On ke, 22 huhti 2020, Natxo Asenjo via FreeIPA-users wrote:
hi,
On Wed, Apr 22, 2020 at 7:26 PM Natxo Asenjo wrote:
In order to use AD nested groups, do we need to add an external IDM group
for every nested group?
specifically, our AD people have global groups (account groups, they say)
wi
On Mon, Apr 13, 2020 at 08:50:38AM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
> On su, 12 huhti 2020, Fredrik Arneving via FreeIPA-users wrote:
> > Hi Alexander,
> >
> > Thank you for explaining this to me.
> > Next question:
> >
> > Given that my "oranizationName" is given on the command
hi,
On Wed, Apr 22, 2020 at 7:26 PM Natxo Asenjo wrote:
>
> In order to use AD nested groups, do we need to add an external IDM group
> for every nested group?
>
> specifically, our AD people have global groups (account groups, they say)
with the user accounts, and the domain local groups (resou
hi,
we have a working one way trust between an AD forest and a RHEL 7 forest.
In order to use AD nested groups, do we need to add an external IDM group
for every nested group?
--
Groeten,
natxo
___
FreeIPA-users mailing list -- freeipa-users@lists.fed
Hi Morgan,
Sure. The most immediate and safest action is to do
|dn: cn=config changetype: modify replace: nsslapd-ignore-time-skew
nsslapd-ignore-time-skew: on |
On all servers in the topology (no need to restart). Then monitor if
replication is catching up.
Okay NTP issues is likely the RC
Hi.
I don't have access to RedHat portal :(
There are similar articles in a public forum?
Anyway ... could I stop ipa-server, change the value of
*nsslapd-ignore-time-skew* into
*/etc/dirsrv/slapd-IPA-MYDOMAIN-COM/dse.ldif* and start again the server?
Or is more complicated to change the configur
Hi Philipp,
You might not want to use wildcard certificates (
https://tools.ietf.org/html/rfc6125#section-7.2).
I don't know of any module that can directly manage certprofiles and
ca-acls using Ansible and FreeIPA. It is not the best solution, but you
might use `command` and follow the Howto/Wil
Hi,
CSN generator time skew is a pending issue still under investigation.
At the moment the way your csn generator is messed up looks not fatal.
You can allow replication to continue with the setting of
nsslapd-ignore-time-skew on all servers.
(https://access.redhat.com/solutions/1162703)
I