#Configuring_Single_Master_Replic
ation-Configuring_the_Read_Only_Replica_on_the_Consumer_Server
Thanks for the clarification. I assumed this is how it worked, but I wanted to
be sure. I'll be certain to read the provided documentation.
Sincerely,
--
William Brown will...@blackhats.net.au
--
389 users mailing list
/del/modrdn, and if configured correctly
will send a referral.
Perhaps this is a candidate for clarification in the documentation.
--
William Brown will...@blackhats.net.au
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
in the documentation is
all, so I want to be sure of how it works.
Sincerely,
--
William Brown will...@blackhats.net.au
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
/lib/dirsrv
cp -a /var/lib/dirsrv-orig/* /var/lib/dirsrv/
restorecon -r /var/lib/dirsrv/
Start your ds
This would be the way I would approach it, rather than trying to rename
everything ...
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This i
ps://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/
10/html/Performance_Tuning_Guide/index.html
As Germane said, there is work to reduce the impace of memory
fragmentation on process memory size, so these are hopefully temporary
solutions.
> -
Sincerely,
William Br
this correct?
There is no reason you can't add NOPASSWD to a user in sudoers
regardless of if they are resolved from ldap, sssd, or local.
Alternatelly, you can add NOPASSWD to a group, and make the ldap user a
member of the group.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
dletimeout
nsslapd-ioblocktimeout
You could have thread exhaustion occurring.
--
William Brown <will...@blackhats.net.au>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi Isabella,
> we are trying to understand are performance issues and start
> investigating the ACI's and indexes , I need to know if all "default
> indexes" showing in 389-console admin are necessary beside the one which
> we create for our application requirement :
> - there are a 1/2
ck. Or find
> the attribute holding the expiration date and tweak it.
Set either nsAccountLock: true or change accountUnlockTime: to be in the future.
You can get the current DS system time for the root DSE, and just add to it.
--
William Brown <will...@blackhats.net.au>
--
389 users mailing l
her business units, getting the new CA
out, lots of testing in a stage environment with application etc. Took
about 3 months to do all the testing and due diligence, and pre-
loading
the new CA, but on the day of the cut over there were no issues at
all.
I hope this helps.
--
Sincerel
://directory.fedoraproject.org/docs/389ds/administration/adminserve
r.html#adminutil---admldapbuildinfoadmldapbuildinfossl
You may want to check your adm.conf and see if that is configured
properly.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: Th
yes (OK)
> Negotiated protocol TLSv1
> Negotiated cipherAES256-SHA
> Cipher order
> SSLv3: AES256-SHA RC4-MD5 RC4-SHA AES128-SHA DES-CBC3-SHA
> DES-CBC-SHA EXP-RC4-MD5 EXP-RC2-CBC-MD5
> TLSv1: AES256-SHA RC4-MD5 RC4-SHA AES128-SHA DES-
On Wed, 2015-11-25 at 07:57 -0800, ghiureai wrote:
> HI William and list ,
> here is the result for ldapsearch as per your request:
All seems reasonable to me, scratch that theory.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a dig
-s base
ldapsearch -b cn=monitor,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config -s base
This will show what the cache hit rates and sizing are.
You may find that the issue is a lack of key indexes, and that once the
cache is primed that is masking the issue. Perhaps look in the access
log for n
Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_
Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
of key indexes, and that once
> > the
> > cache is primed that is masking the issue. Perhaps look in the
> > access
> > log for notes=U ?
> >
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
> > > [18/Nov/2015:21:59:04 -0800] plugin_mr_find - Error: matching rule
> > > plugin for [caseIgnoreSubstringMatch-default] not found
> > > [18/Nov/2015:21:59:04 -0800] plugin_mr_find - Error: matching rule
> > > plugin for [caseIgnoreSubstringMatch-default] not found
> > > [18/Nov/2015:21:59:04
On Sat, 2015-11-21 at 14:07 -0800, Joel Levin wrote:
> Hi All:
>
> We have a fairly newly installed 389 running although early days, the
> ACI is getting cumbersome to manage/audit.
>
> Would anyone know of strategy articles to manage ACIs?
