I believe there is no limitation in the code. However, the limits will apply
when it comes to CPU, memory, disk, network utilization, and workload.
If you are smart about what you do, you can put a lot onto a single server but
you also have to watch it to ensure proper administration and
lots of ways of doing this… what Mark notes is one way.
if you don’t have memberOf or isMemberOf attributes managed: obtain DN of
object in question. Search for
(|((objectclass=groupOfNames)(member=USERDN))((objectclass=groupOfUniqueNames)(uniquemember=USERDN)))
if a user is a member of a
As I have been vocal in the past regarding advanced features in the 1.2.11.X
line…
I have downgraded from 1.2.11.32 to 1.2.11.15-47 in my test environment.
Initial testing shows things going quite well. I expect to migrate my prod
environment to 1.2.11.15-47 next week.
Thanks much for the
update… this advice (quoted below) ended up being the simplest path to take.
Please note on none of my DS was nsTLS1 an existing attribute so I had to add
this attribute to the cn=encryption,cn=config object. I had to do a “service
dirsrv restart” as doing a restart from console would only
Hi David (et al),
what is the right way to do this in the DS? (i am on 1.2.11.32)
i see under cn=config there is cn=encryption and there are nsSSL3Ciphers and
nsSSLSupportCiphers (lots of these). The documentation just shows the simple
on/off for SSL/TLS.
For me, my admin server has SSL on
Rich, as i choose to be on the bleeding edge, is it a good or bad idea to
run 1.3.3 on rhel 6?
/mrg
On Sep 16, 2014 8:54 AM, Rich Megginson rmegg...@redhat.com wrote:
On 09/16/2014 08:45 AM, Vesa Alho wrote:
On 16/09/14 15:02, Luigi Santangelo wrote:
Hi all,
I'm trying to install
Michael Gettes wrote:
Hi Noriko,
following instructions from the port389.org site and your email - i got the
code
./configure --host=x86_64-redhat-linux-gnu --build=x86_64-redhat-linux-gnu
--program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin --sysconfdir
in the next day or so
then I will wait.
thank you so much!
/mrg
On Sep 2, 2014, at 8:12 PM, Noriko Hosoi nho...@redhat.com wrote:
There was a backport error. We will release 1.2.11.31 as soon as possible.
Sorry about this inconvenience.
--noriko
Michael Gettes wrote:
I’m trying to set
+1 - this is much nicer and easier to find stuff. Thank you so much for the
new site!
/mrg
On Aug 27, 2014, at 10:33 AM, Andrey Ivanov andrey.iva...@polytechnique.fr
wrote:
Hi Mark,
very nice work indeed, the new site is clear and straightforward. I have a
small question about it.
what is the supported version for RHEL7? We are considering moving to RHEL7.
thanks!
/mrg
On Jul 10, 2014, at 12:50 PM, Noriko Hosoi nho...@redhat.com wrote:
Groten, Ryan wrote:
I’m a little confused about the different versions of 389 that are available.
I followed the documentation on
On Jul 7, 2014, at 11:25 AM, Rich Megginson rmegg...@redhat.com wrote:
On 07/07/2014 08:45 AM, Michael Gettes wrote:
Rich,
if you mean 3 months for 1.2.11.30,
3 months for RHEL 6.6, give or take, and as always, subject to change. That
is, don't take this as an official Red Hat(tm
Rich,
if you mean 3 months for 1.2.11.30, then i might consider building this for my
test environment - which is somewhat active. If you think this would be
helpful.
/mrg
On Jul 7, 2014, at 10:36 AM, Rich Megginson rmegg...@redhat.com wrote:
On 07/03/2014 05:13 PM, Timothy Pollard wrote:
this kinda brings up a long-standing question in my mind… what’s the “best” way
to back things up?
ok, let’s agree we need to know more about what’s the problem we are trying to
solve. For me, i’d like
to keep this somewhat generic to hopefully make this a useful discussion.
Assuming
...@boreham.org wrote:
On 5/14/2014 3:11 PM, Michael Gettes wrote:
of course, you can have yet another ldap server lying around not being used
by apps and it’s purpose is to dump
the store periodically, but that may not be part of you what want to achieve
with disparate locations
no need for wildcard certs… use the Subject Alt Name. Works fine. Been doing
it for years. certutil supports it as well.
/mrg
On May 12, 2014, at 12:08 PM, David Boreham david_l...@boreham.org wrote:
On 5/12/2014 9:53 AM, Elizabeth Jones wrote:
Do the certs have to have the server
inspect the mail headers - you can remove yourself as is the case with most
mailing lists these days.
/mrg
On Apr 23, 2014, at 10:38 AM, David Hall da...@rocketcommunications.co.uk
wrote:
Hi,
Please remove me from this list.
