[389-users] Replication Between 8.2 Master and 9.0 Master

2013-03-21 Thread Paul Whitney
Hi everyone,Not sure if this is the right forum to ask about RHDS vs 389DS, butI am currently using RHDS 8.2 and am looking to deploy 9.0 (master, hub, and consumer).  Will I be able to replication between an 8.2 master and a 9.0 master?I have looked in the Administration Guide on Rhed hat

Re: [389-users] 389DS architecture

2013-03-27 Thread Paul Whitney
You can deploy more than four replication masters. You may have read four because that was what was tested at the time.  But I have seen deployments with more than 10 masters in replication.  Just depends on what your needs are.Windows AD is not part of a multi-master replication.  389DS master

Re: [389-users] 389 won't start - help please?

2013-09-29 Thread Paul Whitney
What about the error log? (/var/log/dirsrv/slapd-/errors) Paul M. Whitney email: paul.whit...@mac.com > On Sep 29, 2013, at 19:27, "Michael R. Gettes" wrote: > > We try to start the service and it dies very quickly. See trace below. > > This is one of our 2 masters running in MMR. Both mast

[389-users] Version Display on RHDS 9 Upgrade

2013-12-06 Thread Paul Whitney
I recently upgraded my DS9 instance (RHDS9 RHBA-2013-0960) on both ldap server and my console.  This should bring my servers to DS 9.1. Yet, I still see Version 9.0.0.  Is this correct or did I miss a step?Paul M. Whitney E-mail: paul.whit...@mac.com -- 389 users mailing list 389-users@lists.fe

Re: [389-users] Version Display on RHDS 9 Upgrade

2013-12-06 Thread Paul Whitney
The README points me to http://rhn.redhat.com/errata/RHBA-2013-0960.htmlThis page says run yum -Fvh.Paul M. Whitney E-mail: paul.whit...@mac.com On Dec 06, 2013, at 12:35 PM, Rich Megginson wrote:On 12/06/2013 10:41 AM, Paul Whitney wrote:I recently upgraded my DS9 instance (RHDS9 RHBA-2013

Re: [389-users] Version Display on RHDS 9 Upgrade

2013-12-06 Thread Paul Whitney
links and for 9.0 jar files, why will the console not use the jars already present?Paul M. Whitney E-mail: paul.whit...@mac.com Cell: 410.493.9448 On Dec 06, 2013, at 12:35 PM, Rich Megginson wrote:On 12/06/2013 10:41 AM, Paul Whitney wrote:I recently upgraded my DS9 instance (RHDS9 RHBA-2013

Re: [389-users] Version Display on RHDS 9 Upgrade

2013-12-09 Thread Paul Whitney
Paul M. Whitney E-mail: paul.whit...@mac.com On Dec 09, 2013, at 11:27 AM, Rich Megginson wrote:On 12/09/2013 09:30 AM, Paul Whitney wrote:Rich, I deinstalled and reinstalled my DS 9.0 ISO, then ran through the updates:   - DS9-RHBA-2011-1788 (nothing to update/install from here since the

Re: [389-users] Version Display on RHDS 9 Upgrade

2013-12-09 Thread Paul Whitney
09, 2013, at 12:53 PM, Rich Megginson wrote:On 12/09/2013 10:55 AM, Paul Whitney wrote: Paul M. Whitney E-mail: paul.whit...@mac.com On Dec 09, 2013, at 11:27 AM, Rich Megginson wrote: On 12/09/2013 09:30 AM, Paul Whitney wrote:Rich, I deinstalled and reinstalled my DS 9.0 ISO, then ran

Re: [389-users] Upgraded to RHDS 9.1 but Console is Still Looking for 9.0 JAR

2014-01-08 Thread Paul Whitney
On Jan 08, 2014, at 12:31 PM, Rich Megginson wrote:On 01/08/2014 10:31 AM, Paul Whitney wrote:Hi, I recently updated RHDS 9.0 servers to 9.1.  I am getting mixed results with the update.  Steps taken: 1.  Stop all dirsrv and dirsrv-admin services 2.  Executed yum localupdate *.rpm 3.  Aft

[389-users] Exporting Index from an Instance

2014-01-30 Thread Paul Whitney
Is there a way to export the Index of a directory server with the intent of importing into another server?Paul M. Whitney E-mail: paul.whit...@mac.com Cell: 410.493.9448 -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

