How to get updated Fedora 31 Cloud Image?

The Fedora 31 qcow2 cloud image e.g. http://mirrors.rit.edu/fedora/fedora/linux/releases/31/Cloud/x86_64/images/ was built with a buggy grub bootloader which causes problems like https://bugzilla.redhat.com/show_bug.cgi?id=1669252 How do I request a new Fedora 31 cloud image to be built and

[389-users] Re: disk i/o: very high write rates and poor search performance

On 08/15/2018 10:56 AM, David Boreham wrote: On 8/15/2018 10:36 AM, Rich Megginson wrote: Updating the csn generator and the uuid generator will cause a lot of churn in dse.ldif.  There are other housekeeping tasks which will write dse.ldif But if those things were being done so

[389-users] Re: disk i/o: very high write rates and poor search performance

On 08/15/2018 10:13 AM, David Boreham wrote: in strace.log: [pid 8088] 12:55:39.739539 poll([{fd=435, events=POLLOUT}], 1, 180 [pid 8058] 12:55:39.739573 <... write resumed> ) = 1 <0.87> [pid 8088] 12:55:39.739723 <... poll resumed> ) = 1 ([{fd=435, revents=POLLOUT}]) <0.000168>

[389-users] How to use lib389 to create an instance?

I keep getting this error: Traceback (most recent call last):   File "/home/rmeggins/scripts/repltest.py", line 53, in     m1 = tools.DirSrvTools.createInstance(createargs)   File "/home/rmeggins/ds/ds.git/src/lib389/lib389/tools.py", line 627, in createInstance     cfgdn = lib389.CFGSUFFIX

[389-users] Re: [389-devel] Anyone still building 389 on HPUX?

On 03/31/2017 07:58 AM, Mark Reynolds wrote: On 03/30/2017 09:05 PM, William Brown wrote: On Thu, 2017-03-16 at 15:16 -0400, Mark Reynolds wrote: Just curious if anyone is building 389 on HPUX? There is very old code in our server that is specific to HPUX that we'd like to remove. Most of

[389-users] Re: Need help to tune 389 DS

On 02/23/2017 01:11 AM, William Brown wrote: On Wed, 2017-02-22 at 22:20 -0800, Gordon Messmer wrote: On 02/22/2017 09:25 PM, William Brown wrote: Default indexes only apply to new databases (It's a template iirc). You need to edit the index on the cn=userRoot,cn=ldbm

[389-users] Re: performance degrades over time on CentOS 7

On 11/15/2016 05:51 PM, Gordon Messmer wrote: On 11/15/2016 12:08 PM, Rich Megginson wrote: It is also useful to get a few stacktraces which will give us detailed information about what the server is doing. For example, if you can "catch" the server while it is misbehavin

[389-users] Re: performance degrades over time on CentOS 7

On 11/15/2016 12:58 PM, Marc Sauton wrote: What is the test filter like? Can we see a sanitized sample of the access log with the SRCH and RESULT? If using SSL, review the output of cat /proc/sys/kernel/random/entropy_avail Do we have replication? (and large attribute values?) You may want to

[389-users] Re: Is it possible to bind using nsview as part of DN?

On 06/19/2016 06:18 AM, kash...@arissystem.com wrote: In a normal setup environment I have created an organizationUnit named View, which is an nsView object. using nsViewFilter, I have several users in this organizationUnit. I can bind to these users with their actual DN with no problem :

[389-users] Re: x-forwarded-for

AM, Rich Megginson <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote: On 05/17/2016 02:04 PM, Robert Viduya wrote: We run a cluster of directory servers (4 masters, 2 hubs, 14 slaves) behind a set of F5 Bigip load balancers. Our Bigip admins recently decided to switch the b

[389-users] Re: x-forwarded-for

On 05/17/2016 02:04 PM, Robert Viduya wrote: We run a cluster of directory servers (4 masters, 2 hubs, 14 slaves) behind a set of F5 Bigip load balancers. Our Bigip admins recently decided to switch the boxes to "one-armed" mode and that services would have to use X-Forwarded-For headers or

[389-users] Re: Sync problems with AD 2012 R2

On 05/17/2016 08:01 AM, Alberto Viana wrote: Noriko, Just to let you know, after I replicated/created the exactly same OU structure on both side, the replication seems to works fine. I'm still not sure that is the expected behavior: Yes, it is. Winsync does _not_ sync the OU structure -