I wrote a blog post a while ago detailing some
> 389-users mailing list
> 389-users@lists.fedoraproject.org
> https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
> modifying entry "uid=xinhuan,ou=people,dc=christianbook,dc=com"
>
> modifying entry "cn=config"
>
> However, none of the password policy I set into nsPwPolicyEntry worked.
>
Another user on this list has recently had the same issue. I am investigatin
y, this could be changed with a header / function check (IE
WITH_SVRCORE_CreateStdSystemdPinObj).
We don't think it's worth it though, as the fix that svrcore 4.1.2 brings to
using ssl without a pin.txt on systemd is very,
very valueable to administrators.
If you need help with upgrade svrcore on your distro, pleas
-pwpolicy-local: on
Without that setting, the fine grained password policy won't work,
Thanks,
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fe
-adl.prd.example.com
This way every host can be accessed via the service names, and I can *reuse*
the certificate if I replace the host that one of the ldap01- records
points to.
Does this help you?
> - xinhuan
> From: William Brown <wibr...@redhat.com>
> To: Genera
re to C and D.
Then you would put C and D into production alongside A and B.
Wait and test.
Then remove A and B from production for a period of time before you
decommision them.
>
> Thanks for your insight, and info, I appreciate it.
>
Any time!
--
Sincerely,
William Brown
Softwar
8/Jan/2016:07:05:20 +] conn=226 op=2 fd=80 closed - U1
>
> I have an ACI which allows anonymous access to the replication info.
>
> Version is : 389-ds-base-1.3.3.13-1.fc21.x86_64
>
> Any help would be appreciated.
>
> Thanks.
> --Prashant
> --
> 389 users mai
ds more entropy and makes the passwords harder to attack.
As a result, directory server does not support a maximum length field
on a password.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing
o the cn=config, even though it has
no group.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
.arpa. is now ds389.limbo.local
via localhost in the hosts file
* To all other systems 10.33.30.10.in-addr.arpa is ds389.jalacloud.local
from DNS.
Saying this, to LDAP the proper function of the reverse DNS is not very
important.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
s
ration directive to your applications, it's
likely what you want to use.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
need to look a
bit closer to really know why.
It may even be that the parent entry has an issue, so we might need to
look at that ID next
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message par
e ansible connection closes.
Are you using the ansible service module?
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraprojec
shuts down all the OTHER
services.
So you may find the issue isn't Ds, but some other part of freeipa.
I hope that helps you solve the issue.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389
ient output.
So I think that Noriko is onto the correct work around here. I would
advise that you leave NSS_DISABLE_HW_GCM=1 set to prevent the crash.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 us
, you can wait patiently for the
crash to happen again.
Perhaps try unsetting the variables Noriko mentioned, test that the
openssl command does indeed cause a crash, then re-apply the
environment variables to see if that prevents it?
--
Sincerely,
William Brown
Software Engineer
Red Hat, B
NONE
> Expansion: NONE
>
>
> With "export NSS_DISABLE_HW_AES=1" there are no crashes.
>
I'm suspicious here. You should be seeing a peer certificate, but you
aren't. With the first set of output you showed, it looked like a cert
was sent to you.
Can you show us your cn=encry
.el6.x86_64
> 389-admin-console-doc-1.1.8-1.el6.noarch
> 389-adminutil-1.1.19-1.el6.x86_64
> 389-ds-base-1.2.11.15-48.el6_6.x86_64
>
>
> Thank you all for your time and I really appreciate all of your help!
> --Derek
> --
> 389 users mailing list
> 389-users@%(host_name)s
> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproj
> ect.org
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
to get things working. (Did I
> mention I hate PHP? ;-) )
>
> If I manage to get the script updated and working, would you like me to
> send it along?
Sure, it would be good to have for any one in the future with a similar problem.
--
Sincerely,
William Brown
Software Engineer
R
rtainly break it ... ).
Are you running your ansible playbooks at sudo? Trying to start ns-slapd without
privileges would cause issues.
Can you see anything in /var/log/messages?
When you use ansible to control ipa rather than dirsrv directly, does that have
the same issue?
I think the issue is not with dirsrv at all, but with your ansible environment
and how you are trying to start / stop the services
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
> wrong. All other services started by Ansible remain running after it
> disconnects.
>
Who knows, it could be anything.
For my sanity, if you ssh to the system and run:
sudo service dirsrv start
Does that work and persist?
