On 05/22/2014 05:52 PM, thierry bordaz wrote:
On 05/22/2014 04:38 PM, Martin Kosek wrote:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
On 05/21/2014 10:00 PM, Dmitri Pal wrote:
On 05/19/2014 10:45 AM, thierry bordaz wrote:
On 05/19/2014 04:44 PM, Jan Cholasta wrote:
On 19.5.2014 16:34,
On 05/23/2014 07:48 AM, Jan Cholasta wrote:
On 22.5.2014 19:27, Simo Sorce wrote:
On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
On 05/21/2014 03:06 PM, Martin Kosek wrote:
On 05/21/2014 08:14 PM, Simo Sorce wrote:
On Wed, 2014-05-21 at 16:01
On 05/23/2014 08:29 AM, Martin Kosek wrote:
On 05/22/2014 05:52 PM, thierry bordaz wrote:
On 05/22/2014 04:38 PM, Martin Kosek wrote:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
On 05/21/2014 10:00 PM, Dmitri Pal wrote:
On 05/19/2014 10:45 AM, thierry bordaz wrote:
On 05/19/2014 04:44 PM,
On 05/23/2014 09:34 AM, thierry bordaz wrote:
On 05/23/2014 08:29 AM, Martin Kosek wrote:
On 05/22/2014 05:52 PM, thierry bordaz wrote:
On 05/22/2014 04:38 PM, Martin Kosek wrote:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
On 05/21/2014 10:00 PM, Dmitri Pal wrote:
On 05/19/2014 10:45 AM,
On 05/23/2014 10:04 AM, Martin Kosek wrote:
On 05/23/2014 09:34 AM, thierry bordaz wrote:
On 05/23/2014 08:29 AM, Martin Kosek wrote:
On 05/22/2014 05:52 PM, thierry bordaz wrote:
On 05/22/2014 04:38 PM, Martin Kosek wrote:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
On 05/21/2014 10:00
On Thu, 22 May 2014, Petr Viktorin wrote:
On 05/22/2014 05:13 PM, Petr Vobornik wrote:
On 22.5.2014 17:00, Nathaniel McCallum wrote:
On Thu, 2014-05-22 at 10:53 -0400, Nathaniel McCallum wrote:
On Thu, 2014-05-22 at 16:45 +0200, Petr Viktorin wrote:
On 05/22/2014 04:12 PM, Nathaniel McCallum
On 23.5.2014 10:13, Petr Viktorin wrote:
On 05/23/2014 08:33 AM, Martin Kosek wrote:
On 05/23/2014 07:48 AM, Jan Cholasta wrote:
On 22.5.2014 19:27, Simo Sorce wrote:
On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
On 05/21/2014 03:06 PM,
On Fri, 23 May 2014, Jan Cholasta wrote:
On 22.5.2014 16:21, Nathaniel McCallum wrote:
I still need a review on this.
On Wed, 2014-05-07 at 10:06 -0400, Nathaniel McCallum wrote:
On Wed, 2014-05-07 at 15:54 +0200, Petr Vobornik wrote:
On 6.5.2014 17:07, Nathaniel McCallum wrote:
On Tue,
On 05/23/2014 10:22 AM, thierry bordaz wrote:
On 05/23/2014 10:04 AM, Martin Kosek wrote:
On 05/23/2014 09:34 AM, thierry bordaz wrote:
...
3) inactivate the user
(active to inactive) ipa user-inactivate# (after the command
ipaUniqueID=final value)
Here
On 05/22/2014 04:20 PM, Petr Viktorin wrote:
On 05/21/2014 12:14 PM, Simo Sorce wrote:
On Wed, 2014-05-21 at 08:03 +0200, Martin Kosek wrote:
On 05/16/2014 04:33 PM, Petr Viktorin wrote:
On 05/16/2014 01:54 PM, Martin Kosek wrote:
On 04/29/2014 11:00 PM, Petr Viktorin wrote:
Patch 0540 adds
On 05/23/2014 10:55 AM, Martin Kosek wrote:
On 05/23/2014 10:22 AM, thierry bordaz wrote:
On 05/23/2014 10:04 AM, Martin Kosek wrote:
On 05/23/2014 09:34 AM, thierry bordaz wrote:
...
3) inactivate the user
(active to inactive) ipa user-inactivate# (after the command
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that automating
FreeIPA is awesome.
