[Freeipa-users] lowest-privilege method of checking for out of sync FreeIPA masters?
List dedicated to discussions about use, configuration and deployment of the IPA server.
freeipa-users at redhat.com
Tue Dec 6 21:11:21 UTC 2016
Hello,
There's a method to check the replication status of FreeIPA masters by
looking at objectClass=nsDS5ReplicationAgreement in the "cn=mapping
tree,cn=config" part of LDAP.
Unfortunately that requires Directory Admin level privileges.
Is there a method to check those replication agreement details that uses a
much lower privilege? We'd like to add a replication test to our Zabbix
monitoring system, and we don't want to use the directory admin user ID :)
Thanks!
Anthony Clark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161206/a254b394/attachment.htm>
More information about the Freeipa-users
mailing list