:56 GMT+02:00 thierry bordaz tbor...@redhat.com:
Hi,
Would you update your master to 389-ds-base-1.2.11.15-56.el6, before
attempting the upgrade to 7 ?
thanks
thierry
On 06/08/2015 12:30 PM, James James wrote:
My master version is 389-ds-base-1.2.11.15-50.el6_6.x86_64 .
Thanks
machine for the replica ?
How can I limit the cpu/memory in the physical machine (with cgroups ??).
Any hints will be appreciated ..
Regards
James
2015-05-18 14:04 GMT+02:00 thierry bordaz tbor...@redhat.com:
On 05/15/2015 05:11 PM, James James wrote:
ok Rob. Thanks for your help. I will wait
. The master is made smarter to adapt its
replication flow to the speed of the consumer.
The bug is fixed in 389-ds-base-1.3.3.1-10.el7 and
389-ds-base-1.2.11.15-56.el6.
What is the current version of your master ?
thanks
thierry
On 06/08/2015 09:49 AM, James James wrote:
Hi Thierry,
thanks
ok Rob. Thanks for your help. I will wait for the Scientific Linux 6.7 .
Best.
James
2015-05-15 16:58 GMT+02:00 Rich Megginson rmegg...@redhat.com:
On 05/15/2015 08:46 AM, James James wrote:
[root@ipa ~]# rpm -q 389-ds-base
389-ds-base-1.2.11.15-50.el6_6.x86_64
Ok. Looks like
Is it possible to change the nsds5ReplicaTimeout value to get rid of this
timeout error ?
2015-04-17 4:52 GMT+02:00 Rich Megginson rmegg...@redhat.com:
On 04/15/2015 10:44 PM, James James wrote:
The ipareplica-install.log file in attachment ...
Here are the pertinent bits:
2015-04-15T15
[root@ipa ~]# rpm -q 389-ds-base
389-ds-base-1.2.11.15-50.el6_6.x86_64
2015-05-15 16:32 GMT+02:00 Rich Megginson rmegg...@redhat.com:
On 05/15/2015 08:22 AM, James James wrote:
I think that :
Starting replication, please wait until this has completed.
Update in progress, 127 seconds
:
On 05/15/2015 07:55 AM, James James wrote:
Is it possible to change the nsds5ReplicaTimeout value to get rid of this
timeout error ?
What timeout error?
2015-04-17 4:52 GMT+02:00 Rich Megginson rmegg...@redhat.com:
On 04/15/2015 10:44 PM, James James wrote:
The ipareplica-install.log file
The ipareplica-install.log file in attachment ...
2015-04-16 2:22 GMT+02:00 Rob Crittenden rcrit...@redhat.com:
Rich Megginson wrote:
On 04/15/2015 02:58 PM, James James wrote:
Nothing on the replica .. maybye a process on the master. How can I
check that ?
I have no idea
Nothing on the replica .. maybye a process on the master. How can I check
that ?
2015-04-15 21:37 GMT+02:00 Rich Megginson rmegg...@redhat.com:
On 04/15/2015 12:43 PM, James James wrote:
Here the log
2015-04-15 18:58 GMT+02:00 Rich Megginson rmegg...@redhat.com:
On 04/15/2015 09:46 AM
...@redhat.com:
Dne 7.4.2015 v 15:31 Martin Kosek napsal(a):
On 04/07/2015 02:08 PM, James James wrote:
I will try to give a better explanation :
I have a CentOS 6.6 with ipa 3.0 named ipa-master. ipa-master has been
installed with an external CA about 3 years ago and I will have to renew
ok.
Is there a way to migrate from an external CA to a CA-less or a self-signed
CA ?
2015-04-07 12:51 GMT+02:00 Martin Kosek mko...@redhat.com:
On 04/03/2015 11:39 AM, James James wrote:
Hello,
I want to initialize a new replica with an external CA. My Certificate
Authority wants
to
migrate my ipa-master CA system from an external CA to a CA-less or
self-signed CA ?
Thanks.
2015-04-07 13:48 GMT+02:00 Martin Kosek mko...@redhat.com:
On 04/07/2015 01:44 PM, James James wrote:
ok.
