Sean Carolan wrote:
Are you running 389-admin 1.1.10?
This is what I have installed, all from the yum repo:
Which yum repo? Note that all of the new 389 packages are in EPEL now -
see http://directory.fedoraproject.org/wiki/Release_Notes
389-admin-1.1.10 fixes a problem with
Sean Carolan wrote:
They are standard x.509v3, RSA 1024 bit encrypted format. Nothing
exotic, they work fine on Apache web servers...
You first need to put them in pkcs12 format. Use the openssl pkcs12 to
combine your existing server cert and private key into a pkcs12 file.
Then, use
that a try.
Ok. Then I suppose OpenDS supports the control, or OpenDS does not
error if an unsupported control is sent with the Abandon operation.
- David
On Fri, Feb 19, 2010 at 5:26 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Chun Tat David Chu wrote
BLANQUART Fabrice wrote:
Hi,
I try to migrate an old Netscape Directory Server to 389ds.
When I import the export database, I get a lor of reject because of
empty attributes .
I get reject like :
Error adding object 'dn: uid=XX,o=Annuaire,o=directoryRoot'. The
error sent by the
Charles Gilbert wrote:
Hi everyone,
I have been struggling with this one for a while.
In switching to 389, I am trying to figure out how to get my Solaris
clients working with account management and ssh keys. SunDS 5.? has
an oid control that allows for account management and ssh keys
Ryan Braun [ADS] wrote:
On March 2, 2010 03:18:43 pm Rich Megginson wrote:
Ryan Braun [ADS] wrote:
Is there an operational attribute or some other way to determine when the
last time an account was used to bind to the server (or any server in a
MMR setup). Basically looking to find
me wrote:
regards
389-ds-base 1.2.6.a2 has a selinux sub-package - 389-ds-base-selinux -
and 389-admin-1.1.11.a2 also - 389-admin-selinux - these are currently
in the testing repos - yum install/upgrade --enablerepo=updates-testing
389-ds-base-selinux 389-admin-selinux
Not sure if these
muzzol wrote:
2010/3/3 Rich Megginson rmegg...@redhat.com:
28pilot.ldif is here, along with the other deprecated schema.
my file is different from this one. is this intended?
Not sure - how is it different?
--
389 users mailing list
389-users@lists.fedoraproject.org
https
Ski Kacoroski wrote:
Hi,
I am having problems with SSL setup. First I tried via the admin
console to use our company's star cert,
What exactly did you do? Note that if you have an existing server
cert+key, you'll have to import that as a pkcs12 file (which contains
both the server cert
08:46 AM, Rich Megginson wrote:
Ski Kacoroski wrote:
Ok, looks like I need to reboot the entire server to get the admin
console stop server functionality to work.
You probably could have just restarted the directory server and admin
server:
service dirsrv restart
Mike Li wrote:
That does not solve the problem. After doing all those removes and
running install again, I got the exactly the same error.
What is the yum/rpm command to install all those missing libraries?
yum
Shouldn't the installation guide be more user friendly to cover these
kind of
Wolf Siedler wrote:
Hi!
I am sorry for the vague subject but I don't know a better way to
describe my problem. I am still studying Fedora/389 Directory Server.
I am running a Fedora-DS (1.1) master on CentOS 5.4 which replicates to
several consumers (no master-master replication).
1.1?
Wolf Siedler wrote:
Thanks for the fast reply, Rich!
1.1? rpm -qi 389-ds-base
32-bit or 64-bit?
It's fedora-ds-base-1.1.3-2.fc6, 32-bit.
rpm -qi gives:
Name: fedora-ds-base Relocations: (not relocatable)
Version : 1.1.3
Edward koko Konetzko wrote:
Is there anyway to verify an index or tell the server to reindex with
out having to delete and readd the index?