--
Sincerely,
William Brown
Software Engineer
Red Hat,
You should create a service account (simpleSecurityObject), and give only that
dn
an aci with read access to the hash.
I still *strongly* advise against this, as you should not need to your
application to behave like this to change a password.
--
Sincerely,
William Brown
Software Engineer
hing algo of the user, and it can apply password
policies to the account.
You can simulate this on a command line, with the tool:
ldappasswd
This conducts the steps above.
I hope that this helps you.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Descripti
masters, there is no reason to limit yourself
to writes only on one master. That's the point of the replication
protocol, to remove the point of failures in write targets.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally
k has said, the current code is a "proof of
concept", and anything that exists in the repo today, may not be there
tomorrow.
However, it would be good to know what you want to aim to use the api
for, as that will help us know what we should be potentially
including.
--
Sincerely,
Willi
On Thu, 2016-02-11 at 23:08 -0800, Joshua J. Kugler wrote:
> On Friday, February 12, 2016 15:41:28 William Brown wrote:
> > On Thu, 2016-02-11 at 17:25 -0800, Joshua J. Kugler wrote:
> > > William -
> > >
> > > Thanks for the tips.
> > >
example.org))'
OpenLDAP has an "overlay" which allows the memberUrl to be expanded during a
search request into "member" attrs on the groupOfUrls.
Right now, we don't have this in 389-ds.
If you have an account on fedorahosted, we would really appreciate you lodging a
ticket ab
I hope this helps you.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
-/schema/
That would help to start to diagnose the issue.
Thanks!
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
;
I've raised it with the team, and we'll see about when in the future we can
implement the contents of 397. I cannot however guarantee when it will be done
though.
Sorry I couldn't help more,
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This
db2bak.pl. db2bak should operate just on the named
instance, without needing a directory manager account. You can run it from cron
as root then.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mail
On Wed, 2016-03-09 at 20:05 -0500, Mark Reynolds wrote:
>
> On 03/09/2016 05:37 PM, William Brown wrote:
> >
> > On Wed, 2016-03-09 at 12:06 +0100, wodel youchi wrote:
> > >
> > > Hi,
> > >
> > > Is it possible to create a specif
ectclass: top
> objectclass: organizationalUnit
> ou: people
>
> What is the best way to convert or import from my old Sun Directory Server to
> new one?
db2ldif on the sun ds, and ldif2db on the rhds
Alternately, I believe you can do replication between them.
The hardest part wil
s)
Then to set *just* dirsrv to permissive rather than the whole system:
sudo semanage permissive -a dirsrv_t
I recomend that if you have issues with enforcing, to do the relabel, set just
dirsrv to permissive, then to analyse the output with ausearch to find other
denials. From there, you may get
cking-performance.html
Please read this as it may help you analyse the performance of your server
instances.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
at why the
admin
system cannot connect correctly to it.
I hope that this helps guide you to solve the problem,
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@
On Thu, 2016-04-07 at 15:27 -0700, Gordon Messmer wrote:
> On 04/07/2016 03:15 PM, William Brown wrote:
> >
> > When you change from permissive to enforcing, you often need to re-label to
> > make
> > sure the system is consistent.
> From "permissive"
On Wed, 2016-04-06 at 21:12 +, anteneh assen wrote:
> 389 DS documentation link refers to the commercial Redhat DS, does all the
> features mentioned in the Redhat DS available in 389 DS?
Yes.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Descr
il -L -d /etc/dirsrv/slapd-E2WAN/ -n wsf-LabCA.lab.aero.org -a >
/etc/openldap/cacerts/wsf-LabCA.lab.aero.org.pem
Then you can make these valid for openldap to use:
cd /etc/openldap/cacerts
cacertdir_rehash
This will recreate the hash -> cert symlinks.
From there, re-run your ldap search co
ser's LDAP entry)
>> [02/Feb/2016:18:34:00 +1000] conn=2721 op=0 BIND dn="" method=sasl version=3
>> mech=EXTERNAL
>> [02/Feb/2016:18:34:00 +1000] conn=2721 op=0 RESULT err=49 tag=97 nentries=0
>> etime=0
Additionally, using the ldapsearch command with highlevels
mlinks.