Please point me to any docs, if
On 05/22/2014 04:03 PM, Petr Viktorin wrote:
On 05/21/2014 08:08 AM, Martin Kosek wrote:
On 05/19/2014 03:27 PM, Petr Viktorin wrote:
On 05/16/2014 02:00 PM, Martin Kosek wrote:
On 04/29/2014 11:02 PM, Petr Viktorin wrote:
I didn't test this as much as I'd like to, but it might come in handy
On 05/23/2014 06:42 AM, Martin Kosek wrote:
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that automating
FreeIPA is
On 05/23/2014 03:28 PM, Dmitri Pal wrote:
On 05/23/2014 06:42 AM, Martin Kosek wrote:
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in
Dmitri Pal wrote:
On 05/23/2014 06:42 AM, Martin Kosek wrote:
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that
Martin Kosek wrote:
On 05/23/2014 07:48 AM, Jan Cholasta wrote:
On 22.5.2014 19:27, Simo Sorce wrote:
On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
On 05/21/2014 03:06 PM, Martin Kosek wrote:
On 05/21/2014 08:14 PM, Simo Sorce wrote:
On
On 05/20/2014 11:16 AM, Jan Cholasta wrote:
On 20.5.2014 08:28, Martin Kosek wrote:
Hi there,
I checked the update CA Certificate renewal feature design page and one part
seemed awkward to me:
http://www.freeipa.org/page/V4/CA_certificate_renewal#Shared_certificate_store
IIUC, when there
On Fri, 2014-05-23 at 10:59 +0200, Martin Kosek wrote:
On 05/22/2014 04:20 PM, Petr Viktorin wrote:
On 05/21/2014 12:14 PM, Simo Sorce wrote:
On Wed, 2014-05-21 at 08:03 +0200, Martin Kosek wrote:
On 05/16/2014 04:33 PM, Petr Viktorin wrote:
On 05/16/2014 01:54 PM, Martin Kosek wrote:
On Fri, 2014-05-23 at 08:33 +0200, Martin Kosek wrote:
On 05/23/2014 07:48 AM, Jan Cholasta wrote:
On 22.5.2014 19:27, Simo Sorce wrote:
On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
On 05/21/2014 03:06 PM, Martin Kosek wrote:
On
On Fri, 2014-05-23 at 10:13 -0400, Rob Crittenden wrote:
This, I believe, has already been covered, but I'm concerned with the
(over)use of active/inactive in this discussion.
I think use of inactive and active to describe users might be
confusing since there is already an account
On Fri, 2014-05-23 at 17:18 +0200, thierry bordaz wrote:
On 05/23/2014 05:03 PM, Simo Sorce wrote:
On Fri, 2014-05-23 at 10:07 +0200, thierry bordaz wrote:
On 05/22/2014 07:21 PM, Simo Sorce wrote:
On Thu, 2014-05-22 at 17:52 +0200, thierry bordaz wrote:
On 05/22/2014 04:38 PM, Martin
On 05/23/2014 10:13 AM, Petr Viktorin wrote:
On 05/23/2014 08:33 AM, Martin Kosek wrote:
On 05/23/2014 07:48 AM, Jan Cholasta wrote:
On 22.5.2014 19:27, Simo Sorce wrote:
On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
On 05/21/2014 03:06 PM,
On Fri, 2014-05-23 at 17:47 +0200, thierry bordaz wrote:
About membership. I think it could be risky to keep membership in
'delete' or 'stage'. Those entries are not valid user and should not
belong to any active group. Should we keep membership attributes in
those state or let the plugin
On Fri, 2014-05-23 at 12:42 +0200, Martin Kosek wrote:
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that automating
On Fri, 2014-05-23 at 09:28 -0400, Dmitri Pal wrote:
I guess the question is more:
If I am root is there any way to do the operation without providing
the
password but rather using something like LDAPI to drive the operation.
The issue is that if you use puppet there is no way to get the
On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
One cannot easily improve ipa-replica-prepare to work through LDAPI as
we also
need to encypher the replica info package - and we cannot do that
without clear
text DM password.
The right way seems to be rather the RFE you filed:
On Wed, 2014-05-14 at 14:08 -0400, Nathaniel McCallum wrote:
Occasionally OTP tokens get out of sync with the server. When this
happens, the user or an admin need to synchronize the token. To this
end, we landed server-side synchronization support, which is a simple
bind with a custom control.
On Fri, 2014-05-23 at 17:16 -0400, James wrote:
On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
One cannot easily improve ipa-replica-prepare to work through LDAPI as
we also
need to encypher the replica info package - and we cannot do that
without clear
text DM password.
On Fri, May 23, 2014 at 7:49 PM, Simo Sorce s...@redhat.com wrote:
On Fri, 2014-05-23 at 17:16 -0400, James wrote:
On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
One cannot easily improve ipa-replica-prepare to work through LDAPI as
we also
need to encypher the replica info package
On Fri, 2014-05-23 at 21:26 -0400, James wrote:
On Fri, May 23, 2014 at 7:49 PM, Simo Sorce s...@redhat.com wrote:
On Fri, 2014-05-23 at 17:16 -0400, James wrote:
On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
One cannot easily improve ipa-replica-prepare to work through LDAPI as
On Fri, 2014-05-23 at 22:50 -0400, Simo Sorce wrote:
No, but those need to be accessible to the user, I think you can
create
a meta-package that contains those password when you create the first
master, encrypted in a gpg file with private keys only stored in the
freeipa servers.
I do
On Fri, 2014-05-23 at 22:57 -0400, James wrote:
On Fri, 2014-05-23 at 22:50 -0400, Simo Sorce wrote:
No, but those need to be accessible to the user, I think you can
create
a meta-package that contains those password when you create the first
master, encrypted in a gpg file with private
33 matches
Mail list logo