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/applying-indexes.html
Thanks
Edward
--
389 users mailing list
Brian Provenzano wrote:
I'm hoping someone can help me with this, but I am getting an error
attempting a cross migration from an old version of FDS (FDS 1.0.4) on
CentOS 4 32bit to current 389 Directory server (via yum repos) on
centOS 5.4 64bit. I used the following in order to install 389
that
appears to fail (I guess). Sorry for my ignorance, but I have no idea
how to resolve this.
On Mon, Mar 15, 2010 at 9:30 AM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Brian Provenzano wrote:
I'm still on the road to trying to migrate from FDS
Brian Provenzano wrote:
I ran the migrate with the debug flag as requested. It spits out
about 2000+ lines of debug. Is this list OK with me posting/emailing
that many lines? I can gladly post it.
Just send it to me directly.
On Mon, Mar 15, 2010 at 1:21 PM, Rich Megginson rmegg
configuration file '/etc/dirsrv/admin-serv/local.conf'. LDAP Error:
No such object
Exiting . . .
On Mon, Mar 15, 2010 at 2:07 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Brian Provenzano wrote:
Done. Should be on its way.
Ok. Looks like the major
PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Brian Provenzano wrote:
That definitely gets me a bit farther along. I replaced the
occurrences in the NetscapeRoot.ldif and reran the process, but
I hit
another error. Looks there is another
schema
You can file these bugs, and fill them in with the appropriate
information, in lieu of beer. Then celebrate your freshly minted bugs
with a cold one of your own :-)
-brian
On Mon, Mar 15, 2010 at 5:13 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Brian
Aaron Hagopian wrote:
I am having an issue in regards to handling expiring passwords during
the grace period. I also filed a bug because I find the behavior to
not be as expected
(https://bugzilla.redhat.com/show_bug.cgi?id=576303). But to
summarize my bug report, in my code that checks
Nick Brown wrote:
Hi,
I have been given a bunch of old Netscape 6.2 servers that need
replacing with 389 Directory server, is it possible to have a Netscape
6.2 master and a 389 Directory server replicating between each other?
The current setup consists of 2 Netscape Multimasters and 7
Christopher Wood wrote:
On Thu, Mar 25, 2010 at 11:59:31AM -0600, Rich Megginson wrote:
Christopher Wood wrote:
I'm having another issue that I'm not making headway on. This time, I can't
import a single value into one attribute in my directory. The attribute in
question
John A. Sullivan III wrote:
On Fri, 2010-03-26 at 16:28 -0600, Rich Megginson wrote:
John A. Sullivan III wrote:
Hello, all. We've recently undergone a corporate name and domain
change, let's say from oldname.biz to newname.com. Consequently, we
need to rename the top level of our
Techie wrote:
On Fri, Mar 26, 2010 at 2:55 PM, Techie techcha...@gmail.com wrote:
2010/3/26 Prashanth Sundaram psunda...@wgen.net:
Hi,
Here’s how my PAM PTA looks like. But id on;t think it is of much use.
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
nsslapd-pluginEnabled:
Diretorio Livre wrote:
Hello,
We are using FDS 1.2.0 and we are making samba integration with LDAP.
There are two FDS servers, one (serverA) is configured as single
master and the other (serverB) as a dedicated consumer. We're using
the option ldap passwd sync=yes and pointing the ldapsam
Diretorio Livre wrote:
**
Richard,
I set the nsslapd-accesslog-logbuffering as you recomended and
nothing was logged on the master ldap (ServerA). So I shutdown
the master ldap machine and repeat the test. The result was
the same behaviour: SAMBA
j...@scusting.com wrote:
Hi - I had a read of the Redhat documentation on cache sizes and tuning
and tried tweaking one of my servers as it was setup with the default.
The server is a Fedora 10 box with 4GB of RAM so I decided to setup the
cache as:
nsslapd-cachememsize = 3145728000
Mister Anonyme wrote:
Hi,
The default value of response size limit in directory server is 2000
entries.
I couldn't find any documentation that explains clearly what could
cause any issues if I set it to unlimited (-1). I have some clients
that would want to get a bulk response
Chun Tat David Chu wrote:
Hi All,
I have an issue on referral and read-only replica.
