[389-users] Auto add attributes when entries are created

Hi , I would like to add 2 new attributes to every new created entries in my 389 servers . In these attributes i would to add calculated values for initial users information . Is it possible to do that without developping a new plugin ? In case i have to write a new pluggins which languages

[389-users] Re: Allow filters through PTA Plugin

Hi William, I will be glad to help, it will just take some time to write as required for your wiki page. Will be done soon Rgds ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to

[389-users] Re: Allow filters through PTA Plugin

Hi all, Here is my doc on how to enable Pam-PassThrough + SSSD : https://drive.google.com/open?id=0B_f1ipCCCREXd0RqN09CRFFzNWh1UUZjR0RNaElJREVIX0RJ Regards ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to

[389-users] Re: Force users to modify their passwords

Hi, I don't think that you can use this parameter to request your user to change their password from Zimbra application . I don't know how Zimbra manage user access but AFAIK Zimbra is php application or something like this that query ldap through binding and spécifique language ldap api. To do

[389-users] Re: How to install an external certificate

Hi you can add your certificate by using certutil or via 389 console. Look at these urls : https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/managing_ssl-using_certutil https://directory.fedoraproject.org/docs/389ds/howto/howto-ssl-archive.html

[389-users] Re: Limiting access to same ou

Hi , From my point of view , the easiest way to solve this is to set a search filter on the OU corresponding to the tenant on each phone. Can you modify the software on the phone ? The other way could be by creating a 389 plugin that add a filter on the good OU regarding the DN of user which

[389-users] Re: Allow filters through PTA Plugin

Hi , Ok i'll do that soon. For the moment i try to finish my plugin development Cdlt. ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct:

[389-users] Re: Auto add attributes when entries are created

Hi, Sorry i read the documentation several times but still don't catch how i can gather values from new added user entries , generate new values from them then put it in CoS templates. Did i miss something ? For instance , i add a new user with an filled attribute employeeID . i want to

[389-users] Problem with replication over SSL

Hi, I'm running two instances with master/master replication with SSL . It worked fine so far then recently i noticed errors like this : [21/Nov/2018:10:22:34.754594972 +0100] - DEBUG - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=ReplicationAgreement" (ldap02srv:636) - Replication

[389-users] Re: Limiting access to same ou

Hi, I'm using the Redhat documentation on this link https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html-single/plug-in_guide/index Regards lun. 26 nov. 2018 à 05:46, Alistair Cunningham a écrit : > On 25/11/2018 11:44, Olivier JUDITH wrote: > > From

[389-users] Re: Problem with replication over SSL

Hi, I think it is because the crl of my certificate has expired but i don't understand how the server control this setting. I encountered the same problem on my production and staging systems . Where the CRL is set in 389 server ? I have to renew it . But the graphical interface for

[389-users] Re: User cannot change it's own password

Hi, Does your user has rights to write userPassword attribute ? What do you have in the server log /var/log/dirsrv/dirsrv@/errors file ? rgds ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to

[389-users] Re: cn or uid preferred in DNs?

Hello Good news if it's working I think that uid is mostly used. Rgds Le jeu. 29 nov. 2018 à 00:39, Alistair Cunningham a écrit : > Is it best practice to use "cn=,ou=..." or > "uid=,ou=..." in DNs? What are the advantages and > disadvantages of each? > > -- > Alistair Cunningham > +1 888 468

[389-users] Re: Allow filters through PTA Plugin

Hi William Did you receive my doc on PAM PTA ? rgds ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct:

[389-users] Re: Allow filters through PTA Plugin

Hi, It is possible . i'm using Pam PTA to authenticate AD user from SSO application. it works perfectly. the configurationis SSO app +> 389 + SSSD -> AD As mentionned by Mark Reynolds use PAM PTA and filter with pamFilter . Contact me if you need more information.

[389-users] Re: Auto add attributes when entries are created

Thank you for your reply. I'm not a C developer and i prefer Python but i'll try to write my plugin. It's a challenge for me I started to read plugins development documentation on Redhat page. From my understanding i have to call SLAPI_PLUGIN_POST_ADD_FN , right ?. If a use CoS template can

[389-users] Re: Referential Integrity and moving subtree to another parent fails

Hi , After several tests (disable replication /memeberof plugin activated on member and uniquemember attributes) , the problem is not bound to the number of entries . I encounter the same behavior when moving only one account . the problem occurs when an entry is attached to a group (has

[389-users] Re: Referential Integrity and moving subtree to another parent fails

:17, William Brown wrote: > > > > > > > >> On 21 Feb 2019, at 13:12, William Brown wrote: > >> > >> > >> > >>> On 21 Feb 2019, at 08:57, Olivier JUDITH wrote: > >>> > >>> Hi, > >>> > >>>

[389-users] Referential Integrity and moving subtree to another parent fails

Hi, I have activated Referential Integrity plugin on my instance in order to move several OU to a new parent subtree. Also to update automatically uniqueMember attribute defined in group member . It works fine with few user entries under some OU but fails when the OU contains more than 400

[389-users] Re: Referential Integrity and moving subtree to another parent fails

> > Is this correct? > > > On 21 Feb 2019, at 02:49, Olivier JUDITH wrote: > > > > Hi, > > > > I have activated Referential Integrity plugin on my instance in order to > move several OU to a new parent subtree. Also to update automatically > uniqueMember