Is there a way to migrate from an external CA to a CA-less or a
self-signed
CA ?
Yes, you
Hello,
I want to initialize a new replica with an external CA. My Certificate
Authority wants a CSR with the field emailAddress in the subject like :
/C=FR/O=TESTO/OU=TESTOU/CN=*.example.com/emailAddress=n...@none.com
How can I do with the ipa-server-install command ? I have been trying for
Hi everybody, sorry to repost my original question but this time my problem
is better described.
I want to install a ipa sever on centos 6 with an external ca. My problem
is to add emailAddress in the subject field when I type the command :
[root@ipa-dev ~]# ipa-server-install --external_ca
Hello,
I am with a ipa 3.3 server on centos 7.
I want to customize the web ui user add page (to include
krbprincipalexpiration field with a jquery calendar... ). I have read
http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf ,
My IPA version is 3.0.0 .
Thanks
2014-09-09 1:22 GMT+02:00 Dmitri Pal d...@redhat.com:
On 09/08/2014 06:52 PM, James James wrote:
Hi everybody,
I want a user to be able to do ipa-getkeytab to retrieve the keys from
any host in the realm.
How can I do this ?
Where I can find an ACI
SOLVED.
realm-proxy has to be indirect member of :
memberofindirect: cn=manage host
keytab,cn=privileges,cn=pbac,dc=example,dc=com
Thanks for your help.
2014-09-09 16:59 GMT+02:00 Rob Crittenden rcrit...@redhat.com:
James James wrote:
My user : realm-proxy is in a group (Smart Proxy Host
Hi everybody,
I want a user to be able to do ipa-getkeytab to retrieve the keys from any
host in the realm.
How can I do this ?
Where I can find an ACI example (
https://www.redhat.com/archives/freeipa-users/2010-July/msg00024.html)
which can helps me ?
Thanks for your help.
--
Manage your
Thanks a lot for your answer. I will switch to RHEL 7 to use 3.3 ..
Best regards.
James
2014-08-11 17:05 GMT+02:00 Martin Kosek mko...@redhat.com:
On 08/10/2014 01:58 PM, James James wrote:
Hello,
Is there a way to patch my ipa .3.0.0 with this patch:
https://www.mail-archive.com
Hello,
Is there a way to patch my ipa .3.0.0 with this patch:
https://www.mail-archive.com/freeipa-devel@redhat.com/msg20528.html ?
The DateTime data type will be very useful !
Regards
--
Manage your subscription for the Freeipa-users mailing list:
Hi Petr
Can you (or somebody else ) give me some hints to use a calendar widget in
the UI ?
Thanks.
2013/2/7 Petr Vobornik pvobo...@redhat.com
On 02/07/2013 08:45 AM, Martin Kosek wrote:
On 02/07/2013 08:31 AM, James James wrote:
Thanks Rob. I have one more question. Is it possible to add
It's a good idea. I will try that.
2013/2/13 Petr Spacek pspa...@redhat.com
On 12.2.2013 20:21, John Dennis wrote:
On 02/12/2013 01:40 PM, Rob Crittenden wrote:
Is it possible to ipa to send a email to user when his account is about
to expire (the current date is near
What is the IIRC docs ?
2013/2/13 Rob Crittenden rcrit...@redhat.com
Petr Spacek wrote:
On 12.2.2013 20:21, John Dennis wrote:
On 02/12/2013 01:40 PM, Rob Crittenden wrote:
Is it possible to ipa to send a email to user when his account is about
to expire (the current date is near
thanks for your code. :)
2013/2/13 Jan-Frode Myklebust janfr...@tanso.net
On Wed, Feb 13, 2013 at 09:29:42AM +0100, Petr Spacek wrote:
Yeah, I don't think we want to be in the business of installing and
configuring an MTA. However, we should be able to detect if one is
available
and
) ?
2013/2/7 Martin Kosek mko...@redhat.com
On 02/07/2013 08:31 AM, James James wrote:
Thanks Rob. I have one more question. Is it possible to add a field in
the ui,
and get the field's value in a custom add user hook script ?
James
I know that Petr Vobornik is already working
Thanks guys for your answers.