My setup consists of two multi-master suppliers and 1 read-only
replica consumer.
MM1 - MM2
| |
| |
C-
The replication is configured to use SSL, port 636.
I
Angelo Babudro wrote:
Greetings.
I am a first-time user of the 389 DS -- version 1.1.3-6.el5 installed
from the EPEL RPMs.
When I try to enter my first user, using web interface, I keep running
into an error when trying to enter people that says:
An error occured while contacting the
Francesco Fiore wrote:
Hi,
I've a DS with three database link.
Even if only one remote server is unavailable, I've the error FARM
SERVER TEMPORARY UNAVAILABLE and I can not search anything in other
subtrees when I bind to the root suffix.
Can I modify the behaviour of the directory server
Firstly, we would like to offer a big thanks to the 389 community for
all of the issues you have found, and for being so patient with us while
we investigated some of these problems. This is a big help in improving
the quality of the project.
The 389 team is pleased to announce the
Rick Dicaire wrote:
Hi folks new to the list.
Fedora 12 i386
DS info:
Name : 389-ds
Arch : noarch
Version: 1.1.3
Release: 5.fc12
Upon running setup-ds-admin.pl -ddd, it errors out at the end:
Your new DS instance 'ws' was successfully created.
Creating the
Prashanth Sundaram wrote:
Hello all,
We have been experiencing some ldap timeout errors in a multi-master
setup.
My setup looks close to this one but there is _NO_ M32 and M41 i.e
consumers don;t replicate to masters
Prashanth Sundaram wrote:
All,
When I run this I don’t get any usable output(empty template shows
up). But when I don;t specify dates, it just works.
$ logconv.pl -S [04/Apr/2010:15:00:00 -0400] -E
[04/May/2010:15:00:00 -0400] -V /var/log/dirsrv/slapd-poe111/access*
Access Log Analyzer
Francisco José Pérez González wrote:
Hi, i have some problems with suffixs, im new to LDAP so maybe im
misunderstanding concepts, Ok here it goes...
Im working with centos-ds. Im asking here beacause the solutions probably
can
be apllied in 389-like software such as centos. well, i have
Francisco José Pérez González wrote:
On Lun 10 May 2010 18:09:46 Rich Megginson escribió:
Francisco José Pérez González wrote:
Hi, i have some problems with suffixs, im new to LDAP so maybe im
misunderstanding concepts, Ok here it goes...
Im working with centos-ds. Im asking
...@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent: Tuesday, May 11, 2010 5:21 PM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Skipped request ...
Reinhard Nappert wrote:
Hi all,
I have seen a weird behavior of my DS (1.1.2). It has a very small
[mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent: Thursday, May 13, 2010 1:10 PM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Skipped request ...
Reinhard Nappert wrote:
Rich, which debugging level do you
setting a much, much smaller value, like 5000 (5
seconds).
-Reinhard
-Original Message-
From: 389-users-boun...@lists.fedoraproject.org
[mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent: Thursday, May 13, 2010 10:58 PM
To: General discussion list
application? ldapmodify? a perl/python script?
-Reinhard
-Original Message-
From: 389-users-boun...@lists.fedoraproject.org
[mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent: Thursday, May 13, 2010 10:58 PM
To: General discussion list for the 389
Nathan Kinder wrote:
On 05/18/2010 08:48 AM, Rich Megginson wrote:
Roberto Polli wrote:
On Tuesday 18 May 2010 16:28:48 Rich Megginson wrote:
...I would start with the member of plugin code.
I'll take a look.
do you think it will be better
Luke Schierer wrote:
On Tue, May 18, 2010 at 07:44:23PM -0600, Rich Megginson wrote:
Luke Schierer wrote:
Hi all,
I have been using fedora directory server/389 directory server for a
couple years now with out any real issues, so I want to start off by
thanking all
Hyatt, Dan wrote:
I am using Directory Manager or fds as usernames with their
corresponding passwords
I am using http://localhost:1099 http://localhost:1099/
http://server_name:1099 http://server_name:1099/
with 1099 being the management console port number.
