[389-users] Re: monitoring

On 01/03/2018 12:37 PM, Sergei Gerasenko wrote: > Digging deeper into the access log, I see that certain operations > return with non-zero error codes. The most prolific are 14 and 32. > These > are LDAP_SASL_BIND_IN_PROGRESS and LDAP_NO_SUCH_OBJECT respectively. > So *maybe* the SNMP counter is

[389-users] Re: monitoring

On 01/03/2018 11:16 AM, Sergei Gerasenko wrote: > So does anybody have more details on the errors attribute under > cn=snmp,cn=monitor? Should I increase the log level to see what the > errors are? If so, can you tell me how? Any time an error occurs on a search or write operation this counter is

[389-users] Re: rest389

On 12/27/2017 03:26 AM, Graham Leggett wrote: > On 27 Dec 2017, at 2:27 AM, carne_de_passaro wrote: > >> Oh, it's a shame, the REST interface would be very interesting and useful. > +1. > > Admin dashboards are a huge attack surface, while they have their uses they > aren’t universally a good i

[389-users] Re: rest389

rect the REST interface, but for now we are going to be using Cockpit and Cockpit does not support any kind of REST API/interface. Regards, Mark > the REST interface would be very interesting and useful. > > Thanks, > Danilo > > Em 26 de dez de 2017 5:49 PM, "Mark Reynolds"

[389-users] Re: rest389

On 12/26/2017 12:34 PM, carne_de_passaro wrote: > Hello guys, > > how can I install and test the rest389 on my 389ds servers? > > Is there any rpm package? Or how can I build, and with what version of > 389ds is it compatible? > I'm sorry the rest389 project never really got off the ground and it

[389-users] ATTENTION: 389-console/Admin Server is being deprecated in Fedora 28

In Fedora 28 (389-ds-base-1.4.0) we are deprecating the 389-console/Admin Server.  Instead we will be offering a new web UI via a Cockpit plugin to handle the Directory Server Administration.  See http://cockpit-project.org/  Why Cockpit?  Well Cockpit has its pros & cons, but since it has built-i

[389-users] Announcing 389 Directory Server 1.3.7.8

389 Directory Server 1.3.7.8 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.8 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=23264039 https://bodhi.

[389-users] Announcing 389 Directory Server 1.4.0.3

389 Directory Server 1.4.0.3 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.3 Fedora packages are available on Fedora 28(rawhide). https://koji.fedoraproject.org/koji/taskinfo?taskID=23262737 The n

[389-users] Announcing 389 Directory Server 1.3.6.12

389 Directory Server 1.3.6.12 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.12 Fedora packages are available from the Fedora 26. https://koji.fedoraproject.org/koji/taskinfo?taskID=23264569 https:

[389-users] Re: performance tuning

On 11/17/2017 11:45 AM, Sergei Gerasenko wrote: > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > changetype: modify > replace: nsslapd-dncachememsize > nsslapd-dncachememsize: 30 > - > replace: nsslapd-cachememsize > nsslapd-cachememsize: 30 After these changes you do nee

[389-users] Announcing 389 Directory Server 1.3.6.11

389 Directory Server 1.3.6.11 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.11 Fedora packages are available from the Fedora 26. https://koji.fedoraproject.org/koji/taskinfo?taskID=22974614 https:

[389-users] announcing 389 Directory Server 1.3.6.10

389 Directory Server 1.3.6.10 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.10 Fedora packages are available from the Fedora 26. https://koji.fedoraproject.org/koji/taskinfo?taskID=22895230 https:

[389-users] Announcing 389 Directory Server 1.3.7.7

389 Directory Server 1.3.7.7 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.7 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=22895176 https://bodhi.