From there, re-run your ldap search command:
ldapsearch -d 5 -x -L -b 'dc=lab,dc=aero,dc=org'
You will need to adjust these commands to match your instances, the CA certs,
and
your openldap/certs location. Otherwise, that should fix the issue.
--
Sincerely,
William Brown
Softwar
secure connection?
If you look in the ldap client config, /etc/openldap/ldap.conf, you likely have
TLS_REQCERT set to NEVER or ALLOW. This means it checks the CA, but will not
fail
on an verification failure.
So it is a "secure" connection, but the client hasn't validated the CA.
>
&
rk if you
followed the setup.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
certificate.
>
>
>
> I hope I provided proper and full details for your questions. I don't mind
> sharing clear text passwords, the real system is not reachable from the
> internet, and I am having this problem also in my virtual lab (where the data
> from above is copy/pasted
memory leak?
>
I believe there is a fix for a memory leak between 1.3.3 and 1.3.4. I strongly
advise upgrading to 1.3.4.8 as it fixes a number of issues.
Once you have upgraded to 1.3.4.8, keep an eye on it, and see if the issue
continues.
--
Sincerely,
William Brown
Software Engin
fig/dirsrv.systemd
This file is included by /usr/lib/systemd/system/dirsrv@.service
Which is used to start / stop dirsrv on el7.
I hope that helps you.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
erver_Installation-
> Considerations.html
>
> and it is the actual documentation of the RDS v10
https://bugzilla.redhat.com/show_bug.cgi?id=1314129
I have raised an issue about this documentation and hope it will be corrected
shortly.
Thanks for finding this!
--
Sincerely,
William Brown
Software
de to
write back hashes is in there (unless I missed something)
I've created a ticket to develop this feature, but I can not guarantee a time
span on when it will be complete I am sorry.
https://fedorahosted.org/389/ticket/48753
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
s
ts the
password on ds.
There is currently an open ticket to enable this password migration
functionality
natively into DS, but for now you'll have to use something out of band I'm
sorry.
I hope that this helps.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.as
alice on the
remote server.
Again, this can easily be validated by doing a search on dir1 as alice, then
checking the access log of dir2 to see who was bound, whether the proxy control
was used.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
On Thu, 2016-03-31 at 17:06 +, Fong, Trevor wrote:
> Hi William,
>
> Thanks very much for your reply.
>
>
You're welcome.
>
>
> On 2016-03-29, 4:23 PM, "William Brown" <wibr...@redhat.com> wrote:
>
> >
> > On Tue, 2016-03-29 at 22
tanza.
https://fedorahosted.org/389/ticket/48783
Author: Andrey Cherepanov
Review by: wibrown
Thank you for your contribution!
--
Have a magical day,
William Brown
VP of Powerful Wizardary
Red Hat, Brisvenice
signature.asc
Description: This is a digitally signed mess
will tell you if the hash format is messed up.
/var/log/dirsrv/slapd-/access will tell you more about why an
account cannot bind.
Please provide *more* detail as this helps us to solve your issue. Exact steps,
what you changed, reasonable fake values for passwords for example.
--
Sincerely,
Wil
should always be your
first port of call. All configuration attributes are documented there.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedora
I would like to investigate this further to see if it's an issue or not.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
ons (would like to have one for 'read')
Unless I am misunderstanding your question,
you can use targetattr = "attr" to control read access to an attribute. IE:
(targetAttr = "uid" || "gid")(version3.0; acl "Read access to uid and gid";
allow (read, search) userdn
t a
time. So they each have to wait in turn.
You can see this by turning on the replication logging in errorlog-level to
8192.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-use
affected user
entry?
Then can you also show the contents of the dn listed by that pwdpolicysubentry?
Is there anything in your error logs that looks suspicious?
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
ation error. Are you using pam ldap, nslcd, or
sssd?
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
hat is correct. 1.3.4 is the current version in el7.2.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
te you are looking at, that way I know what the
correct time format is.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
http://lists.fedoraproject.org/adm
hich
> fetches all these related information from AD.
>
> Kindly let me know if there is any such tool which suffice this requirement.
>
> --
> 389-users mailing list
> 389-users@lists.fedoraproject.org
> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.o
in 389ds (LDIF for example:
> http://www.port389.org/docs/389ds/howto/howto-accesscontrol.htm
> l)
> Can anybody help ?
