[Freeipa-users] two questions on IPA usage
Dmitri Pal
dpal at redhat.com
Fri Dec 21 22:26:45 UTC 2012
On 12/21/2012 08:31 AM, Martin Kosek wrote:
> On 12/20/2012 12:34 AM, David Copperfield wrote:
>> Hi Howdy,
>>
>> Two questions on IPA usage are listed below. Please help.
>>
>> 1, How to reset a normal IPA user's password through web interface
>> when the
>> password is expired?
>>
>> when the normal user's password is close to expiration but still
>> not expired,
>> he/she can change it by self through the web interface
>> https://ipaserver/.
>> Otherwise he/she has to do ssh/kinit to update his/her password. But the
>> problem is: quite some users are non tech-savy -- managers,
>> marketing, sales --
>> and they have no ideas of Linux or Kerberos, what they can do is
>> accessing a
>> web interface and filling HTML forms.
>
> Hello David,
>
> This feature was introduced in FreeIPA 3.0, you can see the relevant
> ticket:
> https://fedorahosted.org/freeipa/ticket/2755
>
> When your IPA server is upgraded to this version (it will be part of
> next RHEL 6 minor version release), Web UI users with expired password
> will be automatically offered a form to reset it.
>
>>
>> 2, When the freeIPA 3.0 and 3.1 series RPM will be available on
>> Redhat 6?
>> does IPA version 3.0/3.1 has backup/restore solutions, and merged CA
>> LDAP
>> instance and IPA LDAP instance?
>
> Merged CA/LDAP instance is available in FreeIPA 3.1 which is not
> available in RHEL-6. As for Backup&Restore solution, a FreeIPA
> provided solution is not ready yet, but we have a ticket filed and
> planned already. You can take a look here:
>
> https://fedorahosted.org/freeipa/ticket/3128
To elaborate a bit.
1) backup and restore
This is a loaded topic. There are two major use cases that are confused.
One is business continuity driven and another is data corruption driven.
For business continuity case here are our current recommendations and I
do not think there is anything else needed.
a) Run sufficient amount of replicas in different data centers
b) Backup the whole image of one of the replicas that has all the
components you use periodically so that if you have to start over you
have an image to use and create other replicas from. In case of disaster
the procedure would be - boot this image, create other replicas from it
and install following normal procedures. You are up and running back
within minutes.
c) For an easier snapshoting it might make sense to run a replica in a
VM so you can easily make a copy of it.
The recommendation above is pretty sufficient for the business
continuity case. It is not however for the data corruption case.
The ticket mentioned will be focusing on the data corruption case (when
data is removed or DB gets corrupted and needs to be restored) and we
have plans to look into this use case in the upcoming year.
2) Merged DB is 3.1 and will be supported in RHEL7
>
> HTH,
> Martin
>
>>
>> Presently the IPA version on redhat 6.3 is 2.2.0, I can wait if
>> IPA 3.0 or
>> 3.1 will comes out soon for redhat 6 and have the cool features.
>>
>> Thanks a lot.
>>
>> --Guolin
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list