[389-users] Announcing 389 Directory Server 1.4.1.4

389 Directory Server 1.4.1.4 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.1.4 Fedora packages are available on Fedora 30 and rawhide. https://koji.fedoraproject.org/koji/taskinfo?taskID=35621238

[389-users] Re: Docker official image

Not quite the same, we have done completely hands-free deployments to cloud instances using `terraform`. Part of that automation was an additional tool we wrote, `replform`, which handles the automation of replication. Like `terraform`, it is declarative, ie, you describe the desired end state

[389-users] Re: NSX/F5 Load Balancing Health Checks

Hi , There's a ldap monitor for F5 but you need the right Big-IP version see : https://support.f5.com/csp/article/K17472 On my side i use only tcp for the monitor on port 636/389 Cdlt Le mar. 18 juin 2019 à 10:43, William Brown a écrit : > > > > On 17 Jun 2019, at 18:59, Mailvaganam, Hari >

[389-users] Re: Replacing a default schema for only one instance?

the RHDS-10 custom schema is in /etc/dirsrv/slapd-*/schema/99user.ldif while the "core" schema files have now been located in /usr/share/dirsrv/schema/ you can till use the /etc/dirsrv/slapd-instance_name/schema/ directory , but see the caveat in the online doc at: https://access.redhat.com/documen

[389-users] Replacing a default schema for only one instance?

All, Specifically, I'm referring to the two incompatible schemas for rfc2307 vs rfc2307bis. In the past, it was possible to just delete 10rfc2307.ldif from /etc/dirsrv//schema and replace it with the file supplied from /usr/share/dirsrv/data/10rfc2307bis.ldif. Now, with the new directory layout

[389-users] Re: precreation nss databases

> On 18 Jun 2019, at 13:46, Angel Bosch Mora wrote: > >> The feature doesn't exist yet, so if you write a PEM -> NSS tool, the >> project would love to accept it to our source code. It's been >> something I have wanted for a while, and recently I have been >> thinking with containers I should m

[389-users] Re: precreation nss databases

William Brown wrote: On 18 Jun 2019, at 13:41, Angel Bosch wrote: However, be mindful that the if you use attribute encryption, this value is stored in the key3.db, and replacement of this file WILL destroy your access to your own database! IE if you plan to use this strategy, you MUST NOT

[389-users] Re: precreation nss databases

> The feature doesn't exist yet, so if you write a PEM -> NSS tool, the > project would love to accept it to our source code. It's been > something I have wanted for a while, and recently I have been > thinking with containers I should more seriously develop it, but if > you wanted to add this, we

[389-users] Re: precreation nss databases

> On 18 Jun 2019, at 13:41, Angel Bosch wrote: > >> However, be mindful that the if you use attribute encryption, this >> value is stored in the key3.db, and replacement of this file WILL >> destroy your access to your own database! IE if you plan to use this >> strategy, you MUST NOT use attri

[389-users] Re: precreation nss databases

> However, be mindful that the if you use attribute encryption, this > value is stored in the key3.db, and replacement of this file WILL > destroy your access to your own database! IE if you plan to use this > strategy, you MUST NOT use attribute encryption at the same time. > I'll take that into

[389-users] Re: Docker official image

You can read more here https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ Le mar. 18 juin 2019 à 10:44, William Brown a écrit : > > > > On 17 Jun 2019, at 16:25, Olivier JUDITH wrote: > > > > From my understanding readiness operates when the pod starts. > > If it doesn't re

[389-users] Re: Docker official image

> On 17 Jun 2019, at 16:25, Olivier JUDITH wrote: > > From my understanding readiness operates when the pod starts. > If it doesn't reach the replica your pods will never initialize. > An option (for k8s) can be another container (in the pod) "389-ds-headless" > which will do all the steps r

[389-users] Re: NSX/F5 Load Balancing Health Checks

> On 17 Jun 2019, at 18:59, Mailvaganam, Hari wrote: > > Hi: > > At the moment we perform TCP health check via F5 on ports 389/636 (historical > inheritance) – which isn’t sufficient for HA. > > We are moving to an env where NSX and F5 may co-exist – and have an > opportunity to re-work t

[389-users] Re: precreation nss databases

Hi there, NSS databases are made from 3 files: cert8.db key3.db secmod.db If you are using the newer sqlite format, it's: cert9.db key4.db pkcs11.txt 389 will "prefer" the newer format if present, and there is an automatic upgrade process in NSS. I'm not sure when NSS will swap by default, a

[389-users] Re: What Do I Need?

Great! Feel free to contact this list if you have more design questions, but strictly if you choose Samba AD you should contact samba-users list, but I'm happy to answer some things directly too. Hope this helps! > On 16 Jun 2019, at 02:06, Eugene Poole wrote: > > Since the most are laptop