[389-users] Announcing 389 Directory Server 1.4.0.2

389 Directory Server 1.4.0.2 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.2 Fedora packages are available on Fedora 28(rawhide). https://koji.fedoraproject.org/koji/taskinfo?taskID=22894633 The n

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 02:53 PM, Sergei Gerasenko wrote: >>> Also, you mentioned that the agreement might have been disabled. What field >>> of the nsds5replicationagreement class shows that? >> nsds5ReplicaEnabled > Thank you > >>> Given the error in the log, and the low likelihood of the agreement bein

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 01:23 PM, Sergei Gerasenko wrote: >> ldapsearch -D "cn=directory manger" -W -b cn=config >> objectClass=nsDS5Replica > > nsDS5ReplicaPurgeDelay is not set listed in the output :(. It must be > at the default value of one week?  > > Also, you mentioned that the agreement might have b

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 12:50 PM, Sergei Gerasenko wrote: >>> Ok, what brought this up is that about every week >> Ahh yes, this is the default replication purge interval (7 days) >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/Managing_Replication

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 12:28 PM, Sergei Gerasenko wrote: >> To look at the replication changelog you need to use the cli tool >> "cl-dump.pl" >> >> https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwit5tqk5qLXAhVK7iYKHaacB40QFggmMAA&url=https%3A%2F%2Faccess.redhat.co

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 11:48 AM, Sergei Gerasenko wrote: > Hello, > > Some basic questions about the changelog: > > 1. What’s the location of the changelog where I can look up a CSN? typically its something like: /var/lib/dirsv/slapd-YOUR_INSTANCE/changelogdb To look at the replication changelog you nee

[389-users] Re: repl-monitor

On 10/30/2017 02:06 PM, Sergei Gerasenko wrote: >>> Question 1, in the script, the list of RUVs is retrieved like so: >>> >>>     $ruv = $conn->search($replicaroot, "one", >>>               >>>   >>> "(&(nsuniqueid=---)(objectClass=nsTombstone))", >>>              

[389-users] Re: repl-monitor

On 10/30/2017 01:03 PM, Sergei Gerasenko wrote: >> Look for:  nsDS5ReplicatedAttributeList >> >> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof >> idnssoaserial >>   entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >> >> In this case any update to any one of

[389-users] Re: repl-monitor

On 10/30/2017 12:37 PM, Sergei Gerasenko wrote: > Hi Mark, > >>> The replication is working. I wrote a script that makes a change on >>> *each* member of the topology and verifies that it got to all the >>> other members. So, it appears that all is good. >> >> Yup, the monitor output looks good >

[389-users] Re: repl-monitor

; 00:00:00”. I’ve verified that that’s how it comes from the search > query. What’s that an indication of? > > Thank you >   Sergei > > >> On Oct 29, 2017, at 4:59 PM, Mark Reynolds > <mailto:marey...@redhat.com>> wrote: >> >> >> >> On

[389-users] Re: repl-monitor

On 10/29/2017 03:20 PM, Sergei Gerasenko wrote: > My question now is: what’s the difference between the maxcsn of the > agreement and the maxcsn in the RUV? The maxcsn in the RUV is where the database is at, the agreement maxcsn is what the repl agreement has processed. __

[389-users] Re: 1.3.6 dirsrv crash: ERR - valueset_value_syntax_cmp - slapi_attr_values2keys_sv failed for type lastUpdated

On 10/20/2017 07:58 PM, tda...@email.arizona.edu wrote: >> On 10/20/2017 12:32 PM, tdarby(a)email.arizona.edu wrote: >> Is there a core file you get a stack trace from?  > Not sure how to set up to get a core dump in a docker container. Me neither, but once the server is up and running can you fo

[389-users] Re: 1.3.6 dirsrv crash: ERR - valueset_value_syntax_cmp - slapi_attr_values2keys_sv failed for type lastUpdated

On 10/20/2017 12:32 PM, tda...@email.arizona.edu wrote: >> I spent a lot of time yesterday trying different ideas for reproducing the >> crash and >> haven't found the right sequence of events yet. I did discover that I was >> able to >> bring back a failed server instance by deleting a differe

[389-users] Re: support for rfc2307bis

On 10/18/2017 02:18 PM, Winstanley, Anthony wrote: > > After reading Trevor's thread on schema, there's a core issue here: > >   > > How does one go about choosing between RFC2307 and RFC2307bis? (They > are incompatible: You can't have both.) > > Is it RedHat's position to mandate the use of RFC

[389-users] Re: 1.3.6 dirsrv crash: ERR - valueset_value_syntax_cmp - slapi_attr_values2keys_sv failed for type lastUpdated

