[389-users] Re: REST API

On 01/20/2016 11:31 AM, Prashant Bapat wrote: http://directory.fedoraproject.org/docs/389ds/design/ldap-rest-api.html I found this document related to REST API for 389 DS. Is this a proposed feature in an upcoming release ? Where can I find more details ? Hi Prashant, The REST API is curren

[389-users] Re: Fractional replication issues after upgrading to DS 1.3.4

On 01/15/2016 03:43 PM, ghiureai wrote: Hi Mark, my replication cfg is :master/slave ( one consumer only ) , I am using fractional replication with memberof plugin excluded from rep agreement ( this was suggested in my old version DS 1.1.2), Now after upgrade of both supplier and consumer

[389-users] Re: Fractional replication issues after upgrading to DS 1.3.4

What are your replicas: Two masters? One master, one consumer? If you are using a consumer, the memberof plugin should "not" be enabled on it. It should only be enabled on the master/supplier. Mark On 01/15/2016 03:26 PM, ghiureai wrote: Hi List, After upgrading from DS 1.1.2 to 1.3.4.4 ,

[389-users] Re: 389-ds crash

Getting a stacktrace/core file would be very useful. Check out the link below so you can catch the next crash. http://www.port389.org/docs/389ds/FAQ/faq.html#sts=Debugging%C2%A0Crashes Mark On 01/11/2016 07:47 AM, Todor Petkov wrote: Hello, few days ago, as today, the ldap process crashed.

[389-users] Re: NSMMReplicationPlugin - replication keep alive entry already exists

Maybe my ldapsearch is bad ? Best regards. Bahan On Wed, Dec 23, 2015 at 4:26 PM, Mark Reynolds mailto:marey...@redhat.com>> wrote: On 12/23/2015 10:09 AM, bahan w wrote: Hello. I'm using FreeIPA and I have 4 masters which replicates to

[389-users] Re: NSMMReplicationPlugin - replication keep alive entry already exists

rch for the exact DN and do a "base" search. So, you just need to add "-s base" to your ldapsearch from above: ldapsearch -x -D "cn=Directory Manager" -h -p 389 -W -b "cn=repl keep alive 6,dc=mydomain" -s base Regards, Mark Best regards. Bahan

[389-users] Re: NSMMReplicationPlugin - replication keep alive entry already exists

On 12/23/2015 10:09 AM, bahan w wrote: Hello. I'm using FreeIPA and I have 4 masters which replicates to each others. On all the masters, I can see the following message from time to time : ### NSMMReplicationPlugin - replication keep alive entry alive 6,dc=mydomain> already exists ### I do

[389-users] Re: Error enabling SSL

On 12/14/2015 02:20 PM, Phil Daws wrote: - On 14 Dec, 2015, at 17:16, Mark Reynolds marey...@redhat.com wrote: On 12/14/2015 10:55 AM, Phil Daws wrote: - On 14 Dec, 2015, at 15:38, Mark Reynolds marey...@redhat.com wrote: On 12/14/2015 10:23 AM, Phil Daws wrote: Hello, Am

[389-users] Re: Error enabling SSL

On 12/14/2015 10:55 AM, Phil Daws wrote: - On 14 Dec, 2015, at 15:38, Mark Reynolds marey...@redhat.com wrote: On 12/14/2015 10:23 AM, Phil Daws wrote: Hello, Am trying to enable SSL on my 389 lab instance but having real issues. I imported the CA certificate chain, created a CSR

[389-users] Re: Error enabling SSL

On 12/14/2015 10:23 AM, Phil Daws wrote: Hello, Am trying to enable SSL on my 389 lab instance but having real issues. I imported the CA certificate chain, created a CSR, signed and installed the certificate. Then went into Directory Server -> Configuration and enabled SSL. Restarted the di

[389-users] Re: Slow search results until cache populated

On 12/03/2015 05:02 PM, William Brown wrote: Hi, The ldapsearch numbers are down below. Not all the numbers to all the indexed attributes are there ... but all the "cachemiss" -numbers for them were 0's. In the log there are not many "notes=U" lines but some "notes=A" lines: # grep "nentries=

Re: [389-users] ACIs caching issue

e used the client to list larger number of entries and it works fine. Or is there a different configurable size limit? What should I look for? Thanks, Adrian On 11/16/2015 12:23 PM, Mark Reynolds wrote: On 11/16/2015 01:58 PM, Adrian Damian wrote: Hi Mark, Thanks for the quick reply. I do

