This year's LDAPcon 2017 will be in Bruxelles 19th-20th October, 2017.
Kudos to Paola PENATI and Benoit MORTIER at OpenSides for organizing the
event.
If you'd like to submit a conference talk then please have a look at the
CfP:
https://ldapcon.org/2017/call-for-papers/
Submission deadline
On 03/20/2017 03:14 PM, Lachlan Musicman wrote:
Directly editing the lse.ldif didn't work. ipactl start hangs on
pki-tomcatd. I think I've broken it. I seem to recall ldap not liking
being edited by hand.
You have to make sure dirsrv is not running before you edit dse.ldif.
Not sure if
On 01/31/2017 04:46 PM, Michaël Van de Borne wrote:
That was the feared, but somehow expected, answer.
Any entry point/documentation about how to start such a script?
Do FreeIPA and OpenLDAP still support the syncrepl protocol?
cheers,
m.
--
*Michaël Van de Borne*
Free Bird Computing
On 10/21/2016 08:05 AM, Günther J. Niederwimmer wrote:
Hello,
Thanks for the answer,
Am Freitag, 21. Oktober 2016, 07:11:58 schrieb Rich Megginson:
On 10/21/2016 06:42 AM, Günther J. Niederwimmer wrote:
Hello Martin and List,
Pardon me, but anything is wrong with the ldif i
ldapmodify -D
On 10/21/2016 06:42 AM, Günther J. Niederwimmer wrote:
Hello Martin and List,
Pardon me, but anything is wrong with the ldif i
ldapmodify -D 'cn=Directory Manager' -W -f alias.ldif
Enter LDAP Password:
ldapmodify: invalid format (line 5) entry:
"cn=users,cn=accounts,dc=4gjn,dc=com"
dn:
On 08/29/2016 10:53 AM, Rakesh Rajasekharan wrote:
Hi Thierry,
My machine has 30GB RAM ..and 389-ds version is 1.3.4
ldapsearch shows the values for nsslapd-cachememsize updated to 200MB.
ldapsearch -LLL -o ldif-wrap=no -D "cn=directory manager" -w
'mypassword' -b 'cn=userRoot,cn=ldbm
and restarting the service has resolved the problem.
On Mon, Jun 20, 2016 at 3:49 PM, Rich Megginson <rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> wrote:
On 06/18/2016 05:47 AM, Toby Gale wrote:
Hello,
After successfully adding a 'winsync' agreement and lo
On 06/18/2016 05:47 AM, Toby Gale wrote:
Hello,
After successfully adding a 'winsync' agreement and loading AD data
into FreeIPA I am trying to configure the password sync software on
the domain controllers.
I have installed the certificates and can successfully bind from the
domain
I'm now taking stack traces every minute and waiting for it to hang
again to check it. It happens usually under load but it's
unpredictable. Must likely tomorrow.
GUILLERMO FUENTES
SR. SYSTEMS ADMINISTRATOR
561-880-2998 x1337
guillermo.fuen...@modmed.com
On Wed, Jun 1, 2016 at 2:03 PM
On 06/01/2016 10:37 AM, Guillermo Fuentes wrote:
Hi all,
We are experiencing a similar issue like the one discussed in the
following thread but we are running FreeIPA 4.2 on CentOS 7.2:
https://www.redhat.com/archives/freeipa-users/2015-February/msg00205.html
Are your stack traces similar?
On 05/17/2016 08:18 AM, Rob Crittenden wrote:
John Duino wrote:
Is there a (relatively easy) way to determine what is causing a user
account to be locked out? The admin account on our 'primary' ipa host is
locked out frequently, but somewhat randomly; sometimes it will be less
than 5 minutes it
On 04/29/2016 09:44 AM, Rob Crittenden wrote:
Andreas Calminder wrote:
Hello,
I'm running ipa 4.2.0-15.el7 with winsync and wondering if setting
oneWaySync to fromWindows will affect password synchronization from IPA
to AD, I.E password changes from IPA will not be replicated to Windows?