[389-users] Re: ldap dbmon output questions

On 04/25/2016 01:24 PM, ghiureai wrote: Hello List, I am running some search performance tests , basic ldapsearch augument "cn" , on local ldap host with rsearch, and seeing readwaiters: values chainng , here is a sample from dbmon This is not from dbmon. This is from cn=monitor:

[389-users] Re: ldap-ping with 389-ds version

On 04/07/2016 10:45 AM, ghiureai wrote: Hello Gurus, I was searching the web for some scripts to monitor DS performance , and found the Open Ldap: ldap-ping.pl script, I wonder if there is a version for 389-DS or if are other similar performance measure scripts available for 389-ds? Looks

[389-users] Re: Replication + SSLCLIENTAUTH failure: setup_ol_tls_conn - failed: unable to create new TLS context

On 03/30/2016 06:45 PM, Graham Leggett wrote: On 31 Mar 2016, at 12:25 AM, Graham Leggett wrote: [30/Mar/2016:17:19:19 +] setup_ol_tls_conn - failed: unable to create new TLS context [30/Mar/2016:17:19:19 +] slapi_ldap_bind - Error: could not configure the server

[389-users] Re: locking performance and scalability (eye candy gnuplots inside!)

On 03/08/2016 03:36 PM, liblfds admin wrote: On 08/03/16 22:35, Howard Chu wrote: Even though it's a VM, numactl -H may still show something relevant. I'll try it next time I have one running. BerkeleyDB did adaptive locking, using a spinlock before falling back to a heavier weight system

[389-users] Re: Can't use local time format on a Generalized Time attribute

On 02/18/2016 02:52 PM, jfill...@central1.com wrote: Hi Rich, Is the code your referenced found in 389-ds-base-1.2.11 ? yes https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/servers/plugins/syntaxes/cis.c?h=389-ds-base-1.2.11#n694 -- 389 users mailing list 389-users@%(host_name)s

[389-users] Re: Synchronize Active Directory custom extension attributes to 389 DS

On 01/25/2016 02:59 AM, Mor Ndoye wrote: Hi, Using WinSync, is there any way to synchronize Active Directory custom extension attributes. Here is what I read from the Red Hat documentation: Only a subset of Directory Server and Active Directory attributes are synchronized. These attributes

[389-users] Re: 389 Windows Console

valid algorithm" but it looks as though that is the root cause. The console doesn't know what to do with that error, so it asks you to select another cert, which is just a distraction at that point. Please open a ticket. Thanks, Phil - On 4 Jan, 2016, at 15:50, Rich Meggi

[389-users] Re: ldapsearch question

On 12/14/2015 11:16 PM, Frank Munsche wrote: Hi Guys, I'm trying to understand why ldapsearch returns some objects of the dit only when the dn is set to the object I'm looking for and the search scope has to be base, e.g.: There is an object at the dn: cn=repl keep alive

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/02/2015 09:58 AM, ghiureai wrote: Hi Rich, Yes I totally agree I should see the prompt as you put here, this is working in my case only when running: setup-ds.pl -u but not for ds-admin. If you are (or can find) a perl hacker, you can use perl -d /usr/sbin/setup-ds-admin.pl and see

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/01/2015 03:07 PM, ghiureai wrote: Rich, still see bellow : and bellow only for ds no admin _setup-ds-admin.pl -u -d_ == This program will set up the 389 Directory and Administration Servers. It is

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/01/2015 11:42 AM, ghiureai wrote: Thank you Rich for reply one more related issues I see : When need to run the ds admin update I do not see the options for update, seems goes back and asks all the Q's as a new fresh installation ( ??) setup-ds-admin.pl -u What we are missing

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/01/2015 02:23 PM, ghiureai wrote: On 12/01/2015 11:42 AM, ghiureai wrote: Rich, pls see the answers to your Q's ( the DS upgrade worked but the DS Admin set up will not behave same way ) ...