Re: [389-users] ACIs caching issue

tr(nsUniqueId) to proxy (uid=stmairs,ou=users,ou=abc): allowed by aci(20): aciname= "Members group read", acidn="ou=admingroups,ou=abc" ... [16/Nov/2015:10:41:43 -0800] NSACLPlugin - STAR Access allowed on attr:uniqueMember; entry:cn=jcmt-mjlsg14b,ou=admingroups,ou=abc [16/Nov

Re: [389-users] ACIs caching issue

On 11/16/2015 12:30 PM, Adrian Damian wrote: Hello 389 Gurus, This is a very subtle issue that we are seeing on our LDAP server. Sometimes, the ACIs return different results for the same search executed from different clients (a Java client vs. a Python or the ldapsearch client). More speci

Re: [389-users] making a dedicated consumer a supplier

On 11/12/2015 02:09 PM, ghiureai wrote: Gmorning Mark, Thank you again for fast reply, do I stilll need to create a rep agreement ? Yes, if you want to replicate changes to another server. This was also the last step in my previous reply. Here's how to do it through the command line: ht

Re: [389-users] making a dedicated consumer a supplier

On 11/12/2015 12:31 PM, ghiureai wrote: Hi List , I'm looking for cmd line steps to make a dedicated consumer in a supplier in single master replication ( if original master goes offline), I have the steps from Admin GUI , I would like to hase same steps but using cmd's line : - add th

Re: [389-users] DS crashed /killed by OS

On 11/01/2015 08:50 PM, William Brown wrote: On Thu, 2015-10-22 at 17:48 +, Fong, Trevor wrote: Hi German, Thanks for your suggestion. I’m happy to confirm that setting userRoot’s nsslapd-cachememsize: 429496730 (1/15th of previous value of 6 GB) has addressed the memory issue for now, a

Re: [389-users] updating/removing user indexes Q

On 10/21/2015 01:33 PM, ghiureai wrote: Gmorning Mark the indexes had been removed at developers request to improve performance , now I reboot the DS and the indexes come up online. Maybe there was a misunderstanding. I'm sure a developer did not recommend you remove the default system

Re: [389-users] updating/removing user indexes Q

On 10/20/2015 04:32 PM, ghiureai wrote: Hi Mark, As per developers advise , I removed most the index listed here, we have memberof pluging on and mutl-master rep pluging on, I removed :mail, mailHost, telephoneNumber,seeAlso, owner, These are all system indexes and can not be removed. Th

Re: [389-users] updating/removing user indexes Q

On 10/20/2015 12:47 PM, ghiureai wrote: Hi Mark as per your advise, I checked the /var/lib/dirsr5v/slapd-INSTANCE/db/useroot/ the files are gone BUT seeing this lines when exporting ldap instance, this are the indexes I removed few days ago and saw them back plugin_mr_find - Error: matc

Re: [389-users] updating/removing user indexes Q

On 10/20/2015 11:58 AM, ghiureai wrote: Mark , thank you for reply, the main reason I was asking is: I seen several times when I removed user indexes using admin console and after 2-3 days they re-appeared back ? This is something strange, I am running backups and exports on daily base

Re: [389-users] updating/removing user indexes Q

On 10/20/2015 11:42 AM, ghiureai wrote: Hi List, I would like to know if after removing user indexes using the admin console there is need to run the |db2index.pl| script while the ldap is shutdown or should be fine to run with DS online? There is no need to run db2index if you are removing

Re: [389-users] nsAccountLock - Server is unwilling to perform

On 10/20/2015 09:37 AM, Mitja Mihelič wrote: Hi! We are using using nsAccountLock=true to lock user accounts. We also have dovecot authenticating users against the 389DS. If we set nsAccountLock=true, then we get Oct 20 14:39:30 SERVER dovecot: auth: Error: ldap(USERNAME,193.X.Y.Z,): ldap_b

Re: [389-users] Anyone know where to report dead links on directory.fedoraproject.org

On 10/08/2015 03:47 PM, Rolf E. Sonneveld wrote: Hi, anyone know where to report two dead links on: Hi Rolf, Just sending an email to this mailing list, like you just did, will be fine. I'll look into these links first thing tomorrow. Thanks, Mark http://directory.fedoraproject.org/doc