Thank you,
David
On 23 Apr 2014, at 15:14, Elizabeth
no, you could get rid of 7.1. if you read the deployment docs, you should look
at it from the perspective of running one 389 server as o=Company configured to
chain to another 389 server where the real data is in ou=Company,dc=hq,blah,blah
if all this is too much for you, then you may want to
On Apr 3, 2014, at 11:48 AM, Rich Megginson rmegg...@redhat.com wrote:
I'm not sure what you mean by what's available in the repo vs. what's
available by source”.
ya know, i am not really sure either. but you’re response reinforces in my
mind that something weird is going on here and i
On Apr 3, 2014, at 11:13 AM, Rich Megginson rmegg...@redhat.com wrote:
On 04/03/2014 08:53 AM, Michael Gettes wrote:
Hi all,
I recognize 389 is a community project and asking for timelines can be
problematic. Right now, I am sorta stuck between a rock and a hard place.
In production, I
Yeah, I hear what you’re saying. 47758 is due to running bleeding edge, i get
it. but i had to go there cuz I was having problems with objects getting
messed up with .15 in production and even .25 in test and I went to .28 which
had the SASL fix on top of .26 which fixed all object problems.
I have good news to report…
I updated to 1.2.11.28-3 and the problems went away - no need to even
export/import replicas.
Thank you 389 developers! You guys are awesome!
/mrg
On Mar 26, 2014, at 5:48 PM, Michael Gettes get...@gmail.com wrote:
I am continuing to pursue this problem…
I
it will.
It will still be a mystery as to why this happened and what the “right” way out
of this problem
would be.
/mrg
On Mar 25, 2014, at 6:12 PM, Michael Gettes get...@gmail.com wrote:
389-Directory/1.2.11.15 B2013.238.2155 starting up
Linux 2.6.32-431.5.1.el6.x86_64 #1 SMP Fri Jan 10 14:46:43 EST 2014 x86_64
389-Directory/1.2.11.15 B2013.238.2155 starting up
Linux 2.6.32-431.5.1.el6.x86_64 #1 SMP Fri Jan 10 14:46:43 EST 2014 x86_64
x86_64 x86_64 GNU/Linux
I have an object which I am unable to operate on. I try to modify it or delete
it and I get err=1 (Operations Error).
it looks like:
I did some searching to try and answer the following question and the answer is
not apparent to me.
I have a directory with hundreds of thousands of entries. I have an app which,
due to its behavior, needs to
be able to search for very large sets of users but I don’t want it to be able
to get
for.
/mrg
On Feb 14, 2014, at 4:13 PM, Rich Megginson rmegg...@redhat.com wrote:
On 02/14/2014 02:04 PM, Michael Gettes wrote:
I did some searching to try and answer the following question and the answer
is not apparent to me.
I have a directory with hundreds of thousands of entries. I have
well, i guess this was not a simple a question as i thought. i need to do some
testing.
/mrg
On Feb 14, 2014, at 4:55 PM, Rich Megginson rmegg...@redhat.com wrote:
On 02/14/2014 02:52 PM, Michael Gettes wrote:
i guess i wasn’t clear in my question - i am not seeing a problem with paged
389-Directory/1.2.11.15 B2013.238.21552 MMR master servers (this hang happened on one of the masters) along with 3 read-only replicas.Linux 2.6.32-358.18.1.el6.x86_64 #1 SMP Fri Aug 2 17:04:38 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux389-admin.x86_641.1.29-1.el6
As I currently understand things, 389 1.2 is available via RPM dist channels
(including epel test using rmeggins people repo) and 1.3 is available by source
tarball.
due to how my organization handles firewall access, it is quite the PITA to
build network source based software which makes it
On Nov 8, 2013, at 4:50 PM, Rich Megginson rmegg...@redhat.com wrote:
On 11/08/2013 02:10 PM, Michael Gettes wrote:
As I currently understand things, 389 1.2 is available via RPM dist channels
(including epel test using rmeggins people repo)
. . . and really isn't fully supported. My main
Here is the stack trace per your instructions…
i will be sure to get such traces in the future. got the gcore for just in
case.
/mrg
stacktrace.20131009.gz
Description: GNU Zip compressed data
On Oct 9, 2013, at 11:22 AM, Michael R. Gettes get...@gmail.com wrote:
389-Directory/1.2.11.15
We had a crash early this morning on one of our masters (MMR with 2 servers, 3
replicas connected to each). Nothing in the errors log. The service was
restarted and has not crashed since.
From syslog we have:
kernel: ns-slapd[18143]: segfault at 0 ip 7f43d5eeaad6 sp 7f437dbedf38
, Rich Megginson rmegg...@redhat.com wrote:
On 10/02/2013 08:22 AM, Michael Gettes wrote:
We had a crash early this morning on one of our masters (MMR with 2 servers,
3 replicas connected to each). Nothing in the errors log. The service was
restarted and has not crashed since.
