April 2020 - FreeIPA-users - Fedora Mailing-Lists

by Ronald Wimmer

Hi, will Microsofts decision to let domain controllers talk LDAPS only in the near future affect IPA sowehow? Cheers, Ronald

2 years, 1 month

3
9
0 / 0

ca replication for hosts with different dns domains

by askstack＠yahoo.com

Hi IDM domain: "fist.domain" Host name: host1.first.domain host2.second.domain I was able to run "ipa-client-install" on host2 and promoted it to a domain replica. After I verified domain replication was working, I tried to run ipa-ca-install. It failed on host2. Redhat support said host1 and host2 are on two different dns domains so replication is not supported. I am not sure that is the case since two hosts are in the same and onlyIDM domain replication group. Is redhat support correct? Thanks.

2 years, 1 month

3
3
0 / 0

Migration (in place)

by Christian Reiss

Hey folks, Running a 3-node FreeIPA Installation. All is well, but I am now upgrading all VMs, including my three IPA Servers from Centos 7 to 8. As the Upgrade for Centos 7 to 8 is a complete reinstall I would need to, one at a time, upgrade an IPA server. The IP and FQDN would remain the same. - I read several documents out there and some say decommission one, reinstall and add it again. - Others go for replica-prepare and go from there. - What about simply backup up the data direcory and restore that? Maybe there is a recommended way? I tried doing this some months ago for a failed server, and I got an issue about replication agreement already existing which I only was able to resolve by reinstalling. The proposed "modify ldap" was way, way above me ;) Thank you all and stay healthy! -- with kind regards, mit freundlichen Gruessen, Christian Reiss

2 years, 1 month

3
4
0 / 0

EL7 Upgrades

by Angus Clarke

Hello Our environment has grown and as additional IPA servers have been added, different versions have been deployed. I am looking to bring IPA servers up to the latest version for EL7 and wanted some guidance or reassurance. Here are my versions, they are all VMWare VMs: idm001 ipa-server-4.5.4-10.0.1.el7.x86_64 Red Hat Enterprise Linux Server release 7.4 (Maipo) * UPGRADED * idm002 ipa-server-4.5.0-22.0.1.el7_4.x86_64 Red Hat Enterprise Linux Server release 7.4 (Maipo) * CA MASTER * idm003 ipa-server-4.5.0-22.0.1.el7_4.x86_64 Red Hat Enterprise Linux Server release 7.4 (Maipo) idm004 ipa-server-4.5.0-22.0.1.el7_4.x86_64 Red Hat Enterprise Linux Server release 7.4 (Maipo) idm005 ipa-server-4.6.5-11.0.1.el7_7.4.x86_64 Red Hat Enterprise Linux Server release 7.7 (Maipo) idm006 ipa-server-4.6.5-11.0.1.el7_7.4.x86_64 Red Hat Enterprise Linux Server release 7.7 (Maipo) idm007 ipa-server-4.6.5-11.0.1.el7_7.3.x86_64 Red Hat Enterprise Linux Server release 7.7 (Maipo) idm008 ipa-server-4.6.5-11.0.1.el7_7.3.x86_64 Red Hat Enterprise Linux Server release 7.7 (Maipo) idm009 ipa-server-4.6.4-10.0.1.el7_6.6.x86_64 Red Hat Enterprise Linux Server release 7.6 (Maipo) idm010 ipa-server-4.6.4-10.0.1.el7_6.6.x86_64 Red Hat Enterprise Linux Server release 7.6 (Maipo) I have upgraded idm001 without issue, the path was: 1) take VMWare snapshot 2) ipactl stop 3) yum update (channel with latest EL versions) 4) reboot 5) after a day or so, remove VMWare snapshot and it now shows: idm001 ipa-server-4.6.5-11.0.1.el7_7.4.x86_64 Red Hat Enterprise Linux Server release 7.7 (Maipo) Post upgrade checks on idm001: I see network connections to port 88 and 389 I can obtain a kerberos ticket through kinit I can login through the web interface and issue ipa commands. I don't see anything particularly alarming in log files. I understand the distributed LDAP schema was already up-to-date due to the roll out of idm005-006 on EL7.7/ipa-server-4.6.5-11.0.1.el7_7.4. I'm particularly concerned about upgrading idm002, my CA server - perhaps I should upgrade through each EL iteration? Are VMWare snapshots a suitable roll back mechanism for IPA (and IPA CA master) server upgrades? I was reading Rob's reply to Christian Reiss regarding his upgrade path to EL8 (bookmarked for future reference,) I don't have the ipa-crlgen-manage command on my CA server (presumably due to older version) to check if it is the CRL generator - I assume it is though, although in any case I'm unsure of the relevance with this EL7 series of ipa-server. All my IPA servers have CA capability except for idm001 - I presume I deployed it incorrectly in the first place. I would like to add CA facility to it, perhaps this is for a different thread though ... Thank you for any feedback. Regards Angus

