> On 11 Apr 2020, at 07:47, Nick Bright wrote:
>
> Greetings,
>
> I've performed a fresh CentOS 8 installation within VMWare, updated the OS
> fully, installed 389-ds through yum by: yum module install
> 389-directory-server:stable/default
>
> This installed the server, along with the
Could it be that the server hasn't allocated a DNA range from the DNA master?
> On 14 Apr 2020, at 05:51, CHAMBERLAIN James wrote:
>
> Hi Mark,
>
> The test user I’m trying to add looks like this:
>
> dn: uid=testuser1,ou=People,dc=example,dc=com
> uid: testuser1
> objectClass: person
>
> On 14 Apr 2020, at 05:22, Kyle Brantley wrote:
>
> Log here, but it’s not really any more illuminating:
> https://paste.centos.org/view/raw/ec0588a0
> And filtered down to just lines that contain ‘sasl’:
> https://paste.centos.org/view/raw/ea345620
>
> From what I can tell, the first
Hi Mark,
The test user I’m trying to add looks like this:
dn: uid=testuser1,ou=People,dc=example,dc=com
uid: testuser1
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
sn: Chamberlain
gidNumber: 1000
gecos: James
Hi Marc,
This is 389-ds-base-1.3.7.5-28.el7_5.x86_64.
# grep number,cn=index /etc/dirsrv/slapd-example/dse.ldif
dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
I double-checked that I’d set
Log here, but it’s not really any more illuminating:
https://paste.centos.org/view/raw/ec0588a0
And filtered down to just lines that contain ‘sasl’:
https://paste.centos.org/view/raw/ea345620
>From what I can tell, the first time the SASL identity is shown in any form,
>the realm is
Thanks, Mark. I can tell that it’s an internal troubleshooting doc – and that’s
great, thank you!
However, I… I don’t believe that I have any issues with my kerberos setup. The
authentication from a pure krb5 perspective is happening appropriately. The
tickets are being issued and I see the
verify there is an equality index for uidnumber and gidnumber, not just
presence, in the entries
dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
which version of 389-ds-base is this about?
On 4/13/20 2:46 PM, Kyle Brantley wrote:
Thanks, Mark. I can tell that it’s an internal troubleshooting doc –
and that’s great, thank you!
However, I… I don’t believe that I have any issues with my kerberos
setup. The authentication from a pure krb5 perspective is happening
appropriately.
Okay, so logging in DNA stinks in this scenario. It does a lot of
internal searches and if one of them "fails" you get an operations
error. So we need to enable other logging...
First what does the entry look like that you are trying to add?
Second, run this ldapmodify
ldapmodify -D
Hi Mark,
Thanks for getting back to me. After adjusting nsslapd-errorlog-level, here’s
what I’ve got.
# grep dna-plugin /var/log/dirsrv/slapd-example/errors
[13/Apr/2020:14:30:00.480608036 -0400] - DEBUG - dna-plugin - _dna_pre_op_add -
dn does not match filter
[13/Apr/2020:14:30:00.486700059
On 4/13/20 2:30 PM, Mark Reynolds wrote:
Sorry not a kerberos expert but this is old doc I used to use to get
it working. I would double check your /etc/krb5.conf first though.
Here is that doc
I wanted to add this this document was for doing internal testing, so
permission changes and
Sorry not a kerberos expert but this is old doc I used to use to get it
working. I would double check your /etc/krb5.conf first though.
Here is that doc
===
SASL and DS
KDC Server
- HOST.DOMAIN.COM is usually
Enabling plugin logging will provide a little more detail about what is
going wrong:
ldapmodify -D "cn=directory manager" -W
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 65536
After running the test you can disable the debug plugin logging by
Hi all,
I’m trying to use the DNA plugin to add uidNumbers on posixAccounts.
Everything worked fine in testing, but now that it’s in production I’m seeing
the following error:
ERR - dna-plugin -_dna_pre_op_add - Failed to allocate a new ID!! 2
I’ve followed the advice in the knowledge base
15 matches
Mail list logo