[389-users] Re: Setting an attribute value automatically according to some rule

Hi , There is a way to add attribute to user entry automatically called CoS . You can take a look on this link https://access.redhat.com/documwanentation/en-us/red_hat_directory_server/9.0/html/administration_guide/advanced_entry_management-assigning_class_of_service But afaik you cannot add an

[389-users] Re: Change of IP on 389-server

Hi , you can make a grep your_old_ip in /etc/dirsrv/admin-serv directory . Then change with the new ip . look these files console.conf: Listen XXX.XXX.XXX.XXX local.conf: configuration.nsserveraddress: ___ 389-users mailing list --

[389-users] Re: Setting an attribute value automatically according to some rule

:04, William Brown a écrit : > > > > On 20 Feb 2019, at 09:56, Olivier JUDITH wrote: > > > > Hi William > > > > It's a simple testing code not finished yet but i think it could help > beginners like me > > Don't be cruel with me i'm not a C progorammer. > &

[389-users] Re: Setting an attribute value automatically according to some rule

similar queries. > > > On 17 Feb 2019, at 00:20, Olivier JUDITH wrote: > > > > Hi , > > > > There is a way to add attribute to user entry automatically called CoS . > You can take a look on this link > > > https://access.redhat.com/documwanentation/

[389-users] Re: What Do I Need?

Hi, This is how i manage my servers . Each host is a group in my ldap entries , i also create group of hosts as groups in ldap (ie: cn=webservers ). on each machine i have deployed sssd-ldap with a ldap_access_filter = (|(cn=admgrp,...)(cn=webservers,ou=...)(cn=devops,ou=...)) admgrp group

[389-users] Docker official image

Hi all, Do you provide an official docker image for 389 ? I plan to deploy MMR on Kubernetes . Any advice/link ? ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

[389-users] Re: Docker official image

>From my understanding readiness operates when the pod starts. If it doesn't reach the replica your pods will never initialize. An option (for k8s) can be another container (in the pod) "389-ds-headless" which will do all the steps required to enable replication. > Okay - how does the content of

[389-users] Re: NSX/F5 Load Balancing Health Checks

Hi , There's a ldap monitor for F5 but you need the right Big-IP version see : https://support.f5.com/csp/article/K17472 On my side i use only tcp for the monitor on port 636/389 Cdlt Le mar. 18 juin 2019 à 10:43, William Brown a écrit : > > > > On 17 Jun 2019, at 18:59, Mailvaganam, Hari >

[389-users] Re: Docker official image

You can read more here https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ Le mar. 18 juin 2019 à 10:44, William Brown a écrit : > > > > On 17 Jun 2019, at 16:25, Olivier JUDITH wrote: > > > > From my understanding readiness operates when the pod s

[389-users] Re: Docker official image

Hi william , here is a tgz cdlt Le jeu. 13 juin 2019 à 10:43, William Brown a écrit : > > > > On 13 Jun 2019, at 00:12, Olivier JUDITH wrote: > > > > Hi William, > > > > This is my first release (See attachment). Just a pod for the moment, > stat

[389-users] Re: Docker official image

2019, at 01:40, Olivier JUDITH wrote: > > > > Hi, > > > > Thank for the link , > > i tried to run your image but the container fails after few seconds . > > Seems that you forgot to create /var/run/dirsrv folder in Dockerfile . > > Th

[389-users] Re: Docker official image

ated to > the container? Do they need to be in the docker file? Or something else? > > Thanks! > > > > On 13 Jun 2019, at 15:21, Olivier JUDITH wrote: > > > > ___ > > — > Sincerely, &

[389-users] Re: Docker official image

Hi, Thank for the link , i tried to run your image but the container fails after few seconds . Seems that you forgot to create /var/run/dirsrv folder in Dockerfile . the server crashes with : DEBUG: DEBUG: starting with ['/usr/sbin/ns-slapd', '-D', '/etc/dirsrv/slapd-localhost', '-i',

[389-users] Monitoring 389ds with telegraf

Hi all , For all those who are interested , i started to develop with the help of Marco Favero a monitoring solution based on telegraf to gather metrics from my 389 instances . All metrics are stored in influxdb ( timeseries db) and can be visualized on Grafana. The code source is

[389-users] Re: Docker official image

Hi all, I'm back on this topic, Can you tell me with the docker image how to create the root suffix ? I tried this step but othing appears on Apache Directory server IDE ldapmodify -a -D "cn=Directory manager" -w mypass -p 3389 -h 10.109.139.63 -x dn: cn="dc=domain,dc=net",cn=mapping

[389-users] Re: Docker official image

Hi William , I'm running docker image FROM opensuse/leap:15 . I launched the command : dsconf ldap://localhost:3389 -D 'cn=directory manager' -w xx backend create --suffix dc=domain,dc=net --be-name UserData it finished successfully , but i still cannot see the suffix . So i added ACI

[389-users] Re: Docker official image

Hi, Great !! Do you have documentation regarding this image ? i used opensuse/leap:15 image in kubernetes deployment and i'm wondering if same variables are used for this one. Regards Le lun. 9 sept. 2019 à 00:42, William Brown a écrit : > > > > On 7 Sep 2019, at 06:38, Olivier J

[389-users] Re: Monitoring 389ds with telegraf

a écrit : > > > > On 6 Sep 2019, at 05:28, Olivier JUDITH wrote: > > > > Hi all , > > > > For all those who are interested , i started to develop with the help of > Marco Favero a monitoring solution based on telegraf to gather > metrics from my 389 instance

[389-users] Re: SSO and 389

Hi , In my previous work , I have deployed a SSO solution based on Keyloack ( https://www.keycloak.org ) 1.