[389-users] Re: ldapsearch doesn't return the userpassword field

Hi Rob, I appreciate the comment, and that would be a concern, but user's don't have login access to the client system. The php script is written to allow a friendly remote interface for the nonlinux user to be able to change their password. On 2/22/16 2:00 PM, Rob Crittenden wrote:

[389-users] Re: ldapsearch doesn't return the userpassword field

the field available in a ldapsearch. I'll turn my attention back to the php script since I'd rather not compromise security on the LDAP server. Thanks for the quick response. Did I mention I hate PHP? On 2/22/16 4:05 PM, William Brown wrote: On Mon, 2016-02-22 at 14:25 -0700, Janet Houser

[389-users] Re: ldapsearch doesn't return the userpassword field

the script updated and working, would you like me to send it along? Cheers, On 2/22/16 6:25 PM, William Brown wrote: Ignore the blank message. Email fail. On Mon, 2016-02-22 at 16:25 -0700, Janet Houser wrote: Thanks William, Hmmm then I'm puzzled why things are failing. For a little more

[389-users] Re: MemberOf group restrictions to a client system (server and client running CentOS 7)

Hi Mark, Thanks for responding so quickly. Fortunately I'm running 1.3.4.0-26, so I should be able to have the memberOf plugin automatically add the "inetuser" to my entries if needed. I took a look at the document you mentioned (thanks!), and I'm still a bit confused (apologies for being

[389-users] Re: MemberOf group restrictions to a client system (server and client running CentOS 7)

get filtering to work. Cheers, On 2/17/16 6:51 PM, Mark Reynolds wrote: On 02/17/2016 04:45 PM, Janet Houser wrote: Hi Mark, Thanks for responding so quickly. Fortunately I'm running 1.3.4.0-26, so I should be able to have the memberOf plugin automatically add the "inetuser&q

[389-users] Re: 389-ds connecting to Mac OS X 10.10 giving SSL not available error

Hi folks, I've been using 389-ds for about 6 months and have successfully configured various linux systems as LDAP clients (CentOS, Ubuntu, openSUSE, etc.). I'm now trying to connect a Mac system (OS X 10.10) into the LDAP server and I'm getting a strange error. From Users & Groups, when

[389-users] Re: 389-ds connecting to Mac OS X 10.10 giving SSL not available error

Ok... Fixed the SSL issue by adding the server cert to the mac's keychain and "trusting" it. See: http://people.ivec.uwa.edu.au/ashley.chew/fedora-ds/fedora-ds-26072006.html The above procedure is a bit old, but the general idea works for Mac OS 10.10. On 8/19/16 10:59

[389-users] Mac OS X 10.10.X can't authenticate against 389-ds

Hi Folks, I've been trying to slave a Mac OS X 10.10 system into a 389 Directory Server. Using the mac dscl command, I can query users from the command line using: dscl /LDAPv3/FQDN_of_server-read Users/testuser As root on the Mac system, I can "su" to an LDAP user and

[389-users] Re: "Directory Manager" can't change user's password; result is an inaccessible account.

Hi Noriko, thanks for the quick response. On 9/23/16 3:37 PM, Noriko Hosoi wrote: On 09/23/2016 02:24 PM, Janet Houser wrote: Hi folks, I'm fairly new to 389-ds and I ran into an issue when trying to update a user's password via the command line. I was able to change a password

[389-users] "Directory Manager" can't change user's password; result is an inaccessible account.

Hi folks, I'm fairly new to 389-ds and I ran into an issue when trying to update a user's password via the command line. I was able to change a password "as" the user via the command line using the following syntax without issue: ldappasswd -h my389dsserver.domain.edu -p 389 -ZZ -D

[389-users] Re: "Directory Manager" can't change user's password; result is an inaccessible account.

On 9/26/16 10:14 AM, Noriko Hosoi wrote: Hi Janet, On 09/26/2016 06:08 AM, Janet Houser wrote: On 9/23/16 4:35 PM, Noriko Hosoi wrote: On 09/23/2016 03:16 PM, Janet Houser wrote: Hi Noriko, thanks for the quick response. On 9/23/16 3:37 PM, Noriko Hosoi wrote: On 09/23/2016 02:24 PM

[389-users] Re: "Directory Manager" can't change user's password; result is an inaccessible account.