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/01/2015 10:07 AM, ghiureai wrote: Hi List, we are tying to upgrade to 389-ds 1.3.4 from 1.2.2 , after rpm installed and update the server , when restarting the DS geting the following in DS errorlog, there is no such "entryallowWeakCipher" in cfg file , what should we dissable see

[389-users] Re: multimaster replication and index corruption

On 11/24/2015 10:28 AM, ghiureai wrote: On 11/24/2015 09:11 AM, Rich Megginson wrote: On 11/24/2015 10:02 AM, ghiureai wrote: Rich and the List Thank for your continue support, We are still seeing a index issues with memberof plugging, we are not sure at this point if this is related

[389-users] Re: DS:caseIgnoreOrderingMatch-defaul messages

On 11/19/2015 10:02 AM, ghiureai wrote: Rich the version for 389-base is :( I know is old ,we are planing upgrading in next future, but I do not see this messages on all DS hosts running same DS version) 389-ds-base-1.2.11.15-34.el6_5.x86_64 Not sure. Either this is something we fixed

[389-users] Re: DS:caseIgnoreOrderingMatch-defaul messages

On 11/19/2015 09:00 AM, ghiureai wrote: HI LIst, I am looking for clues to solve this messages after a export or DS reboot we are seeing this messages, I checked the 2 plugins: caseExactString and CaseIgnore String theya re both enabled , where else should I look? DS version:

Re: [389-users] multimaster replication and index corruption

to had been written to both masters in the master replication configuration when the problem occurred but because there were multiple clients concurrently accessing the servers it is hard to figure out what triggered the issue. Adrian On 11/09/2015 05:06 PM, Rich Megginson wrote: On 11/09/20

Re: [389-users] multimaster replication and index corruption

the amount of replication traffic and replication processing, and let the slave calculate the memberOf values. As far as the original issue - if we can't get enough information to diagnose/reproduce the problem, then we can be of little help. Thanks a lot Isabella On 11/10/2015 09:23 AM, Rich

Re: [389-users] multimaster replication and index corruption

On 11/09/2015 11:05 AM, ghiureai wrote: Hi List, We have cfg multimaster replication /fractional replication memberof plugging excluded ,we are seeing from time to time index corruption with some indexes , there is a strong feeling from developers this are related to DS multimaster

Re: [389-users] multimaster replication and index corruption

On 11/09/2015 05:47 PM, Ghiurea, Isabella wrote: Hi Rich, Thank you for your feedback , as always greatly appreciate when comes from 389-DS RH support. We are not using vm just plain hardware, here is the description I got from developers team related to the issues they are seeing when

Re: [389-users] nsAccountLock - Server is unwilling to perform

On 10/21/2015 01:00 AM, Mitja Mihelič wrote: On 20/10/15 15:57, Mark Reynolds wrote: On 10/20/2015 09:37 AM, Mitja Mihelič wrote: Hi! We are using using nsAccountLock=true to lock user accounts. We also have dovecot authenticating users against the 389DS. If we set nsAccountLock=true,

Re: [389-users] fractional replication and consumers Q

On 10/19/2015 09:43 AM, Mayberry, Alexander wrote: We refer to a dedicated consumer as "read only". (we use these in our security zones.) Though, I'm sure that's probably not strictly true, it captures the spirit of things. Yes. What the console means by "dedicated consumer" is a read only

Re: [389-users] fractional replication and consumers Q

, thread resource, CPU, file descriptor, etc. limits long before that. Thanks. On Mon, Oct 19, 2015 at 8:52 AM, Rich Megginson <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote: On 10/19/2015 09:43 AM, Mayberry, Alexander wrote: We refer to a dedicated consu

Re: [389-users] uid case sensitivity

On 10/09/2015 12:33 AM, Juan Ramón Moral wrote: Hi, is it possible to change config to make uid case insensitive? this search return no entries. ldapsearch -x -D "uid=*U*ser01,cn=users,dc=XXX,dc=XXX" -w XXX -s base -b "cn=users,dc=XXX,dc=XXX" ldap_bind: No such object (32) matched

Re: [389-users] Question RE: 389DS

On 10/07/2015 02:45 PM, Paul Whitney wrote: When SSL-enabling the directory server, am I allowed to use a wildcard certificate or is it mandatory the certificate include the FQHN? You can use a wildcard, but you are strongly recommended to use subject alt name instead. Thanks, Paul M.

