yes but we use third party passwd manager to allow user change password on anther site different address .( But most users ask admin reset for them) Users won't touch any ldap server address UI.
2018-05-31 15:43 GMT+08:00 Ernedin Zajko <eza...@root.ba>: > Dear barrykfl, > > one of the issues that will emerge - users updating (changing) > passwords (if you want them to use ipa ui) > > regards, > --- Ernedin ZAJKO > eza...@root.ba > > > 340282366920938463463374607431768211456 > > On Thu, May 31, 2018 at 9:06 AM <barry...@gmail.com> wrote: > > > > Yes I read the point knew they are difference ..But if most users 90% no > need access httsps://myserver.com/ipa/UI and just use ldap authorization > ...so I don't need ask user migration or change password ? our users 90% > use 3rd party open source and LDAP Auth. ??? actual what example of > Kerberos auth affecting user in such situation? users don't self edit UI > info even password they ask administartor to reset for them. > > > > Point 6 in document: > > It is possible to use LDAP authentication in Identity Management instead > of Kerberos authentication, which means that Kerberos hashes are not > required for users. However, this limits the capabilities of Identity > Management and is not recommended. > > > > 2018-05-31 14:26 GMT+08:00 Ernedin Zajko <eza...@root.ba>: > >> > >> Dear barrykfl, > >> > >> you may find nicely documented procedure at [1]: > >> > >> cheers, > >> --- Ernedin ZAJKO > >> eza...@root.ba > >> > >> [1] https://access.redhat.com/documentation/en-us/red_hat_ > enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_ > guide/migrating_from_a_directory_server_to_ipa > >> > >> > >> > >> > 340282366920938463463374607431768211456 > >> On Thu, May 31, 2018 at 6:47 AM Ernedin Zajko <eza...@root.ba> wrote: > >> > > >> > Hi there, > >> > > >> > UI uses Kerberos... > >> > > >> > Regards, > >> > > >> > --- > >> > > >> > EZajko > >> > @root.ba > >> > > >> > On Thu, May 31, 2018, 05:48 barrykfl--- via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> >> > >> >> Hi all: > >> >> > >> >> After I migrated to new Servers .using migrateds command..I used > server.com:389 connect and embedded in > >> >> 3 rd opensource. > >> >> > >> >> I found user can login successfully ...but > >> >> > >> >> the http://server.com/ipa/ui cannot ... > >> >> > >> >> user have to use http://server.com/ipa/migration then can success > login the UI. > >> >> > >> >> So what are the difference is these password migration ? actually at > 3 rd part opensource user use ldap password login successfully but the UI > fail.. > >> >> > >> >> > >> >> _______________________________________________ > >> >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > >> >> To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > >> >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > >> >> List Guidelines: https://fedoraproject.org/ > wiki/Mailing_list_guidelines > >> >> List Archives: https://lists.fedoraproject. > org/archives/list/freeipa-users@lists.fedorahosted.org/message/ > D22RHB3ORJ7FHOJKEDUDSEPPJQKUXVPD/ > > > > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/PPHAU25E6OZHTGWICQOXAGNI7POUILGM/