On 01/26/2016 10:00 AM, Martin Basti wrote:
On 26.01.2016 17:39, Terry John wrote:
Thanks for this. I've had a look today
We are running:
ipa-server.x86_64 3.0.0-47.el6.centos
and some of the directives did not work, namely allowWeakCipher, sslVersionMin
and
On 01/22/2016 11:04 AM, Nathan Peters wrote:
Wow, strange stuff, the search I linked in the last email for our non working
dev environment seems short some entries.
For comparison, here is the same search run against our currently working prod
environment.
As you can see, our prod
On 01/21/2016 08:48 PM, Nathan Peters wrote:
Here are the results for that aci search using a non gssapi bind by directory
manager on the old master that we are attempting to join agains. I don't see
anything in this list that would indicate that some users should or should not
have access
On 01/22/2016 10:15 AM, Nathan Peters wrote:
[root@dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config"
"(aci=*)" aci
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
see that mapping tree
branch no matter who they search from or against if GSSAPI is used.
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Nathan Peters
Sent: January-20-16 11:41 PM
To: Rich Megginson; freeipa-users
On 01/20/2016 12:24 PM, Nathan Peters wrote:
Now we are starting to get somewhere (although a resolution still is not
visible) :)
First, thank you Petr and Rob for your help on this issue. I apologize for our
hard to parse server names. I'm not a fan of them myself and in earlier
reports I
On 12/04/2015 07:37 AM, Andy Thompson wrote:
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Thursday, December 3, 2015 4:44 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] RHEL 7.2
On 12/03/2015 08:33 AM, Andy Thompson wrote:
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Petr Spacek
Sent: Thursday, December 3, 2015 3:04 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] RHEL 7.2 update
On 11/10/2015 08:18 AM, Gronde, Christopher (Contractor) wrote:
Thank you! I should have caught that...
I changed the log level and then restarted dirsrv and attempted to start
krb5kdc and got the following...
[10/Nov/2015:10:12:02 -0500] conn=5 fd=64 slot=64 connection from
On 11/10/2015 08:39 AM, Rob Crittenden wrote:
Seike neg wrote:
Hello,
Is there a way to import users and password from SUN DS automatically (script,
sync, etc...).
I have a SUN DS LDAP in the office and I want to do a read only sync from him
to a brand new freeipa server.
The freeipa server
On 11/10/2015 09:49 AM, Gronde, Christopher (Contractor) wrote:
Note comipa01 is the master and comipa02 is the replica that is having the KDC
issue
# ldapsearch -x -h 172.16.100.161 -D "cn=directory manager" -W -b
"dc=itmodev,dc=gov" '(krbprincipalname=ldap/comipa01.itmodev.gov*)'
Enter LDAP
On 11/10/2015 09:16 AM, Gronde, Christopher (Contractor) wrote:
Neither came back with anything
# ldapsearch -x -h 172.16.100.161 -D "cn=directory manager" -W -b
"dc=itmodev,dc=gov" '(uid=ldap/comipa01.itmodev.gov)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
how IPA is supposed to handle this situation with
389-ds-base 1.2.11.
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Tuesday, November 10, 2015 12:26 PM
To: freeipa-users@redhat.com
Subject: Re
On 11/10/2015 10:25 AM, Ludwig Krispenz wrote:
On 11/10/2015 06:08 PM, Gronde, Christopher (Contractor) wrote:
# Kerberos uid mapping, mapping, sasl, config
dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass: nsSaslMapping
cn: Kerberos uid mapping
On 10/14/2015 09:58 AM, zhiyong xue wrote:
Yes, that's my problem. These VMs were created by openstack and
generated host name without domain at all. Anyway can let the new
created VM can join domain automatically?