Re: [389-users] 389-users Digest, Vol 125, Issue 3

On 10/07/2015 08:34 AM, Karel Lang AFD wrote: hi, In reply to my own question (presented as topic no. 1 in vol.125 -see below- chainmail): It is solved, problem is the script, that is recommended by fedora wiki (setupssl2.sh) as a way for automatic SSL generation for 389-DS server, is not

Re: [389-users] memberOf pluging and multimaster replication

md-memberof Thank you Isabella On 10/01/2015 11:20 AM, Rich Megginson wrote: On 10/01/2015 12:06 PM, ghiureai wrote: Hi Rich Unless the issue involves some sort of security problem that involves a potential CVE, or contains sensitive data internal to your organization that you cannot ma

Re: [389-users] memberOf pluging and multimaster replication

/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof Thank you Isabella On 10/01/2015 11:20 AM, Rich Megginson wrote: On 10/01/2015 12:06 PM, ghiureai wrote: Hi Rich Unless the issue involves some sort of security problem that involves a potential CVE

Re: [389-users] Performance with macro acis

all the children.Is there a plugin that can update this attribute automatically when an new child entry is added or deleted to the base node? No. Thanks, Adrian On 09/17/2015 10:44 AM, Noriko Hosoi wrote: On 09/17/2015 10:39 AM, Rich Megginson wrote: On 09/17/2015 11:33 AM, Noriko Hosoi wrote: Hell

Re: [389-users] Performance with macro acis

On 09/16/2015 03:11 PM, Adrian Damian wrote: Hi There, The scenario is simple: we have a subtree in the DIT with a few thousand children node. The parent node of the subtree has a few acis including a couple of macro acis that apply to each of the child nodes. We've observed a significant

Re: [389-users] performance indexes questions "memberOf" performance

e logconv.pl to look for them. On 09/17/2015 08:48 AM, Rich Megginson wrote: On 09/17/2015 09:41 AM, ghiureai wrote: Rich, which internal logging you are referring ? I have auditing and access log on ,are other loggin option ? https://access.redhat.com/documentation/en-US/Red_Hat_Dire

Re: [389-users] performance indexes questions "memberOf" performance

On 09/17/2015 09:41 AM, ghiureai wrote: Rich, which internal logging you are referring ? I have auditing and access log on ,are other loggin option ?

Re: [389-users] Recommended method to remove DB path?

On 09/17/2015 09:50 AM, Striker Leggette wrote: Greetings, What is the recommended way to remove a database with the following example path?: 5G /db/slapd-389/db/testentry Would it be simply stopping slapd, remove the path and start slapd? Did you do

Re: [389-users] Performance with macro acis

, Adrian Damian wrote: 389-ds-base-1.2.11.15-34.el6_5.x86_64 On 09/17/2015 09:56 AM, Rich Megginson wrote: On 09/17/2015 10:52 AM, Adrian Damian wrote: Hi Rich, Sorry for missing this info. It's 1.2.11 running on SL6. We need the exact version, which is why I asked for the output of rpm -q 389-ds

Re: [389-users] Performance with macro acis

On 09/17/2015 10:52 AM, Adrian Damian wrote: Hi Rich, Sorry for missing this info. It's 1.2.11 running on SL6. We need the exact version, which is why I asked for the output of rpm -q 389-ds-base Adrian On 09/17/2015 08:54 AM, Rich Megginson wrote: On 09/16/2015 03:11 PM, Adrian Damian

Re: [389-users] performance Q with ldapsearch

A is used as the base? Is this normal or we are doing something wrong? Is there a solution to this?" Don't know, but yes, it looks as though the performance is related to macro ACI handling. Please file a bug/ticket with 389. Thanks, Isabella On 09/11/2015 08:35 AM, Rich Megginson wrote: On 09/

Re: [389-users] DS not responding , but no errors in logfile

On 09/14/2015 09:10 AM, ghiureai wrote: Hi , we are having issues with one of our DS , part of multimaster replication , after was onlin for several hours and brought up the DS is not respoding running a basic ldapsearch to count the users or grous will hang not results or messages in error

Re: [389-users] performance Q with ldapsearch

On 09/11/2015 08:50 AM, ghiureai wrote: Fast query: ldapsearch -x -h xxx -b "ou=ds,dc=cb,dc=net" -W -D "uid=axxx,ou=Users,ou=ds,dc=cb,dc=net" "(objectclass=groupofuniquenames)" "cn" | sort -u | wc Slow query: ldapsearch -x -h xxx-b "ou=groups,ou=ds,dc=cb,dc=net" -W -D