2 years, 1 month

1
0
0 / 0

FreeIPA 4.6.8 released

by Alexander Bokovoy

2 years, 1 month

1
0
0 / 0

configure encryption types on Free IPA UI

by Hernán Fernández

Hello, How can I configure the available encryption types on a FreeIPA?. I'm using the version 4.6.5 Thanks -- Hernán Fernández +56994752172

2 years, 1 month

2
2
0 / 0

Update FreeIPA 4.8.6 on PI 4

by Dirk Streubel

Hello everybody, i am using a PI4 with Fedora 32 Beta and the latest Packages of IPA. Everything is working fine, but after an update this Afternoon my IPA Server would not start any more. I updated following packages: 389-ds-base-1.4.3.4-1.fc32.aarch64 and 389-ds-base-libs-1.4.3.4-1.fc32.aarch64 The following error message i get: [root@pifour ~]# systemctl status dirsrv(a)XXX.service ● dirsrv(a)XXX.service - 389 Directory Server XXX. Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/dirsrv@.service.d └─custom.conf /etc/systemd/system/dirsrv(a)XXX.service.d └─ipa-env.conf Active: failed (Result: exit-code) since Thu 2020-04-02 21:50:43 CEST; 21min ago Process: 6894 ExecStartPre=/usr/libexec/dirsrv/ds_systemd_ask_password_acl /etc/dirsrv/slapd-XXX/dse.ldif (code=exited, status=0/SUCCESS) Process: 6899 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-XXX -i /run/dirsrv/slapd-XXX.pid (code=exited, status=1/FAILURE) Main PID: 6899 (code=exited, status=1/FAILURE) CPU: 433ms Apr 02 21:50:42 pifour.linux.schnell.er systemd[1]: Starting 389 Directory Server XXX.... Apr 02 21:50:43 pifour.linux.schnell.er ns-slapd[6899]: [02/Apr/2020:21:50:43.097278875 +0200] - ERR - dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-XXX/schema/15rfc2307bis.ldif (lineno: 1) is invalid, error code 20 (Type or value exists) - attribute type nisDomain: Does not match the OID "1.3.6.1.4.1.1.1.1.12". Another attribute type is already using the name or OID. Apr 02 21:50:43 pifour.linux.schnell.er ns-slapd[6899]: [02/Apr/2020:21:50:43.113521126 +0200] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. Apr 02 21:50:43 pifour.linux.schnell.er systemd[1]: dirsrv(a)XXX.service: Main process exited, code=exited, status=1/FAILURE Apr 02 21:50:43 pifour.linux.schnell.er systemd[1]: dirsrv(a)XXX.service: Failed with result 'exit-code'. Apr 02 21:50:43 pifour.linux.schnell.er systemd[1]: Failed to start 389 Directory Server XXX.. [root@pifour ~]# Hope, somebody can help me, maybe a bug in the new packages? Regards Dirk

2 years, 1 month

2
4
0 / 0

Spacewalk and FreeIPA

by Ronald Wimmer

Hi, anyone here successfully configured Spacewalk authentication for FreeIPA users? I followed every step on https://github.com/spacewalkproject/spacewalk/wiki/SpacewalkAndIPA and can see that Kerberos auth seemed to have worked according to the ssl_access.log of Spacewalk but after clicking on login Spacewalk gives me an HTTP 403 error and I cannot find anything helpful in any log I am aware of. Cheers, Ronald