Re: [389-users] can't recreate root suffix

On 09/20/2015 11:52 PM, Chase Miller wrote: Hello All, I deleted my root suffix, Hi Chase, What version of DS are you running? rpm -qa | grep 389-ds-base How did you delete the suffix? Under the configuration tab or the Directory tab? You need to do it under the Configuration tab -> dat

Re: [389-users] Trouble enabling memberof plugin

y. Hi Craig, You should only need to run it once(after setting up the plugin), then the plugin should handle it from there on after. Regards, Mark Thanks again for the help and sorry for any confusion. Craig On Tue, Sep 8, 2015 at 2:52 PM, Mark Reynolds <mailto:marey...@redhat.com>>

Re: [389-users] Trouble enabling memberof plugin

e the plugin is not being loaded. However, the configuration seems like it should be fine... Thanks again, Craig On Tue, Sep 8, 2015 at 2:12 PM, Mark Reynolds <mailto:marey...@redhat.com>> wrote: On 09/08/2015 03:06 PM, Craig Setera wrote: Mark, Thanks for getting back to

Re: [389-users] Trouble enabling memberof plugin

ries from the memberof plugin whatsoever, which I found very strange. When I was having issues trying to get the roles plugin working correct, I was at least getting error messages in the logs that helped me troubleshoot. Thanks again, Craig On Tue, Sep 8, 2015 at 1:58 PM, Mark Reynolds <mai

Re: [389-users] Trouble enabling memberof plugin

Craig, Full version of 389? rpm -qa | grep 389-ds-base You might need to restart the server after enabling the plugin, but how exactly are you "enabling" the plugin though? ldapmodify? Editing dse.ldif? Can you provide your plugin config entry, and what you are doing where the plugin see

Re: [389-users] How to modify the logging dir

On 08/20/2015 10:20 AM, bahan w wrote: Hm ok. Ok, and to do that I use the ldapmodify command ? Something like : ldapmodify -x -D "cn=Directory Manager" -w -h -p 389 dn:cn=config changetype:modify replace:nsslapd-accesslog nsslapd-accesslog: dn:cn=config changetype:modify replace:nsslapd-

Re: [389-users] Admin Server. How to turn off access control by host/domain name?

On 08/11/2015 10:14 AM, Aleksey Chudov wrote: Hi, I'm configuring 389 DS on CentOS 7 using some packages from epel-testing # rpm -qa | grep 389 | sort 389-admin-1.1.42-1.el7.x86_64 389-admin-console-1.1.10-1.el7.noarch 389-admin-console-doc-1.1.10-1.el7.noarch 389-adminutil-1.1.22-1.el7.x86_6

Re: [389-users] Replication reinit skipping entries

On 08/10/2015 02:51 PM, German Parente wrote: hi Trey, not sure which is the bug. Perhaps someone else here can give details ? It could have come from the moment that entryrdn index has been created but this was a very old version. For instance: https://bugzilla.redhat.com/show_bug.cgi?id=7

Re: [389-users] 389-DS poor performance retrieving groups

ou use two surrounding wildcards then you must use 3 characters: cn=*abc* Regards, Mark Thank you [389-users] 389-DS poor performance retrieving groups On 08/05/2015 08:24 AM, Mark Reynolds wrote: >/ />/ />/ On 08/04/2015 11:57 AM, ghiureai wrote: />>/ <https://www.fl

Re: [389-users] 389-DS poor performance retrieving groups

On 08/05/2015 08:24 AM, Mark Reynolds wrote: On 08/04/2015 11:57 AM, ghiureai wrote: <https://www.flowdock.com/app/canfar/access-control/threads/QyygOboGumgx3qw3tIO_828AMgQ> We are seeing poor performance from LDAP retrieving 2500-4500 entries compare with one of our regular RDBMS

Re: [389-users] 389-DS poor performance retrieving groups

On 08/04/2015 11:57 AM, ghiureai wrote: We are seeing poor performance from LDAP retrieving 2500-4500 entries compare with one of our regular RDBMS , here is bellow the result for a ldapsearch. We are qu

Re: [389-users] 389-DS poor performance retrieving groups

On 08/05/2015 06:19 AM, Ludwig Krispenz wrote: On 08/04/2015 08:32 PM, Mark Reynolds wrote: On 08/04/2015 12:53 PM, German Parente wrote: - Original Message - From: "Mark Reynolds" To: "General discussion list for the 389 Directory server projec

