[389-users] Announcing 389 Directory Server 2.1.4

2022-07-28 Thread Mark Reynolds 


   389 Directory Server 2.1.4

The 389 Directory Server team is proud to announce 389-ds-base version 2.1.4

Fedora packages are available on Fedora 36

http://koji.fedoraproject.org/koji/buildinfo?buildID=2038470 



https://bodhi.fedoraproject.org/updates/FEDORA-2022-233e21f455 
- Bodhi


The new packages and versions are:

 * 389-ds-base-2.1.4-1

Source tarballs are available for download atDownload 389-ds-base Source 




 Highlights in 2.1.4

 * Bug fixes allowingECDSAprivate keys
 * Transition fromBDB(libdb) toLMDBbegun.BDBis still the default
   backend, but it can be changed toLMDBfor early testing.


 Installation and Upgrade

SeeDownload for 
information about setting up your yum repositories.


To install the server use*dnf install 389-ds-base*

To install the CockpitUIplugin use*dnf install cockpit-389-ds*

After rpm install completes, run*dscreate interactive*

For upgrades, simply install the package. There are no further 
steps required.


There are no upgrade steps besides installing the new rpms

SeeInstall_Guide 
for 
more information about the initial installation and setup


SeeSource 
for 
information about source tarballs andSCM(git) access.



 Feedback

We are very interested in your feedback!

Please provide feedback and comments to the 389-users mailing 
list:https://lists.fedoraproject.org/admin/lists/389-users.lists.fedoraproject.org


If you find a bug, or would like to see a new feature, file it in our 
GitHub project:https://github.com/389ds/389-ds-base


 * Bump version to 2.1.4
 * Issue 5383 -UI- Various fixes andRFE’s for UI
 * Issue 4656 - Remove problematic language from source code
 * Issue 5380 - Separate cleanAllRUVcode into new file
 * Issue 5322 - optime on rejected connections is not properly set
 * Issue 5375 -CI- disableTLShostname checking
 * Issue 5373 - dsidm user get_dn fails with search_ext() argument 1
   must be str, not function
 * Issue 5371 - Update npm and cargo packages
 * Issue 3069 -RFE- SupportECDSAprivate keys forTLS (#5365)

--
Directory Server Development Team
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: Disable Anonymous Bind

2022-07-28 Thread Rob Crittenden 
Jeremiah Garmatter wrote:
> Christian,
> 
> I had to do this recently so it's still pretty fresh. You need to track
> down the dse.ldif file on the server hosting 389. dse.ldif is like the
> main config for your 389 instance. My file is in
> /etc/dirsrv/slapd-/dse.ldif.
> Once you find that file, look for the cn=config section and set
> "nsslapd-allow-anonymous-access" to "off". You may want to do the same
> with "nsslapd-allow-unauthenticated-binds" which allows binds to occur
> with an empty password.
> 
> You can set the Directory Manager account password from that file as
> well with the "nsslapd-rootpw" setting. The value of that setting must
> be the hash of the desired password. You must use the same hashing
> algorithm as described in the passwordStorageScheme.
> Then restart the 389 service and you'll have a new directory manager
> password and disabled anonymous binds.

Not commenting specifically on the settings but any direct changes to
dse.ldif need to be done while the server is shut down otherwise they
will be overwritten when the server stops. So stop the server, make
changes, restart.

rob

> 
> -Jeremiah Garmatter, Systems Administrator
> -Ohio Northern University, Class of 2020
> -Work: 419-772-1074
> -j-garmat...@onu.edu 
> 
> 
> On Thu, Jul 28, 2022 at 10:29 AM Christian Palacios
> mailto:christiandpalac...@gmail.com>> wrote:
> 
> Hi there,
> 
> We have an instance of 389 and I have been asked to disable
> anonymous bind on it because our current security policies don't
> allow it.  Can you please suggest ways to fix this?  Unfortunately,
> I don't have the admin account, so I'm hoping to also get help with
> that.
> 
> Thank you,
> -Christian
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> 
> To unsubscribe send an email to
> 389-users-le...@lists.fedoraproject.org
> 
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> 
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
> 
> 
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure
> 
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: Disable Anonymous Bind

2022-07-28 Thread Jeremiah Garmatter 
Christian,

I had to do this recently so it's still pretty fresh. You need to track
down the dse.ldif file on the server hosting 389. dse.ldif is like the main
config for your 389 instance. My file is in
/etc/dirsrv/slapd-/dse.ldif.
Once you find that file, look for the cn=config section and set
"nsslapd-allow-anonymous-access" to "off". You may want to do the same with
"nsslapd-allow-unauthenticated-binds" which allows binds to occur with an
empty password.

You can set the Directory Manager account password from that file as well
with the "nsslapd-rootpw" setting. The value of that setting must be the
hash of the desired password. You must use the same hashing algorithm as
described in the passwordStorageScheme.
Then restart the 389 service and you'll have a new directory manager
password and disabled anonymous binds.

-Jeremiah Garmatter, Systems Administrator
-Ohio Northern University, Class of 2020
-Work: 419-772-1074
-j-garmat...@onu.edu


On Thu, Jul 28, 2022 at 10:29 AM Christian Palacios <
christiandpalac...@gmail.com> wrote:

> Hi there,
>
> We have an instance of 389 and I have been asked to disable anonymous bind
> on it because our current security policies don't allow it.  Can you please
> suggest ways to fix this?  Unfortunately, I don't have the admin account,
> so I'm hoping to also get help with that.
>
> Thank you,
> -Christian
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: Disable Anonymous Bind

2022-07-28 Thread Mark Reynolds 

This is described in our documentation:

https://access.redhat.com/documentation/en-us/red_hat_directory_server

https://access.redhat.com/documentation/en-us/red_hat_directory_server/12/html/user_management_and_authentication/assembly_disabling-anonymous-binds_user-management-and-authentication

HTH,

Mark

On 7/28/22 10:29 AM, Christian Palacios wrote:

Hi there,

We have an instance of 389 and I have been asked to disable 
anonymous bind on it because our current security policies don't allow 
it.  Can you please suggest ways to fix this? Unfortunately, I don't 
have the admin account, so I'm hoping to also get help with that.


Thank you,
-Christian

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure


--
Directory Server Development Team
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Disable Anonymous Bind

2022-07-28 Thread Christian Palacios 
Hi there,

We have an instance of 389 and I have been asked to disable anonymous bind
on it because our current security policies don't allow it.  Can you please
suggest ways to fix this?  Unfortunately, I don't have the admin account,
so I'm hoping to also get help with that.

Thank you,
-Christian
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure