[389-users] Re: 389 DS 2.3.6 on RHEL 9 replication between 2.3.6 and 1.3.9 389DS

e documented in the official Red Hat docs/389 wiki ... * HTH, Mark Still got the same error. Thank you again, - Alex On Tue, Apr 2, 2024 at 5:35 PM Mark Reynolds wrote: Hi Alex, It definitely works, and that error means you did not "initialize" your new server/rep

[389-users] Re: 389 DS 2.3.6 on RHEL 9 replication between 2.3.6 and 1.3.9 389DS

Hi Alex, It definitely works, and that error means you did not "initialize" your new server/replica.  Looks like you just setup a replication agreement, but not initialize the remote replica. Once initialized the new server will have the same database generation id and replication updates

[389-users] Fwd: dscontainer as non root

Forwarding to the correct list Forwarded Message Subject:dscontainer as non root Date: Mon, 12 Feb 2024 20:01:09 +0530 From: Antony Jose To: 389-users-ow...@lists.fedoraproject.org Hi, Can we run dscontainer as non root process. I have deployed

[389-users] Re: Allow User to Change Expired Password

Hi Aaron, I'm not sure what version of 389 you are using but it works for me on the latest version if I enable grace logins.  Here are my settings: cn=config ... passwordChange: on passwordGraceLimit: 2 passwordExp: on passwordMaxAge: 30 $ ldapmodify -H ldap://localhost:389 -D

[389-users] Re: Setting "lock" time of an account in the future

anks, Mark Cheers Cenk On Fri, Sep 29, 2023 at 9:50 PM Mark Reynolds wrote: Actually, I was wrong there is more you need to do. You need to enable account lockout and set a max failure count: # dsconf slapd-INSTANCE config set passwordLockout=on passwordMaxFailure=3 Then s

[389-users] Re: Setting "lock" time of an account in the future

Actually, I was wrong there is more you need to do. You need to enable account lockout and set a max failure count: # dsconf slapd-INSTANCE config set passwordLockout=on passwordMaxFailure=3 Then set in each user entry:     passwordRetryCount: 3  --> number equal to passwordMaxFailure    

[389-users] Re: Setting "lock" time of an account in the future

Hi Cenk, Yes this can be done by first locking the entry, and then setting passwordLockoutDuration to the time (in seconds) into the future you want it to unlock.  So it's not a nice date you can use, but the value can still be calculated

[389-users] Re: Migration: importing an OU to a new instance

The other option is yo export the local database to LDIF, then import two ldifs at the same time.  Something like: # dsconf slapd-INSTANCE backend import userroot local_ldif other_ldif HTH, Mark On 9/14/23 1:50 PM, tda...@arizona.edu wrote: Thanks, this was my backup plan if I couldn't find

[389-users] Re: Migration: importing an OU to a new instance

On 9/13/23 1:57 PM, tda...@arizona.edu wrote: Thanks for the quick reply. My issue is this: Server A has two OUs, call them ou=A and ou=B. Server B has two OUs, ou=A (empty) and ou=C. I want to copy the data from ou=A on server A to ou=A on server B. There are no ou=B entries in the export

[389-users] Re: Internal Server Error

he.org/studio/ but I don't think this is exactly what you are looking for. Regards, Mark Thanks for the support. //Omar On Thu, Aug 24, 2023 at 8:56 AM Mark Reynolds wrote: On 8/23/23 10:08 AM, Omar Pagan wrote: > Getting the following error after following all the docu

[389-users] Re: Internal Server Error

need to develop your own user portal.  There is also Openldap's Apache Directory Studio: https://directory.apache.org/studio/ but I don't think this is exactly what you are looking for. Regards, Mark Thanks for the support. //Omar On Thu, Aug 24, 2023 at 8:56 AM Mark Reynolds wrote

[389-users] Re: Internal Server Error

On 8/23/23 10:08 AM, Omar Pagan wrote: Getting the following error after following all the documentation for deploying 389ds and 389dsgw. Please help. What documentation?  dsgw (Directory Server Gateway) hasn't been "supported/maintained" in over 10+ years so I am not surprised it's not

