date:20190906

[389-users] Re: urp_fixup_add_cenotaph errors

2019-09-06 Thread Morgan, Iain (ARC-TN)[InuTeq, LLC]

Hello Marc,

Yes, it is 389-ds-base1.3.9.1-10.el7, but we are not using IPA and there are no 
memberOf plugin errors. The actual modrdn operations have error=0.

-- 
Iain Morgan

On 9/6/19, 15:05, "Marc Sauton"  wrote:

could you check the system has 389-ds-base-1.3.9.1-10.el7 

 or
 above?
do the MODRDN fail with err=53?
is it in IPA context with memberof-plugin errors?
there was a bug fix in bz 1680245 that seem related to this, may be there 
is till something going on, or may be it can be ignored.

we would likely need to privately review more logs to tell (open a RH case?)
Thanks,
M.


On Fri, Sep 6, 2019 at 10:38 AM Morgan, Iain (ARC-TN)[InuTeq, LLC] 
 wrote:




On 9/5/19, 18:11, "Iain Morgan"  wrote:

Hello,

While testing 389-ds 1.3.9.1 on RHEL 7.7, I noticed the the errors
listed below. The actual LDAP operations all succeed, but I find the
errors disconcerting.


[28/Aug/2019:10:42:13.446609256 -0700] - ERR - conn=44 op=5 - 
urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
[28/Aug/2019:10:42:14.202854398 -0700] - ERR - conn=52 op=5 - 
urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
[28/Aug/2019:10:42:18.504412946 -0700] - ERR - conn=95 op=3 - 
urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
[28/Aug/2019:10:42:24.412896470 -0700] - ERR - conn=160 op=8 - 
urp_fixup_add_cenotaph - failed to add cenotaph, err= 21

These all appear to be related to modrdn operations.

-- 
Iain Morgan

___
389-users mailing list -- 
389-users@lists.fedoraproject.org 
To unsubscribe send an email to 
389-users-le...@lists.fedoraproject.org 

Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/ 

List Guidelines: 
https://fedoraproject.org/wiki/Mailing_list_guidelines 

List Archives: 

https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org 






___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: urp_fixup_add_cenotaph errors

2019-09-06 Thread Marc Sauton

could you check the system has 389-ds-base-1.3.9.1-10.el7

or
above?
do the MODRDN fail with err=53?
is it in IPA context with memberof-plugin errors?
there was a bug fix in bz 1680245 that seem related to this, may be there
is till something going on, or may be it can be ignored.
we would likely need to privately review more logs to tell (open a RH case?)
Thanks,
M.

On Fri, Sep 6, 2019 at 10:38 AM Morgan, Iain (ARC-TN)[InuTeq, LLC] <
iain.mor...@nasa.gov> wrote:

>
>
> On 9/5/19, 18:11, "Iain Morgan"  wrote:
>
> Hello,
>
> While testing 389-ds 1.3.9.1 on RHEL 7.7, I noticed the the errors
> listed below. The actual LDAP operations all succeed, but I find the
> errors disconcerting.
>
>
> [28/Aug/2019:10:42:13.446609256 -0700] - ERR - conn=44 op=5 -
> urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
> [28/Aug/2019:10:42:14.202854398 -0700] - ERR - conn=52 op=5 -
> urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
> [28/Aug/2019:10:42:18.504412946 -0700] - ERR - conn=95 op=3 -
> urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
> [28/Aug/2019:10:42:24.412896470 -0700] - ERR - conn=160 op=8 -
> urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
>
> These all appear to be related to modrdn operations.
>
> --
> Iain Morgan
>
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: Docker official image

2019-09-06 Thread Olivier JUDITH

Hi William , 

I'm running docker image FROM opensuse/leap:15 . 
I launched the command :
dsconf ldap://localhost:3389 -D 'cn=directory manager' -w xx backend create 
--suffix dc=domain,dc=net --be-name UserData

it finished successfully , but i still cannot see the suffix . 

So i added ACI 

dn: dc=thecos,dc=net
changetype: add
objectClass: domain
objectClass: top
dc: thecos
aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"
 ; allow (read, search, compare) userdn="ldap:///anyone;;)
aci: (targetattr ="*")(version 3.0;acl "Directory Administrators Group";allo
 w (all) (groupdn = "ldap:///cn=Directory Administrators, dc=thecos,dc=net")
 ;)

Now i can see root suffix from Apache Directory Studio
Thanks for your help

Rgds
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: urp_fixup_add_cenotaph errors

2019-09-06 Thread Morgan, Iain (ARC-TN)[InuTeq, LLC]



On 9/5/19, 18:11, "Iain Morgan"  wrote:

Hello,

While testing 389-ds 1.3.9.1 on RHEL 7.7, I noticed the the errors
listed below. The actual LDAP operations all succeed, but I find the
errors disconcerting.


