On 8/23/19 5:38 AM, DaV wrote:
Hi all,
For OneWaySync, AD to 389ds.
I have read this guide
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/using_windows_sync-modifying_the_sync_agreement
Synchronization works two ways. The Directory Server
Hi Folks,
I just created a Centos 7 VM (CentOS release 7.6.1810) and did a yum
install of the epel directory:
yum install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
and an install of 389-DS:
yum install 389*
I ran setup-ds-admin.pl as a stand
Hello All,
I am using a web ui to add end delete users. When I reset or try to add
a password I get:
LDAP error, server says: Constraint violation - invalid password syntax
- passwords with storage scheme are not allowed
What do I need to turn on to be able to use the web ui to edit
Additional info... I just did a yum update on one of my 389-DS centos 7 boxes
and I'm seeing the same error. So it must be something about the new java
files that the 389-console binary doesn't like.
___
389-users mailing list --
On 8/26/19 4:33 PM, Fernando Fuentes wrote:
Hello All,
I am using a web ui to add end delete users. When I reset or try to
add a password I get:
LDAP error, server says: Constraint violation - invalid password
syntax - passwords with storage scheme are not allowed
What do I need to turn on
On 8/26/19 2:50 PM, Nicolas Kovacs wrote:
Hi,
So it looks like my 389 DS server is running. I admit I'm fighting every
step to get this thing to run.
As it looks, the next step is to test the LDAP client connection. Which
leads me to my first question.
When TLS is enabled, is it still
Hi,
So it looks like my 389 DS server is running. I admit I'm fighting every
step to get this thing to run.
As it looks, the next step is to test the LDAP client connection. Which
leads me to my first question.
When TLS is enabled, is it still possible to get plain (e. g.
unencrypted)
> On 26 Aug 2019, at 17:36, Miljan Žugić wrote:
>
> First, i really wanna say big thanks for super fast answer. Above all,
> concise and technical, concrete with facts..
> Second, i did home work and read it link (which i did before also, but..maybe
> i miss something and read again)
>
OK.
1. I have win2016 AD and 389ds 1.3.8.4 on CentOS 7.6
2. the data flow is from AD to 389ds, I don't want any data from 389ds to AD
3. The time interval sync from 389ds to AD controlled by
nsDS5ReplicaUpdateSchedule. This is why I set it as 1200-1210 4 (actually I
want to disable it at
It could be worth checking the rpm versions of the 389-ds-console between your
test system and your new system?
It could also be good to check `yum whatprovides "*/slf4j-api.jar" ` in case
there is a missing dependency?
I'm not an expert on the console, so I hope that Mark can answer soon as
Hi there,
http://www.port389.org/docs/389ds/howto/howto-sssd.html
http://www.port389.org/docs/389ds/howto/quickstart.html#setup-sssd
The quickstart has some parts about cert management, but the howto-sssd is the
configuration I use.
You'll need to also adjust pam/nsswitch. On opensuse you'll
> On 27 Aug 2019, at 10:44, DaV wrote:
>
> Thanks for your reply.
> This is my configuration on 389ds server.
> Please tell me if the attribute of "oneWaySync: fromWindows" is correct.
>
> Now, the new users in AD can't be synced to 389ds every 5 minutes, I have to
> click "Initiate full
Thanks for your reply.
This is my configuration on 389ds server.
Please tell me if the attribute of "oneWaySync: fromWindows" is correct.
Now, the new users in AD can't be synced to 389ds every 5 minutes, I have to
click "Initiate full Re-synchronized" manually. I'm stuck for days.
Thanks in
Hi,
So I finally managed to get a 389 Directory Server up and running on a
spare CentOS 7 server. I can open the console even on a remote desktop
(using ssh -X), connect to my LDAP database, create a handful of users,
and I even managed to setup TLS.
The next step is getting a Linux client to
Hi,
On 8/26/19 9:30 AM, Nicolas Kovacs wrote:
Le 23/08/2019 à 16:52, Marc Muehlfeld a écrit :
Instead of using only a self-signed cert, wouldn't it make more sense to
1) create your own CA
2) create a CSR using certutil (see RHDS docs, section 9.3.2)
3) let your CA issue the cert
4) import the
Le 23/08/2019 à 16:52, Marc Muehlfeld a écrit :
> Instead of using only a self-signed cert, wouldn't it make more sense to
> 1) create your own CA
> 2) create a CSR using certutil (see RHDS docs, section 9.3.2)
> 3) let your CA issue the cert
> 4) import the CA cert (see RHDS docs, section 9.3.3)
In fact, if I don't set nsds5replicaupdateschedule attribute, the sync from
389ds to AD is always trying.
So I have to set this attribute.
For sync from AD to 389ds, default it's 5 minutes according to 389ds/RHDS
documents, but it happens nothing on my instance, no log. I have to click the
17 matches
Mail list logo
