Hi all
Just an observation really, some of our users complained that their IdM login
names did not match other systems' - we saw IdM as the easiest place to fix
this (as opposed to modifying local accounts on hundreds of none-IdM enabled
*nix boxes around the estate)
Rightly or wrongly, the ap
On ke, 21 elo 2019, TomK via FreeIPA-users wrote:
Hey All,
The primary master I have has the kadmin principal for it:
kadmin/ipa03.mws.mds@mws.mds.xyz
The slave (idmipa04) doesn't have a corresponding kadmin/... principal
entry. Can't find these principals in the UI.
It is only created
On ke, 21 elo 2019, Jonathan Vaughn via FreeIPA-users wrote:
Ah, I didn't realize I could do SSL termination in TCP mode. That would
certainly solve our LDAP HA problem with less effort! I'll try that.
Note that FreeIPA doesn't really use LDAPS (and there is no such thing
as LDAPS in protocol sp
On ke, 21 elo 2019, Jonathan Vaughn via FreeIPA-users wrote:
Okay, I think I finally got somewhere.
Created the host for the load balancers:
# ipa host-add ipa.example.com
Added a LDAP service for it:
# ipa service-add LDAP/ipa.example.com
Added both IPA servers to the "managed by" attribute:
On Wed, Aug 21, 2019 at 07:10:50PM -, Martijn Bakkes via FreeIPA-users
wrote:
> SSSD_NSS SERVER log
>
> (Wed Aug 21 14:08:13 2019) [sssd[nss]] [setup_client_idle_timer] (0x4000):
> Idle timer re-set for client [0x559f771f0e20][21]
> (Wed Aug 21 14:08:28 2019) [sssd[nss]] [get_client_cred] (0
Hey All,
The primary master I have has the kadmin principal for it:
kadmin/ipa03.mws.mds@mws.mds.xyz
The slave (idmipa04) doesn't have a corresponding kadmin/... principal
entry. Can't find these principals in the UI.
1) Should the slave installer have created the slave kadmin/... princ
Ah, I didn't realize I could do SSL termination in TCP mode. That would
certainly solve our LDAP HA problem with less effort! I'll try that.
On Wed, Aug 21, 2019 at 8:27 PM Daniel Oetken via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Why doesn’t terminating SSL on the proxy wo
Why doesn’t terminating SSL on the proxy work with LDAPS? Because it should,
and says so too here:
https://www.mail-archive.com/haproxy@formilux.org/msg21657.html
Though, I’m looking into the same thing to add SAN to the server certificate
and wondering about similar questions. When you look a
Okay, I think I finally got somewhere.
Created the host for the load balancers:
# ipa host-add ipa.example.com
Added a LDAP service for it:
# ipa service-add LDAP/ipa.example.com
Added both IPA servers to the "managed by" attribute:
# ipa service-add-host LDAP/ipa.example.com --host ipa-11.examp
On Wed, Aug 21, 2019 at 04:29:36PM -, Martijn Bakkes via FreeIPA-users
wrote:
> > On Wed, Aug 21, 2019 at 04:15:38PM -, Martijn Bakkes via FreeIPA-users
> > wrote:
> >
> > Can you send me the versions of some related packages:
> >
> > rpm -qa sssd
> > rpm -qa libtalloc
> > r
> On Wed, Aug 21, 2019 at 04:15:38PM -, Martijn Bakkes via FreeIPA-users
> wrote:
>
> Can you send me the versions of some related packages:
>
> rpm -qa sssd
> rpm -qa libtalloc
> rpm -qa libtdb
> rpm -qa libldb
> rpm -qa libtevent
>
> bye,
> Sumit
>
> > ___
On Wed, Aug 21, 2019 at 04:15:38PM -, Martijn Bakkes via FreeIPA-users
wrote:
> > On Wed, Aug 21, 2019 at 01:57:30PM -, Martijn Bakkes via FreeIPA-users
> > wrote:
> > ...
> > SSSD_NSS SERVER logs
> > ...
> > ...
> >
> > Those are lookups in the local cache and there should be even an in
> On Wed, Aug 21, 2019 at 01:57:30PM -, Martijn Bakkes via FreeIPA-users
> wrote:
> ...
> SSSD_NSS SERVER logs
> ...
> ...
>
> Those are lookups in the local cache and there should be even an index
> on those attributes. Is there an application on the IPA server doing
> heavy I/O or is there
On Wed, Aug 21, 2019 at 01:57:30PM -, Martijn Bakkes via FreeIPA-users
wrote:
> Adding logs with debug set to 6.
> Below will be server and client from the same request. The difference in
> timestamp between the request start on server and client corresponds to about
> the amount of time it
sssd_nss logs from the client
(Wed Aug 21 09:01:09 2019) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data
Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
(Wed Aug 21 09:01:09 2019) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data
Provider returned an error [org.fre
On Tue, Aug 20, 2019 at 07:30:23PM -, Martijn Bakkes via FreeIPA-users
wrote:
> Server side SSSD logs:
Hi,
can you send the corresponding sssd_nss.log as well? There are some odd
delays in the backend log and since the NSS responder is sending those
requests it would be good to know what the
16 matches
Mail list logo