I am working on such a feature:
On 10/14/2015 08:35 AM, Andrew E. Bruno wrote:
On Wed, Oct 14, 2015 at 07:59:23AM -0600, Rich Megginson wrote:
On 10/14/2015 07:09 AM, Andrew E. Bruno wrote:
The load average on our freeipa replicas started to spike over the
last few days and we narrowed it down to a dbcache issue. Following
On 10/14/2015 07:09 AM, Andrew E. Bruno wrote:
The load average on our freeipa replicas started to spike over the
last few days and we narrowed it down to a dbcache issue. Following the
guidelines here: https://github.com/richm/scripts/wiki/dbmon.sh
We saw that the dbcachefree was 2.0% which
On 09/24/2015 08:32 AM, Aric Wilisch wrote:
I need a way to validate that both the primary and the redundant FreeIPA
server’s DNS zones are in sync. What’s the simplest way for me to do this?
Do a DNS query to confirm that the SOA record for the primary is
identical to the SOA for the
On 09/24/2015 08:53 AM, Martin Basti wrote:
On 09/24/2015 04:43 PM, Rich Megginson wrote:
On 09/24/2015 08:32 AM, Aric Wilisch wrote:
I need a way to validate that both the primary and the redundant
FreeIPA server’s DNS zones are in sync. What’s the simplest way for
me to do this?
Do
mba...@redhat.com> wrote:
On 09/24/2015 05:02 PM, Rich Megginson wrote:
On 09/24/2015 08:53 AM, Martin Basti wrote:
On 09/24/2015 04:43 PM, Rich Megginson wrote:
On 09/24/2015 08:32 AM, Aric Wilisch wrote:
I need a way to validate that both the primary and the redundant FreeIPA
server’s DNS
On 09/01/2015 09:20 AM, Andrew E. Bruno wrote:
On Tue, Sep 01, 2015 at 05:03:10PM +0200, Ludwig Krispenz wrote:
On 09/01/2015 04:39 PM, Andrew E. Bruno wrote:
A few months ago we had a replica failure where the system ran out of file
descriptors and the slapd database was corrupted:
between primary and
secondary server.
Now the server was stable, Kerberos and 389ds are still alive and all
clients can still resolve all users. There is only one issue left (see
bottom).
First let us answer that:
Am 23.07.15 um 18:28 schrieb Rich Megginson:
# ldapsearch -xLLL -D cn=directory
On 07/22/2015 11:47 PM, Torsten Harenberg wrote:
Good morning,
Am 22.07.15 um 19:25 schrieb Rich Megginson:
On 07/22/2015 11:03 AM, Torsten Harenberg wrote:
Dear Rich,
Am 22.07.2015 um 17:03 schrieb Rich Megginson:
It might be helpful to do a # debuginfo-install 389-ds-base ipa-server
slapi
On 07/22/2015 03:39 AM, Torsten Harenberg wrote:
Dear Alexander, dear Sumit,
thank you very much indeed for the quick replies.
Am 22.07.15 um 11:21 schrieb Sumit Bose:
Looks like there are issues getting the needed data from the local LDAP
server. The message below about the master key points
On 07/22/2015 11:03 AM, Torsten Harenberg wrote:
Dear Rich,
Am 22.07.2015 um 17:03 schrieb Rich Megginson:
It might be helpful to do a # debuginfo-install 389-ds-base ipa-server
slapi-nis
and follow the directions at
http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs
to get a full
On 07/22/2015 02:09 PM, Torsten Harenberg wrote:
Am 22.07.2015 um 21:49 schrieb Rich Megginson:
but strage: there is no bind binary:
Then I'm not sure what's going on.
currently there is a java process on ldaps:
[root@ipa ~]# netstat -p -n | grep 636
tcp6 0 0 132.195.124.12:636
On 07/20/2015 07:56 AM, Christopher Lamb wrote:
Hi Rob
The users do have the sambaSamAccount ObjectClass.
Or to be more precise, some have sambasamaccount (all lower case), and some
have sambaSAMAccount (mixed case)
Are objectclasses case sensitive?
No, unless there is a bug in the
that information in the AD/Windows environment? Is
that correct?
