Re: [389-users] 389-console on OSX?
1. make sure you have x11 installed (this is part of the xcode cd, along w/ gcc and a bunch of other tools) 2. ssh -X ldap-server.domain.com 3. run the console ui 4. the x11 bits will be forwarded to your host via ssh, thus its running on the directory server, but you can see the UI locally. On Aug 6, 2010, at 3:57 PM, wrote: > Hi All, > > Just curious if anyone has gotten the UI/console working on OSX? I > did a quick look though the howto's but didn't see anything and did > a google search and didn't come up with much... > > Since it's Java based, I was thinking that, with a little work, I > could bastardize the Windows howto and get it running on OSX. > Anyone try this before? > > Brian > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] 389-console on OSX?
Hi All, Just curious if anyone has gotten the UI/console working on OSX? I did a quick look though the howto's but didn't see anything and did a google search and didn't come up with much... Since it's Java based, I was thinking that, with a little work, I could bastardize the Windows howto and get it running on OSX. Anyone try this before? Brian -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Security Level = Domestic
Gerrard Geldenhuis wrote: > ___ > From: 389-users-boun...@lists.fedoraproject.org > [389-users-boun...@lists.fedoraproject.org] on behalf of Rich Megginson > [rmegg...@redhat.com] > Sent: 06 August 2010 18:17 > To: General discussion list for the 389 Directory server project. > Subject: Re: [389-users] Security Level = Domestic > > Gerrard Geldenhuis wrote: > >> Hi >> In the management console there is a Security level: domestic >> >> I found no reference to this in the documentation and a quick google >> revealed this page: >> http://docs.sun.com/source/816-5567-10/3_consol.htm >> >> which suggest that this has to do with the type and level of encryption used. >> >> Thus this refer to the level of encryption used in the SSL certificates? >> >> > Yes, and it is obsolete. The security level is always domestic (since > 2001 or so). > > So there is no option of using other security encryptions...? I don't even know if it is possible to use "export" encryption any more. > (Conspiracy theorists might have objections) If you're paranoid, you definitely wouldn't want to use "export" encryption. > Would it be worth while removing it completely from the UI? > Yes. Please file a bug (if there's not one open already). > Regards > > > In order to protect our email recipients, Betfair Group use SkyScan from > MessageLabs to scan all Incoming and Outgoing mail for viruses. > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Security Level = Domestic
___ From: 389-users-boun...@lists.fedoraproject.org [389-users-boun...@lists.fedoraproject.org] on behalf of Rich Megginson [rmegg...@redhat.com] Sent: 06 August 2010 18:17 To: General discussion list for the 389 Directory server project. Subject: Re: [389-users] Security Level = Domestic Gerrard Geldenhuis wrote: > Hi > In the management console there is a Security level: domestic > > I found no reference to this in the documentation and a quick google revealed > this page: > http://docs.sun.com/source/816-5567-10/3_consol.htm > > which suggest that this has to do with the type and level of encryption used. > > Thus this refer to the level of encryption used in the SSL certificates? > Yes, and it is obsolete. The security level is always domestic (since 2001 or so). So there is no option of using other security encryptions...? (Conspiracy theorists might have objections) Would it be worth while removing it completely from the UI? Regards In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] 389 v. 1.2.6 (bug) boolean value are case sensitive (eg."true" doesn't work)
On Friday 06 August 2010 15:43:12 Rich Megginson wrote: > Yes, this was changed due to RFC 4517 enforcement - > http://www.ietf.org/rfc/rfc4517.txt - section 3.3.3: > > The LDAP-specific encoding of a value of this syntax is >defined by the following ABNF: > > Boolean = "TRUE" / "FALSE" ok, I wish it will improve performance :DDD Peace, R: -- Roberto Polli Babel S.r.l. - http://www.babel.it Tel. +39.06.91801075 - fax +39.06.91612446 Tel. cel +39.340.6522736 P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma) "Il seguente messaggio contiene informazioni riservate. Qualora questo messaggio fosse da Voi ricevuto per errore, Vogliate cortesemente darcene notizia a mezzo e-mail. Vi sollecitiamo altresì a distruggere il messaggio erroneamente ricevuto. Quanto precede Vi viene chiesto ai fini del rispetto della legge in materia di protezione dei dati personali." -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] 389 v. 1.2.6 (bug) boolean value are case sensitive (eg."true" doesn't work)
Hi all, Since 1.2.6 I found this bug. * lowercase boolean values are refused. ex. this won't work anymore syncmlEnabled: true I must use: syncmlEnabled: TRUE quite strange behavior: Let me know + Peace, R. -- Roberto Polli Babel S.r.l. - http://www.babel.it Tel. +39.06.91801075 - fax +39.06.91612446 Tel. cel +39.340.6522736 P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma) "Il seguente messaggio contiene informazioni riservate. Qualora questo messaggio fosse da Voi ricevuto per errore, Vogliate cortesemente darcene notizia a mezzo e-mail. Vi sollecitiamo altresì a distruggere il messaggio erroneamente ricevuto. Quanto precede Vi viene chiesto ai fini del rispetto della legge in materia di protezione dei dati personali." -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] replica/rdn problems with 1.2.6 rc6
On 08/05/2010 07:03 PM, Rich Megginson wrote:
> This looks ok. Can you provide the exact steps you used so I can try to
> reproduce this?