[389-users] Re: 389-ds freezes with deadlock

Hi Julian, It would be helpful to get a pstack/stacktrace so we can see where DS is stuck: https://www.port389.org/docs/389ds/FAQ/faq.html#sts=Debugging%C2%A0Hangs Thanks, Mark On 8/24/23 4:13 AM, Julian Kippels wrote: Hi, I am using 389-ds Version 2.3.1 and have encountered the same

[389-users] Announcing 389 Directory Server 2.2.9

389 Directory Server 2.2.9 The 389 Directory Server team is proud to announce 389-ds-base version 2.2.9 Fedora packages are available on Fedora 37 https://koji.fedoraproject.org/koji/taskinfo?taskID=104325801

[389-users] Announcing 389 Directory Server 2.4.3

389 Directory Server 2.4.3 The 389 Directory Server team is proud to announce 389-ds-base version 2.4.3 Fedora packages are available on Rawhide (f39) Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=104323615

[389-users] Re: Crash with SEGV after compacting

On 7/11/23 9:43 AM, Thierry Bordaz wrote: Hello, Unfortunately the original backtrace did not contain symbol and I can not say if the bug was already fixed Thread 1 (Thread 0x7f7c42a4e700 (LWP 22323)): #0 0x7f7c54258c9c in ??? () at

[389-users] Re: Access to 389-ds in Cockpit without sudo to root

Hi Brian, Unfortunately you can't because Cockpit calls the DS CLI tools (dsconf, dsctl, etc) which must be run as a privileged user in order to work correctly. Regards, Mark On 6/6/23 7:58 AM, Brian Mattey (UK) wrote: Hi, I would like to grant a non-privileged user (cannot sudo to

[389-users] Announcing 389 Directory Server 2.2.8

389 Directory Server 2.2.8 The 389 Directory Server team is proud to announce 389-ds-base version 2.2.8 Fedora packages are available on Fedora 37 https://koji.fedoraproject.org/koji/taskinfo?taskID=101293586

[389-users] Announcing 389 Directory Server 2.3.4

389 Directory Server 2.3.4 The 389 Directory Server team is proud to announce 389-ds-base version 2.3.4 Fedora packages are available on Fedora f38 Fedora 38: https://koji.fedoraproject.org/koji/taskinfo?taskID=101288860

[389-users] Announcing 389 Directory Server 2.4.1

389 Directory Server 2.4.1 The 389 Directory Server team is proud to announce 389-ds-base version 2.4.1 Fedora packages are available on Rawhide (f39) Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=101287079

[389-users] Re: 389 Ldap Cleanallruv Replica Crash

It could be related to: https://github.com/389ds/389-ds-base/issues/5743 Can you please try and get a stack trace of the crash/core? https://www.port389.org/docs/389ds/FAQ/faq.html#sts=Debugging%C2%A0Crashes Thanks, Mark On 5/2/23 3:00 PM, Juan Quintanilla wrote: Hi, I recently

[389-users] Announcing 389 Directory Server 2.4.0

389 Directory Server 2.4.0 The 389 Directory Server team is proud to announce 389-ds-base version 2.4.0 Fedora packages are available on Rawhide (Fedora 39) Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=100388694

[389-users] Announcing 389 Directory Server 2.3.3

389 Directory Server 2.3.3 The 389 Directory Server team is proud to announce 389-ds-base version 2.3.3 Fedora packages are available on Fedora 38 Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=100387023

[389-users] Announcing 389 Directory Server 2.2.7

389 Directory Server 2.2.7 The 389 Directory Server team is proud to announce 389-ds-base version 2.2.7 Fedora packages are available on Fedora 37 https://koji.fedoraproject.org/koji/buildinfo?buildID=2192884

[389-users] Announcing 389 Directory Server 2.1.8

389 Directory Server 2.1.8 The 389 Directory Server team is proud to announce 389-ds-base version 2.1.8 Fedora packages are available on Fedora 36 https://koji.fedoraproject.org/koji/taskinfo?taskID=100382283