Tony
On Wednesday, July 15, 2015, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 07/15/2015 09:42 AM, Email wrote:
Hi everyone, my name is Tony and this is my first post, so it's
nice to meet all
On 07/13/2015 07:07 PM, nat...@nathanpeters.com wrote:
2 FreeIPA 4.1.4 servers running on CentOS 7.
dc1 has a sync agreement to a windows server.
It has been running fine since June 5 when I re-initialized a sync
agreement that had somehow uninitialized itself. Original issue report
here :
On 07/09/2015 08:36 AM, Nicola Canepa wrote:
If I enable the PAM plugin of 389-ds, I'm able to let users be
authenticated by PAM, even if the user is not present il LDAP, hence
the plain-text password is passed to PAM.
The only missing step is: if PAM correctly authenticates a
non-existing
On 07/09/2015 07:23 AM, Rob Crittenden wrote:
Joseph, Matthew (EXP) wrote:
Hello,
We are currently in the process of replacing our IdM 3.x server with
4.x.
There are going to be some major directory changes during the upgrade so
I need to keep both the old and new IdM servers up and running
On 07/06/2015 09:54 AM, Rob Crittenden wrote:
barry...@gmail.com wrote:
server 1
ipa-replica-manage list
Segmentation fault (core dumped)
server 2
ipa-replica-manage list
Can't contact LDAP server
but it seem still syn as i add new ac then server 2 have
i delete server2 's anme server 1
On 06/29/2015 10:08 PM, Alexander Frolushkin wrote:
Hello.
What does message
NSMMReplicationPlugin -
agmt=cn=cloneAgreement1-host1.domain.com-pki-tomcat (host2:389):
Unable to acquire replica: the replica instructed us to go into
backoff mode. Will retry later.
mean?
A lot of these
On 06/29/2015 10:13 AM, Andrew E. Bruno wrote:
Our dirsrv access logs on our freeipa master server are getting flooded
with this:
[29/Jun/2015:12:02:09 -0400] conn=215758 op=1355326784 SRCH
base=cn=u2,cn=groups,cn=accounts,dc=ccr,dc=buffalo,dc=edu scope=0
filter=(objectClass=*)
On 06/25/2015 12:12 PM, Thomas Sailer wrote:
Am 25.06.2015 um 17:47 schrieb Simo Sorce:
Yes, the whole project is complex, but not because we like complexity,
it is complex because the problem space is complex and we are bound to
use existing protocols, which sometimes add in complexity, and
On 06/19/2015 12:22 PM, Andrew E. Bruno wrote:
Hello,
First time trouble shooting an ipa server failure and looking for some
guidance on how best to proceed.
First some background on our setup:
Servers are running freeipa v4.1.0 on CentOS 7.1.1503:
- ipa-server-4.1.0-18.el7.centos.3.x86_64
-
On 06/16/2015 06:18 AM, Ludwig Krispenz wrote:
On 06/16/2015 02:08 PM, Janelle wrote:
On Jun 16, 2015, at 01:56, thierry bordaz tbor...@redhat.com wrote:
On 06/16/2015 09:02 AM, Ludwig Krispenz wrote:
On 06/16/2015 05:07 AM, Janelle wrote:
On 6/15/15 1:12 PM, Rob Crittenden wrote:
Janelle
On 06/12/2015 02:10 PM, Martin Kosek wrote:
On 06/12/2015 09:15 PM, William Graboyes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Martin,
Here are the outputs of the various commands, cleaned of course:
time ldapsearch
SASL/EXTERNAL authentication started
this is related to the performance. This looks like the server
is attempting to contact a replica which is down, and has backed off for
the full 5 minute max backoff.
Thanks,
Bill Graboyes
On 6/12/15 1:36 PM, Rich Megginson wrote:
On 06/12/2015 02:10 PM, Martin Kosek wrote:
On 06/12/2015 09
On 06/08/2015 01:19 PM, nat...@nathanpeters.com wrote:
==
um WTF? making it a one way only agreement invalidates the
lastinitstart
value?