[389-users] db2index on RHDS 9.1

2014-01-30 Thread Paul Whitney
We are trying to reindex RHDS 9.1 after importing an updated index.  Services were stopped.  Started the /usr/lib64/dirsrv/slapd-instance/db2index.Reindex starts but then consistently reports: Processed 300,000 entries ( pass 1)Processed 300,000 entries ( pass 2)and keeps repeating that sequence wi

Re: [389-users] db2index on RHDS 9.1

2014-01-30 Thread Paul Whitney
, then restarts with pass 12.There do not appear to be any glaring errors, just a constant processing and increment in pass number. Paul M. Whitney E-mail: paul.whit...@mac.com Cell: 410.493.9448 On Jan 30, 2014, at 11:57 AM, Rich Megginson wrote:On 01/30/2014 09:58 AM, Paul Whitney wrote:We

Re: [389-users] db2index on RHDS 9.1

2014-01-30 Thread Paul Whitney
n 30, 2014, at 12:48 PM, Rich Megginson wrote:On 01/30/2014 10:17 AM, David Boreham wrote:On 1/30/2014 10:18 AM, Paul Whitney wrote:rpm -q 389-ds-base389-ds-base-1.2.11.15-30.el6_5.x86_64No errors, just a status:reindex userRoot: Processed 315000 entries (pass 11) -- avg rate15283456.5/sec, recent ra

Re: [389-users] db2index on RHDS 9.1

2014-01-30 Thread Paul Whitney
Whitney E-mail: paul.whit...@mac.com On Jan 30, 2014, at 01:32 PM, Rich Megginson wrote:On 01/30/2014 11:33 AM, Paul Whitney wrote:Guys I appreciate you help in this issue.  I unfortunately am hosting on a disconnected network and cannot post any of the information you are requesting without in e

[389-users] LDAP Authenticated User Unable to Overwrite a File

2014-07-21 Thread Paul Whitney
I am having an issue where and LDAP authenticated user cannot overwrite or remove a file on the LDAP-client system even though the permission are set to 777. However, the user is able to create a new file (file is owned by that user) and can be removed by that user. Is there some limitation

Re: [389-users] LDAP Authenticated User Unable to Overwrite a File

2014-07-21 Thread Paul Whitney
Disregard. It was not related to LDAP but rather my use of nosuid or acl in my /etc/fstab. Paul M. Whitney paul.whit...@mac.com 410.493.9448 Sent from my iPad > On Jul 21, 2014, at 8:39, Paul Whitney wrote: > > I am having an issue where and LDAP authenticated user cannot ove

Re: [389-users] load balancing options

2014-10-09 Thread Paul Whitney
Isabella, You could look into purchasing a load balancer such as an F5 LTM/GTM solution. Paul Whitney email: paul.whit...@mac.com Sent from my iPhone > On Oct 9, 2014, at 14:12, Ghiurea, Isabella > wrote: > > Hi List, > > I would like to know what other options peopl

Re: [389-users] load balancing options

2014-10-09 Thread Paul Whitney
I do not know the exact costs. I do know it is not cheap. But it is the best hands-down. If you are looking for an open-source solution, you could take a looks at Zen Load Balancer. I have never used it before. This is just something I discovered with Google. http://www.zenloadbalancer.com/

Re: [389-users] 389 console

2014-10-15 Thread Paul Whitney
my cell phone but hopefully gives you an idea. Paul Whitney email: paul.whit...@mac.com Sent from my iPhone > On Oct 15, 2014, at 18:55, Ghiurea, Isabella > wrote: > > Thank you Rich, > I did that but I'm back to server1 ujsing 389UI Admin console and can'

[389-users] 389 DS in Amazon EC2 Environment

2015-01-15 Thread Paul Whitney
Has anyone had any success with hosting directory servers in the AWS environment? Paul M. Whitney E-mail: paul.whit...@mac.com Cell: 410.493.9448 Sent from my browser. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

[389-users] Automating a 389 DS Build

2015-03-19 Thread Paul Whitney
Has anyone deployed 389 DS on a system using a script to setup, create instances, SSL enable, etc? Paul W. signature.asc Description: Message signed with OpenPGP using GPGMail -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

