CSN Skew bug
by pgb205
we are affected by the CSN time skew bug discussed in this wikihttp://directory.fedoraproject.org/docs/389ds/howto/howto-fix-and-res...
andhttps://bugzilla.redhat.com/show_bug.cgi?id=1009122
We are on CentOS Linux release 7.3.1611 (Core)ipa-server-4.4.0-14.el7
389-ds-base-1.3.5.10-20.el7
The Bug article above suggests that upgrading to 1.2.11 will provide a resolutionbut we seem to be on a significantly newer version of the 389 server.
The error we are specifically seeing is
NSMMReplicationPlugin - agmt="cn=cloneAgreement1-server2.-pki-tomcat" (server1:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica.
Can someone please advise on what the best steps are in this situation. Should we upgrade to some newer version of 389ds or is the above wiki the only solution to our problem?
6 years, 8 months
5 bad replicas, can't remove, need these clean before I can re-add secondary replicas.
by email@ml.jacobdevans.com
Unable to remove any of these bad
ipa-replica-manage list-ruv
Directory Manager password:
unable to decode: {replica 7} 585aae3e001a00070000 585aae3e001a00070000
unable to decode: {replica 8} 586520c8000f00080000 586520c8000f00080000
unable to decode: {replica 11} 58862e450004000b0000 58862e450004000b0000
unable to decode: {replica 32} 597ab1ae000100200000 597ab1ae000100200000
unable to decode: {replica 19} 58d41955000100130000 58d41955000100130000
command: ipa-replica-manage clean-ruv 7
Result: Replica ID 7 not found
cleanallruv.pl -w - -b 'dc=ipa,dc=clarkinc,dc=io' -A -r 7 -v
Bind Password:
ldap_add: Server is unwilling to perform (53)
additional info: Replica id (7) is not being cleaned, nothing to abort.
Failed to add task entry "cn=abort_cleanallruv_2017_7_28_12_14_22, cn=abort cleanallruv, cn=tasks, cn=config" error (53)
6 years, 8 months
FreeIPA 2FA CentOS 6
by Devin Acosta
I have noticed that when I enable FreeIPA all my CentOS 7.x boxes work via
SSH just fine, however none of my CentOS 6 boxes work. I read that 2FA
didn't come until CentOS 7.1. So my question is does 2FA via SSH not work
at all if you have a RHEL 6 / CentOS 6 server? Just curious.
Thanks much.
Devin Acosta
6 years, 9 months
ipa-client-install using AD/ad_admin credentials
by Steve Weeks
We want to let AD admins install new linux FreeIPA clients using their AD
credentials. It looks like if fails using kinit in the script. If you run
kinit 'AD\ad_admin' you get the same error.
Is it feasible to do what we want? Does it make sense? We already have a
system for managing the sysadmins in AD and don't really want to setup
double accounts for them. (We have lots of sysadmins).
Thanks,
Steve
6 years, 9 months
Account Settings not in sync for RADIUS authentication type. (Bugreport?)
by email@ml.jacobdevans.com
Looks like a UI glitch (it's correct in LDAP) but when configuring users to use RADIUS auth, these settings to not show as enabed/selected on other ipa servers.
Steps to repeat:
1) add user
2) disable all password options, select only RADIUS
3) configure proxy username and server.
4) check replica.
Thanks
- Jake
6 years, 9 months
ipa-replica-install - unable to establish replication
by Patrick Hemmer
I'm trying to setup a FreeIPA replica on 4.5.2 and the
ipa-replica-install script dies with:
[27/40]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 14 seconds elapsed
[ldap://fll2aipa01stg.ipa-stg.chewy.net:389] reports: Update failed!
Status: [-1 - LDAP error: Can't contact LDAP server]
[error] RuntimeError: Failed to start replication
When I look in the /var/log/dirsrv/slapd-IPA-STG-CHEWY-NET/errors of the
new replica, the last few lines contains:
[27/Jul/2017:17:54:36.501614930 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389):
Unable to acquire replica: permission denied. The bind dn "" does not
have permission to supply replication updates to the replica. Will retry
later.
[27/Jul/2017:17:54:42.511659900 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389):
Unable to acquire replica: permission denied. The bind dn "" does not
have permission to supply replication updates to the replica. Will retry
later.
[27/Jul/2017:17:54:54.517563545 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389):
Unable to acquire replica: permission denied. The bind dn "" does not
have permission to supply replication updates to the replica. Will retry
later.
[27/Jul/2017:17:55:18.527945464 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389):
Unable to acquire replica: permission denied. The bind dn "" does not
have permission to supply replication updates to the replica. Will retry
later.
[27/Jul/2017:17:56:06.546462326 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389): The
remote replica has a different database generation ID than the local
database. You may have to reinitialize the remote replica, or the local
replica.
