Ok, thanks. Good to see it is working for you.
I see you actually do authorization decision based on Schema Compatibility
plugin :) Note that an alternate, preferred way of doing authorization in
FreeIPA though is HBAC where you would configure which group of users can login
to which machines.
Ah, ok. As Rob advised, you will need to delete it via ldapdelete CLI or via
any LDAP GUI application of choice.
BTW, this is upstream ticket tracking better means to resolve replication
conflicts:
https://fedorahosted.org/freeipa/ticket/1025
Martin
On 09/03/2014 10:44 PM, Ron wrote:
By the
Hello,
I am trying to use bind-dyndb-ldap to connect my BIND to an LDAP server for
zones. I have a tiny question regarding this and both the project website and
the kind people on #freeipa IRC directed me to this list. I hope someone is
here who can answer my question. Sorry for intruding if
Look at nsaccountlock if it's TRUE then they are disabled.
On Thu, Sep 4, 2014 at 7:20 AM, Sebastian Leitz sebastian.le...@etes.de
wrote:
Hello,
I am trying to use bind-dyndb-ldap to connect my BIND to an LDAP server
for zones. I have a tiny question regarding this and both the project
Actually, FreeIPAbind-dynd-ldap use idnszoneactive attribute (TRUE/FALSE) to
define which zones are active and which are not.
On 09/04/2014 02:23 PM, Chris Whittle wrote:
Look at nsaccountlock if it's TRUE then they are disabled.
On Thu, Sep 4, 2014 at 7:20 AM, Sebastian Leitz
On 4.9.2014 14:28, Martin Kosek wrote:
Actually, FreeIPAbind-dynd-ldap use idnszoneactive attribute (TRUE/FALSE) to
define which zones are active and which are not.
Martin is right, I will add couple more details about this:
idnszoneactive attribute should work in bind-dyndb-ldap 4.0.
Thanks, Martin and Petr, for your comments and the workaround. As we're
internally still on an old version of bind-dyndb-ldap I can actually use the
LDAP attribute to achieve what I desire. Yeah!
As for the future, I opended
https://bugzilla.redhat.com/show_bug.cgi?id=1138317, if anybody is
Hello list,
We’re running FreeIPA with a master and 3 replicas. The replication
stopped working and currently we’re adding resources only to the
master. This is the environment we have:
m1:
OS: CentOS release 6.5
FreeIPA: 3.0.0-37
CA: pki-ca-9.0.3
# ipa-replica-manage list -v `hostname`
I should add that we already tried everything at
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
On Thu, Sep 4, 2014 at 11:11 AM, Guillermo Fuentes
So I tried to delete an entry on IPA01 without success:
[root@ipa01 ~]# ldapdelete -D
uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x
cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca
Enter LDAP Password:
ldap_delete: Server is
sudo ipa-replica-conncheck --replica
for all replicas comes back with
...
The following UDP ports could not be verified as open: 88, 464
This can happen if they are already bound to an application
and ipa-replica-conncheck cannot attach own UDP responder.
Connection from master to replica is
On 09/04/2014 02:31 PM, Ron wrote:
So I tried to delete an entry on IPA01 without success:
[root@ipa01 ~]# ldapdelete -D
uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x
cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca
Enter LDAP
I realize this question has been brought forth previously, but I am unable
to find a clear answer. I have a 389-ds environment that is serving as an
authentication back end for a python application. The plan was to use this
as a kind of SSO for other future applications and we have MANY
13 matches
Mail list logo