[389-users] File Permissions

2015-08-06 Thread Paul Whitney
I have a several openldap clients.  Certs are installed in /etc/openldap/cacerts.  I am using server certificates to to establish an SSL connection with the LDAP server.  Using PAM LDAP to authenticate users. I would like to test hardening these clients. 1.  What are the absolute minimum permi

Re: [389-users] access to LDAP log/access file to non admin users

2015-08-12 Thread Paul Whitney
You could add an ACL with readonly permissions to those logs by by userid or groupid. Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my browser. On Aug 12, 2015, at 12:57 PM, ghiureai wrote: Hi List, I need a nice , clean solution to give access to LDAP error log and access file to

Re: [389-users] access to LDAP log/access file to non admin users

2015-08-12 Thread Paul Whitney
Or alternatively, create a sudo role that allows them to use the /bin/less or /bin/more command on the particular logs of interest. Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my browser. On Aug 12, 2015, at 12:57 PM, ghiureai wrote: Hi List, I need a nice , clean solution to give

Re: [389-users] access to LDAP log/access file to non admin users

2015-08-12 Thread Paul Whitney
...@mac.com Cell: 410.493.9448 Sent from my browser. On Aug 12, 2015, at 01:55 PM, Paul Whitney wrote: Or alternatively, create a sudo role that allows them to use the /bin/less or /bin/more command on the particular logs of interest. Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my

[389-users] Question RE: 389DS

2015-10-07 Thread Paul Whitney
When SSL-enabling the directory server, am I allowed to use a wildcard certificate or is it mandatory the certificate include the FQHN? Thanks, Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my browser. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedorapro

[389-users] Re: Upgrading to Centos 7...

2015-11-19 Thread Paul Whitney
I think as a general rule of thumb: RHEL 5 = RHDS 8 RHEL 6 = RHDS 9 RHEL 7 = RHDS 10 Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my browser. On Nov 17, 2015, at 02:23 PM, Derek Belcher wrote: Hi guys! What version of 389ds is the equivalent to the RHDS packages? Currently I a

[389-users] Re: 389 and TLS woes

2016-01-17 Thread Paul Whitney
Phil, It looks like you are missing a package. Do you have the NSS package installed? Cheers, Paul M. Whitney paul.whit...@mac.com Sent from my Mac Book Pro > On Jan 15, 2016, at 1:03 PM, Phil Daws wrote: > > Hello all: > > Have tried to get my lab set up with 389 and secure connections mu

[389-users] CentOS 6 Upgrade and 389DS

2016-04-08 Thread Paul Whitney
We upgraded our CentOS 6 build yesterday and managed to break our 389DS service.  We have isolated the problem to a package:  nss-3.21.0-0.3.  When we role back the update to a previous version the 389ds service works fine.  Has anyone else experienced this? Paul M. Whitney E-mail: paul.whit...

[389-users] Red Hat Directory Server 10 Import Fails

2017-02-03 Thread Paul Whitney
I am testing Red Hat Directory Server 10.  I tried importing userRoot database into RHDS 10.  During import, the process (str2entry_dupcheck) complained of a duplicate value and then stopped the import process and cleared out the userRoot director in /var/lib/dirsrv/slapd-users/db. Is there a

[389-users] Re: Red Hat Directory Server 10 Import Fails

2017-02-07 Thread Paul Whitney
...@mac.com On Feb 03, 2017, at 06:10 PM, William Brown wrote:On Fri, 2017-02-03 at 21:27 +, Paul Whitney wrote:I am testing Red Hat Directory Server 10. I tried importing userRoot database into RHDS 10. During import, the process (str2entry_dupcheck) complained of a duplicate value and then stopped

[389-users] Replication Between RHDS 9 and RHDS 10

2017-02-15 Thread Paul Whitney
Hi everyone, I am currently testing RHDS 10 and have successfully initialized/replicated from RHDS 9 to RHDS 10.  Can I do the reverse?  Replicate from RHDS 10 to RHDS 9? Paul M. Whitney E-mail: paul.whit...@mac.com ___ 389-users mailing list -- 38

[389-users] Re: Replication Between RHDS 9 and RHDS 10

2017-02-15 Thread Paul Whitney
, at 09:41 AM, Mark Reynolds wrote: On 02/15/2017 09:27 AM, Paul Whitney wrote: Hi everyone, I am currently testing RHDS 10 and have successfully initialized/replicated from RHDS 9 to RHDS 10.  Can I do the reverse?  Replicate from RHDS 10 to RHDS 9? You can - the protocol is the same, but I ho

[389-users] Here is a stretch query......