In the /var/log/dirsrv/slapd-IPA-STG-CHEWY-NET/errors of the original
master, the last few lines has:
[27/Jul/2017:17:54:33.567167570 -0400] NSMMReplicationPlugin -
Warning: unable to acquire replica for total update, error: -1, retrying
in 2 seconds.
[27/Jul/2017:17:54:35.572200957 -0400] NSMMReplicationPlugin -
Warning: unable to acquire replica for total update, error: -1, retrying
in 3 seconds.
[27/Jul/2017:17:54:36.498618557 -0400] NSMMReplicationPlugin -
conn=115 op=6 replica="dc=ipa-stg,dc=chewy,dc=net": Unable to acquire
replica: error: permission denied
[27/Jul/2017:17:54:38.579074442 -0400] NSMMReplicationPlugin -
Warning: unable to acquire replica for total update, error: -1, retrying
in 4 seconds.
[27/Jul/2017:17:54:42.504309388 -0400] NSMMReplicationPlugin -
conn=115 op=7 replica="dc=ipa-stg,dc=chewy,dc=net": Unable to acquire
replica: error: permission denied
[27/Jul/2017:17:54:42.586071823 -0400] NSMMReplicationPlugin -
Warning: unable to acquire replica for total update, error: -1, retrying
in 5 seconds.
[27/Jul/2017:17:54:54.514797243 -0400] NSMMReplicationPlugin -
conn=115 op=9 replica="dc=ipa-stg,dc=chewy,dc=net": Unable to acquire
replica: error: permission denied
[27/Jul/2017:17:55:18.521047403 -0400] NSMMReplicationPlugin -
conn=115 op=11 replica="dc=ipa-stg,dc=chewy,dc=net": Unable to acquire
replica: error: permission denied
The access log on the original master contains:
[27/Jul/2017:17:31:48.338205279 -0400] conn=115 fd=70 slot=70
connection from 10.0.33.200 to 10.0.33.200
[27/Jul/2017:17:31:48.338602001 -0400] conn=115 op=0 BIND
dn="cn=Directory Manager" method=128 version=2
[27/Jul/2017:17:31:48.338684940 -0400] conn=115 op=0 RESULT
err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[27/Jul/2017:17:54:32.478121113 -0400] conn=115 fd=121 slot=121
connection from 10.0.33.201 to 10.0.33.200
[27/Jul/2017:17:54:32.479047230 -0400] conn=115 op=0 BIND dn=""
method=sasl version=3 mech=GSSAPI
[27/Jul/2017:17:54:32.482605087 -0400] conn=115 op=0 RESULT
err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[27/Jul/2017:17:54:32.483393321 -0400] conn=115 op=1 BIND dn=""
method=sasl version=3 mech=GSSAPI
[27/Jul/2017:17:54:32.484615090 -0400] conn=115 op=1 RESULT
err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[27/Jul/2017:17:54:32.485067380 -0400] conn=115 op=2 BIND dn=""
method=sasl version=3 mech=GSSAPI
[27/Jul/2017:17:54:32.486355861 -0400] conn=115 op=2 RESULT
err=0 tag=97 nentries=0 etime=0
dn="krbprincipalname=ldap/fll2aipa02stg.ipa-stg.chewy.net(a)ipa-stg.chewy.net,cn=services,cn=accounts,dc=ipa-stg,dc=chewy,dc=net"
[27/Jul/2017:17:54:32.486992403 -0400] conn=115 op=3 SRCH
base="" scope=0 filter="(objectClass=*)" attrs="supportedControl
supportedExtension"
[27/Jul/2017:17:54:32.489473132 -0400] conn=115 op=3 RESULT
err=0 tag=101 nentries=1 etime=0
[27/Jul/2017:17:54:32.489967733 -0400] conn=115 op=4 SRCH
base="" scope=0 filter="(objectClass=*)" attrs="supportedControl
supportedExtension"
[27/Jul/2017:17:54:32.492209604 -0400] conn=115 op=4 RESULT
err=0 tag=101 nentries=1 etime=0
[27/Jul/2017:17:54:32.492559529 -0400] conn=115 op=5 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[27/Jul/2017:17:54:32.494124224 -0400] conn=115 op=5 RESULT
err=0 tag=120 nentries=0 etime=0
[27/Jul/2017:17:54:36.498506345 -0400] conn=115 op=6 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[27/Jul/2017:17:54:36.500590218 -0400] conn=115 op=6 RESULT
err=0 tag=120 nentries=0 etime=0
[27/Jul/2017:17:54:42.504167583 -0400] conn=115 op=7 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[27/Jul/2017:17:54:42.507097328 -0400] conn=115 op=7 RESULT
err=0 tag=120 nentries=0 etime=0
[27/Jul/2017:17:54:54.514671476 -0400] conn=115 op=9 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[27/Jul/2017:17:54:54.516861209 -0400] conn=115 op=9 RESULT
err=0 tag=120 nentries=0 etime=0
[27/Jul/2017:17:55:18.520948176 -0400] conn=115 op=11 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[27/Jul/2017:17:55:18.523931139 -0400] conn=115 op=11 RESULT
err=0 tag=120 nentries=0 etime=0
The command being used is:
ipa-replica-install --principal admin -w XXXX -n
ipa-stg.chewy.net -r IPA-STG.CHEWY.NET --setup-dns --no-host-dns
--setup-kra --mkhomedir --forwarder 10.0.2.10 --forwarder 10.0.2.11
--no-ntp --no-dnssec-validation -U
--server=fll2aipa01stg.ipa-stg.chewy.net --setup-ca --skip-conncheck
Any ideas what's wrong?
