https://pagure.io/389-ds-base/pull-request/50072
says: "Transient errors are temporary conditions that usually resolve
themselves."
What are actually that errors are? We have some amount of them spreading
somtimes. What causes them and what they actually affect or may affect in
future?
Can I
Thanks a lot!
On Wed, May 29, 2019 at 4:06 PM Andrey Bondarenko
wrote:
> T
>
> On Wed, May 29, 2019 at 1:43 PM Alexander Bokovoy
> wrote:
>
>> On ke, 29 touko 2019, Andrey Bondarenko via FreeIPA-users wrote:
>> >Hello,
>> >
>> >Is the SOA ge
T
On Wed, May 29, 2019 at 1:43 PM Alexander Bokovoy
wrote:
> On ke, 29 touko 2019, Andrey Bondarenko via FreeIPA-users wrote:
> >Hello,
> >
> >Is the SOA generation algorithm for zones documented anywhere or anyone by
> >chance knows what it is?
> >
>
Hello,
Is the SOA generation algorithm for zones documented anywhere or anyone by
chance knows what it is?
We have cluster of 8 nodes and SOA is different on some IPAs in some zones
(with huge amount of changes). But if I make a change I actually see it on
different IPA.
Also, restarting IPA
Hi,
My IPA shows every user as "disabled" when in UI I go to the user's page.
Also the password policy fields are empty and if I am filling in something
new like phone number it's not showing up in the IU after I save it. But in
cli everything is correct and shown. Users list also shows everyone
m%d00Z")(notAfter>=date "+%Y%m%d00Z"))"
On Mon, Feb 25, 2019 at 4:31 PM Rob Crittenden wrote:
> Andrey Bondarenko via FreeIPA-users wrote:
> > Hello,
> >
> > Are there any possibilities to fetch certificates from the IPA that are
> &g
Hello,
Are there any possibilities to fetch certificates from the IPA that are (1)
valid, (2) will expire in 20 (for example) days?
ipa cert-find --validnotafter-to=`date -d "+20 days" "+%Y-%m-%d"
shows revoked serts, unfortunately. May be some ldapsearch?
--
With best regards,
Andrey
wrote:
> Andrey Bondarenko via FreeIPA-users wrote:
> > Hello,
> >
> > in a situation when freeipa is exposed interface to the internet, there
> > would be bolts trying to bruteforce admin account that made it locked. I
> > come with modsecurity setting for the ns
Hello,
in a situation when freeipa is exposed interface to the internet, there
would be bolts trying to bruteforce admin account that made it locked. I
come with modsecurity setting for the nss.conf:
SecRule ARGS:user "@contains admin" "id:1234,deny,status:403"'
Admin user is no longer
You can try to convert it to some other format like
https://www.sslshopper.com/ssl-converter.html
On Tue, Nov 13, 2018 at 10:58 AM Kees Bakker via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi,
>
> When I import my FreeIPA's ca.crt in Google Chrome I'm getting
> an error:
>
It would create CSR for you on install.
On Wed, Oct 31, 2018 at 1:22 PM Henrik Johansson via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hello,
>
> I am looking at using FreeIPA without CA, using external signed
> certificates, reading the documentations it looks possible
Hello,
Just want to share that is known issue to our cluster:
1 - install new replica
2 - install of the replica fails for any reason (in my case it was due to I
am unable to set the server which custodia uses in the ipa-server-istall
command line)
3 - ipa-server-install --uninstall
4 - RUVs
n LDAP, am I correct? Wouldn't I
> > brake the consistency of the IPA if I will ldapdelete them?
>
> Re-run ipa-certupdate to refresh local files/NSS databases.
>
> rob
>
> >
> > On Mon, Oct 15, 2018 at 4:52 PM Rob Crittenden > <mailto:rcrit...@redhat.co
Crittenden wrote:
> Andrey Bondarenko via FreeIPA-users wrote:
> > Hello,
> >
> > If anyone can point me in the right direction how to remove CA's certs I
> > don't need from the freeipa safely?
>
> Remove from where? How were they added?
>
> rob
>
--
W
Hello,
If anyone can point me in the right direction how to remove CA's certs I
don't need from the freeipa safely?
--
With best regards,
Andrey Bondarenkomail:me@andreybondarenko.comhttps://andreybondarenko.com
skype:andrey.bondarenko
phone, Telegram, WhatsApp, etc:+420-773-591-443
7758
Hello,
Do we have private key on all nodes of the FreeIPA cluster? I am confused
with comment
create_pkcs12 tells us whether we should create a PKCS#12 file
of the CA or not. If we are running on a replica then we won't
have the private key to make a PKCS#12 file so we don't need to
do that
in the variables
and at the moment /etc/pki/pki-tomcat/ does not exist. Is it expected? Was
it there on the stage when ca-spawn was active?
On Mon, Oct 1, 2018 at 2:16 PM Rob Crittenden wrote:
> Andrey Bondarenko via FreeIPA-users wrote:
> > Hello,
> >
> > I have IPA cluster with sev
Hi,
did you have resolved this issue?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
Hello,
I have IPA cluster with several nodes and I have a problem installing there
another replica with CA enabled. If I want to add CA role to one of the
nodes:
[root@ipa01:~] ipa-ca-install -w SECRET
Directory Manager (existing master) password:
Run connection check to master
Connection check
Bret, did you have any luck in the end of the day?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
20 matches
Mail list logo