2013/2/12 John Dennis jden...@redhat.com
On 02/12/2013 01:40 PM, Rob Crittenden wrote:
Is it possible to ipa to send a email to user when his account is about
to expire (the current date is near krbprincipalexpiration date) ?
Not currently. In 3.0+ we will
Thanks you Rob. My replica is workin now.
:)
2013/2/10 Rob Crittenden rcrit...@redhat.com
James James wrote:
Maybe I am stupid or tired (or both ..) but I have tried many thing to
include the ca cert, the ipa key and pem file in a single pkcs12 file
but I am still stucked.
Can you give
Maybe I am stupid or tired (or both ..) but I have tried many thing to
include the ca cert, the ipa key and pem file in a single pkcs12 file but I
am still stucked.
Can you give me a more detailled help ?
2013/2/8 Rob Crittenden rcrit...@redhat.com
James James wrote:
OK .. but I have
I had to set the --dirsrv_pkcs12, --dirsrv_pin, --http_pkcs12, --http_pin
and the ipa-replica-prepare command runs without failure.
Thanks for your help.
2013/2/8 James James jre...@gmail.com
My ipa version is ipa-server-2.2.0-17.el6_3.1.x86_64 and the distro is
Scientific Linux 6.3. I have
rcrit...@redhat.com
James James wrote:
I had to set the --dirsrv_pkcs12, --dirsrv_pin, --http_pkcs12,
--http_pin and the ipa-replica-prepare command runs without failure.
Thanks for your help.
Yes, this is what I was going to suggest. Using ipa-server-certinstall
replace the IPA CA
OK .. but I have to put the pkc12 file in /etc/pki/nssdb ?
2013/2/8 Rob Crittenden rcrit...@redhat.com
James James wrote:
Now on the replica server I've got this error :
Run connection check to master
Connection check OK
Configuring ntpd
[1/4]: stopping ntpd
[2/4]: writing
My ipa version is ipa-server-2.2.0-17.el6_3.1.x86_64 and the distro is
Scientific Linux 6.3. I have used ipa-server-certinstall to replace the
default IPA certs.
2013/2/8 Rob Crittenden rcrit...@redhat.com
James James wrote:
Hi,
today I wanted to install a ipa replica. When I used
Can somebody gives me some help to set krbPrincipalExpiration from the
freeipa ui ?
Many thanks
2013/1/28 James James jre...@gmail.com
Hi Martin,
thanks a lot for your answer. The krbPrincipalExpiration should do the job.
Regards.
2013/1/28 Martin Kosek mko...@redhat.com
On 01/28/2013
Hi, in 389-ds there is a nice plugin I love, it's account policy. You can
set account expiration date and the account will be inactive at this day.
http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration
Is there a way to have this feature with
Hi Martin,
thanks a lot for your answer. The krbPrincipalExpiration should do the job.
Regards.
2013/1/28 Martin Kosek mko...@redhat.com
On 01/28/2013 12:14 PM, James James wrote:
Hi, in 389-ds there is a nice plugin I love, it's account policy. You
can set
account expiration date
Not yet but can you give me some clues ?
2012/9/27 Dmitri Pal d...@redhat.com
On 09/25/2012 04:18 PM, Sigbjorn Lie wrote:
On 09/25/2012 12:17 AM, James James wrote:
Hi guys,
we are planning to install 150 freeipa clients and I was wondering if
there is a way to easily install (from
Thanks I'll try that and will give you a feedback as soon as possible.
2012/9/26 Anthony Messina amess...@messinet.com
On Wednesday, September 26, 2012 12:21:14 AM James James wrote:
I have :
- a freeipa server + autofs maps
- a nfsv4 server
- a web server
from the webserver I
Hi, I don't know if this is the right place to ask this question but I will
try.
I have :
- a freeipa server + autofs maps
- a nfsv4 server
- a web server
from the webserver I can mount my nfs4 exported home dir. Everything works
well.
I want to acces to my public_html directory from the web
Hi guys,
we are planning to install 150 freeipa clients and I was wondering if there
is a way to easily install (from kickstart) nfsv4 client.
I can add host with
# ipa host-add --password=secret
But to get the keytab (host and service), I have to log into the machine,
launch kinit and get the
--
*From:* freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com]
on behalf of James James [jre...@gmail.com]
*Sent:* Tuesday, 25 September 2012 10:17 a.m.
