that way you can use '-s sub' to search the
entire suffix but still have that segregation, or you can export an LDIF
between AD and use ldapdiff.pl to pre-merge the AD domains.
Hope this helps.
Dan
From: Juan Asensio Sánchez oke...@gmail.com
To: General
Hi
Is there any document where I could find the version equivalence
between 389 Directory Server and Red Hat Directory Server? Most of the
documentation i sin Red Hat Docs, but I don't know which version
should I see... I use 389DS 1.2.5, so which documentation version
should I read, 8.1, 8.2,
Hi
We are testing the password policy in the 389DS. Using CentOS 5.5
i386, 389-ds-base 1.2.5. I have enabled the global password policy,
and set 180 days for password expiration, 14 days for warnings, and 3
grace logins. If I do a login before the 14 days befor the password
expiration, the bind
of ldap.h?
Regards.
2012/8/20 Justin Piszcz jpis...@lucidpixels.com:
On Mon, Aug 20, 2012 at 7:32 AM, Juan Asensio Sánchez oke...@gmail.com
wrote:
Hi
I am trying to compile a sample plugin, based on the documentation
from
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server
Hi
I am trying to compile a sample plugin, based on the documentation
from
, schrieb Juan Asensio Sánchez oke...@gmail.com:
Hi
I would like to make a plugin to synchronize some attributes from its
value in Directory to the equivalent in Samba. The plugin should
detect the changes in some attributtes, and then calculate and modify
the equivalent value of the Samba ones
Yo should use parameter -b in ldapsearch:
ldapsearch -xZZ -D cn=Directory Manager -w 'testtest' -b l=uk
uniqueMember=uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
Or change the default values in ldap.conf.
Regards.
2012/8/13 Fosiul Alam fos...@gmail.com:
Hi Bellow search should return some result
=fosiul,dc=lan
# requesting: ALL
#
# search result
search: 3
result: 0 Success
# numResponses: 1
but its not giving anything ..
its works on my lab
but not in production
On Mon, Aug 13, 2012 at 12:00 PM, Juan Asensio Sánchez oke...@gmail.com
wrote:
Hi
Yes, -b l=uk,dc=fosiul,dc=lan
Hi
We are using these attributes for a (very basic) configuration of
LDAPI (just root - Directory Manager):
# LDAPI
nsslapd-ldapifilepath: /var/run/dirsrv/slapd-.socket
nsslapd-ldapilisten: on
nsslapd-ldapiautobind: on
nsslapd-ldapimaprootdn: cn=Directory Manager
nsslapd-ldapimaptoentries:
https://fedorahosted.org/389/ticket/339
El día 2 de abril de 2012 16:16, Rich Megginson rmegg...@redhat.com escribió:
On 04/02/2012 05:31 AM, Juan Asensio Sánchez wrote:
Hi
Does the attribute ntUserFlags replicate to Active Directory?
no - please file an enhancement request at https
http://markmail.org/search/?q=list%3Acom.redhat.fedora-directory-users
El día 12 de abril de 2012 01:52, Arpit Tolani arpittol...@gmail.com escribió:
Hie
What I do to search using google is search for -
keyword site:http://lists.fedoraproject.org/pipermail/389-users
--
Regards
Arpit
22 de marzo de 2012 16:42, Rich Megginson rmegg...@redhat.com escribió:
On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:
Hi
We have done a plugin that dynamically change some attributes of the
search results. The main code is like this:
int smbhack_hook( Slapi_PBlock* pb
Hi
We have done a plugin that dynamically change some attributes of the
search results. The main code is like this:
int smbhack_hook( Slapi_PBlock* pb ) {
// ...
Slapi_Entry** s_entradas = NULL;
Slapi_PBlock* pbi = NULL;
// ...
rv = slapi_pblock_get(
Hi
Is it important the order of the filter in a search? So, what's the
most optomized filter?
((uid=*)(objectClass=sambaSamAccount))
Or
((objectClass=sambaSamAccount)(uid=*))
Or which is the best of these two:
((uid=user)(ou:dn:=People))
Or
((ou:dn:=People)(uid=user))
Regards and thanks
https://bugzilla.redhat.com/show_bug.cgi?id=768933
El día 14 de diciembre de 2011 22:14, Rich Megginson
rmegg...@redhat.com escribió:
On 12/12/2011 10:01 AM, Juan Asensio Sánchez wrote:
Thanks, but that does not resolves the problem. What I need, is to
delete a user automatically from AD
https://bugzilla.redhat.com/show_bug.cgi?id=768934
El día 14 de diciembre de 2011 22:13, Rich Megginson
rmegg...@redhat.com escribió:
On 12/12/2011 06:53 AM, Juan Asensio Sánchez wrote:
Hi
I am trying to test the proxied operations in 389 DS. For now, I have
written a small script using
Hi
I am trying to test the proxied operations in 389 DS. For now, I have
written a small script using UnboundID LDAP SDK [1]:
ModifyRequest modifyRequest = new
ModifyRequest(uid=,ou=People,o=,dc=,dc=,
new Modification(ModificationType.REPLACE, address, Nueva
Hi
After one user has been replicated from 389 DS to Active Directory, is
there any way to stop replicating it? I want the user, after deleting
some attrs in 389 DS (ntUser objectClass, ...), be deleted in Active
Directory, but already exists in 389 DS. Is this possible?