Re: [389-users] performance Q with ldapsearch

On 09/10/2015 04:00 PM, ghiureai wrote: Hi Gurus, we are seening some performance issues when running ldapsearch with tree ou=Groups, ou=ds , dc=abc, dc=net takes longer than when looking for same user but from one level up of tree up aka :ou=ds, dc=abc,dc=net, the difference in time very

Re: [389-users] Random dirsrv freezes and high CLOSE_WAITs

On 09/02/2015 09:45 PM, Prashant Bapat wrote: Hi, We have been using 389-ds as part of FreeIPA. In one of our environments, we have 2 389-ds installations with replication. What version? rpm -q 389-ds-base Randomly, the 389-ds on either of them completely freezes and there are high

Re: [389-users] Random dirsrv freezes and high CLOSE_WAITs

bKey", "ipaSshSigTimestamp", "loginshell"]) except LDAPError, e: print e print "Error getting info from LDAP. Either wrong username or issues with LDAP server " raise sys.exit(-1) On 3 September 2015 at 19:17, Rich Megginson <rmegg...@re

Re: [389-users] replica from DS to AD

On 08/28/2015 04:46 AM, Fabien Gasbayet wrote: Hi, I have 2 questions. 1 - On this diagram : https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Windows_Sync.html#Windows_Sync-About_Windows_Sync Password replication seems bi-directional… But

Re: [389-users] RHDS query directReports

On 08/05/2015 06:23 AM, Alpesh Shinde wrote: Hi Team, How to get the directReport values for a particular manager using RHDS queries? I am new to RHDS however have mostly worked on Microsoft AD and there is a powershell cmdlet to get this value. Can someone please help me with this? Or may

Re: [389-users] How to use Host Based Attributes with Class of Service

On 07/22/2015 07:10 AM, Paul Tobias wrote: On 21/07/15 15:21, Rich Megginson wrote: On 07/21/2015 06:19 AM, Paul Tobias wrote: Hi guys, In short: Can I use Class of Service[1] together with Host Based Attributes[2]? It doesn't work for me. The directory server uses Host Based Attributes

Re: [389-users] How to use Host Based Attributes with Class of Service

On 07/21/2015 06:19 AM, Paul Tobias wrote: Hi guys, In short: Can I use Class of Service[1] together with Host Based Attributes[2]? It doesn't work for me. The directory server uses Host Based Attributes to give different loginshell on servers and desktops. The idea is that on a desktop

Re: [389-users] DNA Plugin Causes 389-DS to Crash if Large Number of Candidates

On 07/16/2015 05:47 PM, Fong, Trevor wrote: Hi Guys, We’re running 389-ds 1.2.11.29-1.el6 Can you upgrade to a newer version? There have been several releases since then. and are experimenting with the DNA plugin. When trying to set an existing account’s uidNumber to the magic regen

Re: [389-users] 389-ds access.log parsing - turning LDAP request type into an audit event

On 07/11/2015 09:29 PM, Burn Alting wrote: On Mon, 2015-07-06 at 08:00 -0600, Rich Megginson wrote: On 07/03/2015 05:49 AM, Burn Alting wrote: Has anyone authored code to parse a 389 Directory Server's access.log file(s) with an aim of generating audit events based around the LDAP request

Re: [389-users] winsyncsubtreepair

On 07/07/2015 10:07 AM, Mark Boyce wrote: Good Morning, Has anyone else seen this behavior; after configuring Winsync I add one or perhaps two “pairs” to the sync agreement (ds:AD) Firstly - what version of 389-ds-base? rpm -q 389-ds-base What version of Windows/AD? 2012 R2? I don't

Re: [389-users] winsyncsubtreepair

that add clarity? *Mark L. Boyce* Senior Identity Management Analyst University of California, Office of the President *From:*389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Rich Megginson *Sent:* Tuesday, July 07, 2015 9:22 AM *To:* 389

Re: [389-users] winsyncsubtreepair

-users-boun...@lists.fedoraproject.org] *On Behalf Of *Rich Megginson *Sent:* Tuesday, July 07, 2015 10:59 AM *To:* 389-users@lists.fedoraproject.org *Subject:* Re: [389-users] winsyncsubtreepair On 07/07/2015 11:49 AM, Mark Boyce wrote: Rich, The version of 389-ds-base is 1.3.3.10-1.fc22

Re: [389-users] 389-ds access.log parsing - turning LDAP request type into an audit event