Any
Juan Asensio Sánchez wrote:
Hi
To modify some parameters of the conguration, like
nsslapd-cachememsize, it is required to stop the server and manually
change the setting in the dse.ldif. Is there any way/command/utility
to modify that file without using grep and sed? I say this because
Dennis Gilmore wrote:
On Tuesday, June 29, 2010 04:26:26 pm Rich Megginson wrote:
http://richmegginson.livejournal.com/17934.html
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
Wow,
has it been that long
John A. Sullivan III wrote:
On Mon, 2010-07-19 at 04:26 -0400, John A. Sullivan III wrote:
On Mon, 2010-07-19 at 04:15 -0400, John A. Sullivan III wrote:
On Wed, 2010-07-14 at 15:40 -0600, Rich Megginson wrote:
--[ UxBoD ]-- wrote:
Hi,
We are setting up a new
--[ UxBoD ]-- wrote:
- Original Message -
--[ UxBoD ]-- wrote:
- Original Message -
SNIP
Hi Rich,
that is what I did not get the error message. Here is the complete
output:
[20/Jul/2010:10:42:20 -0400] NSMMReplicationPlugin -
agmt=cn=DomainAD
abandoned error.
2010/7/15 Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com
Juan Asensio Sánchez wrote:
Hi
2010/7/14 Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com
mailto:rmegg...@redhat.com mailto:rmegg...@redhat.com
---[ anon ]
Thanks!
On 16/07/2010, at 1:16 AM, Rich Megginson wrote:
Barry Sitompul wrote:
Hi All,
Thanks for the replies!
I am running the DS on a RHEL 5.5 x86_64 VM.
It's got 8GB of RAM and out of that I allocated 600MB for the LDBM
plugin cache. I have four backend databases so does
Steven Truong wrote:
I just downloaded the Windows Console and tried to access the server
through http://myserver:myport with a regular user. Once I got in
with this regular user, I could list the whole directory and actually
changed the password for this account. I think Windows Console can
Jonathan Boulle wrote:
We couldn't find a straightforward option for this (if someone wiser knows
one please enlighten me!), so as far as we worked out there are two means of
achieving this:
1) Combination of two config options: nsslapd-allow-anonymous-access: off
+
Gerrard Geldenhuis wrote:
I found the cause of the problem for the An error has occurred.
When you first click on Manage Certificates in the Admin Server console it
prompts you for a password and I believe create the cert store in
/etc/dirsrv/admin-serv/
I then added the same CA that I used
not crash, when I try to delete this entry
I think we fixed that crashing bug a while ago. Can you post a stack trace?
-Reinhard
-Original Message-
From: 389-users-boun...@lists.fedoraproject.org
[mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent
Fabio Erculiani wrote:
Where are the sources?
http://directory.fedoraproject.org/sources/
Thanks for reminding me. It's there now.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
Gerrard Geldenhuis wrote:
I forgot to add that all the ldifs works if I run them afterwards just not
during installation.
This string also baffled me a bit:
cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
what does the o\3Dn mean?
See http://www.ietf.org/rfc/rfc4514.txt
I
Gerrard Geldenhuis wrote:
There is still some haziness in my mind about the admin server...
I setup a server called master01 using setup-ds-admin.pl and then setup
another physical server called master02 also using setup-ds-admin.pl. The
only difference was that I registered master02 with
Brian LaMere wrote:
Regarding superior attributes, I found this email from 4 years ago:
https://www.redhat.com/archives/fedora-directory-users/2006-July/msg00059.html
In it, Mike said Seems that my schema conversion tool doesn't
support attribute inheritance...[snip]...I will keep this in
Brian LaMere wrote:
2010/8/31 Noriko Hosoi nho...@redhat.com mailto:nho...@redhat.com
Any special messages in the errors log?