On 10/11/2017 10:45 AM, tda...@email.arizona.edu wrote: >> you can always get the latest (upstream) version.  If you could at least >> test this on Fedora with the latest version of 389 so we can rule out if >> its a known issue or a new one. >> This is now fixed upstream on Fedora (26 and >> up)

[389-users] Re: New Install Missing Schema Files

On 10/10/2017 02:19 PM, Mark Reynolds wrote: > > > On 10/10/2017 01:12 PM, Trevor Fong wrote: >> Oh - I get it now; core schema is now immutably maintained in >> /usr/share/dirsrv/schema/ and is referenced by each slapd instance.   >> >> How do I go about overr

[389-users] Re: New Install Missing Schema Files

into problems? > > Trev  > > On 10 October 2017 at 08:19, Mark Reynolds <mailto:marey...@redhat.com>> wrote: > > > > On 10/10/2017 11:13 AM, Trevor Fong wrote: > > Hi Everyone, > > > > I just did a new install and it looks like no

[389-users] Re: New Install Missing Schema Files

On 10/10/2017 11:13 AM, Trevor Fong wrote: > Hi Everyone, > > I just did a new install and it looks like no schema files were included with > it? > I seem to remember that previously, included schema files would be in > /etc/dirsrv/schema and would get copied into any new instances that were

[389-users] Re: 1.3.6 dirsrv crash: ERR - valueset_value_syntax_cmp - slapi_attr_values2keys_sv failed for type lastUpdated

On 10/10/2017 10:27 AM, tda...@email.arizona.edu wrote: >> When the server crashes do you get a core dump or similar? That would >> really help. > Where do I find a core dump? First you need to make sure cores are allowed to be generated: http://www.port389.org/docs/389ds/FAQ/faq.html#sts=Debug

[389-users] Re: 1.3.6 dirsrv crash: ERR - valueset_value_syntax_cmp - slapi_attr_values2keys_sv failed for type lastUpdated

On 10/10/2017 09:56 AM, tda...@email.arizona.edu wrote: >> On 10/09/2017 05:33 PM, tdarby(a)email.arizona.edu wrote: >> Okay the version you have has a few >> known crashes.  They have been fixed >> in 1.3.6.1-20 and up.  This fix will also be part of RHEL's 7.4 batch >> update 2. > Thanks, I don

[389-users] Re: 1.3.6 dirsrv crash: ERR - valueset_value_syntax_cmp - slapi_attr_values2keys_sv failed for type lastUpdated

On 10/09/2017 05:33 PM, tda...@email.arizona.edu wrote: >> On 10/09/2017 05:20 PM, tdarby(a)email.arizona.edu wrote: >> This >> might be fixed in a newer version of 1.3.6, what version are you >> using now?   rpm -qa | grep 389-ds-base Okay the version you have has a few known crashes.  They have

[389-users] Re: 1.3.6 dirsrv crash: ERR - valueset_value_syntax_cmp - slapi_attr_values2keys_sv failed for type lastUpdated

On 10/09/2017 05:20 PM, tda...@email.arizona.edu wrote: > I fixed the problem but the solution makes me concerned that this version of > 389 server is not going to work for me. In short, I found that deleting a > particular entry on both servers brought them back to life. This actually > makes

[389-users] Announcing 389 Directory Server 1.3.6.9

389 Directory Server 1.3.6.9 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.9 Fedora packages are available from the Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-800c2374d3 The

[389-users] Announcing 389 Directory Server 1.3.7.6

389 Directory Server 1.3.7.6 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.6 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=22353280 - Fedora 27 ht

[389-users] Announcing 389 Directory Server 1.4.0.1

389 Directory Server 1.4.0.1 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.1 Fedora packages are available on Fedora 28(rawhide). https://koji.fedoraproject.org/koji/taskinfo?taskID=22352819 - Fedo

[389-users] Re: Locating syntax violations

Hi Morgan, On 10/04/2017 03:46 PM, Morgan Jones wrote: > I’m working on importing a Ldif from an older version of Redhat and have a > few dozen of the below: is there a way to increase debugging such that it > tells me which attribute violates syntax? Yes, set nsslapd-syntaxlogging to "on" und

