On pe, 23 elo 2019, TomK wrote:
On 8/22/2019 2:46 AM, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 21 elo 2019, TomK via FreeIPA-users wrote:
Hey All,
The primary master I have has the kadmin principal for it:
kadmin/ipa03.mws.mds@mws.mds.xyz
The slave (idmipa04) doesn't have a corr
On 8/22/2019 2:46 AM, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 21 elo 2019, TomK via FreeIPA-users wrote:
Hey All,
The primary master I have has the kadmin principal for it:
kadmin/ipa03.mws.mds@mws.mds.xyz
The slave (idmipa04) doesn't have a corresponding kadmin/... principal
e
I read somewhere you can do that with the post-action
> On Aug 22, 2019, at 4:15 PM, Jonathan Vaughn via FreeIPA-users
> wrote:
>
>
> Just to follow up on this, I did get HAproxy working with SSL termination in
> TCP mode.
>
> The only annoyance on this setup now is that HAproxy wants the S
Just to follow up on this, I did get HAproxy working with SSL termination
in TCP mode.
The only annoyance on this setup now is that HAproxy wants the SSL
certificate and key in one PEM encoded file, not separate files. So
eventually I'll have to cat the two into one again when it eventually
expire
On Thu, Aug 22, 2019 at 01:11:28PM -, Martijn Bakkes via FreeIPA-users
wrote:
> > On Wed, Aug 21, 2019 at 07:10:50PM -, Martijn Bakkes via FreeIPA-users
> > wrote:
> > ...
> >
> > Hi,
> >
> > here everything happened in 14:08:28, so there is no visible delay in the
> > logs. Did you see
On Tue, Aug 20, 2019 at 01:13:09PM +0200, Ronald Wimmer via FreeIPA-users wrote:
> SSSD seems to work now and I can login to Keycloak with an IPA user.
> Unfortunately, when trying to use an AD user I get an exception:
>
> Aug 20 13:10:46 keycloak-test.linux.mydomain.at standalone.sh[16537]:
> 13:
> On Wed, Aug 21, 2019 at 07:10:50PM -, Martijn Bakkes via FreeIPA-users
> wrote:
> ...
>
> Hi,
>
> here everything happened in 14:08:28, so there is no visible delay in the
> logs. Did you see a delay on the client for this attempt?
>
> Can you try again and send new logs which "hopefully"
On to, 22 elo 2019, Jonathan Vaughn wrote:
Well, the specific products we need to talk to FreeIPA support LDAPS
(implicit SSL via port 636, rather than explicit via STARTTLS on port 389 -
in fact at least some only support implicit), 389DS does support LDAPS
(even if it is not a FreeIPA sanctione
Well, the specific products we need to talk to FreeIPA support LDAPS
(implicit SSL via port 636, rather than explicit via STARTTLS on port 389 -
in fact at least some only support implicit), 389DS does support LDAPS
(even if it is not a FreeIPA sanctioned mode), so as the saying goes if
it's stupid
> You can rename accounts with
>
> ipa user-mod --rename
Thanks for the tip Alex
> How did you disable it? 'ipa user-disable'? This just leaves this user
> in the tree and marks its account not possible to use for
> authentication.
Most likely one of my guys disabled accounts via the web interface
On to, 22 elo 2019, Angus Clarke via FreeIPA-users wrote:
Hi all
Just an observation really, some of our users complained that their IdM
login names did not match other systems' - we saw IdM as the easiest
place to fix this (as opposed to modifying local accounts on hundreds
of none-IdM enabled
11 matches
Mail list logo