None; once the import succeeded (previous post about superior
attributes), it succeeded without any errors.
Server version.
Very fresh install.
Jacek Nykis wrote:
On Friday 03 September 2010 16:30:34 Rich Megginson wrote:
Jacek Nykis wrote:
On Thursday 02 September 2010 18:45:44 Rich Megginson wrote:
Jacek Nykis wrote:
Hi,
I am trying to setup chaining backend and I encountered some problems.
I setup
...@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent: Tuesday, September 07, 2010 10:56 AM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Segfault Core Dumps
Dael Maselli wrote:
Hi,
I'm experiencing a lot of segmentation fault on my installations, I
have
John Mancuso wrote:
That's what it was! thanks. Unfortunately going across subdomains was a no go
:
-12276 (Unable to communicate securely with peer: requested domain
name does not match the server's certificate.
I tried to generate a self signed wildcard (cn=*.mycompany.com) but no
luck
Jacek Nykis wrote:
On Tuesday 07 September 2010 16:04:22 Rich Megginson wrote:
Jacek Nykis wrote:
On Friday 03 September 2010 16:30:34 Rich Megginson wrote:
Jacek Nykis wrote:
On Thursday 02 September 2010 18:45:44 Rich Megginson wrote:
Jacek Nykis
Lars Gunther wrote:
2010-09-14 11:39, Lars Gunther skrev:
This LDIF could not be imported. It was generated as an export from
OpenLDAP.
dn: cn=test,ou=Group,dc=labbnet,dc=ne,dc=keryx,dc=se
objectClass: posixGroup
objectClass: top
cn: gunther
userPassword:: e2NyeXB0fXg=
gidNumber: 600
Brandon G wrote:
Nathan Kinder wrote:
On 09/01/2010 05:50 PM, brandon wrote:
I am curious if anybody knows of a bug with the password history limit?
I am not aware of a bug like this. What version of 389-ds-base are you
running?
Versions:
389-ds-console-1.2.0-5
Lars Gunther wrote:
2010-09-14 17:26, Rich Megginson skrev:
I still don't know what you mean by add posixGroups using the admin
tool. If by admin tool you mean the 389 GUI console, then right,
there is no explicit posix group tab in the Group editor window, but you
can use the Advanced
Gerrard Geldenhuis wrote:
Hi
I have not been able to get ldclt working. I suspect I am not using it
correctly and would appreciate anyone just giving my options a sanity
check.
Running the following:
ldclt -h testserver.example.com -p 389 -e bindeach,bindonly -Z
Mark Plaksin wrote:
We have the DNA plugin working fine in 1.2.5. In 1.2.6 we get a syntax
error when we try to create users with uidNumber set to 'magic'. We
configure and use the DNA plugin as described here:
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/dna.html
If I turn on
Edward Z. Yang wrote:
We've had ns-slapd segfault on us recently twice; we don't have
a core dump (since the daemon script turns off core dumps, but
hopefully we'll have one next time it happens) and I was wondering
if anyone had seen this before:
ns-slapd[2725]: segfault at 10a310af ip
Gerrard Geldenhuis wrote:
Hi
This is probably OT but I am not having much luck with google. How can
I create SSHA512 strings? I have been using either a php script or
slappasswd to create SSHA password but not sure how to do SSHA512.
openssl can create the SHA512 digest but I am not sure
Brandon G wrote:
Rich Megginson wrote:
389 does support MD5 and Salted (SMD5) hashes, specifically for
migration purposes. What format does $1$ use?
It has been used in unix for some time now. $1$SEED$HASH is MD5;
depending upon what OS you use the number differs
Gerrard Geldenhuis wrote:
Does local password policy settings get replicated?
I would assume yes because it is writes:
dn: cn=cn=nsPwPolicyEntry\,uid=jdoe\,ou=people\,dc=example\,dc=com,
cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
objectclass: top
objectclass: extensibleObject
generating the backtrace.
