On 03/20/2012 08:34 AM, mja...@guesswho.com wrote:
I installed a new CentOS6 ldap server into our environment. I ran the
setup-ds-admin.pl script and told it to get the config from one of the
existing servers. When I use the 389-console, I don’t see
o=NetscapeRoot on the new Directory
On 03/21/2012 11:56 AM, mja...@guesswho.com wrote:
Hi, I get this message when I click on the Configuration tab in the
Directory Server gui. After I click on OK, I get a log in dialog box.
When I enter the Directory Manager password, I am logged in. When I
close the Directory Server, I get a
On 03/26/2012 08:28 AM, Mike Mercier wrote:
Hello,
adm.conf attached.
Have you configured the directory server to use TLS/SSL?
Can you try with 389-admin-1.1.28 now in updates-testing?
Thanks,
Mike
On Fri, Mar 23, 2012 at 10:42 AM, Rich Megginsonrmegg...@redhat.com wrote:
On 03/22/2012
On 03/26/2012 08:25 PM, Michael R. Gettes wrote:
I am a little perplexed.
I am making a change to a groupOfNames object having some 16069 member
attributes. I am deleting nearly 16000 members and then adding nearly 16000
members. CPU goes to 100% and never comes down. I have plenty of
On 03/27/2012 03:19 AM, Manel Gimeno Zaragozá wrote:
Hello,
I'm configuring an environment with multi-master replication.
ds - 1.2.10
OS - CentOS release 6.2 (Final)
I'm wondering if there is any tool to check the integrity of both
servers, I mean, some tool or script that checks if both
On 03/27/2012 07:07 AM, Jim Finn wrote:
I'm trying to script the entire setup of new instances, and have had
great success with setup-ds-admin.pl http://setup-ds-admin.pl with
an inf.
I want to run nsslapd on both 389 and 636 - How can I configure both
ports and specify my cert within the
your questions this is not a known problem.
Dealing with large groups is problematic, but not known to completely
clobber the server.
/mrg
On Mar 27, 2012, at 9:17, Rich Megginson wrote:
On 03/26/2012 08:25 PM, Michael R. Gettes wrote:
I am a little perplexed.
I am making a change
On 03/27/2012 08:06 AM, Reinhard Nappert wrote:
Hi all,
I have a couple of question regarding the nsslapd-changelogmaxage
attribute:
This attribute sets the maximum age that entries are kept in the
changelog. Documentation says that a change of the value requires a
server restart.
1. Do I
/entryrdn.db4 | head
and
/var/lib/dirsrv/slapd-cmu/db/userRoot/entryrdn.db4 | tail
/mrg
On Mar 27, 2012, at 21:05, Rich Megginson wrote:
On 03/27/2012 06:58 PM, Michael R. Gettes wrote:
I have upgraded one of my masters to 1.2.10.3 and i see the following
[27/Mar/2012:20:25:04 -0400] - 389
of 1.2.10 you require, I would
suggest not upgrading.
Thanks!
Ryan
-Original Message-
From: 389-users-boun...@lists.fedoraproject.org
[mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent: Thursday, March 29, 2012 9:30 AM
To: test-annou
On 03/31/2012 02:20 AM, Maurizio Marini wrote:
On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginsonrmegg...@redhat.com wrote:
Hello Richard
Is there any dsgw log to diagnose better the issue?
ls -al /var/run/dirsrv/dsgw
empty
ls -al /var/run/dirsrv/dsgw/cookies
empty
This is the
On 03/31/2012 02:20 AM, Maurizio Marini wrote:
On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginsonrmegg...@redhat.com wrote:
Hello Richard
Is there any dsgw log to diagnose better the issue?
ls -al /var/run/dirsrv/dsgw
empty
ls -al /var/run/dirsrv/dsgw/cookies
empty
But they exist? I
On 03/31/2012 02:20 AM, Maurizio Marini wrote:
On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginsonrmegg...@redhat.com wrote:
Hello Richard
Is there any dsgw log to diagnose better the issue?
ls -al /var/run/dirsrv/dsgw
empty
ls -al /var/run/dirsrv/dsgw/cookies
empty
But they exist? I
On 04/02/2012 09:29 AM, Roberto Polli wrote:
Hi Rich|All,
= Stuff 1 =
I'm planning a schema upgrade on a platform with 4 ds. The schema is on a
98myschema.ldif.
I got 2 MMR on backend and 2 replica on FE.