On 9/26/16 4:23 PM, Noriko Hosoi wrote: On 09/26/2016 09:44 AM, Janet Houser wrote: On 9/26/16 10:14 AM, Noriko Hosoi wrote: Hi Janet, On 09/26/2016 06:08 AM, Janet Houser wrote: On 9/23/16 4:35 PM, Noriko Hosoi wrote: On 09/23/2016 03:16 PM, Janet Houser wrote: Hi Noriko, thanks

[389-users] Re: "Directory Manager" can't change user's password; result is an inaccessible account.

On 9/27/16 2:26 PM, Noriko Hosoi wrote: On 09/27/2016 07:32 AM, Janet Houser wrote: On 9/26/16 4:23 PM, Noriko Hosoi wrote: On 09/26/2016 09:44 AM, Janet Houser wrote: On 9/26/16 10:14 AM, Noriko Hosoi wrote: Hi Janet, On 09/26/2016 06:08 AM, Janet Houser wrote: On 9/23/16 4:35 PM

[389-users] Re: "Directory Manager" can't change user's password; result is an inaccessible account.

On 9/27/16 3:39 PM, Noriko Hosoi wrote: On 09/27/2016 02:36 PM, Janet Houser wrote: On 9/27/16 2:26 PM, Noriko Hosoi wrote: On 09/27/2016 07:32 AM, Janet Houser wrote: On 9/26/16 4:23 PM, Noriko Hosoi wrote: On 09/26/2016 09:44 AM, Janet Houser wrote: On 9/26/16 10:14 AM, Noriko

[389-users] Re: "Directory Manager" can't change user's password; result is an inaccessible account.

On 9/23/16 4:35 PM, Noriko Hosoi wrote: On 09/23/2016 03:16 PM, Janet Houser wrote: Hi Noriko, thanks for the quick response. On 9/23/16 3:37 PM, Noriko Hosoi wrote: On 09/23/2016 02:24 PM, Janet Houser wrote: Hi folks, I'm fairly new to 389-ds and I ran into an issue when trying

[389-users] Re: Using .ldif to add user to a group

AM, Marc Muehlfeld wrote: Hi Janet, On 24.10.2017 22:45, Janet Houser wrote: However, I've had no luck add this user to an existing group (e.g. chewy). Does anyone have an example ldif file the works for adding a new user entry to an existing group? dn: cn=chewy,ou=Groups,dc=example,dc=com

[389-users] Using .ldif to add user to a group

Hi Folks, I have DS-389 (vs 1.3.5.10) running on a CentOS 7 VM.   I've been able to add a user via the command line using the user.ldif file with the contents: # jdoe, People dn: uid=jdoe,ou=People,dc=example,dc=com mail: j...@example.com uid: jdoe givenName: John objectClass: top

[389-users] Yum update disabled ability for user's to update password

Hi, I'm using ds-389 (Version 1.3.4.0; Build number 2015.343.1254) on a CentOS 7 Server (release 7.4.1708).   A week ago I  performed a "yum update" on my system and now I'm finding  that I can't update (or set) user passwords using the "passwd" or  "ldappasswd" commands when the "Password

[389-users] Yum update disabled ability for user's to update password

Hi, I don't post often so it seems I attached this to an old thread. Sorry folks. I'm using ds-389 (Version 1.3.4.0; Build number 2015.343.1254) on a CentOS 7 Server (release 7.4.1708).   A week ago I  performed a "yum update" on my system and now I'm finding  that I can't update (or set)

[389-users] Samba & 389 Directory Server Integration

Hi Folks, I'm running DS-389 (version: 1.3.7.5 ; Build: 2018.178.1311) on a Cent OS 7 vs. 7.6.1810) system.  I've been working through the Samba & 389 Directory Server Integration doc and I've hit a snag.   I've

[389-users] Re: Syncing DS 389's userPassword with Samba 4's sambaNTPassword

Thanks William. From all my research and testing I didn't think it could, but I wanted the confirmation. Someone mentioned using freeipa -- which has the password sync ability.  I'll look into the possibility of syncing my user/password DB to freeipa and use it to authenticate samba shares.

