[389-users] Re: Using dsctl and .dscrc: How to properly connect to a remote instance?

onnects via ldap uri. dsidm does not read .dscrc, at least the manpage does not mention it. Does it have a config file? Or do I need to supply the connection information each time? Kind Regards Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b

[389-users] Re: 389ds container images and tags

nd Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 OpenPGP_signature Description: O

[389-users] Helm chart for 389ds

-- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 OpenPGP_signature Description: OpenPGP digital signa

[389-users] Re: 389ds container images and tags

Hi Viktor, On 18.04.23 at 09:02 Viktor Ashirov wrote: On Tue, Apr 18, 2023 at 8:15 AM Johannes Kastl wrote: https://hub.docker.com/r/389ds/dirsrv only has 2.1, 2.2 and latest. 2.2 and latest are 8 months old. https://quay.io/repository/389ds/dirsrv?tab=tags only has latest and c9s without

[389-users] Using dsctl and .dscrc: How to properly connect to a remote instance?

is openSUSE Tumbleweed, package version is lib389-2.3.2~git53.a01e230-1.1.x86_64. Any hints are welcome! Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-

[389-users] 389ds container images and tags

ched and the old one discarded, so it will be lost and no longer usable. Having usable tags would really be helpful, so I would be happy if this could be done. Have a nice day, everyone! Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b

[389-users] Re: 389ds for Dummies: How to get started with an empty 389ds server?

ldapadd. Hooray! Sorry about the missing docs. I'm working on a howto doc for running DS in OpenShift, hope to publish it soon. That would be really great! Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Oste

[389-users] 389ds for Dummies: How to get started with an empty 389ds server?

point. Am I missing some schema? If so, how would I bootstrap it? Sorry if those are obvious questions, but either I am lacking the deep LDAP knowledge to answer them myself or there is an error in my setup. Thanks in advance! Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49

[389-users] Re: Running 389ds server in Kubernetes: Questions on certificate names and bootstrapping

hat server. I'll open up another thread for that. Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohburg /

[389-users] Re: Files required for working TLS (was: Re: Running 389ds server in Kubernetes: Questions on certificate names and bootstrapping)

On 23.03.22 at 11:46 Johannes Kastl wrote: ca is a folder with PEM format CA's that should be added to the trust root for this instance. I understood this to be optional? Is this actually required? Found it: https://www.port389.org/docs/389ds/howto/howto-ssl.html ca.crt # The issuers CA

[389-users] Files required for working TLS (was: Re: Running 389ds server in Kubernetes: Questions on certificate names and bootstrapping)

Hi again, On 23.03.22 at 11:23 Johannes Kastl wrote: seems like just having proper server.key and tls.key files is not enough. I still get a warning that TLS could not be enabled: INFO: Checking for PEM TLS files ... INFO: Found -> [] INFO: Have /data/tls/server.key -> True INFO: Have

[389-users] Re: Running 389ds server in Kubernetes: Questions on certificate names and bootstrapping

On 23.03.22 at 10:50 Johannes Kastl wrote: This approach did work, putting the following into the deployment specification: - name: 389server-certs    secret: secretName: my-tls-secret items: - key: tls.key    path: /data/tls/server.key

[389-users] Re: Running 389ds server in Kubernetes: Questions on certificate names and bootstrapping

On 23.03.22 at 09:43 Johannes Kastl wrote: I will try to do subpath mounting, i.e. I will specify where each of the keys is "mounted" to, aka which file name it gets. But AFAIK this has some drawbacks, but currently it seems like the only option. This approach did work, putting the

[389-users] Re: Running 389ds server in Kubernetes: Questions on certificate names and bootstrapping

Hi William, thanks for the reply. On 22.03.22 at 23:22 William Brown wrote: On 22 Mar 2022, at 19:22, Johannes Kastl wrote: 1. Does the docker container have any kind of bootstrapping mechanism included, i.e. I put some LDIF files somewhere and those get imported automatically

[389-users] Running 389ds server in Kubernetes: Questions on certificate names and bootstrapping

hich user/group should I pick to do that? Thanks in advance, and have a nice day everyone! Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehn

[389-users] Re: SSSD Howto: Why not use pam-config on SUSE/openSUSE?

On 21.04.20 at 01:59 William Brown wrote: >> On 21 Apr 2020, at 06:08, Johannes Kastl wrote: >> *g* > > Sorry I don't understand this comment? I knew I should have used my usual smiley instead. Basically I wanted to show that this indeed a valid reason for not using pam-c

[389-users] Re: Setting up replication: HowTo? Tutorials?

trust and which ones to ignore. Is there some kind of overview? Or a list of features that were changed in a non-backward-compatible manner? I guess 11 is safe: > https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ Kind Regards, Johannes -- Johannes Kastl Linux Consul

[389-users] Setting up replication: HowTo? Tutorials?

master. In my use case just distributing the read-load while referring writes to the single master might be enough (if that is possible). Any thoughts and links and RTFMs are highly appreciated. Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka..

[389-users] Re: Exporting to LDIF

On 17.04.20 at 10:38 Johannes Kastl wrote: > Hi again, > > I found several links on how to export from 389 to LDIF. On a related note: https://directory.fedoraproject.org/docs/389ds/howto/howto-ds-admin-migration.html ---cite--- foreach db /opt/fedora-ds/slapd-instance/db/* db2l

[389-users] Re: Exporting to LDIF

On 20.04.20 at 01:17 William Brown wrote: > Modern 389-ds no longer ships db2ldif, you need to use `dsctl > db2ldif` https://github.com/marcus2376/389wiki/pull/35 These are just the ones I found on quick look, not sure if all examples are still valid. Johannes -- Johannes Kastl

[389-users] Re: SSSD Howto: Why not use pam-config on SUSE/openSUSE?

On 20.04.20 at 01:14 William Brown wrote: >> On 17 Apr 2020, at 18:36, Johannes Kastl wrote: >> uis there a special reason why the SSSD Howto >> https://www.port389.org/docs/389ds/howto/howto-sssd.html does not use >> "pam-config -a -sss" on SUSE/open

[389-users] Re: Exporting to LDIF

Hi William, On 20.04.20 at 01:17 William Brown wrote: >> On 17 Apr 2020, at 18:38, Johannes Kastl wrote: >> This one mentions creating a task, but the example does not work out of the >> box: >>> https://access.redhat.com/documentation/en-us/red_h

[389-users] Re: 389-ds on Leap 15.1 - teething pains - it is running (with some issues) - but I still cannot test authentication

imilar. And two different sections for the same host seem strange to me... Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohb

[389-users] Restricting access to the LDAP server

/red_hat_directory_server/9.0/html/administration_guide/managing_access_control Are there any other good tutorials or best practices on how to secure a 389 server? Restrict the bind_DN that sssd uses? Restricting people to read all contents of the LDAP tree? Kind Regards, Johannes -- Johannes Kastl Linux Consultant

[389-users] Re: 389-ds on Leap 15.1 - teething pains - it is running (with some issues) - but I still cannot test authentication

t; processes will require *real* authentication), and this call > sudo LDAPTLS_CACERT=/etc/dirsrv/slapd-localhost/ca.crt ldapwhoami -v -H > ldaps://localhost -D uid=huncl01,ou=people,dc=aeho,dc=lan -W -x (with or > without sudo) > Can you try again without ignoring the certificate, but sp

[389-users] Re: Where to report issues with the documentation on port389.org / directory.fedoraproject.org/docs/?

On 17.04.20 at 14:43 Mark Reynolds wrote: > All your current PR's have been merged!  Keep them coming ;-) Thanks, that was quick! Sure, will do so! Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Osterfelds

[389-users] Exporting to LDIF

box: > https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/populating_directory_databases-exporting_data Am I just missing the correct link due to my bad search-foo? Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +

[389-users] SSSD Howto: Why not use pam-config on SUSE/openSUSE?

reate a PR for that documentation to at least mention that it is a lot easier using pam-config. Kind Regards Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF

[389-users] Re: Where to report issues with the documentation on port389.org / directory.fedoraproject.org/docs/?

guess somewhere inside SUSE. If there is a git repo I can of course fix the things I found and create a pull request. Easier to discuss things with a proposal at hand... Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de

[389-users] Quickstart documentation: SSSD setup needs "memberOf" plugin enabled

e opened a PR against the wiki mentioning this in the SSSD part. https://github.com/marcus2376/389wiki/pull/33 Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: ka...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www