On RH documentation I read to:
- upgrade all masters;
- then upgrade slaves;
-
On 04/02/2012 08:20 AM, MATON Brett wrote:
Hi,
The password sync service between AD and Directory server appears to
“can” passwords with extended characters.
I’m working for a client in Belgium at the moment and they’re quite
accent happy with passwords.
Now, Active Directory
On 04/02/2012 04:13 PM, Herb Burnswell wrote:
On Fri, Mar 23, 2012 at 10:53 AM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 03/23/2012 11:09 AM, Herb Burnswell wrote:
Thanks for the reply David.
1. How can I find out which system(s) is/are master
On 04/02/2012 05:48 PM, Herb Burnswell wrote:
-- Forwarded message --
From: *Rich Megginson* rmegg...@redhat.com mailto:rmegg...@redhat.com
Date: Mon, Apr 2, 2012 at 3:23 PM
Subject: Re: [389-users] Repair replication
To: General discussion list for the 389 Directory server
On 04/02/2012 11:16 PM, MATON Brett wrote:
Hi,
The password sync service between AD and Directory server appears to
“can” passwords with extended characters.
I’m working for a client in Belgium at the moment and they’re quite
accent happy with passwords.
Now, Active Directory
On 04/03/2012 07:53 AM, MATON Brett wrote:
Hi,
The password sync service between AD and Directory server appears to
“can” passwords with extended characters.
I’m working for a client in Belgium at the moment and they’re quite
accent happy with passwords.
Now, Active Directory
On 04/04/2012 08:42 AM, Alberto Viana wrote:
I have an 389 DS (version 1.2.10.2) with AD replication and I enabled
the audit log, but when I change a user password, shows the unhashed
password in the audit log file:
time: 20120404113336
dn: uid=alberto.viana,OU=G,OU=RJ,dc=my,dc=domain
On 04/04/2012 06:25 PM, Sam Wen wrote:
Hi Mark,
Thanks for your reply.
Actually there is no such keyword in my dse.ldif with a standard yum
installation from epel. The new adding ldap records(NOT from ldif
import) will have those attributes even without that keyword set to on.
If it's
On 04/05/2012 09:27 AM, Mark Reynolds wrote:
Hi Brett,
I think running the ldapsearch, and checking for error 32 is the
easiest option.
That should work, but if that's still not sufficient, if you create your
own task entry, you can use the ttl attribute to set the time to live
after the
On 04/04/2012 08:45 PM, Dave Jones wrote:
I have been searching around the Internet for instructions on how to
rename an instance. Can anyone point me in the right direction? For
example, I have my instance named abc and I want to name it xyz
now. So I have the /etc/dirsrv/slapd-abc
On 04/11/2012 04:57 PM, Harold Fortuin wrote:
What command can return the version number as listed
On the attached UI screens? Preferably the version corresponding to
the release numbering as seen on web pages.
Right-click on the Server Group/Directory Server in the 389-console showed
On 04/16/2012 03:22 PM, Russell Beall wrote:
On Apr 16, 2012, at 1:50 PM, Rich Megginson wrote:
I would still like to know which parameters you set and the values
you used.
When I first tried this, the change log was set to unlimited, (the
default), and the purge delay was set to 7 days I
On 04/18/2012 01:33 PM, Michael Gettes wrote:
Hey russ, I've got the same problem for large groups using member...
We are coming from an openldap world so not much use of uniquemember yet.
It's essentially the same problem - it doesn't matter if you use member
or uniquemember.
On Apr
, Russell Beall be...@usc.edu
mailto:be...@usc.edu a écrit :
On Apr 18, 2012, at 11:15 AM, Rich Megginson wrote:
Yeah, this particular operation has not been optimized. I
believe SunDS added explicit optimizations for this particular case.
It is becoming painfully apparent as I
40 minutes (20 minutes each way -- with 389).
Russ.
On Apr 19, 2012, at 10:18 AM, Rich Megginson wrote:
On 04/19/2012 10:50 AM, Russell Beall wrote:
Thanks for the tips. I scanned the dse.ldif for those plugins and I
found definitions for them all, but they all have
nsslapd-pluginEnabled
,
Russ.