2017-03-07 Thread Paul Whitney
I asked earlier if I could set up replication between DS 9 and DS 10.  Answer was favorable and in fact is working fine as part of my transition.  Here is the stretch: Can I temporarily replicate from DS 8 to DS 10? Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my browser. _

[389-users] Scripting SSL Enabling of 389-DS Admin Serv and Instances

2017-04-05 Thread Paul Whitney
I have been building 389DS directory serves, and can automate most of the installation process to include creating my instances such as config.  However, SSL enabling seems to be difficult. I tried the simple copy db files and pin.txt, but when I get into the console to enable the certs, there

[389-users] Re: Replication Issue between versions - Space after commas issues in DN

2017-05-02 Thread Paul Whitney
We have experienced the same thing. Sort of. On RHEL 5 the name with a space in the DN is permitted and is treated as a separate entry. In CentOS 7 it barfs and rejects the entry as a duplicate entry. We are figuring out how to cope with it during our transition to all CentOS 7 . My guess is

[389-users] entry set tombstone rdn

2017-05-11 Thread Paul Whitney
Just detected  two entries in my errors log: _entry_set_tombstone_rdn - Failed to convert DN ou=Policies to RDN with different IDs.  The replicants seem to be performing fine, access logs show activity, but wondering what is this error and is it something I need to fix or can I attribute it

[389-users] db2index.pl Questionable

2017-05-16 Thread Paul Whitney
Hi guys, I am trying to update the index on our userRoot database.  I imported the attribute using the ldif2db routine. Error log reports success. Then I ran the db2index.pl routine with no particular attribute (in essence I guess the whole database is re-indexed) causing the database to g

[389-users] Performance Degradation with Split Database

2017-05-31 Thread Paul Whitney
Still in migration mode from RHEL5/DS 8.2 to CentOS7/DS10 (389-ds-base 1.3.5.10-20). Our one instance is setup with two databases (userRoot and groupRoot).  We are seeing some really high etimes when performing mods/search on the second database (groupRoot).  Wondering if anyone else has exp

[389-users] Re: Performance Degradation with Split Database

2017-06-02 Thread Paul Whitney
...@mac.com Sent from my browser. On May 31, 2017, at 02:38 PM, Mark Reynolds wrote: On 05/31/2017 02:36 PM, Paul Whitney wrote: Still in migration mode from RHEL5/DS 8.2 to CentOS7/DS10 (389-ds-base 1.3.5.10-20). Our one instance is setup with two databases (userRoot and groupRoot

[389-users] Re: Performance Degradation with Split Database

2017-06-05 Thread Paul Whitney
...@mac.com Sent from my browser. On Jun 04, 2017, at 09:25 PM, William Brown wrote:On Fri, 2017-06-02 at 19:14 +, Paul Whitney wrote:Not sure to what type of deployment the tuning guide is written to,but I think in an enterprise environment the numbers are too low.Perhaps it is based on a small lab

[389-users] setup-ds-admin.pl -u Script

2017-06-28 Thread Paul Whitney
Just updated 389-ds-base to version 1.3.5.10-21.  When I run the SUBJ script, I get an error indicating that could not update the Admin Server with Error: Administrative limit exceeded. Any ideas how I can get around this? Thank you, Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my

[389-users] Re: setup-ds-admin.pl -u Script

2017-06-28 Thread Paul Whitney
correctly? Is it something else? Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my browser. On Jun 28, 2017, at 12:48 PM, Mark Reynolds wrote: On 06/28/2017 12:40 PM, Paul Whitney wrote: Just updated 389-ds-base to version 1.3.5.10-21.  When I run the SUBJ script, I get an error

[389-users] Last update message time stamp

2017-08-28 Thread Paul Whitney
Hi guys, Is there a reason why the update time stamp defaults to Dec 31, 19:00 EST 1969 in the console?  Is there a way to preserve the last successful or failed timestamp?     Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my browser. ___