[389-users] Re: Multimaster replication + one way replication Q

On 10/04/2017 12:43 PM, isabella.ghiu...@nrc-cnrc.gc.ca wrote: > William , thank you for feedback , 2 years ago when I set up 389-DS > multi-mater replication with Memberof plugin I was advised by people on this > list to use fractional replication (we were seeing strange behavior) Correct,

[389-users] Announcing 389 Directory Server 1.4.0.0

389 Directory Server 1.4.0.0 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.0 Fedora packages are available on Fedora 28(rawhide). https://koji.fedoraproject.org/koji/buildinfo?buildID=974103 - Fedo

[389-users] Announcing 389 Directory Server 1.3.7.5

389 Directory Server 1.3.7.5 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.5 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/buildinfo?buildID=974124 - Fedora 27 Th

[389-users] Re: jss and idm-console-framework conflict

hase. Mark > > -morgan > > > >> On Sep 14, 2017, at 4:57 PM, Mark Reynolds wrote: >> >> >> >> On 09/14/2017 04:12 PM, Morgan Jones wrote: >>> Awesome, thanks. Apologies if this is well know >> It was not, not for epel at least. >>> bu

[389-users] Re: jss and idm-console-framework conflict

L-2017-cec2fcb8ae) it usually happens within a week. Mark > > -morgan > > >> On Sep 14, 2017, at 3:36 PM, Mark Reynolds wrote: >> >> Morgan, >> >> I just built idm-console-framework-1.1.17-4.el7 >> https://koji.fedoraproject.org/koji/taskinfo?task

[389-users] Re: jss and idm-console-framework conflict

Morgan, I just built idm-console-framework-1.1.17-4.el7 https://koji.fedoraproject.org/koji/taskinfo?taskID=21865518 Here is the bodhi link that requires "karma" to become an official update in epel7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cec2fcb8ae Regards, Mark On 09/14/2

[389-users] Announcing 389 Directory Server 1.3.7.4

389 Directory Server 1.3.7.4 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.4 Fedora packages are available on Fedora 27 and 28(Rawhide). https://koji.fedoraproject.org/koji/taskinfo?taskID=21684703

[389-users] Re: Console hang after 4th server install

this. Thanks for the follow up, glad it got figured out. Mark > > -morgan > > >> On Aug 23, 2017, at 4:24 PM, Mark Reynolds wrote: >> >> >> >> On 08/23/2017 03:09 PM, Morgan Jones wrote: >>> Mark, >>> >>> See attached. The

[389-users] Announcing 389 Directory Server 1.3.7.3-1

389 Directory Server 1.3.7.3 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.3 Fedora packages are available on Fedora 27 and 28(Rawhide). https://koji.fedoraproject.org/koji/taskinfo?taskID=21607186

[389-users] Re: LDAP: error code 19 - invalid password syntax - passwords with storage scheme are not allowed

On 08/29/2017 04:59 PM, Alberto Viana wrote: > Hi Kirk > > I think that in newer versions of 389 you need a special permission to > adding already hashed passwords or change user password scheme: > > http://www.port389.org/docs/389ds/design/password-administrator.html Using "directory manager" w

[389-users] Re: Last update message time stamp

area recently, so its potentially fixed, or it caused a regression, or neither :-) This depends on what version you have. What kind of replication problem causes it to reset? Is there a way to reproduce it easily? Thanks, Mark > Paul M. Whitney > E-mail: paul.whit...@mac.com >

[389-users] Re: Last update message time stamp

On 08/28/2017 11:54 AM, Paul Whitney wrote: > Hi guys, > > Is there a reason why the update time stamp defaults to Dec 31, 19:00 > EST 1969 in the console? Hey Paul, What exactly are you referring to? Modifytimestamp? Which entry? Mark > Is there a way to preserve the last successful or fail

[389-users] Re: Registering remote 389-DS instances in Console

figuration directory server . . . > > Updating adm.conf with information from configuration directory server > . . . > > Updating the configuration for the httpd engine . . . > > Restarting admin server . . . > > The admin server was successfully started. > > Admin server

[389-users] Re: Registering remote 389-DS instances in Console

rk MacDonald [mailto:kirk.macdon...@corp.eastlink.ca] > *Sent:* Thursday, August 24, 2017 1:36 PM > *To:* Mark Reynolds ; General discussion list for > the 389 Directory server project. <389-users@lists.fedoraproject.org> > *Subject:* [389-users] Re: Registering remote 389-DS inst