2 years, 1 month

1
0
0 / 0

Integration Freeipa with Keycloak

by dmitriys

Hi! I tried connect freeipa to Keycloak. And hove some questions about attribute and filters I filled in this way: * Username LDAP attribute uid * RDN LDAP attribute uid * UUID LDAP attribute uid * User Object Classes memberOf * Connection URL ldap://ldap.example.com * Users DN cn=users,cn=accounts,dc=example,dc=com * Bind Type simple Enable StartTLS (when set enable cant login) * Bind DN uid=test,cn=users,cn=compat,dc=example,dc=com * Bind Credential ********** Custom User LDAP Filter (memberOf=cn=users,cn=compat,dc=example,dc=com) With this settings keycloak can connect to freeipa but cant sync any users 2020-04-01 13:20:26,810 INFO [org.keycloak.storage.ldap.LDAPIdentityStoreRegistry] (default task-29) Creating new LDAP Store for the LDAP storage provider: 'freeipa_dev', LDAP Configuration: {pagination=[true], fullSyncPeriod=[-1], startTls=[false], connectionPooling=[true], usersDn=[cn=users,cn=accounts,dc=example,dc=com], cachePolicy=[DEFAULT], useKerberosForPasswordAuthentication=[false], importEnabled=[true], enabled=[true], bindDn=[uid=admin,cn=users,cn=compat,dc=example,dc=com], changedSyncPeriod=[-1], usernameLDAPAttribute=[uid], lastSync=[1585747226], vendor=[other], uuidLDAPAttribute=[uid], allowKerberosAuthentication=[false], connectionUrl=[ldap://ldap2.example.com], syncRegistrations=[true], authType=[simple], customUserSearchFilter=[(memberOf=cn=users,cn=compat,dc=example,dc=com)], debug=[false], searchScope=[1], useTruststoreSpi=[ldapsOnly], trustEmail=[false], priority=[0], userObjectClasses=[memberOf], rdnLDAPAttribute=[uid], editMode=[READ_ONLY], validatePasswordPoli cy=[false], batchSizeForSync=[1000]}, binaryAttributes: [] 2020-04-01 13:20:26,812 INFO [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-29) Sync all users from LDAP to local store: realm: example, federation provider: freeipa_dev 2020-04-01 13:20:26,894 INFO [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-29) Sync all users finished: 0 imported users, 0 updated users When try enable SSL/TLS get this error for connection 2020-04-01 13:23:26,179 ERROR [org.keycloak.services] (default task-40) KC-SERVICES0055: Error when connecting to LDAP: null: java.lang.NullPointerException How i can resolve this issue ? thank you

