onnects via ldap uri.
dsidm does not read .dscrc, at least the manpage does not mention it. Does it
have a config file? Or do I need to supply the connection information each time?
Kind Regards
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b
nd Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
OpenPGP_signature
Description: O
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
OpenPGP_signature
Description: OpenPGP digital signa
Hi Viktor,
On 18.04.23 at 09:02 Viktor Ashirov wrote:
On Tue, Apr 18, 2023 at 8:15 AM Johannes Kastl wrote:
https://hub.docker.com/r/389ds/dirsrv only has 2.1, 2.2 and latest. 2.2
and
latest are 8 months old.
https://quay.io/repository/389ds/dirsrv?tab=tags only has latest and c9s
without
is openSUSE Tumbleweed, package version is
lib389-2.3.2~git53.a01e230-1.1.x86_64.
Any hints are welcome!
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-
ched and the old one discarded, so it will be lost and no longer usable.
Having usable tags would really be helpful, so I would be happy if this could be
done.
Have a nice day, everyone!
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b
ldapadd. Hooray!
Sorry about the missing docs. I'm working on a howto doc for running
DS in OpenShift, hope to publish it soon.
That would be really great!
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Oste
point.
Am I missing some schema? If so, how would I bootstrap it?
Sorry if those are obvious questions, but either I am lacking the deep LDAP
knowledge to answer them myself or there is an error in my setup.
Thanks in advance!
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49
hat server. I'll
open up another thread for that.
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg /
On 23.03.22 at 11:46 Johannes Kastl wrote:
ca is a folder with PEM format CA's that should be added to the trust root for
this instance.
I understood this to be optional? Is this actually required?
Found it:
https://www.port389.org/docs/389ds/howto/howto-ssl.html
ca.crt # The issuers CA
Hi again,
On 23.03.22 at 11:23 Johannes Kastl wrote:
seems like just having proper server.key and tls.key files is not enough. I
still get a warning that TLS could not be enabled:
INFO: Checking for PEM TLS files ...
INFO: Found -> []
INFO: Have /data/tls/server.key -> True
INFO: Have
On 23.03.22 at 10:50 Johannes Kastl wrote:
This approach did work, putting the following into the deployment specification:
- name: 389server-certs
secret:
secretName: my-tls-secret
items:
- key: tls.key
path: /data/tls/server.key
On 23.03.22 at 09:43 Johannes Kastl wrote:
I will try to do subpath mounting, i.e. I will specify where each of the keys is
"mounted" to, aka which file name it gets. But AFAIK this has some drawbacks,
but currently it seems like the only option.
This approach did work, putting the
Hi William,
thanks for the reply.
On 22.03.22 at 23:22 William Brown wrote:
On 22 Mar 2022, at 19:22, Johannes Kastl wrote:
1. Does the docker container have any kind of bootstrapping mechanism included,
i.e. I put some LDIF files somewhere and those get imported automatically
hich user/group should I pick to do that?
Thanks in advance, and have a nice day everyone!
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehn
On 21.04.20 at 01:59 William Brown wrote:
>> On 21 Apr 2020, at 06:08, Johannes Kastl wrote:
>> *g*
>
> Sorry I don't understand this comment?
I knew I should have used my usual smiley instead.
Basically I wanted to show that this indeed a valid reason for not using
pam-c
trust and
which ones to ignore. Is there some kind of overview? Or a list of features that
were changed in a non-backward-compatible manner?
I guess 11 is safe:
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consul
master.
In my use case just distributing the read-load while referring writes to the
single master might be enough (if that is possible).
Any thoughts and links and RTFMs are highly appreciated.
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka..
On 17.04.20 at 10:38 Johannes Kastl wrote:
> Hi again,
>
> I found several links on how to export from 389 to LDIF.
On a related note:
https://directory.fedoraproject.org/docs/389ds/howto/howto-ds-admin-migration.html
---cite---
foreach db /opt/fedora-ds/slapd-instance/db/*
db2l
On 20.04.20 at 01:17 William Brown wrote:
> Modern 389-ds no longer ships db2ldif, you need to use `dsctl
> db2ldif`
https://github.com/marcus2376/389wiki/pull/35
These are just the ones I found on quick look, not sure if all examples are
still valid.
Johannes
--
Johannes Kastl
On 20.04.20 at 01:14 William Brown wrote:
>> On 17 Apr 2020, at 18:36, Johannes Kastl wrote:
>> uis there a special reason why the SSSD Howto
>> https://www.port389.org/docs/389ds/howto/howto-sssd.html does not use
>> "pam-config -a -sss" on SUSE/open
Hi William,
On 20.04.20 at 01:17 William Brown wrote:
>> On 17 Apr 2020, at 18:38, Johannes Kastl wrote:
>> This one mentions creating a task, but the example does not work out of the
>> box:
>>> https://access.redhat.com/documentation/en-us/red_h
imilar. And two different sections for the same host seem strange to me...
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohb
/red_hat_directory_server/9.0/html/administration_guide/managing_access_control
Are there any other good tutorials or best practices on how to secure a 389
server? Restrict the bind_DN that sssd uses? Restricting people to read all
contents of the LDAP tree?
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant
t; processes will require *real* authentication), and this call
> sudo LDAPTLS_CACERT=/etc/dirsrv/slapd-localhost/ca.crt ldapwhoami -v -H
> ldaps://localhost -D uid=huncl01,ou=people,dc=aeho,dc=lan -W -x (with or
> without sudo)
>
Can you try again without ignoring the certificate, but sp
On 17.04.20 at 14:43 Mark Reynolds wrote:
> All your current PR's have been merged! Keep them coming ;-)
Thanks, that was quick!
Sure, will do so!
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Osterfelds
box:
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/populating_directory_databases-exporting_data
Am I just missing the correct link due to my bad search-foo?
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +
reate a PR for that documentation to at least mention
that it is a lot easier using pam-config.
Kind Regards
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF
guess somewhere inside SUSE.
If there is a git repo I can of course fix the things I found and create a pull
request. Easier to discuss things with a proposal at hand...
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
e opened a PR against the wiki mentioning this in the SSSD part.
https://github.com/marcus2376/389wiki/pull/33
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: ka...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www
30 matches
Mail list logo