[389-users] Re: Last update message time stamp

2017-08-28 Thread Paul Whitney
cessful replication time. Ditto for the Consumer Initialization Status, the time stamps get reset to "Wed Dec 31 1900 EST 1969" Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my browser. On Aug 28, 2017, at 12:41 PM, Mark Reynolds wrote: On 08/28/2017 11:54 AM, Paul Whitney wrot

[389-users] Recovering a Hub

2017-10-19 Thread Paul Whitney
Hi, not sure what happened to our DS server, but I need to clone the userRoot and groupRoot database from a working server to this one bad one.  What is the preferred/recommended method for this: I tried simple reinit, that failed. I tried export/import from LDIF file and that failed. Will db2

[389-users] Re: Recovering a Hub

2017-10-20 Thread Paul Whitney
. Also check for the 389-ds-base versions on each node. M. On Thu, Oct 19, 2017 at 10:03 AM, Paul Whitney wrote: Hi, not sure what happened to our DS server, but I need to clone the userRoot and groupRoot database from a working server to this one bad one.  What is the preferred/recommended method

[389-users] Re: Recovering a Hub

2017-10-25 Thread Paul Whitney
the re-init and off-line import failed? Thanks, M. On Fri, Oct 20, 2017 at 11:11 AM, Paul Whitney wrote: I took your advice and looked up the versions of 389-ds-base. On the servers we are having problems with, they are running version 1.3.6.1-19 and the servers replicating to them are running an

[389-users] Last Successful Replication Time Stamp on Console

2017-11-22 Thread Paul Whitney
We are seeing an issue with our replication agreements on 389DS.  When we look at the Console, we used to be able to tell when was the last successful attempt to replicate and end of said replication.  Same thing for Initialization state. With the new 389DS (currently using version 1.3.5.10-21)

[389-users] Inadvertent Update Applied to Directory Server

2017-11-22 Thread Paul Whitney
We have a few new servers deployed with 389-ds-base version 1.3.5.10-21.  These servers were deployed in an environment where auto-patching happens and we forgot to disable that feature. Overnight the servers were updated to 389-ds-base version 1.3.6.1-19.  All of the upgraded servers are now

[389-users] Re: Inadvertent Update Applied to Directory Server

2017-11-27 Thread Paul Whitney
own wrote: > > On Wed, 2017-11-22 at 13:30 +0000, Paul Whitney wrote: >> We have a few new servers deployed with 389-ds-base version 1.3.5.10- >> 21. These servers were deployed in an environment where auto- >> patching happens and we forgot to disable that feature. >&g

[389-users] 389 DS Time Skew Error

2018-04-09 Thread Paul Whitney
Hi guys, I have been reading up on a fix for this and only found one set of procedures to repair this issue. (http://directory.fedoraproject.org/docs/389ds/howto/howto-fix-and-reset-time-skew.html).   Would removing/recreating the replication agreement resolve this issue instead of the steps i

[389-users] Re: Enabling TLS in Directory Server Using the Console

2018-04-18 Thread Paul Whitney
Hi Jeremy, I would look at the /var/log/dirsrv/admin-serv/error and /var/log/dirsrv/slapd-config/errors files to see what is preventing you from starting the services. Paul M. Whitney E-mail: paul.whit...@mac.com Sent from my browser. On Apr 17, 2018, at 10:28 PM, Jeremy Tourville wrote:

[389-users] LDBM recommended Setting

2018-08-14 Thread Paul Whitney
Hi guys, Am looking to improve performance in my 389 DS deployment. In reviewing the documentation, the recommended size for the LDBM cache is the sum of the backend database + 15% of the backend database. For me that comes out to almost 27GB. Seems high considering the database cache is set

[389-users] Using dbmon.sh

2018-08-16 Thread Paul Whitney
Hi, I am using the dbmon.sh program to see how my database cache is performing. I am puzzled with the results: dbcachefree: -1639628800 free% -10006900 hit% 90 Do the negative values reflect me needing to increase the LDBM cache? Paul M. Whitney __

[389-users] 389 DS Access Log

2018-10-11 Thread Paul Whitney
Is there a way to prevent LDAP filters from being truncated in the Access Log, even as a temporary measure? Thanks, Paul M. Whitney RHCSA, VCP, CISSP, Security+ Chesapeake IT Consulting, Inc. 2680 Tobacco Rd Chesapeake Beach, MD 20732 Work: 443-492-2872 Cell: 410.493.9448 Email: paul.whit..