>
Sorry, no such tool exists. The aci's are just a bit too different.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description:
tributes-lastlogon-lastlogontime
stamp-and-lastlogondate.aspx
This should help you. That value is winsynced from AD as I understand it, so
you can look up what the syntax of the AD lastLogon
value is.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: T
found an old admin server backup that was taken before any of
> these problems surfaced. Anyone have a link that would walk me through the
> restore process? Is this a good idea?
It's not a good idea to restore the db4 directly into NetscapeRoot unless you
really, really, know what you are doi
SSCipherSuite
>
> Thanks,
>
>
> Jean Redfearn, CISSP, RHCE, GCIH
> Raytheon Company
> -- 389-users mailing list 389-users@lists.fedoraproject.org
> https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
--
Sincerely,
William Brown
Software
gt; Ted F. Fisher
> Server Administrator
> Information Technology Services
> Email: tffi...@bgsu.edu<mailto:tffi...@bgsu.edu>
> Phone: 419.372.1626
> [Description: BGSU]
>
> --
> 389-users mailing list
> 389-users@lists.fedoraproject.org
> https://lists.fedorapro
Install]
WantedBy=multi-user.target
Now you can do:
systemctl enable dirsrv.target
systemctl enable dirsrv@instance.target.
Hope this helps.
PS: You'll need to remove /etc/systemd/system/dirsrv@.service when you
upgrade to 1.3.5.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisba
e on 389-ds only.
However, I do not know what you mean by "human integration".
I think you need to expand on your current system, what you want to
achieve, and what your goals are. This way we can give you better advice
on the correct solution.
--
Sincerely,
William Brown
Software
w if the solution can be valid or if there is another
> alternative.
That blog is related to using a samba install to authenticate users to
shares against 389-ds where an AD domain is not available.
I hope that this helps you,
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
s
.
Hope this helps,
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
examples where you can ldapmodify the userPassword attribute,
and it respects the pre-hashed value.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
https://li
will show you the error conditions and failing entry that
is the problem in your ldif.
I hope that helps,
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
_
ers-le...@lists.fedoraproject.org
You could use pam pass through
http://directory.fedoraproject.org/docs/389ds/howto/howto-pam-pass-through.html
The way I read the PTA docs, it's a bit ambiguous. It could go either
way. I think it would be worth test / reading the code to be sure.
Hope that helps (sorr
4] conn=33578 op=2 fd=96 closed - U1
>
> [root@server slapd-ldap1]#
>
>
> Help? This is driving me nuts... Where can I look to find out why this might
> be happening?
>
> Thanks,
> Anthony
> ___
> 389-users mailing list -- 389-users@l
On Wed, 2017-02-22 at 22:20 -0800, Gordon Messmer wrote:
> On 02/22/2017 09:25 PM, William Brown wrote:
> > Default indexes only apply to new databases (It's a template iirc). You
> > need to edit the index on the cn=userRoot,cn=ldbm
> > database,cn=plugins,cn=
On Mon, 2017-02-13 at 12:51 +0200, Todor Petkov wrote:
> On Mon, Feb 13, 2017 at 1:26 AM, William Brown <wibr...@redhat.com> wrote:
> > Do you mind posting the ldif? Have you tried using ldapadd -f > ldif> to the server to see what that says.
> >
> > This i
entOS7 or EL7
equivalent and use the 389-ds-base package that is supported.
The upgrade should be very straightforward, so I hope that this helps
you.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digit
On Wed, 2017-02-15 at 08:43 +1000, William Brown wrote:
> On Tue, 2017-02-14 at 18:20 +, Ric wrote:
> > Hi All,
> >
> > I am aware that RHDS9 goes EoL in March. As I understand it, 389 is
> > effectively upstream of RHDS and thus not directly affected.
> >
for the newly created user, deleted it and
> tried to import (in case I miss some entries), but it's the same.
>
>
> Googling does not reveal any solution.
>
> Anyone with similar experience and a fix?
Do you mind posting the ldif? Have you tried using ldapadd -f to the server to see what th
an see
the actual ldap traffic going into the server at the time.
Thanks,
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fed
golang ldap api. Do you mind
checking if this happens from ldappasswd or python-ldap?
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.f
1 - 100 of 719 matches
Mail list logo