Re: [389-users] 389-DS poor performance retrieving groups

On 08/04/2015 12:53 PM, German Parente wrote: - Original Message - From: "Mark Reynolds" To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org> Sent: Tuesday, August 4, 2015 6:04:17 PM Subject: Re: [389-user

Re: [389-users] 389-DS poor performance retrieving groups

On 08/04/2015 11:57 AM, ghiureai wrote: We are seeing poor performance from LDAP retrieving 2500-4500 entries compare with one of our regular RDBMS , here is bellow the result for a ldapsearch. We are qu

Re: [389-users] MemberOf plugin beahvior change in 1.3.3.

Hi Andrey, On 08/04/2015 10:33 AM, Andrey Ivanov wrote: Hi Mark, thank you for your rapid reply, 2015-08-04 16:14 GMT+02:00 Mark Reynolds <mailto:marey...@redhat.com>>: Looks like the behavior change was introduced in this ticket: https://fedorahosted.org/389/ticket/47810

Re: [389-users] MemberOf plugin beahvior change in 1.3.3.

On 08/04/2015 07:50 AM, Andrey Ivanov wrote: Looks like the behavior change was introduced in this ticket: https://fedorahosted.org/389/ticket/47810 Yes, with the introduction of backend transaction plugins in 1.3.3, if a plugin fails to do its "job", the entire operation should fail. This a

Re: [389-users] access log error : Resource temporarily unavailable

On 07/31/2015 12:42 PM, ghiureai wrote: Hi lIst. we are getting the following in access files, would like to know wher eto look for clues , what means "Resource temporarily unavailable ? op=1 RESULT err=0 tag=101 nentries=5514 etime=14 notes=U [31/Jul/2015:09:37:21 -0700] conn=143371 op=

Re: [389-users] Regarding 389-ds on centos 7 seup

Hi MD Hasan, Did you install the 389-admin, 389-adminutil, 389-console, 389-admin-console, & 389-ds-console packages, and run setup-ds-admin.pl? Mark On 07/09/2015 02:56 AM, Md. Hasan wrote: Hi, All I have installed and configured 389 ds on centos 7 successfully, All services are running s

Re: [389-users] Python3 support - question

Hi Robert, Which version of Fedora is going to start being python3 only? Thanks, Mark On 06/24/2015 08:05 AM, Robert Kuska wrote: Hello everyone, I am Robert Kuska, I am a python co-maintainer and co-owner of change Python3 as default which aims to provide python3 only packages by default acr

Re: [389-users] Not able to enable audit logs

On 06/15/2015 05:23 AM, Prashant Bapat wrote: There is no error. It goes thru fine. When I restart the LDAP server after adding it, there is nothing in the audit file. And no entry in the dse.ldif. Are you directly modifying the dse.ldif? If so, you MUST do so while the server is stopped, ot

Re: [389-users] Limit on number of databases per directory server instance

resources available on the system (disk space, CPU, memory) *From:*389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Mark Reynolds *Sent:* Tuesday, May 19, 2015 2:31 PM *To:* General discussion list for the 389 Directory server project

Re: [389-users] Limit on number of databases per directory server instance

On 05/19/2015 02:25 PM, Colin Tulloch wrote: Hi all – Is there a limit to the number of databases that can be present on an instance of directory server – or on a server/VM itself? Some colleagues of mine seem to believe there is a limit of 10 DBs per server. I haven’t seen this in the R

Re: [389-users] Migrating from openldap/slapd to 389

Hi Bobby, See comments below... On 05/14/2015 09:24 AM, Bobby Krupczak wrote: Hi! Hey, I'm sure you guys are tired of folks asking this question but I've spent the last day searching the InterWebs and still have questions. I'm fixing to switch from openldap/slapd to 389 for ldap authenticatio

Re: [389-users] authenticated time stamp

On 05/08/2015 09:51 AM, Chase Miller wrote: Hello 389 Group, Is there an object class/attribute that I can add to a user's entry that will capture their last authenticated time stamp. I want to capture this so I can go delete users that have not authenticated after so many days. Chase, T

