Re: [389-users] 389-console on OSX?
1. make sure you have x11 installed (this is part of the xcode cd, along w/ gcc and a bunch of other tools) 2. ssh -X ldap-server.domain.com 3. run the console ui 4. the x11 bits will be forwarded to your host via ssh, thus its running on the directory server, but you can see the UI locally. On Aug 6, 2010, at 3:57 PM, wrote: > Hi All, > > Just curious if anyone has gotten the UI/console working on OSX? I > did a quick look though the howto's but didn't see anything and did > a google search and didn't come up with much... > > Since it's Java based, I was thinking that, with a little work, I > could bastardize the Windows howto and get it running on OSX. > Anyone try this before? > > Brian > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] 389-console on OSX?
Hi All, Just curious if anyone has gotten the UI/console working on OSX? I did a quick look though the howto's but didn't see anything and did a google search and didn't come up with much... Since it's Java based, I was thinking that, with a little work, I could bastardize the Windows howto and get it running on OSX. Anyone try this before? Brian -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Security Level = Domestic
Gerrard Geldenhuis wrote: > ___ > From: 389-users-boun...@lists.fedoraproject.org > [389-users-boun...@lists.fedoraproject.org] on behalf of Rich Megginson > [rmegg...@redhat.com] > Sent: 06 August 2010 18:17 > To: General discussion list for the 389 Directory server project. > Subject: Re: [389-users] Security Level = Domestic > > Gerrard Geldenhuis wrote: > >> Hi >> In the management console there is a Security level: domestic >> >> I found no reference to this in the documentation and a quick google >> revealed this page: >> http://docs.sun.com/source/816-5567-10/3_consol.htm >> >> which suggest that this has to do with the type and level of encryption used. >> >> Thus this refer to the level of encryption used in the SSL certificates? >> >> > Yes, and it is obsolete. The security level is always domestic (since > 2001 or so). > > So there is no option of using other security encryptions...? I don't even know if it is possible to use "export" encryption any more. > (Conspiracy theorists might have objections) If you're paranoid, you definitely wouldn't want to use "export" encryption. > Would it be worth while removing it completely from the UI? > Yes. Please file a bug (if there's not one open already). > Regards > > > In order to protect our email recipients, Betfair Group use SkyScan from > MessageLabs to scan all Incoming and Outgoing mail for viruses. > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Security Level = Domestic
___ From: 389-users-boun...@lists.fedoraproject.org [389-users-boun...@lists.fedoraproject.org] on behalf of Rich Megginson [rmegg...@redhat.com] Sent: 06 August 2010 18:17 To: General discussion list for the 389 Directory server project. Subject: Re: [389-users] Security Level = Domestic Gerrard Geldenhuis wrote: > Hi > In the management console there is a Security level: domestic > > I found no reference to this in the documentation and a quick google revealed > this page: > http://docs.sun.com/source/816-5567-10/3_consol.htm > > which suggest that this has to do with the type and level of encryption used. > > Thus this refer to the level of encryption used in the SSL certificates? > Yes, and it is obsolete. The security level is always domestic (since 2001 or so). So there is no option of using other security encryptions...? (Conspiracy theorists might have objections) Would it be worth while removing it completely from the UI? Regards In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] 389 v. 1.2.6 (bug) boolean value are case sensitive (eg."true" doesn't work)
On Friday 06 August 2010 15:43:12 Rich Megginson wrote: > Yes, this was changed due to RFC 4517 enforcement - > http://www.ietf.org/rfc/rfc4517.txt - section 3.3.3: > > The LDAP-specific encoding of a value of this syntax is >defined by the following ABNF: > > Boolean = "TRUE" / "FALSE" ok, I wish it will improve performance :DDD Peace, R: -- Roberto Polli Babel S.r.l. - http://www.babel.it Tel. +39.06.91801075 - fax +39.06.91612446 Tel. cel +39.340.6522736 P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma) "Il seguente messaggio contiene informazioni riservate. Qualora questo messaggio fosse da Voi ricevuto per errore, Vogliate cortesemente darcene notizia a mezzo e-mail. Vi sollecitiamo altresì a distruggere il messaggio erroneamente ricevuto. Quanto precede Vi viene chiesto ai fini del rispetto della legge in materia di protezione dei dati personali." -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] 389 v. 1.2.6 (bug) boolean value are case sensitive (eg."true" doesn't work)