[389-users] Re: Registering remote 389-DS instances in Console

On 08/24/2017 11:30 AM, Kirk MacDonald wrote: > > I have built 3 new 389-DS instances (389-Directory/1.3.5.10 > B2017.145.2037) on different services. Each has local Admin console. > They are all in the same Administrative Domain. > Perfect... > > > > Is the method to register the remote instan

[389-users] Re: Console hang after 4th server install

follow up with our networking and security folks to see if > we can find anything there. These hosts are all on the same subnet for what > it’s worth. > > Thanks for the help. > > -morgan > > >> On Aug 23, 2017, at 12:35 PM, Mark Reynolds wrote: >> >> >

[389-users] Re: Console hang after 4th server install

On 08/23/2017 12:31 PM, Morgan Jones wrote: >> On Aug 23, 2017, at 12:17 PM, Mark Reynolds wrote: >> >> >>> [pid 27442] recvmsg(14, 0x7f3880ef74d0, 0) = -1 EAGAIN (Resource >>> temporarily unavailable) >>> [pid 27442] recvmsg(14, 0x7f3880ef74

[389-users] Re: Console hang after 4th server install

t on this... This explains the "hang" - connections to the remove server(s) are timing out. Can you look at the DS access logs on a remote server during the hang (note there is a 30 sec log buffer with the access log). Perhaps just tail the access log, reproduce the hang (wait 30 seco

[389-users] Re: Console hang after 4th server install

;... futex resumed> ) = -1 ETIMEDOUT (Connection timed out) > [pid 27440] futex(0x7f38940cfd28, FUTEX_WAKE_PRIVATE, 1) = 0 > > -morgan > > > > >> On Aug 23, 2017, at 11:18 AM, Morgan Jones wrote: >> >> >>> On Aug 22, 2017, at 2:15 PM, Mark Reyno

[389-users] Re: Console hang after 4th server install

On 08/23/2017 11:18 AM, Morgan Jones wrote: >> On Aug 22, 2017, at 2:15 PM, Mark Reynolds wrote: >> >> >> >> On 08/22/2017 01:36 PM, Morgan Jones wrote: >>> Thanks—is there a trick to turning on admin-serv logging? I don’t have one >>> and at le

[389-users] Re: Console hang after 4th server install

> -morgan > > >> On Aug 17, 2017, at 3:16 PM, Mark Reynolds wrote: >> >> Sorry these logs look "normal", that message that keeps repeating is >> expected when the console is idle (it's waiting for you to do something). >> >> Perhaps t

[389-users] Announcing Directory Server 1.3.6.8-1

389 Directory Server 1.3.6.8 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.8 Fedora packages are available from the Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-c95a212f02 The new packages and versions are: * 389-ds-base-1.3.6.8-1 Fedora

[389-users] Announcing Directory Server 1.3.7.2-1

*389 Directory Server **1.3.7.2* The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.2 Fedora packages are available on Fedora 27 and 28(Rawhide). https://koji.fedoraproject.org/koji/taskinfo?taskID=21401020 - Fedora 28 https://koji.fedoraproject.org/koji/taskinfo?taskID

[389-users] Re: CentOS-Directory/8.1.0 B2009.134.1334 ldapsearch problem

On 08/18/2017 10:18 AM, Kirk MacDonald wrote: > Hello, > > I'm working on migrating from CentOS-Directory/8.1.0 B2009.134.1334 to > 389-Directory/1.3.5.10 B2017.145.2037. > > What I'm finding is that the Database Export functions in the > CentOS-Directory/8.1.0 B2009.134.1334 Console as well as

[389-users] Re: Console hang after 4th server install

e: > Hello Mark, > > See attached, "AbstractServerObject.StatusThread: waiting for change > listeners to register” repeats presumably forever after it hangs. > > Thanks, > > -morgan > > > > > > > > > > > > > > > > >> On Aug

[389-users] Re: Console hang after 4th server install

Hi Morgan, We need more info. Try running the console in debug mode: 389-console -D 9 Also look at the configuration DS access log Mark On 08/16/2017 02:57 PM, Morgan Jones wrote: > I’m in the process of installing 389 in CentOS 7 from epel (versions below) > and find that the console become