Re: [389-users] Retrieve list of groups that a user belongs to

On 04/06/2015 10:28 AM, harry.dev...@faa.gov wrote: I know this is slightly off topic, but I thought that maybe someone on this list could be of some assistance. I need to get the list of groups that a particular user belongs to, similar to the linux command line program ‘groups’. I would

Re: [389-users] Referential Integrity

On 03/17/2015 06:11 PM, William wrote: So in the case of having RI on two ldap servers, you would set this to off, since the server that handled the delete will replicate the other updates soon after. In the case of RI on a single server, when the non-RI server issues a delete, the RI enabled s

Re: [389-users] Referential Integrity

On 03/16/2015 06:50 PM, William wrote: nsslapd-pluginAllowReplUpdates It looks like there is no documentation about how this config value works though: and the values it influences aren't widely through the code so I can't confirm if it's a finished feature. It is finished, and I will write a

Re: [389-users] Referential Integrity

On 03/15/2015 07:14 PM, William wrote: Anyway, I think I'd need to look at the internals of the plugin at this point to work out for sure what's going on. Looks like someone already did this. nsslapd-pluginAllowReplUpdates It looks like there is no documentation about how this config value

Re: [389-users] GUI console and Kerberos

On 03/11/2015 05:48 PM, prmari...@gmail.com wrote: Update I got pulled away on something else but there is progress. I tried the Apache Kerberos ‎5 auth module initial auth worked but then it went back to LDAP error 32 because it looks like it passed @ to the ldap server as the username. Whi

Re: [389-users] db2bak on a provider/master

On 02/26/2015 08:30 AM, Mitja Mihelič wrote: Hi! We have a provider/consumer (master/slave) setup and we wish to create a database backup on the master. Replica setting on the master are set to "Single Master". But when I run .../db2bak $backup_path/$current_date Backup fails an the followin

Re: [389-users] DS crashed /killed by OS

Looks like you ran out of memory on the system(possibly a Directory Server memory leak?) Was there anything in the Directory Server errors log? What version of 389 are you using? rpm -qa | grep 389-ds-base You should monitor the 389 process and see if it continues to grow day after day. Now

Re: [389-users] Issue with LDAP modify to change replication schedule

On 01/30/2015 02:43 PM, Justin Edmands wrote: 389 List, I need to modify the replication schedule via LDIF import. I have no issues doing it in the 389-console. I am attempting to import this ldif (with dc changes to mask our info) dn: cn=dirsrv1 to devdirsrv1,cn=replica,cn=dc\3Dourdomain\2

Re: [389-users] Questions on Version - 1.2.11.X

Hi Jordan, See comments below... On 01/26/2015 03:08 PM, Jordan, Phillip wrote: First late me state that I have been tasked to fix and upgrade the directory due to recent issues. I have vast experience in most other directories but not in 389 Directory space. So I have a few questions tha

Re: [389-users] Permanently Disable SSLv3

John, FYI, I was able to reproduce this, and I opened this ticket: https://fedorahosted.org/389/ticket/47994 Regards, Mark On 01/05/2015 10:18 AM, John Trump wrote: 389-ds-base-1.2.11.25-1.el6.x86_64 idm-console-framework-1.1.7-2.el6.noarch 389-ds-console-1.2.6-1.el6.noarch On Wed, Dec 3

Re: [389-users] Ldif import issue

On 01/15/2015 11:06 AM, Jean Félix DESIR wrote: Hi, I'am facing this import issue: I can't add this attribut to a object on my 389 DS: dn: cn=template,ou=services,ou=profiles,ou=Authent,dc=region,dc=enterprise,dc=net rbClientDnsPri: XXX *rbForwardPolicy: MYVALUE* rbContextName: PPP obj

Re: [389-users] Recreating replica agreements

On 01/14/2015 08:01 AM, carne_de_passaro wrote: Hello guys, I am planning to recreate my replica agreements, which today uses SSL on port 636, to use startTLS on port 389. My question is: Do I have to reinitialize the databases of the agreements that I recreate? Danilo, You should not hav

Re: [389-users] Crash 389ds

Andrey, This just isn't enough information to diagnose. Do you have a core file? If not, please enable core files: http://www.port389.org/docs/389ds/FAQ/faq.html#sts=Debugging%C2%A0Crashes Hopefully you can catch it again and get a core, and then we can work on it. Regards, Mark On 01/07/

