[Freeipa-users] read-only service account - aci

2016-03-11 Thread Prashant Bapat
Hi, I'm trying to use IPA's LDAP server as the user data base for an external application. I have created a service account from ldif below. dn: uid=srv-ro,cn=sysaccounts,cn=etc,dc=example,dc=com changetype: add objectclass: account objectclass: simplesecurityobject uid: system userPassword:

Re: [Freeipa-users] ipa-replica-install IPA startup timing issue

2016-03-11 Thread thierry bordaz
Daryl, Thanks for your help for grabbing additional data. I am afraid any debug option at DS level would make it worse. Also there are several debug options so first we need to know what is the potential culprit to turn one only the right level. I will look at the errors/access (sorry I

Re: [Freeipa-users] ipa-replica-install IPA startup timing issue

2016-03-11 Thread Daryl Fonseca-Holt
On 03/11/16 02:40, thierry bordaz wrote: Hello Deryl, My understanding is that ns-slapd is first slow to startup. Then when krb5kdc is starting it may load ns-slapd. We identified krb5kdc may be impacted by the number of users accounts. From the ns-slapd errors log it is not

Re: [Freeipa-users] devconf.cz talks about FreeIPA

2016-03-11 Thread Martin Kosek
On 02/07/2016 07:56 PM, Alexander Bokovoy wrote: ... > FreeIPA workshop by Torsted Scherf and German Parente > Part1: https://youtu.be/cxRK1MExMsc?t=4m57s > Part2: https://www.youtube.com/watch?v=RBzL1_3nKH4 Just for the record, the workshop was acknowledged as one of the best sessions on

Re: [Freeipa-users] ipa-replica-install IPA startup timing issue

2016-03-11 Thread thierry bordaz
Hello Deryl, My understanding is that ns-slapd is first slow to startup. Then when krb5kdc is starting it may load ns-slapd. We identified krb5kdc may be impacted by the number of users accounts. From the ns-slapd errors log it is not clear why it is so slow to start. Would

Re: [Freeipa-users] Lock screen when Smart Card is removed.

2016-03-11 Thread Sumit Bose
On Fri, Mar 11, 2016 at 09:20:06AM +0100, Martin Kosek wrote: > On 03/10/2016 08:36 PM, Michael Rainey (Contractor) wrote: > > Greetings, > > > > I have been adding systems to my new domain and utilizing the smart card > > login > > feature. To date the smart card login feature is working very

Re: [Freeipa-users] Lock screen when Smart Card is removed.

2016-03-11 Thread Sumit Bose
On Thu, Mar 10, 2016 at 01:36:15PM -0600, Michael Rainey (Contractor) wrote: > Greetings, > > I have been adding systems to my new domain and utilizing the smart card > login feature. To date the smart card login feature is working very well. > However, my group has been trying to implement

Re: [Freeipa-users] Lock screen when Smart Card is removed.

2016-03-11 Thread Martin Kosek
On 03/10/2016 08:36 PM, Michael Rainey (Contractor) wrote: > Greetings, > > I have been adding systems to my new domain and utilizing the smart card login > feature. To date the smart card login feature is working very well. However, > my group has been trying to implement locking the screen