[389-users] Re: 389 DS memory growth

On 4/21/23 2:18 PM, Nazarenko, Alexander wrote: Hi, Thierry, Where can I see the relation between 389 DS 7.9.* versions and 1.3.* versions of 389-ds-base to keep track of the expected changes? This is comparing upstream verses downstream.  It's not so straightforward: Downstream (search

[389-users] Re: Migration from OpenLDAP to 389 Directory Server Failed

On 3/13/23 10:08 PM, Kresna Satya wrote: Hi everyone, currently I would like to move the LDAP tool from OpenLDAP and 389 Directory Server. The data and configuration are saved in OpenLDAP and I would like to migrate to 389 Directory Server. So far, migration runs well but after migration I

[389-users] Re: Problem with 389-ds authentication

re are no issues/restrictions with multiple connections concurrently binding as the same user. HTH, Mark BR, /MrM On Tue, Mar 7, 2023 at 4:38 PM Mark Reynolds wrote: What rpm version of 389-ds-base are you using?  Is it the same on both systems? In newer versions the sta

[389-users] Re: Problem with 389-ds authentication

What rpm version of 389-ds-base are you using?  Is it the same on both systems? In newer versions the standard storage scheme is PBKDF2-SHA512. Is your client trying to read or add already hashed passwords? Not sure why dovecot, or any client, would be complaining about an unknown password

[389-users] Re: 389-DS Cockpit

On 2/10/23 8:47 AM, Rosario Esposito wrote: Hello, I read from https://directory.fedoraproject.org/docs/389ds/download.html "cockpit-389-ds is not distributed in AppStream." I just downloaded the current 389-ds-base source rpm from Appstream: 389-ds-base-2.1.3-4.el9_1.src.rpm Inside the src

[389-users] Re: 389-DS Cockpit

Yes, you install cockpit bridge on your other systems then you can link them in the Cockpit console.  After installing cockpit bridge on all the hosts, then goto the "man" Cockpit console, top left, open the menu and you can "add hosts". HTH, Mark On 2/3/23 10:29 AM, Paul Whitney wrote:

[389-users] Announcing 389 Directory Server 2.1.7

389 Directory Server 2.1.7 The 389 Directory Server team is proud to announce 389-ds-base version 2.1.7 Fedora packages are available on Fedora 36 https://koji.fedoraproject.org/koji/taskinfo?taskID=96589528

[389-users] Announcing 389 Directory Server 2.2.6

389 Directory Server 2.2.6 The 389 Directory Server team is proud to announce 389-ds-base version 2.2.6 Fedora packages are available on Fedora 37 https://koji.fedoraproject.org/koji/taskinfo?taskID=9657

[389-users] Announcing 389 Directory Server 2.3.2

389 Directory Server 2.3.2 The 389 Directory Server team is proud to announce 389-ds-base version 2.3.2 Fedora packages are available on Rawhide (f38) Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=96566979

[389-users] Re: Use dsconf to set nsslapd-lookthroughlimit

You can use dsconf to set it: # dsconf slapd-instance backend config set --lookthroughlimit 10 HTH, Mark On 1/11/23 6:43 AM, Julian Kippels wrote: Hi, I am looking for a way to set nsslapd-lookthroughlimit from cn=config,cn=ldbm database,cn=plugins,cn=config using dsconf. So far I have

[389-users] Re: Wrong password hash algorithm returned

On 11/22/22 9:30 AM, Thierry Bordaz wrote: On 11/22/22 10:28, Julian Kippels wrote: Hi Thierry, that's a nasty catch… On the one hand I think this is a nice feature to improve security, but on the other hand PBKDF2_SHA256 is the one algorithm that freeradius cannot cope with. I suppose

[389-users] Announcing 389 Directory Server 2.2.4

389 Directory Server 2.2.4 The 389 Directory Server team is proud to announce 389-ds-base version 2.2.4 Fedora packages are available on Fedora 37 https://koji.fedoraproject.org/koji/taskinfo?taskID=94297859

[389-users] Announcing 389 Directory Server 2.1.6

389 Directory Server 2.1.6 The 389 Directory Server team is proud to announce 389-ds-base version 2.1.6 Fedora packages are available on Fedora 36 https://koji.fedoraproject.org/koji/taskinfo?taskID=94299041