On Apr 19, 2012, at 1:42 PM, Rich Megginson wrote:
OK. If you've ruled out the possibility that some plugin is
interfering with the processing, then it must be something we will
have to fix in the core server. Please file a ticket
athttps://fedorahosted.org/389
--
389 users mailing
On 04/23/2012 12:20 PM, Russell Beall wrote:
On Apr 23, 2012, at 10:28 AM, Rich Megginson wrote:
That's very interesting. Does Sun DS have some sort of tuning
parameter for number of values? That is, they may have some
threshold for number of values in an attribute - once the number hits
On 04/30/2012 09:11 PM, Dan Whitmire wrote:
I think I made a mistake but not sure what.
I successfully installed the Server Certs and CA certs generated from
my dogtag CA. I set all the necessary parameters. I confirmed that
the New Certificates were installed and restarted the directory
to do this (if possible) due to conflicts with some
application or error which could appear.
Regards,
Moses.
2012/4/30 Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com
On 04/30/2012 01:01 AM, Moisés Barba Pérez wrote:
Hi,
you are absolutely right and I can understand
On 05/06/2012 11:11 PM, David Baird wrote:
Hi All,
Our instance of 389 (version 1.2.8.1 running on Centos 5.7) has
recently begun exhibiting problems with account locking.
Locking (or inactivating if you prefer) an account, either by using
the 389 console, or the ns-inactivate.pl script
On 05/09/2012 07:45 AM, Ali Jawad wrote:
Hi
I have a requirement to disable inactive users after 90 days. I did
read http://directory.fedoraproject.org/wiki/Account_Policy_Design
but I am not sure whether this is a design proposal or the
actual implementation.
My DS version is :
rpm -qa |
Inactivation Policy,dc=domain,dc=local
ldapmodify: No such object (32)
matched DN: dc=domain,dc=local
Right. You are missing the ldapmodify -a - see the original instructions
On Wed, May 9, 2012 at 4:47 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote
On Wed, May 9, 2012 at 5:26 PM, Ali Jawad ali.ja...@splendor.net
mailto:ali.ja...@splendor.net wrote:
Hi Rich
Your help is highly appreciated, I got it working, thanks for your
patience.
Regards
On Wed, May 9, 2012 at 5:19 PM, Rich Megginson
rmegg...@redhat.com
On 05/07/2012 05:33 PM, Orion Poplawski wrote:
We're trying to modify our already heavily modified version of
fdstools to add ntUser attributes to users. When we use it to create
a new user (or add ntUser attributes to and existing user) we end up
with two new users in AD and the cn:
On 05/10/2012 06:37 AM, Moisés Barba Pérez wrote:
Hi,
I'm upgrading one 389DS machine from 1.2.5 to 1.2.10.7 and I have
found a problem when replicate the schema from another 1.2.5 DS machine.
I had created an attribute like this:
attributeTypes: (
OIDXXX
NAME 'x'
DESC 'y'
On 05/16/2012 12:37 PM, Josh Ellsworth wrote:
Does anyone have a system for parsing the 389 audit log? I have to periodically
generate a list of changes and validate that all of them were authorized via
ticket. I had a python script for our SunDS servers but thought I'd ask about a
389
On 05/16/2012 04:06 PM, Nathan Kinder wrote:
On 05/16/2012 01:09 PM, Brad Schuetz wrote:
On 05/16/2012 11:54 AM, Nathan Kinder wrote:
On 05/16/2012 11:19 AM, Brad Schuetz wrote:
On 05/16/2012 06:16 AM, Paul Robert Marino wrote:
The exact timing of the issue is to strange is there a backup
On 05/16/2012 06:48 PM, Brad Schuetz wrote:
On 05/16/2012 04:01 PM, Rich Megginson wrote:
On 05/16/2012 04:06 PM, Nathan Kinder wrote:
On 05/16/2012 01:09 PM, Brad Schuetz wrote:
On 05/16/2012 11:54 AM, Nathan Kinder wrote:
On 05/16/2012 11:19 AM, Brad Schuetz wrote:
On 05/16/2012 06:16 AM
On 05/16/2012 07:48 PM, Brad Schuetz wrote:
On 05/16/2012 06:24 PM, Rich Megginson wrote:
On 05/16/2012 06:48 PM, Brad Schuetz wrote:
Is there any way that I can remove the nsTombstone entries from the
master server so I can get this under control? I think I found out why
I have so many
On 05/22/2012 03:32 PM, Lucas Sweany wrote:
Is there a way to prevent the unhashed#user#password attribute from
being stored or used at all? I don't need it to be replicated
anywhere--I presume that the hashed password will be enough to
authenticate users.