Re: [389-users] 389-ds and Multi CPU's

old. Unindexed searches are not recommended. To refuse unindexed searches, switch 'nsslapd-require-index' to 'on' under your database entry (e.g. cn=UserRoot,cn=ldbm database,cn=plugins,cn=config). 2. You have unindexed components, this can be caused from a search

Re: [389-users] 389-ds and Multi CPU's

ex' to 'on' under your database entry (e.g. cn=UserRoot,cn=ldbm database,cn=plugins,cn=config). 2. You have unindexed components, this can be caused from a search on an unindexed attribute, or your returned results exceeded the allidsthreshold. Unindexed components are no

Re: [389-users] 389-ds and Multi CPU's

nfig). 2. You have unindexed components, this can be caused from a search on an unindexed attribute, or your returned results exceeded the allidsthreshold. Unindexed components are not recommended. To refuse unindexed searches, switch 'nsslapd-require-index' to 'on

Re: [389-users] 389-ds and Multi CPU's

. Thanks, Trev From: Mark Reynolds mailto:marey...@redhat.com>> Reply-To: "mreyno...@redhat.com <mailto:mreyno...@redhat.com>" mailto:mreyno...@redhat.com>> Date: Monday, December 8, 2014 at 11:29 AM To: "389-users@lists.fedoraproject.org <mai

Re: [389-users] 389-ds and Multi CPU's

On 12/08/2014 02:08 PM, Fong, Trevor wrote: Hi Everyone, We’ve inherited a 389-ds system (1.2.11.15-48.el6_6) that is running on a VM provisioned with a single CPU. We have been experiencing high CPU with a client that connects with a single connection, and then runs large amounts of querie

Re: [389-users] administrative limit exceed error

On 11/19/2014 02:38 PM, ghiureai wrote: > More details: > I need for non directory manager to be able to count all the DS > entries , I have cfg ldse.ldif sizelimit set to 50 but the non > directory manager user gets error: Hi Isabella, It's the lookthroughlimit you want to adjust - it's de

Re: [389-users] Serious memory issues with 1.2.11.x on RHEL 6.6

On 11/17/2014 01:12 PM, Steve Holden wrote: > > Hi, folks > > > > We’ve been really pleased with our 389 servers, which have been > successfully running as a multi-master pair in production for 7 weeks, > following (elapsed) months of development. > > > > Unfortunately, in the last few days th

Re: [389-users] Syntax violations while reinitializing database

On 11/17/2014 11:38 AM, shardulsk wrote: > > Hi Folks, > > We are trying to move our database from the much older 1.1.2 version > to 1.2.11 on a Centos 6 platform. When trying to initialize the 1.2.11 > database with a ldif file exported from the older database I am > getting tons of syntax viol

Re: [389-users] add user aci problem

ure should still work correctly though. Regards, Mark > > I put a group on it. In 389-console show even more strange characters :) > > Thanks > > On Mon, Nov 10, 2014 at 5:10 PM, Mark Reynolds <mailto:marey...@redhat.com>> wrote: > > > On 11/10/2014 12:22 PM,

Re: [389-users] add user aci problem

On 11/10/2014 12:22 PM, Alberto Viana wrote: > 389-Directory/1.3.2.17 B2014.182.124 > > > I'm trying to add an user (whitout using the manager, with a regular > user): > > Without any aci: > > ldap_add: Insufficient access (50) > additional info: Insufficient 'add' privilege to t

Re: [389-users] Dse.ldif file modification issues

Isabella, Sounds like the server was still running when you copied the file over. The server should be stopped when manually updating the dse.ldif. Regards, Mark On 11/03/2014 04:03 PM, Ghiurea, Isabella wrote: > > > _ > *From:*Ghiurea, Isabe

Re: [389-users] 389DS memeberof plugin not working

> Any other suggestions? > Isabella > ---- > *From:* Mark Reynolds [marey...@redhat.com] > *Sent:* Wednesday, October 01, 2014 2:59 PM > *To:* General discussion list for the 389 Directory server project.; > Ghiurea, Isabella

Re: [389-users] 389DS memeberof plugin not working

On 10/01/2014 02:34 PM, Ghiurea, Isabella wrote: > Hello 389 users, > > I'm having problems getting the memberof plugin work on > 389-Directory/1.2.11.15 B2014.219.179. We are using groupofuniquenames > groups. > > Here's the configuration of the memberof plugin: > > objectClass: extensibleObject

Re: [389-users] register-ds-admin against external LDAP urls

On 09/24/2014 10:22 AM, Rich Megginson wrote: > On 09/24/2014 05:53 AM, Alan Willis wrote: >> The documentation for register-ds-admin.pl >> says the following: >> >> "The register-ds-admin.pl script does >> not support external LDAP URLs,

Re: [389-users] How to get password expiration working?

