Firstyear
Firstyear
Only changed the mTLS cert life for replication.
@jpwarren You mean https://www.haproxy.com/documentation/haproxy-configuration-tutorials/client-ip-preservation/enable-proxy-protocol/ ?
@jpwarren I think we open a separate issue here to support the proxy protocol, but it seems like you have a working solution at this point?
I think this was something that Alex noted, part of the "fun" with the client setup though is that it varies from platform to platform. That adds some challenges here,...
Hmmmm i'm not 100% sure how'd we handle this one. NoMatchingEntries is telling you here "nothing meets the criteria you requested" in this case, the absence of a group. The...
This seems less like an issue, and more like some braindumps about things. 1) I don't want to integrate with systemd-homed 2) If we were to mount arbitrary filesystems or...
Yes, we resolve anything that uniquely identifies the account, even if we only present the spn/name.
> What are the actual pitfalls of enabling local overrides? I don't believe its mentioned anywhere. If you override something from the kanidm side, since users can rename themself they...
ANother example is systemd users - which is a genuinely good feature of systemd for packages, but it doesn't guarantee that every system will get the same uid/gid for that...
Well yes. But there is a difference between adding a kanidm account as a member to a system group, and *overridding* a system user or group with one from Kanidm....