*To:* freeipa-users@redhat.com
*Subject:* [Freeipa-users] Easy deployment
Hi guys,
we
Yes config mod is enabled
2012/9/20 Dmitri Pal d...@redhat.com
On 09/20/2012 12:30 PM, James James wrote:
Hi,
I've done a migration from ldap to ipa. Everything works well but when I
try to change my password in the ui (https://ipa.example.com/ipa/migration)
I have this error message
Oups .. migration mode is enable ...
2012/9/20 James James jre...@gmail.com
Yes config mod is enabled
2012/9/20 Dmitri Pal d...@redhat.com
On 09/20/2012 12:30 PM, James James wrote:
Hi,
I've done a migration from ldap to ipa. Everything works well but when I
try to change my password
...@redhat.com
On 09/20/2012 12:50 PM, James James wrote:
Oups .. migration mode is enable ...
The ldap (access, error) and kerberos logs from the server would be
helpful to troubleshoot.
/var/log/dirsrv/...
krb5kdc.log
2012/9/20 James James jre...@gmail.com
Yes config mod is enabled
result
search: 2
result: 0 Success
Can you explain me what happens ?
Is there a solution ?
2012/9/20 Rob Crittenden rcrit...@redhat.com
Dmitri Pal wrote:
On 09/20/2012 12:50 PM, James James wrote:
Oups .. migration mode is enable ...
The ldap (access, error) and kerberos logs from
It will be fine to have this info in the doc.
2012/9/20 Rob Crittenden rcrit...@redhat.com
Dmitri Pal wrote:
On 09/20/2012 01:42 PM, Rob Crittenden wrote:
James James wrote:
You 're right. The request return :
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base cn=users,cn
Hi,
I have followed this
http://freeipa.org/page/Certificate_Authority#Using_Certificates_From_a_Different_CAand
everything works well.
Now when, from the console, I execute
$ ipa user-find
I've got
[root@ipa ipa]# ipa user-find
ipa: ERROR: cert validation failed for
OK Thanks a lot for the solution and for the advice.
2012/9/19 Rob Crittenden rcrit...@redhat.com
James James wrote:
Hi,
I have followed this
http://freeipa.org/page/**Certificate_Authority#Using_**
Certificates_From_a_Different_**CAhttp://freeipa.org/page/Certificate_Authority
Hi everybody,
can somebody help me with the memberof plugin ? Is there a way to add the
memberof attribute like it was in 389-ds ?
For my mailing list program, I want to have the email of the emails of all
the person belongings to a group. Is there a filter to do that ?
Thanks.
my memberOf plugin ?
2012/9/18 Rob Crittenden rcrit...@redhat.com
James James wrote:
Hi everybody,
can somebody help me with the memberof plugin ? Is there a way to add
the memberof attribute like it was in 389-ds ?
For my mailing list program, I want to have the email of the emails
Back from hollidays...
I have just trying --user-ignore-attribute=uidnumber,gidnumber, the
server says that the posixAccount attribute requires uid and gid number. I
will find another solution to solve my problem.
James
2012/8/20 Rob Crittenden rcrit...@redhat.com
James James wrote:
Hi
Hi Everybody,
I want to change the defaut Certifcate Authority automatically added want
you want to make a certificate request.
There were a thread about something like (
https://www.redhat.com/archives/freeipa-users/2012-April/msg00021.html)
that but I don't know if there is the quick and nice
Hi,
my first question is about the migrate process. Is it possible to renumber
the users during the migrate process (ipa migrate-ds) in a way that all
imported users will have a new UID ?
my second question is about ipalib. I wanted to make a hook on the user
creation. The hook works fine. I
, James James jre...@gmail.com wrote:
Hi everybody,
Is it possible to have a procedure to add new attributes like
mailAlternateAddress in the default user schema ?
That particular attribute is included in the schema
(objectclass=mailRecipient) so it is easy to add using the ipa
user-mod
Hi everybody,
Is it possible to have a procedure to add new attributes like
mailAlternateAddress in the default user schema ?
Regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
54 matches
Mail list logo