==
Looks like a bug.
Ok, this is a pretty serious bug if making it one way can knock it offline
permanently. Where should I file
On 06/08/2015 12:49 PM, nat...@nathanpeters.com wrote:
On 06/08/2015 10:18 AM, nat...@nathanpeters.com wrote:
This looks like incremental update is successful . . .
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0
. . . but this indicates that the
On 06/08/2015 01:09 PM, nat...@nathanpeters.com wrote:
[root@dc1 ~]# ldapsearch -xLLL -D cn=directory manager -W -b cn=config
objectclass=nsDSWindowsReplicationAgreement
Enter LDAP Password:
dn: cn=meToofficedc2.office.addomain.net,cn=replica,cn=dc\3Dipadomain
\2Cdc\3Dnet,cn=mapping
On 06/08/2015 10:02 AM, nat...@nathanpeters.com wrote:
On 06/05/2015 03:31 PM, nat...@nathanpeters.com wrote:
I have noticed that happen a couple times in the last few days.
FreeIPA
server 4.1.3 on CentOS 7 with a sync relationship to a Windows server
2008R2 domain controller.
The web ui will
On 06/08/2015 10:18 AM, nat...@nathanpeters.com wrote:
Is it possible this is an old winsync agreement that is no longer
valid?
I have only ever made a single winsync agreement on this server that I
know of. How would I tell if an agreement is no longer valid?
ldapsearch -xLLL -D
On 05/25/2015 12:24 AM, Martin Kosek wrote:
On 05/25/2015 12:45 AM, Bill Graboyes wrote:
Hi List,
I have been digging around on this system that hung for the past hour or two
trying to figure out why dirserv seemed to be hung. It was not using
resources, nor was there any information in any
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be ds2-ipa1 established a replication session with its peers and
send those RIDs.
Could
On 05/19/2015 10:10 AM, Megan . wrote:
I'm struggling with a replication conflict. I had three masters,
dir1, dir2, dir3. There were some weird issues with dir2 where I was
getting error 49 (Invalid credentials) without any real
information.
Where did you see this? command line output? Of
for that.
[root@dir1 ipa]# ipa-replica-manage list-ruv
dir1.example.com:389: 4
dir3.example.com:389: 5
dir2.example.com:389: 6
dir2.example.com:389: 8
On Tue, May 19, 2015 at 12:37 PM, Rich Megginson rmegg...@redhat.com wrote:
On 05/19/2015 10:10 AM, Megan . wrote:
I'm struggling with a replication
On 05/19/2015 01:53 PM, Boyce, George Robert. (GSFC-762.0)[NICS] wrote:
I don’t understand what is happening…
If I use a compound OR filter to search for “cn” or “uid”, I only get
back the match for uid. I expect to get both. If I add a search for a
nonexistent attribute like “name”, I get
On 05/16/2015 04:06 PM, Nathan Peters wrote:
I have updated the bug report you filed below.
The issue was that the instructions would only work in Windows Server
2003 because My Network Places was removed in 2008 and above. Since
the manual clearly states that the AD sync is to be performed
On 05/18/2015 08:26 AM, Martin Kosek wrote:
Adding freeipa-users list back, to keep others in the loop.
On 05/18/2015 12:32 PM, Brian Topping wrote:
Thanks for taking the time to write that, Martin. It's good to have a reference
to build from.
Result of ida-client-install outside the
On 05/15/2015 07:55 AM, James James wrote:
Is it possible to change the nsds5ReplicaTimeout value to get rid of
this timeout error ?
What timeout error?