Unless you need to use Windows
requires the
clear text password.
Even if so, it would be nice if the plain text attribute were to go
away once the password hash was stored.
-Lucas
On Tue, May 22, 2012 at 2:54 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 05/22/2012 03:32 PM, Lucas Sweany
On 05/23/2012 01:19 PM, Russell Beall wrote:
On May 23, 2012, at 9:36 AM, Rich Megginson wrote:
But based on what you say later in the post, it's not unbounded, it's
just not bounded by what you set as the cache size?
Yes. I guess unbounded was the wrong word now that the ratio
:34 PM, Rich Megginson wrote:
Have you tried modrdn? delete? I was just wondering if the problem
is specific to ldapmodify.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users
/Red_Hat_Directory_Server/9.0/html/Administration_Guide/SecureConnections.html
-Chris
*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Wednesday, May 23, 2012 3:06 PM
*To:* General discussion list for the 389 Directory server project.
*Cc:* Chris Cawley
*Subject:* Re: [389-users] Upgrade to fedora
The 389 Project team is pleased to announce the release of
389-ds-base-1.2.10.11 and 1.2.11.6 for Testing. 1.2.10.11 and 1.2.11.6
contain a fix for a password security issue:
#378unhashed#user#password field https://fedorahosted.org/389/ticket/378
NEW: Platform Support
Pre-built RPMs of
On 06/28/2012 01:15 PM, Wes Hardin wrote:
To preface this, my issue began after upgrading from 1.2.5.x to 1.2.10.4 about a
month ago, but I did not immediate recognize the severity at that time.
Upon upgrading, it was discovered that replication had ceased to replicate. I
got a message saying
On 07/03/2012 10:45 AM, Orion Poplawski wrote:
We are looking to sync our groups between our ldap server and an AD
server. Our LDAP server also serves a samba domain for one of our
offices. As a result we have Domain Admins and Domain Computers
groups for the samba domain that we don't want
On 07/03/2012 10:59 AM, Orion Poplawski wrote:
On 07/03/2012 10:49 AM, Rich Megginson wrote:
On 07/03/2012 10:45 AM, Orion Poplawski wrote:
We are looking to sync our groups between our ldap server and an AD
server.
Our LDAP server also serves a samba domain for one of our offices
On 07/05/2012 01:32 PM, Alberto Viana wrote:
I have a replication with a 389 DS server and my AD domain. According
to the documentation the field used to control the replication is NT
user ID on 389 DS and it is populated from Active directory´s field
sAMAccountName.
The fact is that
On 07/06/2012 12:25 PM, Orion Poplawski wrote:
On 07/06/2012 10:30 AM, Rich Megginson wrote:
On 07/06/2012 10:30 AM, Orion Poplawski wrote:
Does
389-server support aliases?
No, 389 does not support aliases.
I noticed you didn't say file a ticket this time :)
There already is a ticket
On 07/06/2012 12:27 PM, Ryan Palamara wrote:
I am using a mix of CentOS 5 and 6 servers using openldap for client
ldap. I have 2 289 Directory servers that are using multi-master
replication.
When dirsrv stops working on the first server listed under URI,
authentication picks up seamlessly
ZAIS Group, LLC
2 Bridge Avenue, Suite 322
Red Bank, New Jersey 07701
Phone: (732) 450-7444
ryan.palam...@zaisgroup.com mailto:ryan.palam...@zaisgroup.com
*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Friday, July 06, 2012 2:30 PM
*To:* General discussion list for the 389 Directory
On 07/09/2012 09:44 AM, Anderson, Cary@CIO wrote:
I have recently started working with the Director Server, and I have
read the documents for both 389 and RHDS, but I am having some
difficulties regarding ObjectClass types, and combining them in order
to extend the available attributes for
On 07/10/2012 08:59 AM, Greg Kuchyt wrote:
First off, I'm sorry if I missed a document somewhere that covers
this, but after some searching I failed to find such a source that
explicitly spells this out. In order to verify my findings in testing,
I had a couple questions about the userPassword
On 07/11/2012 11:12 AM, Robert Viduya wrote:
Is replication from a 1.2.8.3 server to a 1.2.10.4 server known to work or not
work? We're having changelog issues.