[389-users] Announcing 389 Directory Server 2.0.17

389 Directory Server 2.0.17 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.17 Fedora packages are available on Fedora 35 Fedora 35: https://koji.fedoraproject.org/koji/taskinfo?taskID=94300237 - 

[389-users] Announcing 389 Directory Server 2.3.1

389 Directory Server 2.3.1 The 389 Directory Server team is proud to announce 389-ds-base version 2.3.1 Fedora packages are available on Rawhide (f38) Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=94296874

[389-users] Re: FileDescriptors exhausted

nthorer, Christine Rupp, Frank Theisen Sitz der Gesellschaft: Ehningen / Registergericht: Amtsgericht Stuttgart, HRB 14562 / WEEE-Reg.-Nr. DE 99369940 https://www.ibm.com/privacy/us/en/ -----Original Message- From: Mark Reynolds Sent: Samstag, 12. November 2022 22:29 To: General discuss

[389-users] Re: FileDescriptors exhausted

What version of 389-ds-base are you using? In newer versions we automatically set the server FD limit to the maximum allowed per process.  This can be seen in the errors log at server startup: For example:     [09/Nov/2022:16:23:07.100244932 -0500] - INFO - main - Setting the maximum file

[389-users] Re: Upgrading from 1.2.2 to 1.4.4

On 11/9/22 3:41 AM, Julian Kippels wrote: Hi, Am Tue, 8 Nov 2022 16:39:20 -0500 schrieb Mark Reynolds : How did you generate these ldifs?  Did you use db2ldif, or ldapsearch? If you used ldapsearch, then stop.  Please use db2ldif/db2ldif.pl I created the ldifs using the Java 389-console

[389-users] Re: Upgrading from 1.2.2 to 1.4.4

On 11/8/22 4:12 PM, Christian, Mark wrote: On Tue, 2022-11-08 at 21:24 +0100, Julian Kippels wrote: Hi, I am currently in the process of moving our LDAP-Servers from old CentOS 7 Servers to new Debian 11 Servers. In the process I am exporting all databases from the old server to ldif files

[389-users] Re: Reminder - how to unsubscribe yourself

it's supposed to be done.  Like I said I don't mind doing it, but I don't always get around to it in a timely manner. Thanks, Mark Cheers, Alberto Viana On Tue, Oct 4, 2022 at 11:29 AM Mark Reynolds wrote: There have been a lot of people just sending "unsubscribe"

[389-users] Reminder - how to unsubscribe yourself

There have been a lot of people just sending "unsubscribe" messages to the list.   At the bottom of every email from this list there is a link to unsubscribe yourself.  I don't mind doing it, but it's very easy to do it yourself.  Just a reminder... -- Directory Server Development Team

[389-users] Re: Fwd: 389 DS stop reponding

On 10/3/22 09:08, jfdesir wrote: Hi, I'am facing an issue that i  can't solve. I have recently install two new LDAP servers   (ubuntu 18.04 /389 DS 1.3.7.10) First, 389-ds-base-1.3.7 is extremely old and outdated (it has not been supported in a very long time).  There are *many* bugs in

[389-users] Re: 389 DS sync issue with Active Directory

On 9/19/22 3:05 AM, Darshan B wrote: Hello Team I have a question on sync between 389 DS and windows active Directoty. I have followed this link to https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-ldap.html for Synchronizing with Microsoft Active Directory(6.11) with

[389-users] Re: Procedure to change the AD used to sync users

, Mark Reynolds wrote: On 9/16/22 1:40 PM, Ludwig Krispenz wrote: On 16.09.22 19:16, Mark Reynolds wrote: On 9/12/22 3:38 PM, Mihai Carabas wrote: On Mon, Sep 12, 2022 at 6:35 PM Mark Reynolds wrote: On 9/12/22 10:58 AM, Mihai Carabas wrote: On Fri, Sep 9, 2022 at 10:31 PM

