Categories
Red Hat IDM

Get rid of Error “LDAP Connect error You are attempting to import a cert with the same issuer”

When you come across this error “LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer” enrolling a client to FreeIPA/IDM server, it means that the existing certificate does not match the one on the IDM server and can be fixed quite easily with just one command. The scenario in which this can happen is that you might have had the client enrolled to a different IDM server previously and the old cert is still lying around.

Categories
Red Hat IDM

IPA user-add multiple users via script

When adding multiple users in IDM/freeIPA its a pain inputting each user and its time consuming. This script/one liner allows you to enter multiple users at one go and it includes non-interactively specifying a password. The following script allows creating multipe users in IPA and then adding the required attributes as well.

Categories
Red Hat IDM

One liner command to retrieve list of active users – IPA/Red Hat IDM

It’s possible to get a list of users of active users in IDM/IPA with formatted date and time by running this one liner command. It gets you the list of users with last successsful authentications to IDM/IPA server. Very handy command when it’s required for Audit purposes. It will also give you the list of users who last changed password and you can modify it according to your requirements.

Categories
Red Hat IDM

Automate kinit (Kerberos Ticket) during SSH login

It is possible to automatically get a Kerberos Ticket (kinit) generated everytime you login via SSH to a host by editing “.bash_profile”. This also applies to a scenario wherin you are using Red Hat IDM/IPA and want to automate “kinit” instead of a user have to manually type in kinit everytime they login.

Categories
Red Hat IDM

How to fix SSH dropping after a password change

When using IPA for managing user authentication you can come across this issue of SSH dropping just after a password change. It can be resolved by changing options in /etc/ssh/sshd_config. You need to be ROOT to make this change and restart SSHD service to take effect.

Categories
Red Hat IDM

Change SUDO LDAP Password

There might be a need to Change SUDO LDAP password whilst managing the SUDO rights centrally through IDM. In this scenario it would be the 1st time you are configuring the SUDO rights. Follow the steps outlined to change the password for master server.

NOTE: Don’t run this on replica instances of IDM as it would be replicated from Master.