[Freeipa-users] Re: ds-replcheck error after updating today

Excellent, thank you! I was going to reach out to you directly but found the mailing list instead. I appreciate your help! On Mon, Nov 7, 2022 at 12:44 PM Alexander Bokovoy wrote: > > I'm on mobile, so top post, sorry. > > Schema compatibility tree is not replicated, it is generated on every re

[Freeipa-users] Re: ds-replcheck error after updating today

I'm on mobile, so top post, sorry. Schema compatibility tree is not replicated, it is generated on every replica using the data from the primary tree. So replication check is correct, it was never replicated in post as well. ou=sudoers is handled by the same plugin so the behavior is expected. O

[Freeipa-users] ds-replcheck error after updating today

I'm running Springdale 7 (a RHEL derivative). I have three IPA servers in a multi-master configuration with schema-compat-plugin turned on (old NIS-based netgroup authorization for NFS mounts which has carried over to newer file servers as well). Last week I updated these packages when they becam

[Freeipa-users] IPA Client / access from another domain and realm possible ?

Hello Team Im on CentOS 7.9, with IPA server under 4.6.8. My IPA server manages a domain/realm AAA.com. I would like it to be accessible also via ssh from another domain/realm BBB.com and also to use Kerberos token from BBB.com to use sudo management. It possible ? How should I proceed? If you c

[Freeipa-users] Re: using custom 389ds package

Hi, On Mon, Nov 7, 2022 at 9:24 AM dweller dweller via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > I need to use recompiled with "-fno-omit-frame-pointer" version of 389ds > server for test purposes as a part of FreeIPA. How would I approach such > installation. > I navigated t

[Freeipa-users] Re: Cannot obtain CA certificate

Hi, On Wed, Nov 2, 2022 at 2:39 PM Ronald Wimmer via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > When trying to enroll some IPA clients (RHEL 7.9) I do get the following > error: > > Cannot obtain CA certificate > 'ldap://pipag01.linux.gleis.at' doesn't have a certificate. > In

[Freeipa-users] using custom 389ds package

I need to use recompiled with "-fno-omit-frame-pointer" version of 389ds server for test purposes as a part of FreeIPA. How would I approach such installation. I navigated through freeipa code on github and didn't find exactly the point where FreeIPA handles installation of packages (bind, 389-d