[389-users] Re: Procedure to change the AD used to sync users

On 9/16/22 1:40 PM, Ludwig Krispenz wrote: On 16.09.22 19:16, Mark Reynolds wrote: On 9/12/22 3:38 PM, Mihai Carabas wrote: On Mon, Sep 12, 2022 at 6:35 PM Mark Reynolds wrote: On 9/12/22 10:58 AM, Mihai Carabas wrote: On Fri, Sep 9, 2022 at 10:31 PM Mihai Carabas

[389-users] Re: Procedure to change the AD used to sync users

On 9/12/22 3:38 PM, Mihai Carabas wrote: On Mon, Sep 12, 2022 at 6:35 PM Mark Reynolds wrote: On 9/12/22 10:58 AM, Mihai Carabas wrote: On Fri, Sep 9, 2022 at 10:31 PM Mihai Carabas wrote: On Wed, Aug 31, 2022 at 8:25 PM Mark Reynolds wrote

[389-users] Re: Procedure to change the AD used to sync users

On 9/12/22 10:58 AM, Mihai Carabas wrote: On Fri, Sep 9, 2022 at 10:31 PM Mihai Carabas wrote: On Wed, Aug 31, 2022 at 8:25 PM Mark Reynolds wrote: Mihai, Start with the docs: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11

[389-users] Re: Limiting Direcory Manager access

Yes there is an access control plugin for the Root DN where you can define this limitation: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/rootdn-acl https://www.port389.org/docs/389ds/design/rootdn-access-control.html HTH, Mark On 9/5/22

[389-users] Announcing 389 Directory Server 2.2.3

389 Directory Server 2.2.3 The 389 Directory Server team is proud to announce 389-ds-base version 2.2.3 Fedora packages are available on Fedora 37 https://koji.fedoraproject.org/koji/taskinfo?taskID=91505211

[389-users] Announcing 389 Directory Server 2.3.0

389 Directory Server 2.3.0 The 389 Directory Server team is proud to announce 389-ds-base version 2.3.0 Fedora packages are available on Rawhide (f38) Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=91503550

[389-users] Re: 389DS on K8s - dirserv won't start

On 9/1/22 7:24 AM, Ronald Wimmer wrote: We stuck to the guide on https://directory.fedoraproject.org/docs/389ds/howto/howto-deploy-389ds-on-openshift.html but tried to leave out LDAPs and all the certificate stuff for now. Pod is starting but crashes immediately with the following error:

[389-users] Re: Procedure to change the AD used to sync users

Mihai, Start with the docs:

[389-users] Re: 389 server logging format

There is no way to customize the logging.  What format are you looking for? python-lib389 that ships with DS has some logging classes.  See https://github.com/389ds/389-ds-base/blob/main/src/lib389/lib389/dirsrv_log.py HTH, Mark On 8/26/22 4:08 PM, tda...@arizona.edu wrote: Is there a way

[389-users] Announcing 389 Directory Server 2.1.5

389 Directory Server 2.1.5 The 389 Directory Server team is proud to announce 389-ds-base version 2.1.5 Fedora packages are available on Fedora 36 https://koji.fedoraproject.org/koji/taskinfo?taskID=91179741

[389-users] Re: NOTICE - Rust will be mandatory starting in 389-ds-base-2.2

(not NSS), so we don't have these issues anymore. FYI we were able to get the NSS PBKDF2 version working in FIPS (in very recent versions), but the Rust version is much better and more secure. Thanks, Mark Thanks, Trevor On Tue, Aug 23, 2022 at 9:53 AM Mark Reynolds wrote: Hello

[389-users] NOTICE - Rust will be mandatory starting in 389-ds-base-2.2

Hello, For many years now we have been offering Rust plugins, and for those that build the server themselves it was possible to disable Rust if it was not wanted.  This is no longer going to be an option starting in the next release of 389-ds-base-2.2 (On Fedora 37).  We are upgrading the

[389-users] Re: 389-ds-base/cockpit-389-ds on EL9

On 8/14/22 11:10 AM, Daniel Bird wrote: *>>*I will report back any issues as I test. So far, no major issues. I’ve set up a supplier replica from our CentOS 7 service running 1.3.10 from EPEL 7 and all seems well. It did require a tweak to some legacy schema files that are still hanging