Thanks in advance.
--
/One_Way_Active_Directory_Sync
2011/12/12 Juan Asensio Sánchez oke...@gmail.com
Hi
After one user has been replicated from 389 DS to Active Directory, is
there any way to stop replicating it? I want the user, after deleting
some attrs in 389 DS (ntUser objectClass, ...), be deleted in Active
Directory
diciembre de 2011 16:14, Juan Asensio Sánchez
oke...@gmail.com escribió:
Hi
I continue trying to replicate the users from the 389 directory to an
AD server. After removing language subtype attributes, I get now this
error when a user contains an ou attribute:
[01/Dec/2011:13:50:04 +0100
https://bugzilla.redhat.com/show_bug.cgi?id=759009
https://bugzilla.redhat.com/show_bug.cgi?id=759043
El día 30 de noviembre de 2011 15:21, Rich Megginson
rmegg...@redhat.com escribió:
On 11/30/2011 04:50 AM, Juan Asensio Sánchez wrote:
Hi
In our directory, we have some users
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Replication-Configuring-Replication-cmd.html
2011/12/1 John Mancuso jkmanc...@gmail.com:
Any way to setup Master/Slave Replication setup via command line? The java
GUI is a bit of a pain to use but
Hi
I continue trying to replicate the users from the 389 directory to an
AD server. After removing language subtype attributes, I get now this
error when a user contains an ou attribute:
[01/Dec/2011:13:50:04 +0100] NSMMReplicationPlugin - agmt=cn=ll
(:636): windows_process_total_entry:
Hi
In our directory, we have some users with attributes like cn;lang-en,
sn;lang-en, with the same value than cn or sn, but without tildes (á,
è) or ñ. When I try to synchronize these users with Active
Directory, I get this error:
[30/Nov/2011:11:58:32 +0100] - Windows sync entry: Created new
Hi
I am trying to setup a test environment where each database should
contain multiple suffixes. I have 6 organizations:
- o=a1,dc=org,dc=net
- o=a2,dc=org,dc=net
- o=b1,dc=org,dc=net
- o=b2,dc=org,dc=net
- o=c1,dc=org,dc=net
- o=c2,dc=org,dc=net
a1 and a2, should belong to userRoot, which is
Hi
I also think this could be great. I have the same issue with the users email
addresses.
Regards.
2010/8/2 A Robinson spacehob...@googlemail.com
Hello,
I'm trying to check that values contained in one than one attribute is
unique. A solution exists for other directory servers, but I
Hi
I have been using this tool for some time and I think it is great. It's very
useful to display query statistics information, cache, replication, etc.
Regards.
2010/7/30 Andreas Andersson zre...@gmail.com
Hi!
It’s been a year since I announced the 1.0 release of my little open source
Hi
I am having problems with some replicas. Using 389 DS 1.2.5, CentOS 5.5. A
few days ago, a server crashed, and when restarted, it had the time of the
crash (more than 1 day). Just after the server started up, the time was sync
with the NTP, but when dirsrv started, the time was wrong. Since
Hi
Thanks Rich for your answer. Just some questions:
The bug that caused this to happen was fixed, but unfortunately cannot
fix the bad nsState that already exists. The problem is that the CSN
generator attribute (nsState) in the cn=replica entry for the suffx is
not cleaned up properly
OK Rich, thank you very much. I will try this tomorrow, it's evening here in
Spain.
For replicas I mean replicated suffixes/databases on each server in my
previous message.
Regards.
2010/8/16 Rich Megginson rmegg...@redhat.com
Juan Asensio Sánchez wrote:
Hi
Thanks Rich for your answer
You can set nsslapd-port to 0 in dse.ldif, so the server will not listen in
the 389 port.
2010/8/9 Daniel Maher dma+389us...@witbe.net dma%2b389us...@witbe.net
On 08/09/2010 04:37 PM, Jonathan Boulle wrote:
2) Block access at a socket level (e.g. iptables or otherwise) to the
cleartext LDAP
2010/8/3 Rich Megginson rmegg...@redhat.com
Juan Asensio Sánchez wrote:
2010/8/2 Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com
Juan Asensio Sánchez wrote:
Hi
I am trying to tune the performance of the Directory Server. We
have
increased
https://bugzilla.redhat.com/show_bug.cgi?id=616707
Regards.
2010/6/25 Rich Megginson rmegg...@redhat.com
Juan Asensio Sánchez wrote:
And how will replication behave? Will this change be propagated to the
rest of the servers, or will it be overriden with the definition that
thare is now
/consumer server.
2010/7/15 Rich Megginson rmegg...@redhat.com
Juan Asensio Sánchez wrote:
Hi
2010/7/14 Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com
Juan Asensio Sánchez wrote:
Hi
I am having trouble initializaing a server. That server has some
Hi
We also have about 30 VMs running Centos 5 and 389 DS without any problem of
resources, with a directory of about 55000 entries (VMWare ESX Server), all
replicated. Also, real machines.