2 years, 1 month

4
4
0 / 0

LDAP Server stop to response after a period of time

by Lays Dragon

I deployed a two replica FreeIPA Servers,it woks well until this month,it start at the service report the LDAP is Timeout,I try to restart the server,even reinstall two IPA server and maintain the data via replica from another server. And it still happen after several days. The 389ds server just simply stop to response to any connection ,the wierd thing is the connection is established but no response after the connection. LDAP server seems to blocked on something,even replica is dead because the ldap is blocked.simply restart not slove the problem,the ldap server will blocked really soon caused other service like IPA Web service or kinit dead too. I guess the blocked is caused via replica function somehow,since I figure out I have to close the ldap port on blocked server firewall to make it isolate,and restart the server,waiting for about 10 min after the server is start,reopen the ldap port on firewall to let replica recover,and everything will be fine...And I notice there some connection stuck at CLOSE_WAIT of ns-slapd may be related. Need some help . I not so familiar with of freeipa,and trying to deal this problem over the week but nothing works. FreeIPA server version:4.8.4 Server System: Fedora 31 (Cloud Edition) server1 access log ``` krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink krbAuthIndMaxTicke..." [08/Mar/2020:10:01:23.390837315 +0800] conn=4 op=6091 RESULT err=0 tag=101 nentries=1 etime=0.000276689 [08/Mar/2020:10:01:23.390906790 +0800] conn=4 op=6092 SRCH base="cn=ENMD.NET,cn=kerberos,dc=enmd,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags krbAuthIndMaxTicketLife krbAuthIndMaxRenewableAge" [08/Mar/2020:10:01:23.391302403 +0800] conn=4 op=6092 RESULT err=0 tag=101 nentries=1 etime=0.000432879 [08/Mar/2020:10:01:23.392418974 +0800] conn=3351 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [08/Mar/2020:10:01:25.953517485 +0800] conn=3352 fd=161 slot=161 connection from <masked>.152 to <masked>.165 [08/Mar/2020:10:01:27.007620375 +0800] conn=3353 fd=162 slot=162 connection from <masked>.154 to <masked>.165 [08/Mar/2020:10:01:27.151656148 +0800] conn=3354 fd=163 slot=163 connection from <masked>.150 to <masked>.165 [08/Mar/2020:10:01:27.559750675 +0800] conn=3355 fd=164 slot=164 connection from <masked>.153 to <masked>.165 [08/Mar/2020:10:01:39.015400434 +0800] conn=3356 fd=165 slot=165 connection from <masked>.154 to <masked>.165 [08/Mar/2020:10:01:51.582586229 +0800] conn=3357 fd=166 slot=166 connection from <masked>.153 to <masked>.165 [08/Mar/2020:10:01:52.513047687 +0800] conn=3358 fd=167 slot=167 connection from <masked>.150 to <masked>.165 [08/Mar/2020:10:01:53.573811317 +0800] conn=3359 fd=168 slot=168 connection from <masked>.152 to <masked>.165 [08/Mar/2020:10:02:44.012371005 +0800] conn=3360 fd=169 slot=169 connection from <masked>.160 to <masked>.165 [08/Mar/2020:10:02:44.419580574 +0800] conn=3361 fd=170 slot=170 connection from <masked>.151 to <masked>.165 [08/Mar/2020:10:02:45.548493596 +0800] conn=3362 fd=171 slot=171 connection from <masked>.153 to <masked>.165 [08/Mar/2020:10:02:50.018712852 +0800] conn=3363 fd=172 slot=172 connection from <masked>.160 to <masked>.165 [08/Mar/2020:10:02:51.081867407 +0800] conn=3364 fd=173 slot=173 connection from <masked>.152 to <masked>.165 [08/Mar/2020:10:03:04.062925765 +0800] conn=3365 fd=174 slot=174 connection from <masked>.154 to <masked>.165 [08/Mar/2020:10:03:06.223438080 +0800] conn=3366 fd=175 slot=175 connection from <masked>.150 to <masked>.165 [08/Mar/2020:10:03:10.063982993 +0800] conn=3367 fd=176 slot=176 connection from <masked>.154 to <masked>.165 [08/Mar/2020:10:03:52.027006125 +0800] conn=3368 fd=177 slot=177 connection from <masked>.153 to <masked>.165 [08/Mar/2020:10:03:57.005297121 +0800] conn=3369 fd=178 slot=178 connection from <masked>.152 to <masked>.165 [08/Mar/2020:10:04:01.001767909 +0800] conn=3370 fd=179 slot=179 connection from <masked>.150 to <masked>.165 [08/Mar/2020:10:04:08.003082421 +0800] conn=3371 fd=180 slot=180 connection from <masked>.154 to <masked>.165 [08/Mar/2020:10:04:12.014090964 +0800] conn=3372 fd=181 slot=181 connection from <masked>.151 to <masked>.165 [08/Mar/2020:10:04:18.140192092 +0800] conn=3373 fd=182 slot=182 connection from <masked>.166 to <masked>.165 [08/Mar/2020:10:04:20.007046774 +0800] conn=3374 fd=183 slot=183 connection from <masked>.154 to <masked>.165 [08/Mar/2020:10:04:24.040348027 +0800] conn=3375 fd=184 slot=184 connection from <masked>.160 to <masked>.165 [08/Mar/2020:10:04:30.139898749 +0800] conn=3376 fd=185 slot=185 connection from <masked>.160 to <masked>.165 [08/Mar/2020:10:05:22.043556910 +0800] conn=3377 fd=186 slot=186 connection from <masked>.160 to <masked>.165 [08/Mar/2020:10:05:34.140357676 +0800] conn=3378 fd=187 slot=187 connection from <masked>.160 to <masked>.165 [08/Mar/2020:10:05:36.006033007 +0800] conn=3379 fd=188 slot=188 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:06:07.002808000 +0800] conn=3380 fd=189 slot=189 connection from <masked>.150 to <masked>.165 [08/Mar/2020:10:06:12.043478717 +0800] conn=3381 fd=190 slot=190 connection from <masked>.152 to <masked>.165 [08/Mar/2020:10:06:15.007914045 +0800] conn=3382 fd=191 slot=191 