Hello guys, is there any change for storing the password over freeipa it generate an password with the unicodepwd format?
I'm still trying to replicate some users from freeipa to AD, i would like to mantain my Freeipa as the principal manager for users and groups.
thanks.
LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote:
Hello guys, is there any change for storing the password over freeipa it generate an password with the unicodepwd format?
No, it is not supported currently.
I'm still trying to replicate some users from freeipa to AD, i would like to mantain my Freeipa as the principal manager for users and groups.
How are you replicating IPA users to AD?
rob
Thanks RC, right now i'm using lsc-project.org for that, it has some technical flaws but actually works.
I thought about migrating all users to AD and use passsync, to replicate the password but i didn't know that it was closed to redhat subscription. Also thought about creating the plugin over Directory 389 but the documentation doesn't seem easy to-do.
Actually i'm strungling to maintain my Freeipa Server with 11k userss as the principal manager over here.
Thanks.
Em qua., 29 de jan. de 2020 às 15:59, Rob Crittenden rcritten@redhat.com escreveu:
LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote:
Hello guys, is there any change for storing the password over freeipa it
generate an password with the unicodepwd format?
No, it is not supported currently.
I'm still trying to replicate some users from freeipa to AD, i would
like to mantain my Freeipa as the principal manager for users and groups.
How are you replicating IPA users to AD?
rob
Lucas Diedrich via FreeIPA-users wrote:
Thanks RC, right now i'm using lsc-project.org http://lsc-project.org for that, it has some technical flaws but actually works.
I thought about migrating all users to AD and use passsync, to replicate the password but i didn't know that it was closed to redhat subscription. Also thought about creating the plugin over Directory 389 but the documentation doesn't seem easy to-do.
Actually i'm strungling to maintain my Freeipa Server with 11k userss as the principal manager over here.
You could probably extend the IPA password plugin to write the UnicodePwd attribute in the correct format. There are existing examples in the code such as setting the sambaNTPassword attribute.
rob
Thanks.
Em qua., 29 de jan. de 2020 às 15:59, Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> escreveu:
LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote: > Hello guys, is there any change for storing the password over freeipa it generate an password with the unicodepwd format? No, it is not supported currently. > > I'm still trying to replicate some users from freeipa to AD, i would like to mantain my Freeipa as the principal manager for users and groups. How are you replicating IPA users to AD? rob
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Rob, is this what you talking about? https://github.com/freeipa/freeipa/tree/master/daemons/ipa-slapi-plugins ?
Em qui., 30 de jan. de 2020 às 15:41, Rob Crittenden rcritten@redhat.com escreveu:
Lucas Diedrich via FreeIPA-users wrote:
Thanks RC, right now i'm using lsc-project.org http://lsc-project.org for that, it has some technical flaws but actually works.
I thought about migrating all users to AD and use passsync, to replicate the password but i didn't know that it was closed to redhat subscription. Also thought about creating the plugin over Directory 389 but the documentation doesn't seem easy to-do.
Actually i'm strungling to maintain my Freeipa Server with 11k userss as the principal manager over here.
You could probably extend the IPA password plugin to write the UnicodePwd attribute in the correct format. There are existing examples in the code such as setting the sambaNTPassword attribute.
rob
Thanks.
Em qua., 29 de jan. de 2020 às 15:59, Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> escreveu:
LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote: > Hello guys, is there any change for storing the password over freeipa it generate an password with the unicodepwd format? No, it is not supported currently. > > I'm still trying to replicate some users from freeipa to AD, i would like to mantain my Freeipa as the principal manager for users and groups. How are you replicating IPA users to AD? rob
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Lucas Diedrich wrote:
Rob, is this what you talking about? https://github.com/freeipa/freeipa/tree/master/daemons/ipa-slapi-plugins%C2%...
Yes, in ipa-pwd-extop. When a password change comes in we grab the cleartext and generate the other keys from it so that all the passwords in IPA are in sync.
rob
Em qui., 30 de jan. de 2020 às 15:41, Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> escreveu:
Lucas Diedrich via FreeIPA-users wrote: > Thanks RC, right now i'm using lsc-project.org <http://lsc-project.org> <http://lsc-project.org> > for that, it has some technical flaws but actually works. > > I thought about migrating all users to AD and use passsync, to replicate > the password but i didn't know that it was closed to redhat > subscription. Also thought about creating the plugin over Directory 389 > but the documentation doesn't seem easy to-do. > > Actually i'm strungling to maintain my Freeipa Server with 11k userss > as the principal manager over here. You could probably extend the IPA password plugin to write the UnicodePwd attribute in the correct format. There are existing examples in the code such as setting the sambaNTPassword attribute. rob > > Thanks. > > > > Em qua., 29 de jan. de 2020 às 15:59, Rob Crittenden > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> escreveu: > > LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote: > > Hello guys, is there any change for storing the password over > freeipa it generate an password with the unicodepwd format? > > No, it is not supported currently. > > > > > I'm still trying to replicate some users from freeipa to AD, i > would like to mantain my Freeipa as the principal manager for users > and groups. > > How are you replicating IPA users to AD? > > rob > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >
Rob, can you confirm if this website https://www.freeipa.org/page/Build is the default guide for building freeipa ?
Em qui., 30 de jan. de 2020 às 16:34, Rob Crittenden rcritten@redhat.com escreveu:
Lucas Diedrich wrote:
Rob, is this what you talking about?
https://github.com/freeipa/freeipa/tree/master/daemons/ipa-slapi-plugins ?