On 07/03/2015 05:49 AM, Burn Alting wrote: Has anyone authored code to parse a 389 Directory Server's access.log file(s) with an aim of generating audit events based around the LDAP request type. Basically, take the log sequence [21/Apr/2007:11:39:51 -0700] conn=11 fd=608 slot=608

Re: [389-users] Unit testing LDAP acis for fun and profit

On 07/04/2015 02:06 AM, William wrote: Hi, I am going to publish this as a blog post in the next few days on http://firstyear.id.au However, as it's relevant for this audience I decided to re-post it here. My workplace is a reasonably sized consumer of 389ds. We use it for storing pretty

Re: [389-users] Unit testing LDAP acis for fun and profit

On 07/06/2015 05:18 PM, William wrote: I will clean up and publish the usl tool set in the future to help other people test their own LDAP secuity controls. Nice! This would be a good addition to our admin/management tools, if you would like to submit it. Please open a ticket and attach the

Re: [389-users] Access to 389/636

On 06/26/2015 12:30 AM, Joshua Brodie wrote: Hi: Is it possible to source IP address restrict ldap transactions to ports 389 and 636 - outside of using external firewall or IP tables? Something like this?

Re: [389-users] Python3 support

On 06/24/2015 06:05 AM, Robert Kuska wrote: Hello everyone, I am Robert Kuska, I am a python co-maintainer and co-owner of change Python3 as default which aims to provide python3 only packages by default across different fedora platform releases[0]. The reason why I am contacting you is, that

Re: [389-users] Announcing 389 Directory Server version 1.3.4.0

On 06/22/2015 05:13 PM, Thomas Spuhler wrote: On Saturday, June 20, 2015 04:40:58 PM Noriko Hosoi wrote: 389 Directory Server 1.3.4.0 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.4.0. Fedora packages are available from the Fedora 22 and Rawhide repositories.

Re: [389-users] _cl5CompactDBs: failed to compact

On 06/19/2015 04:29 AM, Ivanov Andrey (M.) wrote: Hi Noriko, There are three MMR replicating servers. It's one month of uptime and the servers wanted to trim the replication log. Here is what i've

Re: [389-users] 389-admin-1.1.36

On 06/12/2015 09:44 AM, Derek Belcher wrote: Where can I go to see the difference between: 389-admin-1.1.36 and 389-admin-1.1.35-1.el6.x86_64 If you checkout the repo from git: https://git.fedorahosted.org/cgit/389/admin.git You could do $ git diff 389-admin-1.1.35..389-admin-1.1.36

Re: [389-users] sourceforge hijack 389 directory server page?

On 06/03/2015 03:54 AM, Sharuzzaman Ahmat Raslan wrote: Hi 389 developers, I was reading news about Sourceforge is hijacking nmap page in Sourceforge. When I listed the page owned by user sf-editor1, it looks like 389 directory server was also hijacked. Are you aware of this? I was not

Re: [389-users] flag user must change password at next logon remains active after PassSync

On 05/20/2015 05:28 AM, Mihai Carabas wrote: Hello, We've setup an 389 Directory Server on a Fedora21 and configured synchronization with an Active Directory (running on an Windows2012R2 Datacenter). We've managed to synchronize all the accounts from the 389DS to AD (about 44000). All the

Re: [389-users] DS querying members groups not showing recent/updated members

On 05/15/2015 12:36 PM, Ghiurea, Isabella wrote: HI LIst, we are seeing some strange behavoiurs in our DS ( members of pluging is enabled) if we add a user to a group we can't see that new user in group for some minutes /days , the follwing curl returns 0 members in group but ( there were

Re: [389-users] selinux problem with centos 7.1

On 04/17/2015 08:19 AM, Angel Bosch wrote: I went through this with Mageia. You either need to enable selinux (permissive) or compile 389-ds without selinux. do you mean I won't be able to execute it without selinux? or is just the installer? Please file a ticket -

Re: [389-users] 389 DS merged with AD?

