[Freeipa-users] Managing AD Users in IPA
Denis Müller
d.mueller2 at rto.de
Mon Jan 16 09:15:58 UTC 2017
Hi FreeIpa Community,
i'm actually new to the software and have some basic questions. We have linux users in in active directory.
To be more flexible, we would like to install freeipa, import all users from ad and manage all the stuff like ssh, sudo etc. from ipa.
1. Do i need establish a trust first like mentioned here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#trust-one-two-way
2. Or can we just create a sync to import all "linux-users" from ad into ipa and manage them just like ipa-users:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/managing-sync-agmt.html
3. ipa-replica-manage connect --winsync --binddn cn=administrator,cn=users,dc=example,dc=com --bindpw "***" --passsync "***" --cacert /root/dc1.crt dc1.example.com -v
getting an error:
Traceback (most recent call last):
File "/usr/sbin/ipa-replica-manage", line 1607, in <module>
main(options, args)
File "/usr/sbin/ipa-replica-manage", line 1566, in main
add_link(realm, replica1, replica2, dirman_passwd, options)
File "/usr/sbin/ipa-replica-manage", line 1118, in add_link
if not ds.add_ca_cert(options.cacert):
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 1018, in add_ca_cert
certdb.load_cacert(cacert_fname, 'C,,')
File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 261, in load_cacert
(rdn, subject_dn) = get_cert_nickname(cert)
File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 67, in get_cert_nickname
return (str(dn[0]), dn)
File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1170, in __getitem__
return self._get_rdn(self.rdns[key])
IndexError: list index out of range
Unexpected error: list index out of range
[root at ipa01<mailto:root at ipa01> ~]# uname -r
3.10.0-327.el7.x86_64
[root at ipa01<mailto:root at ipa01> ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
We would appreciate any help,
greets,
Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170116/8509fd69/attachment.htm>
More information about the Freeipa-users
mailing list