Hi all, Since 1.2.6 I found this bug. * lowercase boolean values are refused. ex. this won't work anymore syncmlEnabled: true I must use: syncmlEnabled: TRUE quite strange behavior: Let me know + Peace, R. -- Roberto Polli Babel S.r.l. - http://www.babel.it Tel. +39.06.91801075 - fax +39.06.91612446 Tel. cel +39.340.6522736 P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma) "Il seguente messaggio contiene informazioni riservate. Qualora questo messaggio fosse da Voi ricevuto per errore, Vogliate cortesemente darcene notizia a mezzo e-mail. Vi sollecitiamo altresì a distruggere il messaggio erroneamente ricevuto. Quanto precede Vi viene chiesto ai fini del rispetto della legge in materia di protezione dei dati personali." -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] replica/rdn problems with 1.2.6 rc6
On 08/05/2010 07:03 PM, Rich Megginson wrote: > This looks ok. Can you provide the exact steps you used so I can try to > reproduce this? Certainly. 1) clean OS install (CentOS 5.4 x86_64 here), latest 389 packages (yum --enablerepo epel-testing) 389-dsgw-1.1.5-1.el5 389-admin-console-1.1.5-1.el5 389-ds-1.2.1-1.el5 389-adminutil-1.1.8-4.el5 389-admin-1.1.11-0.6.rc2.el5 389-ds-console-1.2.3-1.el5 389-admin-console-doc-1.1.5-1.el5 389-console-1.1.4-1.el5 389-ds-base-1.2.6-0.9.rc6.el5 389-ds-console-doc-1.2.3-1.el5 2) run setup-ds-admin.pl, .inf follows below [4] 3) add user for replication [r...@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D "cn=directory manager" -w password dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A= adding new entry cn=replication manager,cn=config 4) attempt to add consumer replica entry [r...@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D "cn=directory manager" -w password dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config changetype: add objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: dc=example nsds5replicatype: 2 nsds5ReplicaBindDN: cn=replication manager,cn=config adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config ldap_add: Object class violation ldap_add: additional info: missing attribute "nsDS5ReplicaId" required by object class "nsDS5Replica" Strange, I thought replicaID wasn't required when replicatype is set to 2 (i.e. read-only consumer) - e.g. in the example in the documentation [1]. Well, let's try with that anyway: [r...@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D "cn=directory manager" -w password dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config changetype: add objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: dc=example nsds5replicatype: 2 nsds5ReplicaBindDN: cn=replication manager,cn=config nsds5replicaid: 1234 adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config ldap_add: Operations error Error in /var/log/dirsrv/slapd-389-master02/errors [2] 5) Attempt to achieve same thing through GUI, which we'd used on previous versions (obviously in the GUI you can't specify a replica ID when creating a consumer) - open directory server console - Configuration tab - expand Replication subtree - click userRoot - tick Enable Replica: Dedicated Consumer, add supplier DN cn=replication manager,cn=config, all other settings default - click Save Error box pops up: Modification Failed Operations error Error in /var/log/dirsrv/slapd-389-master02/errors [3] Anything else I can provide? Cheers Jonathan --- [1] http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Replication-Configuring-Replication-cmd.html#Configuring-Replication-Consumers-cmd [2] [06/Aug/2010:10:11:14 +0100] entryrdn-index - _entryrdn_insert_key: Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair found(-30989) [06/Aug/2010:10:11:14 +0100] - add: attempt to index 1 failed [06/Aug/2010:10:11:14 +0100] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (dc=example); LDAP error - 1 [3] [06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin - replica_add_by_dn: replica with dn (dc=example) already in the hash [06/Aug/2010:10:18:57 +0100] entryrdn-index - _entryrdn_insert_key: Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair found(-30989) [06/Aug/2010:10:18:57 +0100] - add: attempt to index 1 failed [06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (dc=example); LDAP error - 1 [4] inf file generated from setup-ds-admin.pl [General] AdminDomain = example ConfigDirectoryAdminID = admin ConfigDirectoryAdminPwd = password ConfigDirectoryLdapURL = ldap://389-master02.example:389/o=NetscapeRoot FullMachineName = 389-master02.example ServerRoot = /usr/lib64/dirsrv SuiteSpotGroup = nobody SuiteSpotUserID = nobody prefix = [admin] Port = 9830 ServerAdminID = admin ServerAdminPwd = password ServerIpAddress = 0.0.0.0 SysUser = nobody [slapd] AddOrgEntries = No AddSampleEntries = No HashedRootDNPwd = {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A== InstallLdifFile = none RootDN = cn=Directory Manager RootDNPwd = password ServerIdentifier = 389-master02 ServerPort = 389 SlapdConfigForMC = yes Suffix = dc=example UseExistingMC = 0 bak_dir = /var/lib/dirsrv/slapd-389-master02/bak bindir = /usr/bin cert_dir = /etc/dirsrv/slapd-389-master02 config_dir = /etc/dirsrv/slapd-389-master02 datadir = /usr/share db_dir = /var/lib/dirsrv/slapd-389-master02/db ds_bename = userRoot inst_dir = /usr/lib64/dirsrv/slapd-389-master02 ldif_dir = /var/lib/dirsrv/slapd-389-master02/ldif localstatedir = /var lock_dir =