From syslog we
Fantastic! Thank you!
/mrg
On Oct 2, 2013, at 10:55 AM, Rich Megginson rmegg...@redhat.com wrote:
On 10/02/2013 08:49 AM, Michael Gettes wrote:
Thanks. Will get the debug info established on all of our servers. I was
looking for this info and didn't realize it was buried in the FAQ
I get nothing on adding .6.1
/mrg
On Oct 2, 2013, at 11:20 AM, Nathan Kinder nkin...@redhat.com wrote:
On 09/30/2013 04:56 PM, Michael R. Gettes wrote:
I have the ldap-agent working. All I see is
snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2312
SNMPv2-SMI::enterprises.2312.6.5.1.1.389
is critical
information to fix apps or provide additional indices.
/mrg
On Sep 16, 2013, at 4:01 PM, Rich Megginson rmegg...@redhat.com wrote:
On 09/16/2013 01:58 PM, Michael Gettes wrote:
Hi, I am currently on 389-ds-base 1.2.11.15-22.el6_4 and I am running
logconv.pl on 5.5M line log file
:
On 09/25/2013 09:34 AM, Michael Gettes wrote:
Rich,
thanks again for pointing out where to get the latest logconv.pl.
I made the following minor changes to deal with my gzipped log files and the
use of an initialized variable $ip
421a422
$files[$count] = /bin/zcat $files[$count
we run 389 as nobody and I recommend others do it as well if it meets your
operational needs.
/mrg
On Sep 16, 2013, at 10:57 AM, Predrag Zecevic [Unix Systems Administrator]
predrag.zece...@2e-systems.com wrote:
Hi,
LDAP server should not be running as nobody...
Which user account you
I am using logconv.pl from 389-de-base 1.2.11.15-22.el6_4
I made a simple mod to allow it to use gzipped files as input
i don't know if this is supported in a later release but i figured i would
provide the simple change
diff logconv.pl logconv.pl.orig
348,349d347
$files[$count] =
oh cool! Thanks!
/mrg
On Sep 16, 2013, at 4:01 PM, Rich Megginson rmegg...@redhat.com wrote:
On 09/16/2013 01:58 PM, Michael Gettes wrote:
Hi, I am currently on 389-ds-base 1.2.11.15-22.el6_4 and I am running
logconv.pl on 5.5M line log file. At the end it hangs up - in a loop
forever
Hi, I am currently on 389-ds-base 1.2.11.15-22.el6_4 and I am running
logconv.pl on 5.5M line log file. At the end it hangs up - in a loop forever
and doesn't finish generating the report. What I am wondering is if I
installed 1.3 latest on another system and got the log file over there, will
Hi All,
I'm finally trying to upgrade from 1.2.9.9 to ds-base = 1.2.11.15-20 on RHEL6
All is going well until I run the setup-ds-admin.pl -u
The output from setup-ds-admin.pl -u is:
Are you ready to set up your servers? [yes]:
Registering the directory server instances with the configuration
Hey russ, I've got the same problem for large groups using member... We are
coming from an openldap world so not much use of uniquemember yet.
On Apr 18, 2012 2:10 PM, Russell Beall be...@usc.edu wrote:
Does anybody have a pointer to any performance comparisons between Sun DS
and 389?
I was
Ref int is not on.
On Mar 27, 2012 10:11 AM, Mark Reynolds marey...@redhat.com wrote:
Michael,
Something else to check is the Referential Integrity Plugin. Is it
enabled? If it is, something that I have seen that helps is to set the
interval from 0 to 1 second. Or turn it off to rule it
and referint
enabled. It took about 30 seconds to complete but it never hanged
(389DS v1.2.9.10).
2012/3/27 Michael Gettes get...@gmail.com:
Ref int is not on.
On Mar 27, 2012 10:11 AM, Mark Reynolds marey...@redhat.com wrote:
Michael,
Something else to check is the Referential Integrity
Hi All,
I am following the instructions on http://port389.org/wiki/Download for EL5
(towards the bottom) and it would appear the URLs are bad. There appears
to be no port389.org/yum/blah. I need to use EL5 - going to EL6 not yet an
option. Has anyone gotten this to work? Pointers appreciated.
.
authentication not working.
/mrg
On Mon, Feb 13, 2012 at 10:12 AM, Rich Megginson rmegg...@redhat.comwrote:
**
On 02/11/2012 11:37 AM, Michael Gettes wrote:
I have a need to use a search filter in SASL mappings where it looks like
something
((uid=\1)(|(objectclass=x)(objectclass=y
I have a need to use a search filter in SASL mappings where it looks like
something
((uid=\1)(|(objectclass=x)(objectclass=y)))
the is being substituted like \1 as seen with tracing turned on. I have
tried escaping it as \ and \\ smb://. I can't find any documentation
on how the
47 matches
Mail list logo