[28/Aug/2019:10:42:13.446609256 -0700] - ERR - conn=44 op=5 - 
urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
[28/Aug/2019:10:42:14.202854398 -0700] - ERR - conn=52 op=5 - 
urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
[28/Aug/2019:10:42:18.504412946 -0700] - ERR - conn=95 op=3 - 
urp_fixup_add_cenotaph - failed to add cenotaph, err= 21
[28/Aug/2019:10:42:24.412896470 -0700] - ERR - conn=160 op=8 - 
urp_fixup_add_cenotaph - failed to add cenotaph, err= 21

These all appear to be related to modrdn operations.

-- 
Iain Morgan

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: FIPS 140-2 and dirsrv-admin

2019-09-06 Thread Mark Reynolds


Paul,

Turns out I had to do some work around this area anyway, so I will 
respin the admin server with a potential fix.  I would like you to test 
it for me.  What is the exact version of 389-admin you are using?   rpm 
-qa | 389-admin


Thanks,
Mark

On 8/30/19 9:12 PM, William Brown wrote:



On 31 Aug 2019, at 03:07, Mark Reynolds  wrote:

Well... not to be a messenger of bad news, but 389-admin/389-console & friends 
are deprecated.  We are not doing any more bug fixes around these packages.  The 
old java console has been replaced by a Cockpit plugin in Fedora31/RHEL8/CentOS8.

What if they are on RHEL7? :(


Sorry,

Mark

On 8/30/19 11:37 AM, Paul Whitney wrote:

Please do.  It is not “critical” yet, but I the writing is on the wall and will 
become an issue without some waiver. Worst case I enable it and disable as 
needed.

Thank you,


Paul M. Whitney
Sent from my Mac Book Pro


On Aug 29, 2019, at 8:14 PM, William Brown  wrote:

I can open the issue on your behalf, or if it's serious and you want it looked 
at as a priority, you may want to consider raising a case with RH/SUSE direct.


On 30 Aug 2019, at 09:32, Paul Whitney  wrote:

Ok, is there an action required from me?

Paul


On 8/29/19, 5:34 PM, "William Brown"  wrote:

   This could be in "report an issue" territory I think in that case. Seems 
easy to reproduce.


On 30 Aug 2019, at 02:15, Paul Whitney  wrote:

Hi William,

It is an issue with FIPS.  You are correct there are differences between the 
pin.txt file used in admin-serv and the slap instances.  However, I went into 
grub.conf and changed fips=1 to fips=0.  Rebooted the system and the 
dirsrv-admin process started right up.  DISA hardening requires FIPS enabled 
OS.  So this may be one of those issues that will come back again.  In the 
meantime, we will look at finding a waiver.


Thanks,
Paul


On Aug 28, 2019, at 7:10 PM, William Brown  wrote:

If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + 
fips. I remember discussing this with Mark as something that may fall into the "fix 
when someone runs into it" because that combination we thought would be rare.

But I'm not sure that this issue here is a fips one? I've seen another issue 
lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, 
but I'm not sure of the details.

Are there fresh installs of ds? Or upgrades?


On 28 Aug 2019, at 05:51, Paul Whitney  wrote:

Hi guys,

I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 
7.  The instances seem to start up no problem.  However, the admin console 
(dirsrv-admin) is complaining the password credentials are not valid for the 
NSS FIPS 140-2 DB even through the exact same credentials are presented to the 
SLAPD instances.  I am using a pin.txt file in the correct format for both 
SLAPD and DIRSRV-ADMIN.

Are there compatibility issues with FIPS and 389-DS admin-serv?

Paul M. Whitney
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

   —
   Sincerely,

   William Brown

   Senior Software Engineer, 389 Directory Server
   SUSE Labs
   ___
   389-users mailing list -- 389-users@lists.fedoraproject.org
   To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
   Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
   List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
   List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org


___
389-users mailing list --

[389-users] Re: urp_fixup_add_cenotaph errors

[389-users] Re: urp_fixup_add_cenotaph errors

[389-users] Re: Docker official image

[389-users] Re: urp_fixup_add_cenotaph errors

[389-users] Re: FIPS 140-2 and dirsrv-admin

5 matches

Site Navigation

Mail list logo

Footer information