[389-users] Re: DNA Plugin creating duplicates

On 8/11/22 1:51 PM, Merritt, Todd R - (tmerritt) wrote: Hi, I'm running 389ds 2.0.15 on a two node cluster in a multi master mode. I'm using the DNA plugin to generate unique uid numbers for new accounts. Each directory instance is assigned a unique range of uid numbers. It works in so far

[389-users] Re: in docker-compose.yaml use "dsconf localhost***" error

On 8/4/22 4:54 AM, Hu, Xudong wrote: Hello    I want to ask a question with using 389ds/dirsrv 389 Directory Server Container in dockerhub When I create 389ds database ,I use dsconf localhost backend create *** command,it is OK Now , I want to use docker-compose.yaml to start

[389-users] Re: Crash with SEGV after compacting

On 8/3/22 1:11 PM, Niklas Schmatloch wrote: Hi My organisation is using a replicated 389-dirsrv. Lately, it has been crashing each time after compacting. It is replicable on our instances by lowering the compactdb-interval to trigger the compacting: dsconf -D "cn=Directory Manager"

[389-users] Re: Disable Anonymous Bind

I thought I sent this earlier but the docs tell you how to properly do this: https://access.redhat.com/documentation/en-us/red_hat_directory_server/12/html/user_management_and_authentication/assembly_disabling-anonymous-binds_user-management-and-authentication On 7/29/22 3:33 PM, Christian

[389-users] Announcing 389 Directory Server 2.1.4

389 Directory Server 2.1.4 The 389 Directory Server team is proud to announce 389-ds-base version 2.1.4 Fedora packages are available on Fedora 36 http://koji.fedoraproject.org/koji/buildinfo?buildID=2038470

[389-users] Re: Disable Anonymous Bind

This is described in our documentation: https://access.redhat.com/documentation/en-us/red_hat_directory_server https://access.redhat.com/documentation/en-us/red_hat_directory_server/12/html/user_management_and_authentication/assembly_disabling-anonymous-binds_user-management-and-authentication

[389-users] Re: Retro Changelog trimming causes deadlock

Hi Kees, Can you provide the entire/complete stack trace? Looks like it's the schema-compat plugin from Freeipa that is the issue.  We have a lot of problems with this plugin :-(  But without the full stack trace we can not confirm anything. Thanks, Mark On 7/20/22 9:59 AM, Kees Bakker

[389-users] Announcing 389 Directory Server 2.0.16

389 Directory Server 2.0.16 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.16 Fedora packages are available on Fedora 35 Fedora 35: https://koji.fedoraproject.org/koji/taskinfo?taskID=89131293 - 

[389-users] Announcing 389 Directory Server 2.1.3

389 Directory Server 2.1.3 The 389 Directory Server team is proud to announce 389-ds-base version 2.1.3 Fedora packages are available on Fedora 36 https://koji.fedoraproject.org/koji/taskinfo?taskID=89124762

[389-users] Announcing 389 Directory Server 2.2.2

389 Directory Server 2.2.2 The 389 Directory Server team is proud to announce 389-ds-base version 2.2.2 Fedora packages are available on Rawhide (f37) Rawhide: https://koji.fedoraproject.org/koji/buildinfo?buildID=1996683

[389-users] Re: 389-ds opensuse container questions

Well you can create "dc=arizona,dc=edu", and then create a regular entry under it:  "dc=eds,dc=arizona,dc=edu".  That will all be under a single suffix then.  You just need to put your users under whatever branch you prefer.  There is no right or wrong, as long as your LDAP clients use the

[389-users] Re: 389-ds opensuse container questions

On 6/13/22 1:31 PM, tda...@email.arizona.edu wrote: I've got things pretty well scripted now, but one thing I've never been sure of is what exactly maps to a database. In our current dirsrv, we've got one databse for our base suffix "dc=eds,dc=arizona,dc=edu" and everything is contained in