2015-04-17 4:52 GMT+02:00 Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com:
On 04/15/2015 10:44 PM, James James wrote
On 05/15/2015 09:53 AM, Janelle wrote:
On May 15, 2015, at 08:57, Ludwig Krispenz lkris...@redhat.com wrote:
On 05/15/2015 02:45 PM, Janelle wrote:
On 5/15/15 3:30 AM, Ludwig Krispenz wrote:
On 05/13/2015 06:34 PM, Janelle wrote:
On 5/13/15 9:13 AM, Rich Megginson wrote:
On 05/13/2015 10
On 05/15/2015 03:09 PM, nat...@nathanpeters.com wrote:
On 05/14/2015 11:33 PM, nat...@nathanpeters.com wrote:
[root@ipadc1 cacerts]# ipa-replica-manage connect --winsync --binddn
cn=ad sync,cn=Users,dc=test,dc=mycompany,dc=net --bindpw
supersecretpassword --passsync supersecretpassword --cacert
On 05/15/2015 03:09 PM, nat...@nathanpeters.com wrote:
On 05/14/2015 11:33 PM, nat...@nathanpeters.com wrote:
[root@ipadc1 cacerts]# ipa-replica-manage connect --winsync --binddn
cn=ad sync,cn=Users,dc=test,dc=mycompany,dc=net --bindpw
supersecretpassword --passsync supersecretpassword --cacert
been fixed in 389-ds-base-1.3.3 branch. What
version of 389-ds-base? rpm -q 389-ds-base
2015-05-15 16:00 GMT+02:00 Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com:
On 05/15/2015 07:55 AM, James James wrote:
Is it possible to change the nsds5ReplicaTimeout value
Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com:
On 05/15/2015 08:22 AM, James James wrote:
I think that :
Starting replication, please wait until this has completed.
Update in progress, 127 seconds elapsed
Update in progress yet not in progress
looks like
On 05/15/2015 02:44 PM, nat...@nathanpeters.com wrote:
On 05/14/2015 11:33 PM, nat...@nathanpeters.com wrote:
[root@ipadc1 cacerts]# ipa-replica-manage connect --winsync --binddn
cn=ad sync,cn=Users,dc=test,dc=mycompany,dc=net --bindpw
supersecretpassword --passsync supersecretpassword --cacert
On 05/14/2015 05:43 PM, nat...@nathanpeters.com wrote:
On 05/14/2015 04:58 AM, nat...@nathanpeters.com wrote:
I have tried to setup synchronization between a FreeIPA domain and an AD
domain. The certificates are in the right place.
[root@ipadc1 ~]# ipa-replica-manage connect --winsync
On 05/13/2015 10:04 AM, Janelle wrote:
On 5/13/15 8:49 AM, Rich Megginson wrote:
On 05/13/2015 09:40 AM, Janelle wrote:
Recently I started seeing these crop up across my servers:
slapi_ldap_bind - Error: could not bind id [cn=Replication Manager
masterAgreement1-ipa01.example.com-pki-tomcat
On 05/13/2015 09:40 AM, Janelle wrote:
Recently I started seeing these crop up across my servers:
slapi_ldap_bind - Error: could not bind id [cn=Replication Manager
masterAgreement1-ipa01.example.com-pki-tomcat,ou=csusers,cn=config]
authentication mechanism [SIMPLE]: error 32 (No such object)
On 05/13/2015 10:34 AM, Janelle wrote:
On 5/13/15 9:13 AM, Rich Megginson wrote:
On 05/13/2015 10:04 AM, Janelle wrote:
On 5/13/15 8:49 AM, Rich Megginson wrote:
On 05/13/2015 09:40 AM, Janelle wrote:
Recently I started seeing these crop up across my servers:
slapi_ldap_bind - Error: could
On 05/06/2015 12:25 AM, Martin Kosek wrote:
On 05/06/2015 07:48 AM, Christoph Kaminski wrote:
Hi
we have some undefinably problems here with IPA inside a VM (rhev/kvm). We
has often zombie processes (defunct) with certmonger and dirsrv and
segfaults (dmesg)... We have 8 IPA servers, 4 Hardware
On 04/27/2015 07:49 AM, Ivars Strazdiņš wrote:
Hi there,
I am preparing to move our site e-mail authentication backend to
FreeIPA. That is, integrate Postfix with FreeIPA.
