A documentation would be really good and helpful. Does anyone have some Notes, doesn't have to be a full polished documentation, some notes maybe some more examples for the current FreeIPA version? Thanks ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: hostgroup automember rules
Hi,
On Fri, May 20, 2022 at 11:48 AM Angus Clarke via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hello
>
> FreeIPA 4.6.8
>
> We are very happy with hostgroup automember rules based on servername
> attribute however one of our internal customers uses a generic servername
> template for all of their servers regardless of its function.
>
> So I'm wondering what other attributes I might use for hostgroup
> automember - perhaps some of the attributes can be configured by the
> ipa-client-install (the host's "description" field perhaps) although I
> don't see such mention in the man page ... Presumably they could use a
> different enrollment user ("enrolledby") for each of their hostgroup
> functions (not ideal.)
>
> There are various attribute fields in the WebUI but I don't find much
> documentation for them. What is the "|" field - perhaps I can exploit this
> somehow?
>
The automember group functionality is described in this chapter: Automating
group membership using IdM CLI
.
You can define a new hostgroup with an automember rule based on any
attribute defined in the schema. Just be aware that the conditions are
defined using Perl-compatible regular expressions (PCRE) format.
The 'l' attribute is an alias for 'locality' or 'localityname' and can
contain any string. For any attribute you can find its description in the
LDAP schema.
The host entries have multiple object classes. For instance if you run
ipa host-show server.ipa.test --all --raw
you can see all its objectclasses:
objectClass: top
objectClass: ipaobject
objectClass: nshost
objectClass: ipahost
objectClass: ipaservice
objectClass: pkiuser
objectClass: krbprincipalaux
objectClass: krbprincipal
objectClass: krbticketpolicyaux
objectClass: ipasshhost
objectClass: ipaSshGroupOfPubKeys
Each object class defines the mandatory/optional attributes that the entry
can contain. For instance in order to find the attributes for the *nshost*
objectclass:
ldapsearch -LLL -o ldif-wrap=no -b cn=schema -s base objectclasses | grep
-i nshost
objectclasses: ( nsHost-oid NAME 'nsHost' DESC 'Netscape defined
objectclass' SUP top STRUCTURAL MUST cn MAY ( serverHostName $ description
$ l $ nsHostLocation $ nsHardwarePlatform $ nsOsVersion ) X-ORIGIN
'Netscape' )
The *nshost* objectclass allows the presence of *serverhostname*,
*description*, *l* etc...
Now to find what *description* can contain:
ldapsearch -LLL -o ldif-wrap=no -b cn=schema -s base attributetypes | grep
-i description
attributetypes: ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN 'RFC 4519' )
The SYNTAX part defines the type of data (the RFC 4517
defines
1.3.6.1.4.1.1466.115.121.1.15 as a DirectoryString).
With this knowledge, you can pick an attribute where you want to store
information that can be used to group the hosts together, and create the
matching rule using this attribute.
If you are curious about LDAP schema in general, you can read the RFC 4519
.
HTH,
flo
> Any advice gladly received.
>
> Thanks a lot
> Angus
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
[Freeipa-users] hostgroup automember rules
Hello
FreeIPA 4.6.8
We are very happy with hostgroup automember rules based on servername attribute
however one of our internal customers uses a generic servername template for
all of their servers regardless of its function.
So I'm wondering what other attributes I might use for hostgroup automember -
perhaps some of the attributes can be configured by the ipa-client-install (the
host's "description" field perhaps) although I don't see such mention in the
man page ... Presumably they could use a different enrollment user
("enrolledby") for each of their hostgroup functions (not ideal.)
There are various attribute fields in the WebUI but I don't find much
documentation for them. What is the "|" field - perhaps I can exploit this
somehow?
Any advice gladly received.
Thanks a lot
Angus
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
[Freeipa-users] FreeIPA and DHCP @home
I am aware of the fact that there is no actual need for neatly integrating DHCP into FreeIPA. At least in enterprise environments. As my home network has grown over the years I am thinking about using FreeIPA at home as well. Wouldn't it be sufficient to let a DHCP server make dynamic updates to the DNS zone managed by FreeIPA's bind server to make it work? I know a real integration would require much more. But would it be sufficient for a home setup? Cheers, Ronald ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