[389-users] Re: another question: searches running into administrative limits

On 6/1/22 4:11 PM, Pierre Rogier wrote: Hi Rainer, try: dsconf instanceName backend config set --idlistscanlimit 5000 Note: you must perform a full reindex or a reimport after changing this value Actually you don't need to do that in 389ds (only SunDS), in 389DS we actually index

[389-users] Re: dsidm not work with imported openldap accounts

Hi Alberto On 6/1/22 2:26 AM, Alberto Crescente wrote: Hello, I would like to migrate my old openldap server to 389-ds (CentOS 8). I tried to upload the old users from the openldap server into 389-ds, but if I then try to use the dsidm command I get the following error message: "Error: No

[389-users] Re: 389DS + Ubuntu

First our mdm(lmdb) implementation is very new and has not gone through any QE testing yet.  So it's experimental at this stage. It is also only available in 389-ds-base-2.1 (or newer).  "mdm" is not available in 1.3.x or 1.4.x. So Thierry was correct, in 389-ds-base-2.1 the CLI command would

[389-users] Announcing 389 Directory Server 2.1.1

389 Directory Server 2.1.1 The 389 Directory Server team is proud to announce 389-ds-base version 2.1.1 Fedora packages are available on Fedora 36 and Rawhide (f37) Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=84602886

[389-users] Announcing 389 Directory Server 2.0.15

389 Directory Server 2.0.15 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.15 Fedora packages are available on Fedora 34, and 35 Fedora 35: https://koji.fedoraproject.org/koji/taskinfo?taskID=84608760

[389-users] Re: unconventional replication, alma 8 master to centos 7 slave: Unable to acquire replica: error: no such replica

Yup, you are using two different suffixes/backends between the suppliers and consumers.  The consumers are only accepting replication updates for "dc=test,dc=co,dc=uk", but the supplier is trying to replicate "dc=conscious,dc=co,dc=uk".  They have to be the same ;-) Mark On 3/24/22 11:17

[389-users] Re: unconventional replication, alma 8 master to centos 7 slave: Unable to acquire replica: error: no such replica

On 3/24/22 10:34 AM, Lewis Robson wrote: Thanks Mark, please see responses below Couple things here, are the RHEL 7 servers set up as replication consumers? that is correct, in the 389 console under configuration > replication > userRoot, dedicated consumer Yes you need the replication

[389-users] Re: unconventional replication, alma 8 master to centos 7 slave: Unable to acquire replica: error: no such replica

On 3/24/22 8:38 AM, Lewis Robson wrote: Hello all, i am working to do multi master with two different versions of OS (alma 8 and centos 7), this means that the 389 on alma 8 is using dsidm and cockpit and the 389 on centos 7 is using 389console with ldap commands. the alma 8 directory

[389-users] Re: passwordExpirationTime vs password admin

Well I can not reproduce your issue exactly, but I am on a newer version of DS.  Although this code hasn't really changed in a long time.  Anyway you have conflicting policies (sort of).  You have some things set in the global policy and different settings in the subtree/local policies. The

[389-users] Re: passwordExpirationTime vs password admin

On 3/16/22 2:28 PM, Mike Wohlgemuth wrote: Here's a test performed with Apache Directory Studio to bind as a user with ACI access to change the password, as logged within our audit log (I sanitized his hashes) which shows only that the pwdUpdateTime attribute is updated but not the

[389-users] Re: passwordExpirationTime vs password admin

Hi Mike, I'm not sure I understand the issue.  If a userpassword is changed, and password expiration is tuned on, then the attribute is always updated.  It doesn't matter who makes the password change.  A "password Administrator" is just allowed to bypass syntax checks - that's it. Anyway

[389-users] Re: aci sanity check

On 3/3/22 10:26 AM, David Ritenour wrote: Hi Morgan, Try changing your target as follows: From: (target = "cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org") To: (target = "ldap:///cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org;) Correct, all "dn's" in an aci must be in an LDAP

[389-users] Re: OpenLDAP import into 389 Directory Server failing

What version of 389-ds-base are you using? Check out these docs if you haven't already: https://www.port389.org/docs/389ds/howto/howto-openldap-migration.html https://www.port389.org/docs/389ds/design/openldap2ds.html Thanks, Mark On 2/22/22 3:59 PM, Jason W. Lewis wrote: After RHEL, etc