[389-users] Problem with userRoot cache

2019-01-15 Thread Paul Whitney
We recently updated to 389-ds-base-1.3.8.4-18. I am not sure I can attribute this issue to this update since we are now just discovering it. But setting the nsslapd-cachememsize is reverting to a default value of 2GB. I have attempted to restore the value through the console and restarting th

[389-users] Re: Problem with userRoot cache

2019-01-16 Thread Paul Whitney
turn or destroy the original message to assure that it is not read, copied, or distributed by others. From: William Brown Sent: Tuesday, January 15, 2019 7:22:18 PM To: 389-users@lists.fedoraproject.org Cc: Paul Whitney Subject: Re: [389-users] Problem with userRo

[389-users] Re: Problem with userRoot cache

2019-01-16 Thread Paul Whitney
server project.; Paul Whitney; William Brown Subject: Re: [389-users] Re: Problem with userRoot cache Hey Paul, On 1/16/19 10:14 AM, Paul Whitney wrote: We were on version: 389-ds-base-1.3.7.5-24. What OS? The nsslapd-cache-autosize was set to 0. We apply our own values. To keep us afloat w

[389-users] Re: Problem with userRoot cache (last one)

2019-01-16 Thread Paul Whitney
list for the 389 Directory server project.; Paul Whitney; William Brown Subject: Re: [389-users] Re: Problem with userRoot cache (last one) On 1/16/19 12:05 PM, Mark Reynolds wrote: On 1/16/19 12:02 PM, Mark Reynolds wrote: Hi Paul, Okay I think I found the bug you are running into: https://bug

[389-users] Re: Problem with userRoot cache (last one)

2019-01-16 Thread Paul Whitney
e to assure that it is not read, copied, or distributed by others. From: Mark Reynolds Sent: Wednesday, January 16, 2019 1:03:04 PM To: General discussion list for the 389 Directory server project.; Paul Whitney; William Brown Subject: Re: [389-users] Re: Probl

[389-users] Re: MIssing schemas?

2019-04-04 Thread Paul Whitney
Look in /usr/share/dirsrv. I came across the same thing. Not sure if you need to copy what you need into /etc or if it is just sourced. Paul W. > On Apr 3, 2019, at 9:48 AM, Mark Reynolds wrote: > > Hi Deborah, > > Yes things changed since 1.2.x, the standard schema was moved to: > > /usr/

[389-users] Re: MIssing schemas?

2019-04-04 Thread Paul Whitney
Does an admin need to copy those back in or do all instances just use the common path for schemas? Paul W. > On Apr 3, 2019, at 9:48 AM, Mark Reynolds wrote: > > Hi Deborah, > > Yes things changed since 1.2.x, the standard schema was moved to: > > /usr/share/dirsrv/schema/ > > Only custom

[389-users] Re: Proper upgrade procedure using Redhat repo and yum

2019-04-29 Thread Paul Whitney
Your steps are correct. We run a production with multi-master replication with redundant sites. Using Ansible to perform updates (with too many servers to hit one at a time.) We do disable from load-balancer by site instead of just the one host. 1. remove server1 from the load balancer co

[389-users] Latest Version of 389-ds-base for CentOS 7

2019-07-08 Thread Paul Whitney
I was looking up the latest version of 389-ds and noticed that an update has not been released since March 2019. Has there not been anymore updates to this bundle? Paul M. Whitney, RHCSA, CISSP Chesapeake IT Consulting, Inc. 2680 Tobacco Rd Chesapeake Beach, MD 20732 Work: 443-492-2872 Cell:

[389-users] 389-DS Downgrade Breaks dirsrv.target

2019-07-11 Thread Paul Whitney
When attempting to downgrade 389-ds-base from version 1.3.8.4-23 to version 1.3.7.5-18 I discovered that the systemctl cannot start dirsrv.target. I am able to start the individual instances however. Any suggestions on how to resolve this? I am only downgrading: * 389-ds-base * 389-d

[389-users] Re: 389-DS Downgrade Breaks dirsrv.target

2019-07-16 Thread Paul Whitney
stroy the original message to assure that it is not read, copied, or distributed by others. From: William Brown Sent: Thursday, July 11, 2019 8:49 PM To: 389-users@lists.fedoraproject.org Subject: [389-users] Re: 389-DS Downgrade Breaks dirsrv.target >