[389-users] Announcing 389 Directory Server version 1.3.5.19

389 Directory Server 1.3.5.19 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.5.19. Fedora packages are available from the Fedora 25. The new packages and versions are: * 389-ds-base-1.3.5.19-1 Source tarballs are available for download at Download 389-ds-base

[389-users] Announcing 389 Directory Server version 1.3.6.7

389 Directory Server 1.3.6.7 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.7 Fedora packages are available from the Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-431f07f52a The new packages and versions are: * 389-ds-base-1.3.6.7-1 Fedora

[389-users] Re: Index corruption message in multimaster replication

On 07/13/2017 06:09 PM, tda...@email.arizona.edu wrote: > I have two 389 servers configured for multimaster replication. I noticed > these possibly related messages in the errors logs: > > server1: > [12/Jul/2017:07:50:44 -0700] - database index is corrupt; key *zon has a data > item with the w

[389-users] Announcing 389 Directory Server version 1.3.5.18

389 Directory Server 1.3.5.18 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.5.18. Fedora packages are available from the Fedora 24, and 25. The new packages and versions are: * 389-ds-base-1.3.5.18-1 Source tarballs are available for download at Download 389

[389-users] Re: IIAP - Ldap authentication

On 07/06/2017 05:59 AM, Narendra Laga wrote: > > > Hi, > > > can any one help on below issue. > > > we are integrating 389-DS with cyberoam, while doing test connection > we are facing below error. > > > > Please check the below Ldap authentication errors and check for the > solution. > > > > *@

[389-users] Re: setup-ds-admin.pl -u Script

e upgrade should of restarted the server, but perhaps try to restart it again and check the build number. It also doesn't hurt to try the upgrade again. > Is it something else? > Paul M. Whitney > E-mail: paul.whit...@mac.com > Sent from my browser. > > > > On Jun 28, 201

[389-users] Re: setup-ds-admin.pl -u Script

On 06/28/2017 12:40 PM, Paul Whitney wrote: > Just updated 389-ds-base to version 1.3.5.10-21. When I run the SUBJ > script, I get an error indicating that could not update the Admin > Server with Error: Administrative limit exceeded. > > Any ideas how I can get around this? Try setting the nssl

[389-users] Re: What is the changelog:ent and changelog:dn (dbmon.sh output) refers in 389 (ldap)

On 06/23/2017 12:21 PM, Matveev Alexey wrote: > > Hello! > > I have FreeIPA 4.5.2 and tune it performance for adding more than 100k > users. > > I have a question about script dbmon.sh (or for 389 DS db in general) > > The output of the dbmon.sh says: > > dbcachefree 2374205440 free% 88.446

[389-users] Announcing python-lib389 1.0.4

python-lib389-1.0.4 The 389 Directory Server team is proud to announce python-lib389 version 1.0.4. Source tarballs are available for download at Download python-lib389 source code . Fedora packages are in testing for Fedora 25, 2

[389-users] Re: Migration from OpenLDAP to 389 DS

On 06/19/2017 03:14 AM, Blaz Kalan wrote: > I added these two lines to 99user.ldif: > > ObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC2079: > object that contains the URI attribute type' SUP top AUXILIARY MAY labeledURI > ) > AttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME

[389-users] Re: Issues enabling SSL/TLS for config DS

On 06/18/2017 07:41 AM, Mark Reynolds wrote: > > On 06/17/2017 10:46 PM, dave_horton2...@hotmail.com wrote: >> Hi Mark, >> >> I can confirm removing it from adm.conf prevents it working. Adding it >> back, it works again. >> >> Possibly there's

[389-users] Re: Issues enabling SSL/TLS for config DS

On 06/17/2017 10:46 PM, dave_horton2...@hotmail.com wrote: > Hi Mark, > > I can confirm removing it from adm.conf prevents it working. Adding it back, > it works again. > > Possibly there's another means that normally ensures the correct range is set > for the config DS connection? > > The fun