Background:
We have an ldap service consisting of 3 masters, 2 hubs and 16 slaves. All
were running 1.2.8.3 since last summer
On 06/29/2012 03:44 AM, Elisseev V. wrote:
Hello,
I'm trying to configure classic CoS plug-in to fill automatically
Country (c) and Friendly Country (co) based on countrycode
attribute. While classic CoS works perfectly fine with some ather
attributes, I can't get it working with the country
On 07/11/2012 05:42 PM, Mitchell, Kevin wrote:
Running this:
yum install [--enablerepo=repo] 389-ds
Errors with this:
-- Finished Dependency Resolution
Error: Package: R-devel-2.15.0-1.el6.x86_64 (epel)
Requires: texinfo-tex
Doing a –skip-broken causes no dependencies to be
On 07/13/2012 08:02 AM, Robert Viduya wrote:
I've enabled the core dump stuff, but now I can't seem to get it to crash. But
I'm still getting the changelog messages in the error logs whenever I restart.
In addition, the hub server keeps running out of disk space. I tracked it down
to the
On 07/13/2012 08:30 AM, Robert Viduya wrote:
On Jul 13, 2012, at 10:05 AM, Rich Megginson wrote:
The only thing 1.2.10.12 needs is testers to give it positive karma (Works For
Me) in
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6265/389-ds-base-1.2.10.12-1.el5
or whatever your
On 07/13/2012 09:41 AM, Gary Algier wrote:
Hello:
I just installed a fresh install of the 389 DS from EPEL and I see no
schema:
-
# ldapsearch -x -h localhost -s sub -b cn=schema -w \
-Dcn=directory\ manager
# extended
On 07/16/2012 04:12 PM, Binole, Bill wrote:
I am seeing the following error when starting the 389 LDAP server
version 1.2.9.9. The file is our dns schema which has been in use for
some time. It is successfully read in version 1.2.2. I have seen a
bug report around this issue but it was
On 07/17/2012 11:13 AM, Arpit Tolani wrote:
Hello
On Tue, Jul 17, 2012 at 10:10 PM, harry.dev...@faa.gov
mailto:harry.dev...@faa.gov wrote:
We have several users who no longer need access, but may in the
future, so we have set them to be Inactive in their profile.
However, we
On 07/19/2012 10:28 AM, Gary Algier wrote:
Hi,
I am in the process of migrating from Sun's DS 5.2 to DS 389 and I
have compared the schemata. I see some differences and I wonder as to
the best way to handle them. In general is it better to change the
389 schema and then always have to fix
Bridge Avenue, Suite 322
Red Bank, New Jersey 07701
Phone: (732) 450-7444
ryan.palam...@zaisgroup.com mailto:ryan.palam...@zaisgroup.com
*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Monday, July 23, 2012 11:04 AM
*To:* General discussion list for the 389 Directory server project
On 07/31/2012 08:05 PM, 3...@noboost.org wrote:
Hi All,
Spec:
Redhat Enterprise Linux 6.3 x64
- ipa-server-2.2.0-16.el6.x86_64
- 389-ds-base-1.2.10.2-18.el6_3.x86_64
- 389-ds-base-libs-1.2.10.2-18.el6_3.x86_64
We had a simple (but quite drammatic) issue the other day. Our backup
script simply
-0600, Rich Megginson wrote:
On 07/31/2012 08:05 PM, 3...@noboost.org wrote:
Hi All,
Spec:
Redhat Enterprise Linux 6.3 x64
- ipa-server-2.2.0-16.el6.x86_64
- 389-ds-base-1.2.10.2-18.el6_3.x86_64
- 389-ds-base-libs-1.2.10.2-18.el6_3.x86_64
We had a simple (but quite drammatic) issue the other day
On 08/02/2012 07:41 AM, Chris Visser wrote:
Hi guys,
Thanks for the help previously with syncing OUs recursively from Windows.
Right now however I've hit another snag. I would like to sync the windows
Attribute called msExchMailboxGuid to my 389-DS.
After doing some research I found that
On 08/02/2012 08:12 AM, Chris Visser wrote:
The documentation I read on docs.redhat.com shows me how Windows attributes are
mapped locally, but not how to sync additional attributes.
Anywhere else to look? Tips?