connection from <masked>.153 to <masked>.165 [08/Mar/2020:10:06:17.005632290 +0800] conn=3383 fd=192 slot=192 connection from <masked>.154 to <masked>.165 [08/Mar/2020:10:06:19.016341572 +0800] conn=3384 fd=193 slot=193 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:06:23.007594584 +0800] conn=3385 fd=194 slot=194 connection from <masked>.154 to <masked>.165 [08/Mar/2020:10:06:27.026262632 +0800] conn=3386 fd=195 slot=195 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:06:30.031700186 +0800] conn=3387 fd=196 slot=196 SSL connection from <masked>.159 to <masked>.180 [08/Mar/2020:10:06:37.009611536 +0800] conn=3388 fd=197 slot=197 connection from <masked>.151 to <masked>.165 [08/Mar/2020:10:06:37.033108567 +0800] conn=3389 fd=198 slot=198 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:07:23.002813545 +0800] conn=3390 fd=199 slot=199 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:07:31.011795943 +0800] conn=3391 fd=200 slot=200 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:07:36.011894960 +0800] conn=3392 fd=201 slot=201 connection from <masked>.160 to <masked>.165 [08/Mar/2020:10:07:41.021108836 +0800] conn=3393 fd=202 slot=202 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:07:42.014874690 +0800] conn=3394 fd=203 slot=203 connection from <masked>.160 to <masked>.165 [08/Mar/2020:10:09:16.005883198 +0800] conn=3395 fd=204 slot=204 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:09:24.009940147 +0800] conn=3396 fd=205 slot=205 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:09:34.015154400 +0800] conn=3397 fd=206 slot=206 connection from <masked>.165 to <masked>.165 [08/Mar/2020:10:10:24.040398249 +0800] conn=3398 fd=207 slot=207 connection from <masked>.153 to <masked>.165 [08/Mar/2020:10:10:27.003675219 +0800] conn=3399 fd=208 slot=208 connection from <masked>.152 to <masked>.165 [08/Mar/2020:10:10:28.005336766 +0800] conn=3400 fd=209 slot=209 connection from <masked>.150 to <masked>.165 ``` server1 error log ``` [08/Mar/2020:09:30:52.966764268 +0800] - ERR - NSMMReplicationPlugin - repl5_inc_waitfor_async_results - Timed out waiting for responses: 0 3074 [08/Mar/2020:09:32:53.684831136 +0800] - ERR - NSMMReplicationPlugin - release_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Attempting to release replica, but unable to receive endReplication extended operation response from the replica. Error -5 (Timed out) [08/Mar/2020:09:34:53.625806166 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:36:56.570809366 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:38:56.509924342 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:40:59.458123866 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:42:59.402931124 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:45:02.343312876 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:47:02.282487714 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:49:05.220734403 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:51:05.160565112 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:53:08.105641621 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:55:08.040503542 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:57:11.997307120 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:09:59:12.965695447 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:10:01:15.903578926 +0800] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToipa2.enmd.net" (ipa2:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [08/Mar/2020:11:26:42.560167019 +0800] - INFO - slapd_extract_cert - CA CERT NAME: ENMD.NET IPA CA [08/Mar/2020:11:26:42.567890161 +0800] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password. [08/Mar/2020:11:26:42.647668764 +0800] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert [08/Mar/2020:11:26:42.722748631 +0800] - INFO - Security Initialization - SSL info: Enabling default cipher set. [08/Mar/2020:11:26:42.726554182 +0800] - INFO - Security Initialization - SSL info: Configured NSS Ciphers [08/Mar/2020:11:26:42.730304776 +0800] - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled [08/Mar/2020:11:26:42.733614343 +0800] - INFO - Security Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled [08/Mar/2020:11:26:42.740389595 +0800] - INFO - Security Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled [08/Mar/2020:11:26:42.743830864 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled [08/Mar/2020:11:26:42.748868878 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled [08/Mar/2020:11:26:42.762016895 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled [08/Mar/2020:11:26:42.766962209 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled [08/Mar/2020:11:26:42.779721887 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled [08/Mar/2020:11:26:42.787619421 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled [08/Mar/2020:11:26:42.795024632 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled [08/Mar/2020:11:26:42.799027752 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled [08/Mar/2020:11:26:42.802532993 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled [08/Mar/2020:11:26:42.806279559 +0800] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled ```

2 years, 1 month

5
14
0 / 0

2022

2021

2020

2019

2018

2017

FreeIPA-users April 2020