On 09/19/2014 12:16 PM, Paul Tobias wrote: > Hi guys, > > We need to implement password expiration because of some policy. The > problem is users are not able to bind to ldap anymore, after I switch on > password expiration for our ou=People subtree . The ldap command line > tools and 389-console

Re: [389-users] Upgrading DS 389 via RPM

Hi Chris, You still need to run the 389 setup scripts afterwards, check out this link: http://www.port389.org/docs/389ds/download.html#directory-server-11-and-later Regards, Mark On 09/11/2014 02:15 PM, Chris Taylor wrote: > > I was actually going to use yum update so I am not sure if that

Re: [389-users] [389-announce] Announcing the revised port389.org wiki - "What's New" page added

during last > 7/30 days". I used to click on it regularly to know when the site > changed and what new pages were added or modified. It allowed me to > stay informed and "in" without clicking on all the links of the site. > Is it possible to bring back that sort of feature

Re: [389-users] Windows console download link

On 08/30/2014 08:01 PM, Chase Miller wrote: > Is broke HI Chase, Sorry about that, there was "case" issue with the link: http://www.port389.org/binaries/389-console-1.1.6-i386.msi http://www.port389.org/binaries/389-console-1.1.6-x86_64.msi should of been: http://www.port389.org/binaries/389-C

Re: [389-users] [389-announce] Announcing the revised port389.org wiki

On 08/27/2014 03:56 PM, Mark Reynolds wrote: > > On 08/27/2014 10:33 AM, Andrey Ivanov wrote: >> Hi Mark, >> >> very nice work indeed, the new site is clear and straightforward. I >> have a small question about it. >> >> With the previous site (por

Re: [389-users] [389-announce] Announcing the revised port389.org wiki

> > Thanks again for the good job! > > > 2014-08-25 21:59 GMT+02:00 Mark Reynolds <mailto:marey...@redhat.com>>: > > We are pleased to announce the launch of our new wiki > > http://www.port389.org <http://port389.org> > > The site has

Re: [389-users] [389-announce] Announcing the revised port389.org wiki

o bring back that sort of feature? > > Thanks again for the good job! Hi Andrey, Thanks for the feedback! I'm not sure if this is available on the new site(run on OpenShift using ruby & MarkDown), but I will look into it and get back to you. Thanks, Mark > > > 2014-08-25 21:5

[389-users] Announcing the revised port389.org wiki

We are pleased to announce the launch of our new wiki http://www.port389.org The site has been significantly revised, and moved to a more stable environment. The layout, content, and organization has all been improved. Please note, you will need to revise any old bookmarks you may have, as the

Re: [389-users] secure replication failing

On 08/25/2014 10:21 AM, Elizabeth Jones wrote: >> On 08/22/2014 10:34 AM, Elizabeth Jones wrote: On 08/20/2014 03:58 PM, Elizabeth Jones wrote: > additional info - > I increased logging on my supplier and see this error now - > > TLS: hostname does not match CN in peer certifi

Re: [389-users] secure replication failing

On 08/20/2014 03:58 PM, Elizabeth Jones wrote: > additional info - > I increased logging on my supplier and see this error now - > > TLS: hostname does not match CN in peer certificate > > When I created the replication agreement, it is giving me a default > consumer, I don't know why. The default

Re: [389-users] Replication error after initializing consumer

things up. Regards, Mark > > Thanks! > > -- Shilen > > From: Mark Reynolds mailto:marey...@redhat.com>> > Reply-To: "mreyno...@redhat.com <mailto:mreyno...@redhat.com>" > mailto:mreyno...@redhat.com>> > Date: Tuesday, August 19, 2014 2:58 PM &g

Re: [389-users] Replication error after initializing consumer

Shilen, A few things, you should not be adding a prehashed password (e.g. {SSHA}DMK4S6PK6+rKSLNOL1Hl01mVJmgGi5jH) - but that should not break replication. Can you confirm that only prehashed passwords are causing the issue? If so, please files a ticket with a reproducible testcase: https://fed