2010/7/13 Daniel Maher dma+389us...@witbe.net dma%2b389us...@witbe.net
On 07/13/2010 01:26 AM, Barry
Hi
We have just realized that our servers are ignoring the parameter
nsslapd-sizelimit. If we do a search of the entire directory (about 5
entries), we have a size limit exceeded:
# ldapsearch -H ldaps://localhost -x -LLL -b dc=X,dc=es -D
uid=X,ou=X,o=,dc=,dc=es -W
[]
One more note, this only happens in 1.2.5 versions, not in 1.1.3 (we have
servers with two different versions).
El 1 de julio de 2010 15:00, Juan Asensio Sánchez oke...@gmail.comescribió:
Hi
We have just realized that our servers are ignoring the parameter
nsslapd-sizelimit. If we do
Hi
Although I think the best solution for this is that Samba only update the
Unix password, and the server generates dinamically the sambaLM and sambaNT
passwords using a plugin (perhaps, in the future, we will contribute with
this plugins, but not right now), I have solved the problem described
Hi
I see that there is 389-ds-console 1.2.3 version in EPEL testing, the
package that is needed, according to a previous post. I will try to upgrade
our test servers again.
Regards.
2010/7/1 Rich Megginson rmegg...@redhat.com
. . . but before we release to the stable repositories, we need
for that?
Regards.
2010/6/25 Rich Megginson rmegg...@redhat.com
Juan Asensio Sánchez wrote:
Hi again
What will happen if I modify the schema, creating a new aattribute
without specifying any matching rule? Will the directory use the
default rules for for the attribute syntax?
Yes
Hi
I have upgraded our test server(from version 1.2.5,
389-ds-base-1.2.6-0.7.rc2.el5.i386 and 389-admin-1.1.11-0.5.rc1.el5.i386),
and when running setup-ds-admin.pl -u, i get many messages like this (all
about custom attributes):
[22/Jun/2010:10:24:58 +0200] attr_syntax_create - Error: the
Hi
Is 389DS able to compute sambaLMPassword and sambaNTPassword automatically
when userPassword is updated? Is there any pugin? If not, which plugin is
the best to take as base to do this?
Regards.
--
389 users mailing list
389-users@lists.fedoraproject.org
Emmm, well, this makes samba update userPassword when changing the password
from Windows. But if i change the password from Linux, samba passwords are
not updated, because linux machines are autheticating directly with LDAP,
not with Samba (just userPassword).
I have found this message (in 2006),
Hi
To modify some parameters of the conguration, like nsslapd-cachememsize, it
is required to stop the server and manually change the setting in the
dse.ldif. Is there any way/command/utility to modify that file without using
grep and sed? I say this because when doing this, we must be careful to
Asensio Sánchez wrote:
2010/5/3 Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com
Juan Asensio Sánchez wrote:
Hi
2010/5/3 Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com mailto:rmegg...@redhat.com
mailto:rmegg...@redhat.com
Hi
2010/5/3 Rich Megginson rmegg...@redhat.com
We are having trouble since we have updated from version 1.1.3 to
1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients into LDAP.
When we try to make getent group, we only get one group and its
members, but no the rest of the groups
Hi
Is there any to make the LDAP server cache common searches, or generate a
prebuilt result set, updating it everytime an entry of the set is modified?
We have a management tool that makes the same search multiple times to get
the full list of the users (about 4), so the CPU use raise
Hi
We have migrated two servers to 1.2.5 version from 1.1.3. These servers had
a Windows Sync agreement (only 389-AD, not AD-389, neither Password Sync).
The agreements were working fine before upgrade, until we realized the were
falling. Then we deleted the agreement and recreate again, but when
=XX,dc=XX,dc=XXX
which does not get any RESULT operation. I have just enabled replication
logs in the consumer to see any messages. As soon i get them, i will post.
Regards.
2010/3/8 Rich Megginson rmegg...@redhat.com
Juan Asensio Sánchez wrote:
Hi all
I have posted this on the chat
+uid=cabudenhos029p$,ou=computers,o=XX,dc=XX,dc=XXX
which does not get any RESULT operation. I have just enabled replication
logs in the consumer to see any messages. As soon i get them, i will post.
Regards.
2010/3/8 Rich Megginson rmegg...@redhat.com
Juan Asensio Sánchez wrote
One note, we have servers with version 1.1.3 and servers that have been
upgraded to version 1.2.5. Only the servers that have been upgraded to 1.2.5
are showing the busy replica error, not those with version 1.1.3. Hope this
could help.
Regards.
El 8 de marzo de 2010 16:50, Juan Asensio Sánchez
Hi
I am trying to make our directory more user friendly. We are in Spain, so
there are people names like mine, Juan Asensio Sánchez (Sánchez with
tilde). Well, i I do a search with filter (cn=*sánchez) (with tilde), and
I get my user in the results, but if i try with the filter (cn=*sanchez
52 matches
Mail list logo