Let's suppose user has two or more e-mail addresses,
j...@site.com mailto:j...@site.com
joe.u...@site.com
On 04/16/2015 01:52 AM, Alexander Frolushkin wrote:
Hello again.
Now, in addition to
connection - conn= fd=xxx Incoming BER Element was too long, max
allowable is 209715200 bytes. Change the nsslapd-maxbersize attribute
in cn=config to increase.
messages, we have on six of our 16
an error if replication
completed successfully.
2015-04-16 2:22 GMT+02:00 Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com:
Rich Megginson wrote:
On 04/15/2015 02:58 PM, James James wrote:
Nothing on the replica .. maybye a process on the master. How can I
On 04/15/2015 09:46 AM, James James wrote:
Hello,
I have been looking to solve my problem but I 'm asking for some help.
The replication begins but cannot be completed
I want to install a new fresh replica but I've always got this error :
[21/35]: configure dirsrv ccache
[22/35]:
On 04/15/2015 12:43 PM, James James wrote:
Here the log
2015-04-15 18:58 GMT+02:00 Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com:
On 04/15/2015 09:46 AM, James James wrote:
Hello,
I have been looking to solve my problem but I 'm asking for some
help
with the ipa-replica-install not
properly checking the status - see below:
2015-04-15 21:37 GMT+02:00 Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com:
On 04/15/2015 12:43 PM, James James wrote:
Here the log
2015-04-15 18:58 GMT+02:00 Rich Megginson rmegg
On 04/14/2015 12:35 PM, thierry bordaz wrote:
On 04/14/2015 05:36 PM, Mateusz Malek wrote:
On Fri, Apr 10, 2015 at 08:48 PM, Jakub Hrozek wrote:
On Fri, Apr 10, 2015 at 12:39:20PM -0400, Dmitri Pal wrote:
On 04/10/2015 08:13 AM, Mateusz Malek wrote:
I'm about to migrate my OpenLDAP-based
On 03/18/2015 10:50 AM, Kim Perrin wrote:
Hi all,
yesterday I cleared up replication problems on my last standing IPA
server. So I somewhat feel like I'm coming out of the tunnel. Today I
want to turn up a replica again. However before doing so I'd like to
clean out the last remnants of data
/2015:04:24:46 +] ipa_range_check_pre_op - [file
ipa_range_check.c, line 235]: Missing entry to modify.
Not sure what this means. Anyone?
On Wed, Mar 18, 2015 at 9:52 AM, Rich Megginson rmegg...@redhat.com wrote:
On 03/18/2015 10:50 AM, Kim Perrin wrote:
Hi all,
yesterday I cleared up
On 03/13/2015 10:45 AM, g.fer.or...@unicyber.co.uk wrote:
Hi
I am going forward with a Password Sync AD (window 2013) FreeIPA
ipa-server-3.3.3-28.0.1.el7 on a Centos7 Box.
I got the Password Sync Tool installed in the Windows2013 box and I
have created a user with it's related password
On 03/12/2015 03:07 PM, Gonzalo Fernandez Ordas wrote:
Hi
I have successfully setup an AD--- freeipa Model and joining bits and
pieces from 389-ds I have setup a oneWaySinc fromWindows.
The issue I got for the last week is the pasword sync which does not
seem to work at all, it does not
On 03/09/2015 03:35 PM, Steven Jones wrote:
Any idea what is going on here please?
