Apparently just to let you know, the approach we followed worked out in the
end, we made it work with the same file just not having intro spaces in the
file. And now the change is in place.
Thank you for your comments,
Terveisin,
gcol
___
FreeIPA-user
Just thinking about this topic, is this wrong approach to test a new schema
change and there is a better command and sintax to do it via freeipa?
Kind regards,
gcol
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe se
Hello Alexander,
Thank you for your comments, they are really helpful :)
The command would be: ipa-ldap-updater --schema-file ./01authkey.ldif ?
About the format what would be wrong or what would be the correct format for
our file.
We were following an freeipa user guide, but perhaps there w
Hello,
Also thinking if perhaps there is a missing field in the file created below:
customised on the template below. **
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 2.25.28639311321113238241701611583088740684.14.2.1.1
NAME 'authKey'
EQUALITY caseIgno
This thread can be closed
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-condu
.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: htt
Dear FreeIPA team,
We have been trying to add a new attribute to our FreeIPA ldap configuration
from the command line, but seemed not to work as expected.
I provide the steps below:
cd /usr/share/ipa
ipa-ldap-updater --schema-file 01auhkey.ldif
**File content: The content is qu
Not sure about your previous messages. Let me know if you can help me with
this. I really appreciate it.
Thank you for your help,
gcol
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-l
Hi Ernedyn and Harry,
Does this mean that FreeIPA doesn't have this functionality?
Aker I understand is a different piece of software not related with FreeIPA? My
version is 4.6.8.
About those bugs mentioned, is this referring to the Aker implementation with
FreeIPA?
Thank you for your help.
g
Hello Team,
I was wondering how I can configure FreeIPA as a bastion server when I ssh
other hosts.
Basically FreeIPA would be in the middle of the ssh approval to access to the
specific server via ssh. Is a functionality that FreeIPA has at the moment?
Thank you for your help,
gcol
___
Hi Flo,
The reason is I am trying to access from apache directory studio app freeipa
ldap and is asking Bind DN or user and the Bind password.
the bind is the dc=domain dc=com
But Not very sure what is the bind password..
Thank you for your help
gcol
___
Hello,
I also would like to know where I can find the user associated to the basedn is
it root or admin or something else?
I was trying to find the config file for more clues about this, but I couldn't
find it.
Thank you for your help,
gcol
___
Free
Hello,
I would like to get more details about how to import openldap data to FreeIPA.
Perhaps, there is some documentation in reference to this topic.
Thank you for your help,
gcol
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
Thank you Rob for your guidance! I confirm I was able to sorted it out
following these instructions.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora
I was trying to compare openldap with freeipa, but I cannot find the
configuration for ldap in freeipa, is a plugin that needs to be installed
separately?
If there is an option, where is the UI web interface?
Thank you for your help, much appreciated. :)
Hi Rob,
Thank you for your answer.
About replacing the nickname in nss.conf what would be my value?
[root@freeipa openldap]# certutil -L -d /etc/httpd/alias
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
- Would be Server-Cert the value? I think this is the one that cannot find, but
Hi Rob,
I made it working importing the pem file cert to my browser from freipa UI, but
this is just a workaround and it will just help for my browser. How would I
make it working with a certificate modifying the NSS database?
Thank you for your help
Hi Fedora team,
I have configured FreeIPA and I have finally a web interface to access to the
configuration and the different settings, it is exciting that works. However, I
am not entire sure how to configure LDAP groups and LDAP users. The current
menus I can see are the following ones:
Iden
Hi Rob,
I provide more information to the case:
[root@freeipa openldap]# certutil -L -d /etc/httpd/alias
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
COMPANY.COM IPA CA
Hello,
I have run that command and I get the following message. The file
doesn't exist.
certutil -L -d /etc/httpd/alias -n Server-Cert
certutil: Could not find cert: Server-Cert
: PR_FILE_NOT_FOUND_ERROR: File not found
Not sure what to do next.
Also is here where I can find the passphrase?
Hello Rob,
Thank you for your comment the -v option is very useful! I give a more clues
about what is happening during the execution:
I got the following messages after running:
ipa-server-certinstall -w -d --pin= name.key name.crt
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG:
I was able to solve that issue using kinit admin, but now I get this:
ipa-server-certinstall -w -d --pin= name.key name.crt
Directory Manager password:
Command '/usr/bin/certutil -d dbm:/etc/httpd/alias -D -n Server-Cert -f
/etc/httpd/alias/pwdfile.txt' returned non-zero exit status 255
The ip
I think another issue I get is the following one: Possibly some kerberos
configuration is needed before configuring the certificates?
[root@freeipa certs]# ipa-certupdate
trying https://domain.com/ipa/json
[try 1]: Forwarding 'schema' to json server
'https://domain*.com/ipa/json'
Hello rob,
Thank you for your help. The command I try to run is ipa-server-certinstall -w
-d mysite.key mysite.crt
but as it is a wildcard certificate, it has also associated a third file .crt
So when I run that command, it asks for a passphrase, but certs and key don't
have any passphrase ass
Note: The operative system in this case is CentOS 7.
Thank you,
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedora
Hello,
I have configured and installed freeipa, but I have some issues trying to add
the certificates to freeipa configuration to get https correctly setup.
I have my own .key .crt and an additional .crt certificates as follows the use
of wildcard certificates. Following this guide, it didn't
Kiitos paljon Timo. I will stick with Fedora or Centos for now until then :)
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https:/
Hi Rafael, thank you for your answer. I have the sid repository in
resources.list just in case, but didn't make any difference.
Perhaps adding certificates associated to that domain, may help to solve the
issue?
Thank you
___
FreeIPA-users mailing li
28 matches
Mail list logo