Regards,
Dael Maselli.
On 07/09/10 19.44, Ulf Weltman wrote:
On 9/7/2010 8:25 AM, Dael Maselli wrote:
Hi Rich,
On 07/09/10 16.56, Rich Megginson wrote:
Do you see seg fault messages in /var/log/messages?
Sure: ns-slapd[13737]: segfault at 00bc rip
Roberto Polli wrote:
On Thursday 07 October 2010 17:58:24 Rich Megginson wrote:
IMHO, the official place is either the 389 repo or the debian package
repo.
The official debian distribution doesn't support 389: there are some
extensions like EPEL repository. The 389 is in one
Edward Z. Yang wrote:
After manually attaching GDB, we caught a segfault on one of the dirsrvs. The
server's name is old-faithful. Here's the backtrace (with one set of
debugging
info missing; I can grab that and reload the core dump if you want me to.)
File a bug, or do you think it's an
Edward Z. Yang wrote:
Excerpts from Rich Megginson's message of Fri Oct 08 18:59:52 -0400 2010:
Try running with the SHELL (1024) debug error log level. This should
give more information about the principal, keytab, etc. that directory
server is using.
More logs:
thomas.pet...@swisscom.com wrote:
Hi there!
I would like to have a look at the source code of the _Auto Enrollment
Proxy_
http://directory.fedoraproject.org/wiki/Windows_Certificate_Auto_Enrollment
(AEP).
I've looked here _http://directory.fedoraproject.org/sources/_ and
here
Wendt, Trevor wrote:
Hello All,
I’m working with the new 389 Console for Windows v1.1.6 connecting to
my remote server. When opening the console it sits at the
Initializing... screen for exactly 10 minutes (600 seconds), then
the console opens. Once open I see the Server Group and the
Edward Z. Yang wrote:
We've not observed any of our 1.2.6 servers wedging in this fashion.
However, we need to preserve our 1.2.5 servers because if we axe them
we can't do full updates yet (as per
https://bugzilla.redhat.com/show_bug.cgi?id=637852).
With any luck the upcoming update will
Edward Z. Yang wrote:
Excerpts from Rich Megginson's message of Thu Oct 14 18:57:54 -0400 2010:
1.2.6.1 is already released. There is a slight chance we could do a
1.2.6.2, but otherwise we were targeting this for 1.2.7.
I wonder if Fedora 13 is going to pick up 1.2.7.
Yes. We
Edward Z. Yang wrote:
Howard responded to the OpenLDAP list with this:
But it's certainly stupid for the server to attach the attribute to the
response with no values, since this is obviously NOT an attrsOnly search
response. Sounds like you ought to file a bug report against the Fedora
Edward Z. Yang wrote:
Done. https://bugzilla.redhat.com/show_bug.cgi?id=643979
Cheers,
Edward
P.S. Boy, I'm submitting a lot of bug reports these days! Sorry
'bout that :-)
We are grateful for your bug reports. Keep them coming!
--
389 users mailing list
Roberto Polli wrote:
On Thursday 21 October 2010 12:12:52 Roberto Polli wrote:
W: Impossibile trovare il pacchetto mozilla-ldap-sdk
Trying to download tarball using uscan
uscan warning: In debian/watch no matching hrefs for version 6.0.6+dfsg in
watch line
Gerrard Geldenhuis wrote:
Hi
Just a quick follow-up regarding this thread.
We discovered the real problem encryption of the password.
We have the following line in the ldif file to
nsmultiplexorcredentials: {SSHA}VItDJ0gykk1q8rzsJmIkkj64mAW1kkaZY
That's very bad. This looks as
it back on with
9830 added as a acceptable port I suppose.
Yes. You will need to open 389, 636, and 9830
Thanks for the help, and sorry about the noise.