[389-users] Re: Issues enabling SSL/TLS for config DS

On 06/17/2017 08:33 AM, dave_horton2...@hotmail.com wrote: > I figured out the issue here so updating for anyone else who may suffer this > problem. > > It appears that when things are locked down to prevent use of SSLv3, if you > want to use SSL with the Config DS from the admin server, you al

[389-users] Re: Issues enabling SSL/TLS for config DS

On 06/17/2017 08:33 AM, dave_horton2...@hotmail.com wrote: > I figured out the issue here so updating for anyone else who may suffer this > problem. > > It appears that when things are locked down to prevent use of SSLv3, if you > want to use SSL with the Config DS from the admin server, you al

[389-users] Re: Migration from OpenLDAP to 389 DS

On 06/16/2017 02:58 AM, Blaz Kalan wrote: > Hi Mark, thank you very much. > I actually always imported data with java LDAP browser/editor. Now I try with > ldapmodify and I am succeded with user passwords. > > Now I have only few unresolved things. > > For atribute entryUUID in exported data I

[389-users] Re: Migration from OpenLDAP to 389 DS

On 06/15/2017 07:48 AM, Blaz Kalan wrote: > Hi, > > Sorry, I checked again and we use base64 coded passwords: > userPassword:: e01ENX1VSnlnNGJSbmcxRlB1NE43ZFlWYkdnPT0= The server always base64 ecodes passwords - that is fine and expected > > what do you suggest in this case? > > But even if I tr

[389-users] Re: Broken replicas and CleanRUV question

On 06/14/2017 08:24 AM, Predrag Zečević - Technical Support Analyst wrote: > On 06/02/17 16:22, Mark Reynolds wrote: >> >> >> On 06/02/2017 08:47 AM, Predrag Zečević - Technical Support Analyst >> wrote: >>> On 05/31/17 20:44, Mark Reynolds wrote: >>&g

[389-users] Re: Migration from OpenLDAP to 389 DS

On 06/14/2017 07:41 AM, Blaz Kalan wrote: > Hi again, > > Finally it looks like that I’m somehow succeeded whit importing data from > openLDAP to 389 DS, but I had to do a few things about which I am not sure if > they are OK. > > I change 99user.ldif to: > dn: cn=schema > objectClass: top > o

[389-users] Re: Issues enabling SSL/TLS for config DS

On 06/13/2017 09:06 AM, dave_horton2...@hotmail.com wrote: > I believe that should all be ok. It's using the same key/cert as the DS > although I've also tried different keys/certs. There is an intermediate cert > in the chain, but in Manage Certs in both DS and admin server the trust chain

[389-users] Re: Issues enabling SSL/TLS for config DS

On 06/13/2017 08:45 AM, dave_horton2...@hotmail.com wrote: > Thanks for the reply. > > Same end result in the console, although the access log of the DS seems to > indicate a bind was attempted. This is post restart after enabling the > secure option. Did you setup SSL for the Admin Server? A

[389-users] Re: Issues enabling SSL/TLS for config DS

On 06/13/2017 08:10 AM, dave_horton2...@hotmail.com wrote: > I am having difficulty getting the config DS connection working over TLS. > When I enable this and attempt to log into the console, I receive an > "Authentication Failed" error. > > The admin server log shows: > [Tue Jun 13 21:34:16.

[389-users] Re: Migration from OpenLDAP to 389 DS

On 06/09/2017 03:32 AM, Blaz Kalan wrote: > Hi, thank you all. Now I am a little further. > > My current tmp ldif file is as follows: > > dn: cn=schema, cn=config > objectclass: top > objectclass: ldapSubentry > objectclass: subschema > > dn: cn=itnetmanager, cn=schema, cn=config > objectclass:

[389-users] Re: Migration from OpenLDAP to 389 DS

On 06/08/2017 03:05 AM, b.ka...@iskratel.si wrote: > Hi, yes, I would need a little more help. Now I delete most of records from > exported ldif file, that I have simple file for editing and testing. I also > deleted {xx}. > > My ldif file is now: > > dn: cn=itnetmanager, cn=schema, cn=config >

[389-users] Re: Need to re-register 389ds servers

On 06/07/2017 10:38 AM, wudadin2...@gmail.com wrote: > Here is a look at the logs as it happens > > ~ # tail -f /var/log/dirsrv/admin-serv/error > [Wed Jun 07 09:19:27 2017] [error] Could not bind as []: ldap error -1: Can't > contact LDAP server > [Wed Jun 07 09:19:27 2017] [warn] Unable to bin