I've attached the output of ipa-replica-install as well as
/var/log/ipareplica-install.log. I can provide additional logs if
necessary, just let me know which ones.
-Patrick
6 years, 9 months
replica-install --setup-ca fails
by Petros Triantafyllidis
Hi all,
I would appreciate any help on my attempt to promote an existing
client to replica. After client installation, I added replica-to-be to
ipaservers hostgroup and then run "replica-install --setup-ca" but
unfortunately I end up with the errors below. Both master and client
have ipa-server-4.4.0-14.el7.centos.7.x86_64
Thanks in advance,
Petros
_____________________________________________________________________________________________________________
On replica-to-be:
[...]
Done configuring ipa-otpd.
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
30 seconds
[1/26]: creating certificate server user
[2/26]: creating certificate server db
[3/26]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 5 seconds elapsed
Update succeeded
[4/26]: creating installation admin user
[5/26]: setting up certificate server
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
configure CA instance: Command '/usr/sbin/pkispawn -s CA -f
/tmp/tmp6Q_ZLY' returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
installation logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
[error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR CA
configuration failed.
ipa.ipapython.install.cli.install_tool(Replica): ERROR The
ipa-replica-install command failed. See /var/log/ipareplica-install.log
for more information
_____________________________________________________________________________________________________________
/var/log/ipareplica-install.log
[...]
Import complete
---------------
Imported certificates in /etc/pki/pki-tomcat/alias:
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
ocspSigningCert cert-pki-ca u,u,u
subsystemCert cert-pki-ca u,u,u
caSigningCert cert-pki-ca CTu,Cu,Cu
auditSigningCert cert-pki-ca u,u,Pu
Installation failed:
Please check the CA logs in /var/log/pki/pki-tomcat/ca.
2017-07-27T06:57:54Z DEBUG stderr=
2017-07-27T06:57:54Z CRITICAL Failed to configure CA instance: Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmp6Q_ZLY' returned non-zero exit status 1
2017-07-27T06:57:54Z CRITICAL See the installation logs and the
following files/directories for more information:
2017-07-27T06:57:54Z CRITICAL /var/log/pki/pki-tomcat
2017-07-27T06:57:54Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
586, in __spawn_instance
DogtagInstance.spawn_instance(self, cfg_file)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 181, in spawn_instance
self.handle_setup_error(e)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 420, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
2017-07-27T06:57:54Z DEBUG [error] RuntimeError: CA configuration failed.
2017-07-27T06:57:54Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
318, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 310, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 332, in execute
for nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 362, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 586, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 449, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 362, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 63, in _install
for nothing in self._installer(self.parent):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1722, in main
promote(self)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 372, in decorated
func(installer)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1519, in promote
ca_cert_bundle=ca_data)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1392, in configure_replica
self.start_creation(runtime=210)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
586, in __spawn_instance
DogtagInstance.spawn_instance(self, cfg_file)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 181, in spawn_instance
self.handle_setup_error(e)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 420, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
2017-07-27T06:57:54Z DEBUG The ipa-replica-install command failed,
exception: RuntimeError: CA configuration failed.
2017-07-27T06:57:54Z ERROR CA configuration failed.
2017-07-27T06:57:54Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
_____________________________________________________________________________________________________________
On master server:
[27/Jul/2017:09:53:19.624201120 +0300] NSMMReplicationPlugin -
agmt="cn=meTomedea.geo.auth.gr" (medea:389): Replication bind with
GSSAPI auth failed: LDAP error 49 (Invalid credentials) ()
[27/Jul/2017:09:53:19.910732845 +0300] NSMMReplicationPlugin -
agmt="cn=meTomedea.geo.auth.gr" (medea:389): Replication bind with
GSSAPI auth resumed
[27/Jul/2017:09:53:21.525459152 +0300] NSMMReplicationPlugin - Beginning
total update of replica "agmt="cn=meTomedea.geo.auth.gr" (medea:389)".