Yes, in ipa-pwd-extop. When a password change comes in we grab the cleartext and generate the other keys from it so that all the passwords in IPA are in sync.
rob
Em qui., 30 de jan. de 2020 às 15:41, Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> escreveu:
Lucas Diedrich via FreeIPA-users wrote: > Thanks RC, right now i'm using lsc-project.org <http://lsc-project.org> <http://lsc-project.org> > for that, it has some technical flaws but actually works. > > I thought about migrating all users to AD and use passsync, to replicate > the password but i didn't know that it was closed to redhat > subscription. Also thought about creating the plugin over Directory 389 > but the documentation doesn't seem easy to-do. > > Actually i'm strungling to maintain my Freeipa Server with 11k
userss
> as the principal manager over here. You could probably extend the IPA password plugin to write the UnicodePwd attribute in the correct format. There are existing
examples
in the code such as setting the sambaNTPassword attribute. rob > > Thanks. > > > > Em qua., 29 de jan. de 2020 às 15:59, Rob Crittenden > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> escreveu: > > LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote: > > Hello guys, is there any change for storing the password over > freeipa it generate an password with the unicodepwd format? > > No, it is not supported currently. > > > > > I'm still trying to replicate some users from freeipa to AD,
i
> would like to mantain my Freeipa as the principal manager for users > and groups. > > How are you replicating IPA users to AD? > > rob > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
>
On Mon, Feb 3, 2020 at 6:43 PM Lucas Diedrich via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Rob, can you confirm if this website https://www.freeipa.org/page/Build is the default guide for building freeipa ?
Yes, this is the case. On Fedora 31 the COPR step is not needed.
Em qui., 30 de jan. de 2020 às 16:34, Rob Crittenden rcritten@redhat.com escreveu:
Lucas Diedrich wrote:
Rob, is this what you talking about? https://github.com/freeipa/freeipa/tree/master/daemons/ipa-slapi-plugins ?
Yes, in ipa-pwd-extop. When a password change comes in we grab the cleartext and generate the other keys from it so that all the passwords in IPA are in sync.
rob
Em qui., 30 de jan. de 2020 às 15:41, Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> escreveu:
Lucas Diedrich via FreeIPA-users wrote: > Thanks RC, right now i'm using lsc-project.org <http://lsc-project.org> <http://lsc-project.org> > for that, it has some technical flaws but actually works. > > I thought about migrating all users to AD and use passsync, to replicate > the password but i didn't know that it was closed to redhat > subscription. Also thought about creating the plugin over Directory 389 > but the documentation doesn't seem easy to-do. > > Actually i'm strungling to maintain my Freeipa Server with 11k userss > as the principal manager over here. You could probably extend the IPA password plugin to write the UnicodePwd attribute in the correct format. There are existing examples in the code such as setting the sambaNTPassword attribute. rob > > Thanks. > > > > Em qua., 29 de jan. de 2020 às 15:59, Rob Crittenden > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> escreveu: > > LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote: > > Hello guys, is there any change for storing the password over > freeipa it generate an password with the unicodepwd format? > > No, it is not supported currently. > > > > > I'm still trying to replicate some users from freeipa to AD, i > would like to mantain my Freeipa as the principal manager for users > and groups. > > How are you replicating IPA users to AD? > > rob > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
I'm currently flying back from FOSDEM, so please forgive me for a short answer but I do not recommend you to add unicodepwd storage. That's most likely will not help you and will only complicate things when we merge the global catalog work we do.
There are still missing parts in FreeIPA and Samba that would have helped to make two way trust part properly working. Adding unicodepwd is not one of them, for sure.
----- Lucas Diedrich via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Rob, can you confirm if this website https://www.freeipa.org/page/Build is the default guide for building freeipa ?
Em qui., 30 de jan. de 2020 às 16:34, Rob Crittenden rcritten@redhat.com escreveu:
Lucas Diedrich wrote:
Rob, is this what you talking about?
https://github.com/freeipa/freeipa/tree/master/daemons/ipa-slapi-plugins ?
Yes, in ipa-pwd-extop. When a password change comes in we grab the cleartext and generate the other keys from it so that all the passwords in IPA are in sync.
rob
Em qui., 30 de jan. de 2020 às 15:41, Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> escreveu:
Lucas Diedrich via FreeIPA-users wrote: > Thanks RC, right now i'm using lsc-project.org <http://lsc-project.org> <http://lsc-project.org> > for that, it has some technical flaws but actually works. > > I thought about migrating all users to AD and use passsync, to replicate > the password but i didn't know that it was closed to redhat > subscription. Also thought about creating the plugin over Directory 389 > but the documentation doesn't seem easy to-do. > > Actually i'm strungling to maintain my Freeipa Server with 11k
userss
> as the principal manager over here. You could probably extend the IPA password plugin to write the UnicodePwd attribute in the correct format. There are existing
examples
in the code such as setting the sambaNTPassword attribute. rob > > Thanks. > > > > Em qua., 29 de jan. de 2020 às 15:59, Rob Crittenden > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> escreveu: > > LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote: > > Hello guys, is there any change for storing the password over > freeipa it generate an password with the unicodepwd format? > > No, it is not supported currently. > > > > > I'm still trying to replicate some users from freeipa to AD,
i
> would like to mantain my Freeipa as the principal manager for users > and groups. > > How are you replicating IPA users to AD? > > rob > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
>
Hey AB, sorry for the long time without response, so now we're a differente aproach with passsync: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Thanks for the tip.
freeipa-users@lists.fedorahosted.org