There is currently no way to sync additional attributes. Please file a ticket
On 08/14/2012 06:36 AM, Grzegorz Dwornicki wrote:
I should look similat to this:
dn: uid=jsmith,ou=users,l=uk,dc=fosiul,dc=lan
changetype: modrdn
newrrdn: uid=new_uid_value
deleteoldrdn: 1
-
changetype: modify
replace: loginshell
loginshell: /bin/nologin
-
modify: userPassword
userPassword:
On 08/15/2012 11:00 AM, Das, Jyoti Ranjan (STSD) wrote:
Hi,
Below is one of the few complex filters which don't work properly
Example:
*Filter:* *(((uid=test1)(cn=t1
est))((gidnumber=20))(uidnumber=2559)((sn=est)))*
In this case, filter ignores *uidnumber=2559* after assigning the
On 08/16/2012 06:06 AM, Juan Asensio Sánchez wrote:
Hi
I would like to intercept all modifications/adds in the server, and
then check if some of the modified attributes are what I want. For
each of them, if found, I need to generate (or overwrite) other
attribute with an equivalent value. An
, 2012-08-15 at 09:04 -0600, Rich Megginson wrote:
On 08/15/2012 09:02 AM, Vladimir Elisseev wrote:
Rich,
I think this could be the case, thanks! This explains why initializing
replica using LDIF file succeeded as well! I've saved one of the entries
with a lot of member attributes and the size
On 08/16/2012 10:55 AM, Paul Whitney wrote:
I am looking everywhere on Internet/Google and cannot find anything
that tells me whether or not I can stand up a DS 9 (389DS) and
replicate with DS 8.2. Can someone tell me where I might find this
answer? Or just tell me the answer?
The answer is
On 08/16/2012 10:33 AM, Ray wrote:
Hi,
I posted this before without getting a response. I think the question
is super simple to answer for LDAP experts. I'll try to rephrase the
quiestion (in case it was unclear before…)
I've geen googling quite a while on this topic trying all sorts of
On 08/17/2012 12:27 AM, Ray wrote:
Am 16.08.2012 20:16, schrieb Stephen Ingram:
On Thu, Aug 16, 2012 at 10:27 AM, Ray r...@renegade.zapto.org wrote:
Am 16.08.2012 19:03, schrieb Stephen Ingram:
On Thu, Aug 16, 2012 at 9:33 AM, Ray r...@renegade.zapto.org wrote:
Hi,
I posted this before
Let's say you have a windows sync agreement
AD: cn=Users,dc=example,dc=com
DS: ou=People,dc=example,dc=com
Let's say you also have another user container in AD:
cn=OtherUsers,dc=example,dc=com
Let's say you have a user in AD in cn=Users in sync with a user in DS in
ou=People.
What should
On 08/22/2012 02:18 PM, Mark Reynolds wrote:
On 08/22/2012 04:09 PM, Rich Megginson wrote:
Let's say you have a windows sync agreement
AD: cn=Users,dc=example,dc=com
DS: ou=People,dc=example,dc=com
Let's say you also have another user container in AD:
cn=OtherUsers,dc=example,dc=com
Let's
On 08/29/2012 03:45 AM, Anders Nielsen wrote:
Hi,
I have changed the default ACI from ldap://anyone to ldap://all to require
authentication prior to search - this works ok from normal clients. For
the DSGW I edited the orgchart.conf file to include a bind dn and password
- these options seem
On 08/30/2012 08:13 AM, Picture Book wrote:
Hi,
version: 1.2.10.2
build: 2012.180.1655
After audit log is enable, I do not see any record in the audit log
after a entry is added. Thanks.
https://fedorahosted.org/389/ticket/389
What is the exact version of your 389-ds-base package e.g. rpm
On 08/30/2012 09:54 AM, Orion Poplawski wrote:
So, 389-ds-base-1.2.10.14-1.el5 came in today and broke my server,
ldap searches returned the base of the tree but nothing else. I
needed to downgrade to 1.2.9.9 and restore my /etc/dirsrv/slapd-cora
directory from backup.
Can you post your
On 08/31/2012 11:38 AM, Alberto Viana wrote:
Hi,
I´m tyring to test a SSL connection from one server(linux) to 389DS
using openssl:
openssl s_client -connect MY_389_SERVER:636 -cert local_server.crt
-key local_server.key -CAfile CA-AD.crt
And I got this error on my 389DS log:
errors log?
(...)
De: "Rich
Megginson" rmegg...@redhat.com
Para: 389-annou...@lists.fedoraproject.org,
389-users@lists.fedoraproject.org,
test-annou...@lists.fedoraproject.org
Enviados: Viernes, 31 de
The 389 Project team is pleased to announce the release of
389-ds-base-1.2.11.14 for Testing. This release fixes a bug with
CLEANALLRUV and winsync, and a race condition in the replication
consumer extop code.
