Hey,
We have three masters. One is CentOS 7, the other two are CentOS 8 Stream.
I'm seeing many plugins on the CentOS 7 in cn=plugins,cn=config (about 388
entries)
But on the CentOS 8 systems there are very few plugins (about 30 entries).
Is that normal?
BTW. I struggling with nameservers not
> On ma, 28 kesä 2021, Joseph Fry via FreeIPA-users wrote:
>
> %deref() looks for directly referenced entries' content. %deref_r()
> chases all links by the attribute until the end. It allows you do
> hierarchical group traversal. This is all described in the
> format-specifiers.txt documentation.
On ma, 28 kesä 2021, Joseph Fry via FreeIPA-users wrote:
Perfect, thanks!
Just curious... Can you explain why %deref_r works in this line, but
just a plain %deref does't? default:schema-compat-entry-attribute:
member=cn=%deref_r("member","fqdn"),cn=adcomputers,cn=compat,$SUFFIX
Essentially I a
Perfect, thanks!
Just curious... Can you explain why %deref_r works in this line, but just a
plain %deref does't?
default:schema-compat-entry-attribute:
member=cn=%deref_r("member","fqdn"),cn=adcomputers,cn=compat,$SUFFIX
Essentially I am just taking the fqdn of the ipahost member attribute a
Joseph Fry via FreeIPA-users wrote:
> Thanks for that, would have been useful.
>
> However it still doesn't lay out all of the functions. I had to figure out
> that %deref_r allowed me to do a %deref but append a string to every result,
> through trial and error.
>
> I never did figure out wha
Thanks for that, would have been useful.
However it still doesn't lay out all of the functions. I had to figure out
that %deref_r allowed me to do a %deref but append a string to every result,
through trial and error.
I never did figure out what the %deref_f , %deref_rf, %link and %collect
fu
Hi,
the doc for the schema compatibility plugin is available here:
- https://pagure.io/slapi-nis/blob/master/f/doc/sch-getting-started.txt
- https://pagure.io/slapi-nis/blob/master/f/doc/sch-configuration.txt
HTH,
flo
On Mon, Jun 28, 2021 at 4:28 PM Rob Crittenden via FreeIPA-users <
freei
Hi,
according to Password policies in IdM [1]:
Min lifetime
The minimum amount of time in hours that must pass between two password
change operations.
Min lifetime = 1
After users change their passwords, they must wait at least 1 hour before
changing them again.
Hope this clarifies,
flo
[1]
Hi,
SSSD is also using a memory cache, and you need to remove the files in
/var/lib/sss/mc/ in order to clean it. Its lifetime and size can also be
set in sssd.conf, please look for memcache_* in sssd.conf man page.
flo
On Fri, Jun 25, 2021 at 5:28 PM iulian roman via FreeIPA-users <
freeipa-use
Joseph Fry via FreeIPA-users wrote:
> Well, I managed to figure out the %deref_r directive is what I was looking
> for and got my update file working. I am posting it here for anyone who
> wants to do the same. Its actually pretty simple... just creates two
> containers in compat, one contains
Thanks for this. It's a bug in freeipa-healthcheck. I opened
https://github.com/freeipa/freeipa-healthcheck/issues/217
Unfortunately other than removing the server as a hidden server there is
no workaround other than to ignore the false positive until a new build
can be made.
rob
Duncan Mortimer
Hello Team
I have a small question, about a new password reseted.
I have into policy password:
Min availability 1 days and max 90 days
That means, if I reset a password, the temporary is available 24h ?
Can you confirm?
FreeIPA : 4.6.5
Bien à vous
Mr Karim Bourenane
+33686464439
+32 493 86 63 5
Hi,
it seems the error happens when you run commands that require communication
between IPA framework and the Certificate Server (like ipa ca-show). The
workflow is the following:
1. the client (= the command "ipa ca-show") is a python process that
communicates with httpd on the secure port. It se
Hi,
LDAP search on the node in question results in the following.
ldapsearch -Y GSSAPI -b
cn=ADTRUST,cn=`hostname`,cn=masters,cn=ipa,cn=etc,dc=my,dc=domain
SASL/GSSAPI authentication started
SASL username: ad...@ipa.my.domain
SASL SSF: 256
SASL data security layer installed.
# extended LDIF
#
#
Yes, i tried smbclient -k with this credentials - it worked.Without -k works nothing.Sorry, i know nothing about NTLMSSP. I found some strange solution:on AD controller i made link on share - mklink /d "C:\scan" "\\FILES.FS.LAN\common\scan"and then made share for this directory.Now all works this w
15 matches
Mail list logo