[389-users] Re: Samba & 389 Directory Server Integration

2019-02-25 Thread Janet H 
Thanks Mark!

I appreciate the quick reply.   I'll try the -Z option and see how it goes. 

Cheers,
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: Update userpassword from consummer

2019-02-25 Thread wodel youchi 
Hi,
I redid the configuration from scratch, and I've created a new user
(uid=lnadmin,ou=special users,dc=example,dc=com) and I gave him
administrative rights.
This new user belongs to the chained area.

I did some tests with this account to modify users attributes including the
userPassword attribute from the master server, and it works perfectly.

on the other hand, on the slave, modifying other attributes other than
userPassword works and the update is chained.
But modifying userPassword didn't work, and here are the results :

*1) Modify givenname from the slave*
ldapmodify -h localhost -p 389  -D "uid=lnadmin,ou=special
users,dc=example,dc=com" -w pass -x  < EOF
modifying entry "uid=adam,ou=people,dc=example,dc=com"

*Result* : the modification is done and chained to the master, but I get an
error shown in the error log on the slave (see below in bold-red)

*Log from the slave *:
*Access* :
[25/Feb/2019:14:56:06.577269198 +0100] conn=54 fd=67 slot=67 connection
from ::1 to ::1
[25/Feb/2019:14:56:06.577393763 +0100] conn=54 op=0 BIND
dn="uid=lnadmin,ou=special users,dc=example,dc=com" method=128 version=3
[25/Feb/2019:14:56:06.578398778 +0100] conn=54 op=0 RESULT err=0 tag=97
nentries=0 etime=0.0001044129 dn="uid=lnadmin,ou=special
users,dc=example,dc=com"
[25/Feb/2019:14:56:06.578704548 +0100] conn=54 op=1 MOD
dn="uid=adam,ou=people,dc=example,dc=com"
[25/Feb/2019:14:56:06.677356989 +0100] conn=55 fd=68 slot=68 SSL connection
from 192.168.40.101 to 192.168.40.102
[25/Feb/2019:14:56:06.684970522 +0100] conn=55 TLS1.2 256-bit AES-GCM
[25/Feb/2019:14:56:06.685359430 +0100] conn=55 op=0 BIND dn="cn=replication
manager,cn=config" method=128 version=3
[25/Feb/2019:14:56:06.685504876 +0100] conn=55 op=0 RESULT err=0 tag=97
nentries=0 etime=0.0008085105 dn="cn=replication manager,cn=config"
[25/Feb/2019:14:56:06.685951988 +0100] conn=55 op=1 SRCH base="" scope=0
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[25/Feb/2019:14:56:06.686522468 +0100] conn=55 op=1 RESULT err=0 tag=101
nentries=1 etime=0.641275
[25/Feb/2019:14:56:06.686921120 +0100] conn=55 op=2 SRCH base="" scope=0
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[25/Feb/2019:14:56:06.687436239 +0100] conn=55 op=2 RESULT err=0 tag=101
nentries=1 etime=0.630283
[25/Feb/2019:14:56:06.687958906 +0100] conn=55 op=3 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[25/Feb/2019:14:56:06.688118224 +0100] conn=55 op=3 RESULT err=0 tag=120
nentries=0 etime=0.245044
[25/Feb/2019:14:56:06.689082577 +0100] conn=55 op=4 MOD
dn="uid=adam,ou=people,dc=example,dc=com"
[25/Feb/2019:14:56:06.695724845 +0100] conn=54 op=1 RESULT err=0 tag=103
nentries=0 etime=0.0117138489
[25/Feb/2019:14:56:06.696481191 +0100] conn=54 op=2 UNBIND
[25/Feb/2019:14:56:06.696496220 +0100] conn=54 op=2 fd=67 closed - U1
[25/Feb/2019:14:56:06.702453879 +0100] conn=55 op=4 RESULT err=0 tag=103
nentries=0 etime=0.0013403378 csn=5c73f3f60001
[25/Feb/2019:14:56:06.834935702 +0100] conn=55 op=5 EXT
oid="2.16.840.1.113730.3.5.5" name="replication-multimaster-extop"
[25/Feb/2019:14:56:06.844701440 +0100] conn=55 op=5 RESULT err=0 tag=120
nentries=0 etime=0.0010011286



*Error : [25/Feb/2019:14:56:06.659891340 +0100] - ERR -
managed-entries-plugin - mep_mod_post_op - Unable to fetch postop
entry.[25/Feb/2019:14:56:06.680435055 +0100] - ERR - chaining database -
chaining_back_modify - modify (uid=adam,ou=people,dc=example,dc=com): post
betxn failed, error (-1)*


*2) Modify userPassword from the slave using clear text password*
ldapmodify -h localhost -p 389  -D "uid=lnadmin,ou=special
users,dc=example,dc=com" -w pass -x  < a écrit :

>
>
> > On 19 Feb 2019, at 00:54, Mark Reynolds  wrote:
> >
> >
> >
> > On 2/18/19 7:46 AM, wodel youchi wrote:
> >> Hi,
> >>
> >> I did a test, but unfortunately it didn't work for me.
> >>
> >> This is my LAB:
> >>  • 389DS Servers :
> >>  • OS CentOS7 all updates
> >>  • 389DS version 1.3.8.4-22
> >>  • domain : dc=example,dc=com
> >>  • users on : uid=%u,ou=people,dc=example,dc=com
> >>  • One master server (idm01.example.com) and one slave
> server (idm02.example.com).
> >>  • Replication configured for userRoot database
> (dc=example,dc=com)
> >>  • Replication uses this user cn=replication
> manager,cn=config
> >>  • Password Policy is configured.
> >>  • Mail server Zimbra 8.8.11
> >>  • OS CentOS7 all updates
> >>  • Zimbra FOSS 8.8.11.
> >>  • External authentication configured  using LDAP server
> >>  • Installation of ADPassword connector to allow
> change password from Zimbra WebUI
> >>  • External authentication was configured first on
> idm01.example.com to test that change pass works correctly.
> >>  • External authentication was modified to use
> idm02.example.com to