Harry
Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
harry.dev...@faa.gov
From: Rich Megginson rmegg
Anthony Messina wrote:
On Monday, October 25, 2010 03:14:59 am Morris, Patrick wrote:
http://directory.fedoraproject.org/wiki/Howto:AccessControl
On 10/23/2010 6:38 PM, Mike Li wrote:
I am using the latest 389 DS (1.1), on Linux. Searching the entries
works but cannot do
Frederic Hornain wrote:
Dear Rich,
It is in clear text mode.
BR
Fred ;)
On Tue, Oct 26, 2010 at 5:07 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Frederic Hornain wrote:
Dear *,
How can I configure the Directory server in order
Frederic Hornain wrote:
Dear Patrick,
ldapsearch -v -h 192.168.122.142 -s sub -U
dn:uidfhornain,ou=People,dc=example,dc=com -b dc=example,dc=com -Y
DIGEST-MD5
use either
-U u:fhornain
or
-U dn:uid=fhornain,ou=People,dc=example,dc=com
ldap_initialize( ldap://192.168.122.142
Orion Poplawski wrote:
Running on CentOS 5.4, get:
type=AVC msg=audit(1288197048.706:347260): avc: denied { execute_no_trans }
for pid=1388 comm=httpd.worker path=/usr/lib/dirsrv/dsgw-cgi-bin/lang
dev=dm-4 ino=225129 scontext=system_u:system_r:httpd_t:s0
Andreas Andersson wrote:
Hi!
Is 389 DS working fine using 5 - 10 root suffixes? I know its not very common
as you usually only need one root suffix for your organization.
The reason why I'm asking is that I want to consolidate several test
environments into one single LDAP environment.
I
Anderson, Cary wrote:
If you are using your ldap server for linux authentication, is it
recommended to setup an index for gidnumber,
Yes - presence and equality
uidnumber,
Yes - presence and equality
userpassword
No - not sure why you would ever do a search like (userPassword=*) or
Gerrard Geldenhuis wrote:
Hi
I am trying to decrypt SSL traffic capture with tcpdump in wireshark.
A quick google turned up a page that said the NSS utils does not allow
you to expose your private key. Is there different way or howto that
anyone can share to help decrypt SSL encrypted
Gerrard Geldenhuis wrote:
Hi David,
I created a new certificate datase with certutil, and I can view the
private key fingerprints with certutil -d . -K but I can’t actually
extract the private key from the certutil database. I can create a
certificate sign request using certutil again. I
Gerrard Geldenhuis wrote:
Hi
We are getting a slow responses from one of our LDAP servers and I am
not sure what is causing the problem I have run a logconv.pl -j and
the following is interesting:
Connections Reset By Peer:0
Resource Unavailable: 136
- 136 (T1)
Gerrard Geldenhuis wrote:
Hi
In our setup we have clients authenticating against a consumer server.
The consumer server is chained to the provider server for writes and
we have passwordpolicy configured including lockout settings. We
replicate all password data.
When I do a bind to
Angel Bosch Mora wrote:
hi,
i can't find last dsml packages anywhere.
must i compile from sources?
Yes. We never released dsmlgw as an rpm package.
i use epel repos.
regards,
abosch
--
389 users mailing list
389-users@lists.fedoraproject.org
Gerrard Geldenhuis wrote:
Are you using Chain On Update for Binds?
http://directory.fedoraproject.org/wiki/Howto:ChainOnUpdate
We are indeed, we used that howto to set it up. Reading it now again it
does say it will use the chaining backend for binds. Why is that?
Gerrard Geldenhuis wrote:
-Original Message-
From: 389-users-boun...@lists.fedoraproject.org [mailto:389-users-
boun...@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent: 12 November 2010 16:32
To: General discussion list for the 389 Directory server project.
Subject: Re
On 11/19/2010 04:34 AM, Gerrard Geldenhuis wrote:
Hi
I have a bit of a problem with a few 389 servers I recently build...
Firstly how I got there:
I added 4 additional servers to our infrastructure, the servers had
389 installed and configured but as a separate set of 4 servers
completely
1 - 100 of 813 matches
Mail list logo