On 04/14/2015 12:41 PM, Gary Algier wrote: Hello, I am in search of a tool to solve a new directory server issue in relation to Active Directory... For a long time here at work, we have had LDAP as our authentication source and nsswitch source for Solaris and Linux. First it was the

Re: [389-users] No results from nsContainer subtree search

On 04/07/2015 12:00 AM, William wrote: I ran the following search: ldapsearch -H ldap://localhost -b 'cn=nsAccountInactivationTmp,dc=example' -s sub -Z -x -D 'cn=Directory Manager' -W '(objectClass=*)' '*' I was trying to locate the object:

Re: [389-users] Retro ChangeLog

On 03/20/2015 11:28 AM, Joshua Brodie wrote: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Replication-Using_the_Retro_Changelog_Plug_in.html You should use the latest docs -

Re: [389-users] GUI console and Kerberos

On 03/11/2015 11:54 AM, Paul Robert Marino wrote: Hey every one I have a question I know at least once in the past i setup the admin console so it could utilize Kerberos passwords based on a howto I found once which after I changed jobs I could never find again. today I was looking for

Re: [389-users] Review 389-ds install/upgrade procedures and requisites on http://directory.fedoraproject.org/docs/389ds/download.html

, then yes, for changes to the core 389-ds-base package. On Mar 9, 2015, at 8:01 PM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 03/09/2015 05:54 PM, Rich Megginson wrote: On 03/09/2015 04:44 PM, Robert Viduya wrote: On Mar 9, 2015, at 5:30 PM, Noriko Hosoi nho

Re: [389-users] Review 389-ds install/upgrade procedures and requisites on http://directory.fedoraproject.org/docs/389ds/download.html

On 03/09/2015 12:39 AM, Juan Carlos Camargo wrote: I'd like to see an updated install/upgrade procedure for 389-ds. The info on the web page is outdated, links for coprs are not working either , maybe they are not valid anymore. They are not, and have been removed. It was just too difficult

Re: [389-users] Review 389-ds install/upgrade procedures and requisites on http://directory.fedoraproject.org/docs/389ds/download.html

using the old rmeggins repo or a copr repo, see http://www.port389.org/docs/389ds/releases/end-1-2-11.html Thanks. Is compiling from source our only option? Because, I can do that. I'd just rather not have to. On Mar 9, 2015, at 10:26 AM, Rich Megginson rmegg...@redhat.com mailto:rmegg

Re: [389-users] Review 389-ds install/upgrade procedures and requisites on http://directory.fedoraproject.org/docs/389ds/download.html

On 03/09/2015 05:54 PM, Rich Megginson wrote: On 03/09/2015 04:44 PM, Robert Viduya wrote: On Mar 9, 2015, at 5:30 PM, Noriko Hosoi nho...@redhat.com mailto:nho...@redhat.com wrote: Hello, On 03/09/2015 02:18 PM, Robert Viduya wrote: I'm in the same boat. We, as an enterprise, have

Re: [389-users] Unable to Run 389-console

March 2015 at 12:38, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 03/03/2015 08:26 PM, Hadoop Solutions wrote: [root@sv2lxdpdsedi01 gse]# java -version java version 1.7.0_75 OpenJDK Runtime Environment (rhel-2.5.4.0.el6_6-x86_64 u75-b13) OpenJDK 64-Bit

Re: [389-users] Unable to Run 389-console

On 03/03/2015 10:59 AM, Noriko Hosoi wrote: What platform you are running on? How did you install the packages? E.g., yum install 389-ds? And could you provide the package versions? $ rpm -q idm-console-framework $ rpm -qa | egrep 389 Also, which java version? java --version. Looks like

Re: [389-users] Unable to Run 389-console

suggestions. Thanks, Shaik On 4 March 2015 at 02:09, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 03/03/2015 10:59 AM, Noriko Hosoi wrote: What platform you are running on? How did you install the packages? E.g., yum install 389-ds? And could you provide

Re: [389-users] Unable to Run 389-console

/bin/389-console On 4 March 2015 at 10:49, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 03/03/2015 07:45 PM, Hadoop Solutions wrote: Hi, please find the below 389 versions... [gse@sv2lxdpdsedi01 ~]$ *rpm -q idm-console-framework* idm-console

Re: [389-users] DIRSRV restarts - Multiple times today

On 03/02/2015 12:08 PM, Jordan, Phillip wrote: Today the DIRSRV has crashed twice on each of our two servers. We have been attempting to find the root cause and also in weeks past installed the CORE Pack RPM’S. In debugging this in stage we were able to create a manual core file but once we