[389-users] Announcing 389 Directory Server 2.1.0

389 Directory Server 2.1.0 The 389 Directory Server team is proud to announce 389-ds-base version 2.1.0 Fedora packages are available on Fedora Rawhide (f36) Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=81773299 - Koji The new packages and versions are: *

[389-users] Re: Trying to deny any bind/query rights to Administration Domain suffix for user

On 1/28/22 4:33 PM, NATHAN TRUHAN wrote: Hello, Sorry for the long post: I have an Oracle Linux 7.9 installation running 389 Directory Server 1.3. It contains 3 suffixes.  The first is the o=netscaperoot.  The second is the Administration Domain based on the FQN of the server: dc=prodapps,

[389-users] Announcing 389 Directory Server 2.0.14

389 Directory Server 2.0.14 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.14 Fedora packages are available on Fedora 34, and 35 Fedora 35: https://koji.fedoraproject.org/koji/taskinfo?taskID=82032930

[389-users] Re: Announcing 389 Directory Server 2.0.13

This build needs to go through testing now that is built.  Once it passes Fedora testing, and it does not receive any negative karma then we will do the EPEL builds that should get picked up in Centos 8 (eventually).  We have no control over that time frame - I think it can take a week or two

[389-users] Announcing 389 Directory Server 2.0.13

389 Directory Server 2.0.13 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.13 Fedora packages are available on Fedora 34, 35, and Rawhide Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=81773299

[389-users] Re: getent netgroup yields no hits

On 1/11/22 2:51 AM, Dudas Tibor ABRAXAS wrote: Hello I would like to configure authentication and authorization via nisNetgroups in 389ds. With "getent" on the 389ds client I see my groups and my users. If I query the netgroup via "getent netgroup " I do not get any hit. My netgroup you

[389-users] Re: Default browsing index generation

: Thanks for that. That presents a problem of sorts as I am going to have to try to design a suitable VLV index for a very aggressive 3^rd party client application. Hopefully the vendor can be of assistance. *From:*Mark Reynolds *Sent:* 30 December 2021 21:35 *To:* General discussion list for the 389

[389-users] Re: Default browsing index generation

On 12/30/21 3:01 PM, Joe Fletcher wrote: Thanks for the reply. Is it possible to find out exactly what the “create browsing index” feature in management console actually did? Whatever it was it worked for us and I’m having a hard time recreating the function. The old java console created

[389-users] Announcing 389 Directory Server 2.0.12

389 Directory Server 2.0.12 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.12 Fedora packages are available on Fedora 34 and Rawhide Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=80099149

[389-users] Re: access log - successful authentication

On 12/10/21 11:52 AM, Karandikar, Neel wrote: Hello Is there a simple way to tell that a user has been authenticated by looking at the access log? /var/log/dirsrv//access/ something like “authentication successful” in the access log I have been looking at the access log file and enabled

[389-users] Re: any chages to DS looging - performance in last version ?

the ability to audit the server's activity.  I don't recommend it unless you never check the access log and really need a 5-10% perf improvement. Regards, Mark *From:*Mark Reynolds [mailto:marey...@redhat.com] *Sent:* December 6, 2021 8:12 AM *To:* General discussion list for the 389 Directory

[389-users] Re: any chages to DS looging - performance in last version ?

On 12/6/21 11:08 AM, Ghiurea, Isabella wrote: Good morning , Based on the doc link bellow  from 2019 :” Logging Performance Improvement “ I would like to learn if there are any change in related to access , error log performance in last 389DS version  ?

[389-users] Re: Recent commits in stable 389ds branches - discussion

Hi Andrey, See comments below... On 12/3/21 6:29 AM, Ivanov Andrey (M.) wrote: Hi, I'd like to discuss several recent (since a couple of months) commits in stable branches of 389ds. I will be talking about 1.4.4 https://github.com/389ds/389-ds-base/tree/389-ds-base-1.4.4 since it's the one

  1   2   3   4   5   6   7   8   9   >