[389-users] Recommended SLAPD cache sizes

2019-07-16 Thread Paul Whitney
Is there some formula or recommendation on determining what would be the optimal cache settings for a directory server (389-ds of course) with following sizes? I looked at the DS 10 Admin Guide online and am getting conflicting information. But the manual shows a table and suggests that the max

[389-users] Re: Recommended SLAPD cache sizes

2019-07-16 Thread Paul Whitney
k Reynolds Sent: Tuesday, July 16, 2019 9:30 AM To: General discussion list for the 389 Directory server project.; Paul Whitney Subject: Re: [389-users] Recommended SLAPD cache sizes Hi Paul, On 7/16/19 9:16 AM, Paul Whitney wrote: Is there some formula or recommendation on determining what would

[389-users] Re: LDAP Groups in sudoers file.

2019-07-17 Thread Paul Whitney
The one thing I would look at is your /etc/sssd/sssd.conf file. Assuming you are configured for LDAP, you could exclude the the local admin account in the [nss] section with the "filter_users" setting. Example: [nss] filter_users = root,nagios,local_admin_acct That should get SSSD to not look

[389-users] Re: Looking for installation documentation for CentOS 7

2019-08-15 Thread Paul Whitney
Take a look here. It is your best source for a consolidated set of documentation for CentOS 7 - 389 DS install. https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/ Paul M. Whitney paul.whit...@

[389-users] FIPS 140-2 and dirsrv-admin

2019-08-27 Thread Paul Whitney
Hi guys, I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credenti

[389-users] Re: FIPS 140-2 and dirsrv-admin

2019-08-29 Thread Paul Whitney
ssue > lately where the dirsrv-admin used a different pin.txt to the > dirsrvinstances, but I'm not sure of the details. > > Are there fresh installs of ds? Or upgrades? > >> On 28 Aug 2019, at 05:51, Paul Whitney >> wrote: >> >> Hi guys, >>

[389-users] Re: FIPS 140-2 and dirsrv-admin

2019-08-29 Thread Paul Whitney
Ok, is there an action required from me? Paul On 8/29/19, 5:34 PM, "William Brown" wrote: This could be in "report an issue" territory I think in that case. Seems easy to reproduce. > On 30 Aug 2019, at 02:15, Paul Whitney wrote: > > H

[389-users] Re: FIPS 140-2 and dirsrv-admin

2019-08-30 Thread Paul Whitney
open the issue on your behalf, or if it's serious and you want it > looked at as a priority, you may want to consider raising a case with RH/SUSE > direct. > >> On 30 Aug 2019, at 09:32, Paul Whitney >> wrote: >> >> Ok, is there an action required from

[389-users] Re: FIPS 140-2 and dirsrv-admin

2019-09-11 Thread Paul Whitney
I'm sorry we simply don't have the resources to support deprecated products. In RHEL we stopped accepting bugs well over a year ago. We would accept contributions upstream, but that would be the extent of it. > >> Sorry, >> >> Mark

[389-users] Re: FIPS 140-2 and dirsrv-admin

2019-09-13 Thread Paul Whitney
. <389-users@lists.fedoraproject.org>; Paul Whitney Subject: Re: [389-users] Re: FIPS 140-2 and dirsrv-admin On 9/11/19 7:14 PM, Paul Whitney wrote: > Hi Mark, > > Does that mean there will no longer be a dirsrv-admin process running? In RHEL 8, CentOS 8, and SUSE 15 there will n

[389-users] slapd start up problem

2019-10-08 Thread Paul Whitney
Hello, We have discovered that one of out test LDAPS servers has been down for sometime and we are not seeing anything that indicate why. However, when we start the slapd-config instance up, it kicks off then dies with error "memory violation" sig=7. I tried to remedy by upgrading to the late

[389-users] Re: Weird bug in 389 DS : no spaces in admin console under CentOS 7

2020-04-26 Thread Paul Whitney
Hi Nicolas, I am having the exact same issue. However, I chose to ignore it. Despite not “seeing” the space, when you enter the information (assuming it is entered correctly with a space) the space is there. I get the thing when I try to login to the Console: CN=InstanceMaster although I am

