Just realised this breaks the JSON-RPC call on enrolling a new host
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fed
Still have not managed to get past this latest issue, ldap is still broken. Any
one have any advice on how to proceed?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedora
Harald Dunkel via FreeIPA-users wrote:
> Hi folks,
>
> I have almost completed the FreeIPA migration from CentOS7 to Rocky8
> (FreeIPA 4.9.11).
> Domain replications seems to be fine, but I get a replication error for ca:
>
> [root@ipa2 ~]# ipa-csreplica-manage -v list ipaca8.example.com
> Direct
Polavarapu Manideep Sai wrote:
> Hi Rob,
>
> I am using VERSION: 4.5.0, API_VERSION: 2.228, so couldn't possible to use
> ipa-cacert-manage list
>
> Please let me know if more details required on this
You'll need to try removing it manually using ldapdelete. The entries
are stored in cn=certifi
Jernej Jakob via FreeIPA-users wrote:
> The "ipa-advise config-client-for-smart-card-auth" script enables OCSP
> checks in httpd, the RHEL docs say to disable it if the client
> certificates don't have an OCSP responder URL (third-party CA). [1]
>
> Apache httpd has an undocumented flag "no_ocsp_f
The "ipa-advise config-client-for-smart-card-auth" script enables OCSP
checks in httpd, the RHEL docs say to disable it if the client
certificates don't have an OCSP responder URL (third-party CA). [1]
Apache httpd has an undocumented flag "no_ocsp_for_cert_ok" which will
pass certificates without