Re: [389-users] db2bak on a provider/master

On 02/26/2015 07:41 AM, Mitja Mihelič wrote: -- Mitja Mihelič ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 8877, fax: +386 1 479 88 78 On 26. 02. 2015 15:18, Rich Megginson wrote: On 02/26/2015 06:30 AM, Mitja Mihelič wrote: Hi! We have a provider/consumer

Re: [389-users] db2bak on a provider/master

On 02/26/2015 06:30 AM, Mitja Mihelič wrote: Hi! We have a provider/consumer (master/slave) setup and we wish to create a database backup on the master. Replica setting on the master are set to Single Master. But when I run .../db2bak $backup_path/$current_date Backup fails an the following

Re: [389-users] CORE creation is not working

On 02/18/2015 09:12 AM, Jordan, Phillip wrote: So a few weeks back we installed the CORE RPM and we were able to get a test core file on our Dev environment, but dev is 1.2.11.15-32, and in prod we are unable to get the core to generate with version 1.2.11.15-48. That's a good thing,

Re: [389-users] admin-console issues

On 02/18/2015 07:43 AM, Fernando Fuentes wrote: Team, Due to a small requirement by ovirt I had to change my nsslapd-minssf from 0 to 1. All of my systems continue to work as they use ssl. But the admin-console is now unable to log in. Can you configure the admin-console to use ssl? I

Re: [389-users] admin-console issues

/Administration_Guide/Managing_SSL.html Thanks for the help. Regards, On 02/18/2015 08:45 AM, Rich Megginson wrote: On 02/18/2015 07:43 AM, Fernando Fuentes wrote: Team, Due to a small requirement by ovirt I had to change my nsslapd-minssf from 0 to 1. All of my systems continue to work

Re: [389-users] CORE creation is not working

-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Rich Megginson *Sent:* Wednesday, February 18, 2015 10:25 AM *To:* 389-users@lists.fedoraproject.org *Subject:* Re: [389-users] CORE creation is not working On 02/18/2015 09:12 AM, Jordan

Re: [389-users] 389ds and certificateExactMatch - is it supported?

On 01/28/2015 09:09 AM, Graham Leggett wrote: Hi all, After struggling to get a certificateExactMatch query to work, I’ve discovered that in 389ds the certificateExactMatch rule in the schema has been marked as commented out like this: # TODO - Add Certificate syntax #attributeTypes: (

Re: [389-users] 389ds and certificateExactMatch - is it supported?

On 01/28/2015 09:43 AM, Graham Leggett wrote: On 28 Jan 2015, at 6:33 PM, Rich Megginson rmegg...@redhat.com wrote: Does 389ds offer certificateExactMatch support as per the RFCs? No, that's why it is commented out. We do not have support for the certificate* matching rules. That's why we

Re: [389-users] Fwd: patching master-master replicated servers

On 01/19/2015 02:11 PM, xian wrote: Hi Team, I have 2 Red Hat Directory Server instances on level 9.0 and would like to patch both to 9.1. They are operating in a master-master 2 way replication mode. How am I supposed to do that? I don't see much info in the official docs, only how to

Re: [389-users] repl5_inc_waitfor_async_results

=0 tag=107 nentries=0 etime=0 csn=54b3c6e500050001 thanks, Shardul. On Fri, Jan 9, 2015 at 7:01 AM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 01/08/2015 10:21 AM, shardulsk wrote: Hi, Running 389-ds 1.1.2 on Centos 5. rpm -q 389-ds-base

Re: [389-users] repl5_inc_waitfor_async_results

PM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 01/12/2015 07:18 AM, shardulsk wrote: Rich, Updating to current version sounds like a no-brainer but there are circumstances which won't allow be to do that for the next few weeks atleast

Re: [389-users] repl5_inc_waitfor_async_results

On 01/08/2015 10:21 AM, shardulsk wrote: Hi, Running 389-ds 1.1.2 on Centos 5. rpm -q 389-ds-base We have suddenly seen repl5_inc_waitfor_async_results errors crop up in our error log during peak traffic hours. The Master loses sight of Hubs and replication stalls. Most of the times

Re: [389-users] dir 389 console on Centos 7

On 12/17/2014 11:51 AM, Crocker, Deborah wrote: It is possible to get the admin console and admin server from an rpm on Centos 7? I don't see them in the yum search output. No, not yet - see https://fedorahosted.org/389/ticket/47865 Thanks D. Crocker -- 389 users mailing list

  1   2   3   4   5   6   7   8   9   10   >