[389-users] Re: Need to re-register 389ds servers

On 06/06/2017 11:16 AM, wudadin2...@gmail.com wrote: > Mark, > Ok, I ran the new register-ds-admin.pl -u command on the LDAP server that I > wish to be the new single pane of glass config server but it looks like it is > not able to clean up the old config > or maybe it is failing to connect t

[389-users] Re: enabled account policy plugin and incrace changelog db size

On 06/06/2017 06:52 AM, Alparslan Ozturk wrote: > The major probm is many user logedin conncurrency so replication not > posible. I think this site must be developed or high usage system > must be schecled replication with optimum periots instead "real time". You can setup a replication schedul

[389-users] Re: Need to re-register 389ds servers

On 06/05/2017 11:19 AM, wudadin2...@gmail.com wrote: > I ran the setup-ds.pl -u command on one of the LDAP slaves in online more, it > does not ask about re-registering servers or anything of that nature. Okay, this is what you are looking for: http://www.port389.org/docs/389ds/design/console-r

[389-users] Re: Need to re-register 389ds servers

Are you even running an admin server? Probably not since you don't have o=netscaperoot. You probably just need to do "setup-ds.pl -u" Side question: Are you trying "setup-ds-admin.pl -u" because that is what is listed in the release notes? Thanks, Mark On 06/02/2017 02:41 PM, wudadin2...@gma

[389-users] Re: changing supplier

On 06/02/2017 05:52 AM, Fabrice Teissedre wrote: > > Hi, > > I'm new too 389DS. > > I want to use it for a LDAP / AD replication. > > My university has an openldap with all the accounts (around 3). > > How can I change the supplier in 389-Ds to put the openldap directory > as the source ? I d

[389-users] Re: Broken replicas and CleanRUV question

On 06/02/2017 08:47 AM, Predrag Zečević - Technical Support Analyst wrote: > On 05/31/17 20:44, Mark Reynolds wrote: >> >> >> On 05/31/2017 06:00 AM, Predrag Zečević - Technical Support Analyst >> wrote: >>> Hi all, >>> >>> long t

[389-users] Re: Broken replicas and CleanRUV question

On 05/31/2017 06:00 AM, Predrag Zečević - Technical Support Analyst wrote: > Hi all, > > long time ago we have started with 389-DS and due to lack of > experience I have installed and used admin server (which is abandoned > later, because it is too complicated and requires someone at keyboard). >

[389-users] Re: Performance Degradation with Split Database

On 05/31/2017 02:36 PM, Paul Whitney wrote: > Still in migration mode from RHEL5/DS 8.2 to CentOS7/DS10 (389-ds-base > 1.3.5.10-20). > > Our one instance is setup with two databases (userRoot and > groupRoot). We are seeing some really high etimes when performing > mods/search on the second data

[389-users] Re: enabled account policy plugin and incrace changelog db size

On 05/25/2017 03:23 AM, Alparslan Ozturk wrote: > Hi, > > two 389-ds running with multimaster replication. and dbbackup size > 66MB but when I have enabled "account policy plugin" for tracing > lastlogintime of users. > > but now I see changelog db size incraced 3GB > > ... > the database size i

[389-users] Re: Announcing 389 Directory Server version 1.3.6.6

On 05/23/2017 09:43 AM, Mark Reynolds wrote: > > On 05/23/2017 06:02 AM, Alan Milligan wrote: >> Hi Mark, >> >> I successfully migrated from 1.3.5.10 to 1.3.6.6 - great job team! > Great! >> I don't run any admin stuff on those nodes; I think the install/

[389-users] Re: Announcing 389 Directory Server version 1.3.6.6

On 05/23/2017 06:02 AM, Alan Milligan wrote: > Hi Mark, > > I successfully migrated from 1.3.5.10 to 1.3.6.6 - great job team! Great! > > I don't run any admin stuff on those nodes; I think the install/upgrade > release note should perhaps just be setup-ds.pl Which doc are you referring to exactl

<    2   3   4   5   6   7   8   9   10   >