==
[root@vuwunicoipam004 mailto:root@vuwunicoipam004 ipa-certs]#
ipa-replica-install --setup-dns --forwarder=10.100.32.31 -U
replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg --skip-conncheck
On 03/06/2015 07:54 AM, Herwono W Wijaya wrote:
FreeIPA logs:
[06/Mar/2015:21:51:15 +0700] conn=30 op=0 BIND
dn=uid=admin,cn=users,cn=compat,dc=server,dc=local method=128 version=3
[06/Mar/2015:21:51:15 +0700] conn=30 op=0 RESULT err=0 tag=97
nentries=0 etime=0
, here is a
list of well known LDAP Control OIDs:
https://www.ldap.com/ldap-oid-reference - scroll down to OIDs for Controls
On 3/6/15 10:40 PM, Rich Megginson wrote:
On 03/06/2015 07:54 AM, Herwono W Wijaya wrote:
FreeIPA logs:
[06/Mar/2015:21:51:15 +0700] conn=30 op=0 BIND
dn=uid=admin,cn
to make sure if FreeIPA can work with vCenter SSO, because
I read it on this page:
http://www.freeipa.org/page/HowTo/vsphere5_integration
And thanks for the help and answer any questions from me.
Have a nice day.
On 3/6/15 11:23 PM, Rich Megginson wrote:
On 03/06/2015 09:13 AM, Gianluca Cecchi
On 03/06/2015 11:02 AM, Gianluca Cecchi wrote:
On Fri, Mar 6, 2015 at 6:21 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 03/06/2015 09:39 AM, Herwono W Wijaya wrote:
vCenter SSO works well with Univention LDAP.
Then set up a wireshark session
On 03/06/2015 09:13 AM, Gianluca Cecchi wrote:
On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
[06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101
nentries=2 etime=0 notes=P
[06/Mar/2015:21:51:15 +0700] conn=30 op=2
On 02/25/2015 06:48 AM, Dmitri Pal wrote:
On 02/25/2015 07:44 AM, Janne Blomqvist wrote:
Hi,
is it possible to use winsync to sync stuff from AD without having to
create domain trusts, or install some kind of sync services on the AD
DC's?
For some background, we want to fetch user/group
%2Fwww.placeiq.com%2Fsa=Dsntz=1usg=AFrqEzcYjZpDPyqW7feNK9EgLq-c9JlHiw |
Systems Administrator | jrich...@placeiq.com
mailto:n...@placeiq.com | +1 (646) 338-8905
On Feb 19, 2015, at 9:33 AM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 02/18/2015 11:05 PM, Jatin Nansi
original -
De: Nicolas Zin nicolas@savoirfairelinux.com
À: Rich Megginson rmegg...@redhat.com
Cc: freeipa-users@redhat.com
Envoyé: Jeudi 12 Février 2015 09:37:26
Objet: Re: [Freeipa-users] ad relation with winsync
Next step: having the replication working. The customer dont want to give to my
On 02/17/2015 12:55 PM, Hugh wrote:
All,
After my education on what IPA/AD trusts can and can't do, I decided
to give the IPA-AD sync option a try. After finally finding what I
think is the proper software to install on the AD DC
(389-PassSync-1.1.6-x86_64.exe from the Fedora site), I believe
On 02/17/2015 01:33 PM, Hugh wrote:
What version of 389-ds-base are you using?
# rpm -q 389-ds-base
Sorry for not specifying. I'm running FreeIPA on CentOS 6.5.
Installed via yum - ipa-server-3.0.0-42.el6.centos.x86_64
Ok, so I'm assuming 389-ds-base is 1.2.11.15-48 or later? I
On 02/17/2015 02:03 PM, Hugh wrote:
On Tue, Feb 17, 2015 at 2:46 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Ok, so I'm assuming 389-ds-base is 1.2.11.15-48 or later? I think
we may need a new version of passsync.
I didn't even know those were
On 02/15/2015 03:41 PM, Thomas Raehalme wrote:
Hi!
On Sun, Feb 15, 2015 at 11:37 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Today we started having problems with dirsrv hanging. We have
observed the following symptoms (using EXAMPLE.COM
http
On 02/12/2015 09:05 AM, Brad House wrote:
On 02/12/2015 10:48 AM, Simo Sorce wrote:
On Thu, 2015-02-12 at 07:38 -0800, Michael Lasevich wrote:
Thank you, this is very helpful. I forgot about 'super admin', which
is why
I was not even seeing the values before. :-)
How are the the values
1 - 100 of 494 matches
Mail list logo