[389-users] Re: Syncing DS 389's userPassword with Samba 4's sambaNTPassword

Thanks for the suggestion about Google Cloud and SAML auth.   I'll look into that. Cheers, On 3/8/19 8:17 AM, Gordon Messmer wrote: On 3/8/19 4:58 AM, Janet Houser wrote: Thanks! I read that but I can't switch to freeipa since that software doesn support a hash needed with gsync. h

[389-users] Syncing DS 389's userPassword with Samba 4's sambaNTPassword

Hi Folks, I'm running DS-389 (version: 1.3.7.5 ; Build: 2018.178.1311) on a Cent OS 7 (vs. 7.6.1810) system. I've been working through creating a Samba 4 server and using LDAP authentication to my DS-389 server.   I've managed to get through most everything but I'm running  into an issue

[389-users] 389-console yields error after frest Centos 7 install

Hi Folks, I just created a Centos 7 VM (CentOS release 7.6.1810) and did a yum install of the epel directory:   yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm and an install of 389-DS:   yum install 389* I ran setup-ds-admin.pl as a stand

[389-users] Re: 389-console yields error after frest Centos 7 install

Well, I feel a little foolish. Simply doing    "yum install slf4j"  seems to have fixed the error. [admin]#   VERBOSE=1  /usr/bin/389-console Java virtual machine used: /usr/lib/jvm/jre/bin/java classpath used:

[389-users] Re: 389-console yields error after frest Centos 7 install

Hi William, Thanks!  I'll work the issue from the OS side and post the solution here when I find it. Cheers, On 8/26/19 5:12 PM, William Brown wrote: It could be worth checking the rpm versions of the 389-ds-console between your test system and your new system? It could also be good to

[389-users] Adding fields for "NT" and "Posix" User to the web gui gateway interface

Hi Folks, I've just started to play with the "Directory Server Gateway" options to add users and groups.  One think I've noticed is that the default user form doesn't have a way to enable "NT User" or "Posix User" attributes or the ability to add info for the supporting fields (e.g. uid, gid,

[389-users] Re: Adding fields for "NT" and "Posix" User to the web gui gateway interface

Hi Mark, > On Aug 30, 2019, at 12:42 PM, Mark Reynolds wrote: > > >> On 8/30/19 1:02 PM, Janet Houser wrote: >> Hi Folks, >> >> I've just started to play with the "Directory Server Gateway" options to add >> users and groups. One think I've

[389-users] Re: How to use Master slave replication between two different domains

/Configuring_Directory_Databases-Creating_and_Maintaining_Databases But if needed as a one time action, it is possible to export, tune the resulting LDIF data, and then import into a different environment that is not connected to the original one. Thanks, M. On Tue, Oct 15, 2019 at 12:34 PM Janet Houser <mailto:

[389-users] How to use Master slave replication between two different domains

Hi Folks, I have a multimaster replication running between two servers in the site.edu domain.   We now want to replicate this data (for user logins to resources) to a sister site with domain site1.edu. I tried several things and nothing worked so I thought the best thing to do would be to

[389-users] Changing the name of a DS-389 attribute or adding a new field

Hi Folks, I'm working to set up a PingFederate server to communicate with Apps at a sister location.  I'm told that the software needs to send the "employeeID" in order to authenticate with the offsite server. Under the Directory Server --> Schema -->  Tab Attributes, DS-389 has the

[389-users] Re: Changing the name of a DS-389 attribute or adding a new field

Hi Mark, Thanks for the quick response.   I'll look into other options. Cheers, On 8/6/20 7:27 AM, Mark Reynolds wrote: On 8/6/20 9:11 AM, Janet Houser wrote: Hi Folks, I'm working to set up a PingFederate server to communicate with Apps at a sister location.  I'm told that the software

[389-users] Re: Changing the name of a DS-389 attribute or adding a new field

ntation/en-us/red_hat_directory_server/11/html/administration_guide/advanced_entry_management-assigning_class_of_service#About_CoS-How_an_Indirect_CoS_Works regards theirry On 8/6/20 3:11 PM, Janet Houser wrote: Hi Folks, I'm working to set up a PingFederate server to communicate with Apps a