The new packages and versions are:
389-ds-base 1.2.11.14
NOTE: 1.2.11 will
On 09/10/2012 02:00 AM, Juan Asensio Sánchez wrote:
Hi
Is there any document where I could find the version equivalence
between 389 Directory Server and Red Hat Directory Server?
No.
Most of the
documentation i sin Red Hat Docs, but I don't know which version
should I see... I use 389DS
On 09/10/2012 04:35 AM, mailing lists wrote:
Hello,
is there any way to add common AD attributes like preferredLanguage to
winsync??
No. Please file an enhancement ticket at https://fedorahosted.org/389
--
389 users mailing list
389-users@lists.fedoraproject.org
On 09/08/2012 07:29 PM, Tom Tucker wrote:
I have two 389 servers and a RHEL 6 sssd configured client. LDAP and
LDAPS authentication is working against these identical DS. My
questioned in centered around client side certificate handling.
Is it possible to reference multiple server certs
The 389 Project team is pleased to announce the release of
389-ds-base-1.2.11.15 for Testing. This release fixes another issue
with CLEANALLRUV, some schema and userpassword related fixes, and other
fixes.
The new packages and versions are:
389-ds-base 1.2.11.15
NOTE: 1.2.11 will not
On 09/28/2012 09:00 AM, Picture Book wrote:
$ rpm -q 389-ds-base
389-ds-base-1.2.10.12-1.el6.x86_64
389-ds-base-1.2.10.12-1.el6.x86_64 is latest version in the stable repo. Do you schedule
to release a fix to the stable repo? add audit log is very import to us.
Thank you.
On 10/11/2012 07:07 PM, Geordie wrote:
Good Day
I have been having a few issues trying to get this to work. On the
latest setup this is the out put received from /usr/sbin/setup-ds-admin
I have check the apache2 mpm prefork
with /etc/dirsrv/admin-serv/httpd.conf There was not much different. I
On 10/24/2012 11:03 AM, Juan Asensio Sánchez wrote:
Hi Dan
Yes, I am trying to sync the same OU to two different servers/domains.
This is due to the users in our directory are splitted into several
organizations, and each organization is semi-self-managed. Some of
that organizations have
-users-boun...@lists.fedoraproject.org] *On Behalf Of
*Reinhard Nappert
*Sent:* Tuesday, November 13, 2012 12:22 PM
*To:* Rich Megginson; General discussion list for the 389 Directory
server project.
*Subject:* Re: [389-users] MMR issue ...
I use 1.2.8.2
*From:*Rich Megginson [mailto:rmegg
have no choice but to
familiarize yourself with the source code and use gdb.
You see that I ran out of ideas!
Thanks
*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Tuesday, November 13, 2012 1:32 PM
*To:* Reinhard Nappert
*Cc:* General discussion list for the 389 Directory server
idea what might be going on.
Thanks,
-Reinhard
*From:*389-users-boun...@lists.fedoraproject.org
[mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of
*Reinhard Nappert
*Sent:* Tuesday, November 13, 2012 3:54 PM
*To:* Rich Megginson
*Cc:* General discussion list for the 389 Directory
On 11/16/2012 08:33 AM, Howard Chu wrote:
389-users-requ...@lists.fedoraproject.org wrote:
Date: Fri, 16 Nov 2012 09:30:26 -0500
From: P R pwrdev...@gmail.com
First off, my server is equipped with 12GB of physical memory. From
reading
tuning guides online, I’ve found that a starting
On 11/16/2012 09:03 AM, Russell Beall wrote:
Our production servers (three replicants) are equipped with 128GB. We
started maxing out the 64G chips that used to be in there and had to
upgrade. This is for a similarly sized id2entry file, however, the
memory we use primarily is not for
On 11/27/2012 08:22 AM, jovan.vuko...@sungard.com wrote:
Hi,
I have two Directory Servers (1.2.10.7 version) configured in single
master replication topology over TLS/SSL encrypted line.
Replication works fine, but I cannot have chain on update work
although I have set both servers as per
On 11/29/2012 07:17 AM, Justin Piszcz wrote:
Hello,
I've written a couple scripts to analyze these logs but was curious if
there were any open source ones to analyze the 389 directory server
access logs?
Its always good to see the various methods of analysis (especially if
there is any
301 - 400 of 813 matches
Mail list logo