Re: [389-users] Replication doubts

On 08/04/2014 01:19 PM, Alberto Viana wrote: > Hi, > > I want to enable a replication to a specific subtree on my directory, > how do I proceed? > > For example: > > I have my root suffix > > dc=homolog,dc=rnp > > And just want do enable replication for > > ou=teste,dc=homolog,dc=rnp > > Is that p

Re: [389-users] new to 389DS - have Q's

On 07/15/2014 12:48 PM, Isabella Ghiurea wrote: > Hi Gurus, > I'm new to 389 DS reading the RH DS docbefore start implementing, > have Q's trying tohave system with high performance cfg > > Q1: Bellow in black is from RH DS documentation, I was expecting just > creating the indexes in GUI DS c

Re: [389-users] memberof plugin not working as expected

On 07/10/2014 02:35 PM, Alberto Viana wrote: > Noriko, > > = > # fixup-memberof.pl -D "cn=Directory > Manager" -w - -b "OU=my,dc=mydc,dc=local" > Bind Password: > Successfully added task entry "cn=memberOf_fixup_2014_7_10_15_25_29, > cn=memberOf task,

Re: [389-users] last login

On 05/30/2014 10:29 AM, Elizabeth Jones wrote: > I'm trying to figure out if 389 supports a way to track users last login. > I found this page > http://directory.fedoraproject.org/wiki/Account_Policy_Design#Logging > > Does anyone know of any other documentation on implementing this? https://acce

Re: [389-users] Password too similar to old one

you post access log(/var/log/dirsrv/slapd-INSTANCE/access) output showing the failed password attempt? > > > On Wed, May 28, 2014 at 4:14 PM, Mark Reynolds <mailto:marey...@redhat.com>> wrote: > > > On 05/28/2014 04:06 PM, John Trump wrote: >> Haven't been

Re: [389-users] Password too similar to old one

On 05/28/2014 04:06 PM, John Trump wrote: > Haven't been able to come up with a solution yet. Hopefully someone on > the list has a suggestion. > > > On Fri, May 23, 2014 at 12:42 PM, John Trump > wrote: > > I would like to relax the password policy for specific user

Re: [389-users] Failed to send extended operation: LDAP error -1 (Can't contact LDAP server)

On 05/05/2014 12:46 PM, Graham Leggett wrote: > On 05 May 2014, at 6:18 PM, Mark Reynolds wrote: > >>> nsslapd-maxbersize: 0 >> 0 tells the server to use the default value of 2mb, you need to set it >> higher(5mb?). > You're kidding. Zero actually means 2MB. I

Re: [389-users] Failed to send extended operation: LDAP error -1 (Can't contact LDAP server)

On 05/05/2014 12:13 PM, Graham Leggett wrote: > On 05 May 2014, at 5:41 PM, Rich Megginson wrote: > See https://fedorahosted.org/389/ticket/47606 >>> This bug looks quite consistent with the OP's symptoms and the presence of >>> a large group entry, but he should be seeing "Incoming BER Ele

Re: [389-users] Serious write-performance problems on RHEL6 - CoS cache repeatedly rebuilding?

__ -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Mark Reynolds 389 Development Team Red Hat, Inc mreyno...@redhat.com -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] multi-master replication setup problem: both suppliers do "not have permission to supply replication updates to the replica"

on-Configuring_Multi_Master_Replication.html [2] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring-Replication-cmd.html -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org

Re: [389-users] Importing database to new server

end/database are you trying to restore? What do you mean it turns into ldap2? What is the exact problem as it sounds like the import is working? thanks, EJ -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Mark Reynolds

Re: [389-users] Importing Pre-Hashed Passwords

“Password Administrators” feature myself. If you have the information on hand, that would be greatly appreciated. :) Thanks for setting me in the right direction! On Mar 10, 2014, at 10:25 AM, Mark Reynolds wrote: Steven, What version of 389 are you using? You can import it using the ldif2db command

Re: [389-users] Importing Pre-Hashed Passwords

), so my question is, how can I store the SSHA password hash from OpenDS in my 389server (FreeIPA) server? Steven Crothers steven.croth...@gmail.com -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Mark Reynolds 389 Develo

<    4   5   6   7   8   9   10   >