[27/Jul/2017:09:53:26.923911503 +0300] NSMMReplicationPlugin - Finished
total update of replica "agmt="cn=meTomedea.geo.auth.gr" (medea:389)".
Sent 719 entries.
[27/Jul/2017:09:53:29.398775963 +0300] NSMMReplicationPlugin -
agmt="cn=meTomedea.geo.auth.gr" (medea:389): Unable to acquire replica:
permission denied. The bind dn "" does not have permission to supply
replication updates to the replica. Will retry later.
[27/Jul/2017:09:53:32.746503539 +0300] NSMMReplicationPlugin -
agmt="cn=meTomedea.geo.auth.gr" (medea:389): Unable to acquire replica:
permission denied. The bind dn "" does not have permission to supply
replication updates to the replica. Will retry later.
[27/Jul/2017:09:53:38.862288126 +0300] NSMMReplicationPlugin -
agmt="cn=meTomedea.geo.auth.gr" (medea:389): Unable to receive the
response for a startReplication extended operation to consumer (Can't
contact LDAP server). Will retry later.
[27/Jul/2017:09:53:51.238616755 +0300] NSMMReplicationPlugin -
agmt="cn=meTomedea.geo.auth.gr" (medea:389): Replication bind with
GSSAPI auth resumed
[27/Jul/2017:09:54:30.937398919 +0300] NSMMReplicationPlugin -
agmt="cn=meTomedea.geo.auth.gr" (medea:389): Unable to receive the
response for a startReplication extended operation to consumer (Can't
contact LDAP server). Will retry later.
[27/Jul/2017:09:56:03.537114454 +0300] NSMMReplicationPlugin -
agmt="cn=meTomedea.geo.auth.gr" (medea:389): Replication bind with
GSSAPI auth resumed
[27/Jul/2017:09:56:04.495965497 +0300] NSMMReplicationPlugin -
agmt="cn=caTomedea.geo.auth.gr" (medea:389): The remote replica has a
different database generation ID than the local database. You may have
to reinitialize the remote replica, or the local replica.
[27/Jul/2017:09:56:06.236968406 +0300] NSMMReplicationPlugin - Beginning
total update of replica "agmt="cn=caTomedea.geo.auth.gr" (medea:389)".
[27/Jul/2017:09:56:10.494727689 +0300] NSMMReplicationPlugin - Finished
total update of replica "agmt="cn=caTomedea.geo.auth.gr" (medea:389)".
Sent 159 entries.
6 years, 9 months
Cronjob requesting krb tickets
by Darac Marjal
Hi all,
I'm fairly new to FreeIPA, but I'm using it to sort out single-sign-on
on a few computers on my small network.
So far, I've managed to setup up automounting of krb5i-protected shares
on my NAS. I can see that, when I log in a kerberos ticket is arranged
and then that is used to authenticate to the NFS server.
What I'm now wondering about is how things work with cron. I would like
to leave some of my machines unattended, but still have them run cron
jobs that access the NFS filesystems.
Is this a non-problem (i.e. is cron going to be able to access my files
without interaction, in the same way that it would on a regular system?)
Or do I need to arrange something beforehand to allow cron access (I've
seen various references to S4U2Proxy, to creating a "user/cron@REALM"
user and mapping that to just "user@REALM" and also to simply running
kinit before each job.)
Pointers to documentation would be useful.
For reference, I'm running FreeIPA on Fedora 25, but my client machines
are typically Debian 9.
Many thanks.
--
For more information, please reread.
6 years, 9 months
nsds5ReplConflict: missingEntry
by email@ml.jacobdevans.com
This is a new one, any ideas on how to get this to sync?
ldapsearch -x -D "cn=directory manager" -W -b "dc=ipa,dc=example,dc=com" "nsds5ReplConflict=*" \* nsds5ReplConflict
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=ipa,dc=example,dc=com> with scope subtree
# filter: nsds5ReplConflict=*
# requesting: * nsds5ReplConflict
#
# servers, dns, ipa.example.com
dn: cn=servers,cn=dns,dc=ipa,dc=example,dc=com
objectClass: top
objectClass: extensibleObject
objectClass: glue
cn: servers
nsds5ReplConflict: missingEntry
# search result
search: 2
result: 0 Success
# numResponses: 2
Thanks
-Jake
6 years, 9 months
Group membership expiration
by Prashant Bapat
Hi FreeIPA Users,
Is there a way to make the group membership have an optional expiration
date. This expiration date can be set by the admin.
Any pointers to how this can be implemented would be very helpful.
Thanks.
--Prashant
6 years, 9 months