[389-users] Issue Configuring admin-serv on CentOS 7

2020-09-03 Thread Paul Whitney
Hi, I am running into an issue where I am trying to set up a DS master on CentOS 7. When I run setup-ds-admin.pl, I am able to successfully create the slapd-config instance.  But the admin-serv fails to bind to the config.  The error is  like this "Sat Jan 02 21:32:12.629960 2016] [:warn] [p

[389-users] Re: Issue Configuring admin-serv on CentOS 7

2020-09-07 Thread Paul Whitney
FYI this is occurring in AWS. Paul Whitney email: paul.whit...@mac.com cell: 410.493.9448 Sent from my iPhone > On Sep 3, 2020, at 10:48, Paul Whitney wrote: > >  > Hi, > I am running into an issue where I am trying to set up a DS master on CentOS > 7. > > When I

[389-users] Re: Issue Configuring admin-serv on CentOS 7

2020-09-09 Thread Paul Whitney
admin serv trying to connect via LDAPS/LDAP+StartTLS or is it trying to use LDAPI? That's probably the first thing that will hint where we need to look, Thanks, On 4 Sep 2020, at 00:49, Paul Whitney wrote: Hi, I am running into an issue where I am trying to set up a DS master on CentOS

[389-users] 389 DS on CentOS 8

2020-09-29 Thread Paul Whitney
Hi guys, I am just now looking into our 389-ds migration strategy from CentOS 7 to 8. I successfully created my first master 389 instance on 8. It took some getting used to doing it on the cockpit plugin. But what I am missing is how do I merge a view where I can manage all of my DS from one

[389-users] Re: 389 DS on CentOS 8

2020-09-30 Thread Paul Whitney
o you mean? A place that can view > all your instances at once? Or do you mean to manage the data in the > directory? > > Thanks, > >> On 30 Sep 2020, at 07:51, Paul Whitney wrote: >> >> Hi guys, >> >> I am just now looking into our 389-ds migra

[389-users] Re: Limits for Multi Master Replication?

2020-09-30 Thread Paul Whitney
Hi Eugen, I think that is what was tested by Red Hat and not necessarily a hard limit. Regards, Paul M. Whitney paul.whit...@mac.com Sent from my Mac Book Pro > On Sep 30, 2020, at 9:56 AM, Eugen Lamers > wrote: > > Hi, > We use the 389 Directory Server version 1.4.2.15. > In the documen

[389-users] Re: 389 DS on CentOS 8

2020-10-02 Thread Paul Whitney
on CentOS 8 Sadly I don't think that's possible given the architecture of cockpit :( There may be something in the CLI under dsconf instance replication but I'm not too familar with that branch of options. Sorry about that :( :( > On 30 Sep 2020, at 21:17, Paul Whitney wrote:

[389-users] Log4j patch/update for 1.3.x

2021-12-20 Thread Paul Whitney
Will there be a patch release for 1.3.x to address these Log4j vulnerabilities? Paul M. Whitney, RHCSA, CISSP Chesapeake IT Consulting, Inc. 2680 Tobacco Rd Chesapeake Beach, MD 20732 Work: 443-492-2872 Cell: 410.493.9448 Email: paul.whit...@chesapeake-it.com

[389-users] Importing Indexes via LDIF

2023-02-03 Thread Paul Whitney
Greetings, been a while. I am looking to migrate to RHEL 9 and 389-DS. In lab stood up a "supplier" and a "consumer". I have index files for userRoot and groupRoot. However, indexes appeared to be stored in dse.ldif. Is there a way using the dsconf command to import an ldif of indexes? Th

[389-users] Re: Importing Indexes via LDIF

2023-02-03 Thread Paul Whitney
ssion list for the 389 Directory server project. <389-users@lists.fedoraproject.org> Subject: [389-users] Re: Importing Indexes via LDIF Hi Paul, Not using dsconf. But you could easily do it with ldapsearch and ldapadd Regards Pierre On Fri, Feb 3, 2023 at 3:34 PM Paul Whitney mailto:pa

[389-users] 389-DS Cockpit

2023-02-03 Thread Paul Whitney
Is it possible to manage more than one 389-ds HOST through the Cockpit if I import the host descriptions into the slapd-config instance? In older version with the Java Console, there was a way to merger all of the LDAPS instances into a single view, and could manage them from a single console.