[Freeipa-users] steps to debug SOA serial being out of sync?

Hello All, I have two FreeIPA servers set up as follows: ns01: ipa-server-install --realm=DEV.REDACTED.NET --mkhomedir --setup-dns --ssh-trust-dns --forwarder=1.2.3.4 ns02: ipa-replica-install /var/lib/ipa/replica-info-ns02.dev.redacted.net.gpg --setup-ca --mkhomedir --ssh-trust-dns --setup-dn

Re: [Freeipa-users] Sync and BaseDN

Brad Cesarone wrote: Hello I have a few questions 1) Is it possible to sync/replicate with another ldap server? i.e Oracle Identity Manager 2) If #1 is true, is it possible to sync with two different suffixs? 3) Is it possible to either install IPA with a custom ldap Suffix or change the suffix

[Freeipa-users] Sync and BaseDN

Hello I have a few questions 1) Is it possible to sync/replicate with another ldap server? i.e Oracle Identity Manager 2) If #1 is true, is it possible to sync with two different suffixs? 3) Is it possible to either install IPA with a custom ldap Suffix or change the suffix once it is created

Re: [Freeipa-users] ipa-replica-prepare Certificate issuance failed

On 07/07/16 18:06, Roderick Johnstone wrote: On 07/07/16 16:30, Petr Vobornik wrote: On 07/07/2016 05:09 PM, Roderick Johnstone wrote: On 07/07/16 15:02, Rob Crittenden wrote: Roderick Johnstone wrote: On 05/07/16 11:52, Roderick Johnstone wrote: On 04/07/2016 15:12, Martin Babinsky wrote:

Re: [Freeipa-users] copying through intermediate host. SOLVED

Ok, so I managed to get this fixed, It turned out that I ssh port-forwarded in the wrong direction. So the solution is as follows: [workstation1]# ssh -L 9000:localhost:389 root@server1 [server1]# [workstation1]# ssh -R 9100:localhost:9000 root@server2 [server2]# echo password | ipa migrate-ds

[Freeipa-users] Announce - SSSD 1.13 is the new LTM branch

Hi, the SSSD upstream supports some selected branches for a longer time, to make life easier for long-term supported distributions such as Red Hat Enterprise Linux, Ubuntu LTM or Suse Enterprise Linux. Since the sssd-1.13 branch is quite stable and already used in several long-term supported dist

Re: [Freeipa-users] copying through intermediate host.

Replying to myself here, I do that sometimes when I feel alone ;) I actually tried ssh port forwarding and relaying through workstation1, like so: ssh -L 9000:localhost:389 root@server2 (in one terminal) ssh -R 9100:localhost:9000 root@server1 (in another terminal) And then, on server1: echo

[Freeipa-users] copying through intermediate host.

Hi Guys, I'm trying to copy relevant users and groups from one IPA server(server1) to another(server2). This is they can't talk to one another, they can't even establish connections to something outside their own networks. SSH into the servers from where I am(workstation1) works fine for both of t

Re: [Freeipa-users] Deny bind for external LDAP if password is expired

On 07/07/2016 05:19 PM, Prashant Bapat wrote: > Anyone ?! > > On 6 July 2016 at 22:36, Prashant Bapat > wrote: > > Hi, > > We are using FreeIPA's LDAP as the base for user authentication in a > different application. So far I have created a sysaccount whi