Certainly.
1) clean OS install (CentOS 5.4 x86_64 here), latest 389 packages (yum
--enablerepo epel-testing)
389-dsgw-1.1.5-1.el5
389-admin-console-1.1.5-1.el5
389-ds-1.2.1-1.el5
389-adminutil-1.1.8-4.el5
389-admin-1.1.11-0.6.rc2.el5
389-ds-console-1.2.3-1.el5
389-admin-console-doc-1.1.5-1.el5
389-console-1.1.4-1.el5
389-ds-base-1.2.6-0.9.rc6.el5
389-ds-console-doc-1.2.3-1.el5
2) run setup-ds-admin.pl, .inf follows below [4]
3) add user for replication
[r...@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
"cn=directory manager" -w password
dn: cn=replication manager,cn=config
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: replication manager
sn: RM
userPassword: {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A=
adding new entry cn=replication manager,cn=config
4) attempt to add consumer replica entry
[r...@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
"cn=directory manager" -w password
dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: dc=example
nsds5replicatype: 2
nsds5ReplicaBindDN: cn=replication manager,cn=config
adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
ldap_add: Object class violation
ldap_add: additional info: missing attribute "nsDS5ReplicaId" required
by object class "nsDS5Replica"
Strange, I thought replicaID wasn't required when replicatype is set to
2 (i.e. read-only consumer) - e.g. in the example in the documentation
[1]. Well, let's try with that anyway:
[r...@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
"cn=directory manager" -w password
dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: dc=example
nsds5replicatype: 2
nsds5ReplicaBindDN: cn=replication manager,cn=config
nsds5replicaid: 1234
adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
ldap_add: Operations error
Error in /var/log/dirsrv/slapd-389-master02/errors [2]
5) Attempt to achieve same thing through GUI, which we'd used on
previous versions (obviously in the GUI you can't specify a replica ID
when creating a consumer)
- open directory server console
- Configuration tab
- expand Replication subtree
- click userRoot
- tick Enable Replica: Dedicated Consumer, add supplier DN
cn=replication manager,cn=config, all other settings default
- click Save
Error box pops up:
Modification Failed
Operations error
Error in /var/log/dirsrv/slapd-389-master02/errors [3]
Anything else I can provide?
Cheers
Jonathan
---
[1]
http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Replication-Configuring-Replication-cmd.html#Configuring-Replication-Consumers-cmd
[2]
[06/Aug/2010:10:11:14 +0100] entryrdn-index - _entryrdn_insert_key:
Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
found(-30989)
[06/Aug/2010:10:11:14 +0100] - add: attempt to index 1 failed
[06/Aug/2010:10:11:14 +0100] NSMMReplicationPlugin -
_replica_configure_ruv: failed to create replica ruv tombstone entry
(dc=example); LDAP error - 1
[3]
[06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin - replica_add_by_dn:
replica with dn (dc=example) already in the hash
[06/Aug/2010:10:18:57 +0100] entryrdn-index - _entryrdn_insert_key:
Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
found(-30989)
[06/Aug/2010:10:18:57 +0100] - add: attempt to index 1 failed
[06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin -
_replica_configure_ruv: failed to create replica ruv tombstone entry
(dc=example); LDAP error - 1
[4] inf file generated from setup-ds-admin.pl
[General]
AdminDomain = example
ConfigDirectoryAdminID = admin
ConfigDirectoryAdminPwd = password
ConfigDirectoryLdapURL = ldap://389-master02.example:389/o=NetscapeRoot
FullMachineName = 389-master02.example
ServerRoot = /usr/lib64/dirsrv
SuiteSpotGroup = nobody
SuiteSpotUserID = nobody
prefix =
[admin]
Port = 9830
ServerAdminID = admin
ServerAdminPwd = password
ServerIpAddress = 0.0.0.0
SysUser = nobody
[slapd]
AddOrgEntries = No
AddSampleEntries = No
HashedRootDNPwd = {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A==
InstallLdifFile = none
RootDN = cn=Directory Manager
RootDNPwd = password
ServerIdentifier = 389-master02
ServerPort = 389
SlapdConfigForMC = yes
Suffix = dc=example
UseExistingMC = 0
bak_dir = /var/lib/dirsrv/slapd-389-master02/bak
bindir = /usr/bin
cert_dir = /etc/dirsrv/slapd-389-master02
config_dir = /etc/dirsrv/slapd-389-master02
datadir = /usr/share
db_dir = /var/lib/dirsrv/slapd-389-master02/db
ds_bename = userRoot
inst_dir = /usr/lib64/dirsrv/slapd-389-master02
ldif_dir = /var/lib/dirsrv/slapd-389-master02/ldif
localstatedir = /var
lock_dir =
