[389-users] Re: replicating specific attributes from AD to DS

2018-05-24 Thread carne_de_passaro 
I'm affraid that 388ds doesn't support this.
We are using LSC here to do this.

Em qui, 24 de mai de 2018 13:48, Paulo Cast 
escreveu:

> hi guys,
>
> just wondering how to get specific attributes from AD
> (cn=users,dc=domain,dc=com) replicated to DS (389-ds-base-1.3.8.1-1.fc27).
> I already have the Windos Sync Agreement working so far but I can't get
> few extra attributes like EmployeeID, EmployeeNumber, etc. Or nor can get
> the password policy replicated. Any ideas in how to do it?
>
> thx,
>
> sergio
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org/message/UAMSPNY5Z46TNPIMECJZGXTWH4IL6DIP/
>
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org/message/HTXMZES44LR2GSESST3FHVDDHBLVFST5/

[389-users] Re: rest389

2017-12-26 Thread carne_de_passaro 
Oh, it's a shame, the REST interface would be very interesting and useful.

Thanks,
Danilo

Em 26 de dez de 2017 5:49 PM, "Mark Reynolds" <mreyno...@redhat.com>
escreveu:



On 12/26/2017 12:34 PM, carne_de_passaro wrote:

Hello guys,

how can I install and test the rest389 on my 389ds servers?

Is there any rpm package? Or how can I build, and with what version of
389ds is it compatible?

I'm sorry the rest389 project never really got off the ground and it's
being abandoned.  The goal was to use it for a UI replacement, but we are
going in a different direction now.  We are writing a Cockpit plugin for
the new web UI - the hopes are to have it ready for F28/RHEL8
(389-ds-base-1.4.0)

Regards,
Mark

Thanks.

Danilo


___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

[389-users] rest389

2017-12-26 Thread carne_de_passaro 
Hello guys,

how can I install and test the rest389 on my 389ds servers?

Is there any rpm package? Or how can I build, and with what version of
389ds is it compatible?

Thanks.

Danilo
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

[389-users] Re: Multimaster replication + one way replication Q

2017-10-04 Thread carne_de_passaro 
We have 19 master servers and more than 150 slave servers replicating with
each other and all replication agreements are full replication, but only
one master server have the memberof plugin activated. We never have a
problem with this.



Em 4 de out de 2017 2:17 PM, "Mark Reynolds"  escreveu:



On 10/04/2017 12:43 PM, isabella.ghiu...@nrc-cnrc.gc.ca wrote:
>  William , thank you for feedback ,  2 years ago when I set up 389-DS
multi-mater replication with Memberof plugin I was advised by people on
this list to use fractional replication (we were seeing strange behavior)

Correct, you should use fractional replication if you are using memberOf
in a MMR env:

https://access.redhat.com/documentation/en-us/red_hat_
directory_server/10/html/administration_guide/advanced_
entry_management#memberof-topology

>  : to exclude Memberof plugin from replication,  your  reply  here
mentioned I do not need that  anymore , is this  correct ? I am a bit
confuse , if I should reconsider my replication configuration and use full
replication for multi -master ?
>  Here is my  present 389-DS version , your feedback much appreciate!
> 389-ds-base-libs-1.3.5.15-1.fc24.x86_64
> 389-ds-base-1.3.5.15-1.fc24.x86_64
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

[389-users] Re: multimaster replication -preventing clients writes

2016-01-21 Thread carne_de_passaro 
Hi, I don't know if it will perform well but, you can create an ACI on the
top of the tree and negate writes for all, except the master 2 IP.



2016-01-21 15:27 GMT-02:00 ghiureai :

> Hi List,
> I would like to know if there is a cfg option in a multimaster replication
> ( 2 servers both accept read-writes) to prevent users/clients application
> writes to one of the master   without affecting the replication agreements.
> my env 389-ds 1.3.4.4
> Thank you
> Isabella
> --
> 389 users mailing list
> 389-users@%(host_name)s
>
> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org

Re: [389-users] Recreating replica agreements

2015-01-14 Thread carne_de_passaro 
Ok Mark, thank you!

Danilo

2015-01-14 12:21 GMT-02:00 Mark Reynolds marey...@redhat.com:


 On 01/14/2015 08:01 AM, carne_de_passaro wrote:

 Hello guys,

  I am planning to recreate my replica agreements, which today uses SSL on
 port 636, to use startTLS on port 389.

  My question is: Do I have to reinitialize the databases of the
 agreements that I recreate?

 Danilo,

 You should not have to reinit your replicas.  Ideally, you would just
 modify an existing agreement, there is no need to delete it and recreate
 it.  You would only need to reinit your replicas if you reloaded the
 database(like an import for example), but just modifying an agreement
 should be fine.

 Mark


  I'm using the 389-ds-base-1.2.11.15-34.el6_5.x86_64.

  Thanks in advance.

  Danilo


 --
 389 users mailing 
 list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users



 --
 389 users mailing list
 389-users@lists.fedoraproject.org
 https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

[389-users] Recreating replica agreements

2015-01-14 Thread carne_de_passaro 
Hello guys,

I am planning to recreate my replica agreements, which today uses SSL on
port 636, to use startTLS on port 389.

My question is: Do I have to reinitialize the databases of the agreements
that I recreate?

I'm using the 389-ds-base-1.2.11.15-34.el6_5.x86_64.

Thanks in advance.

Danilo
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] Initialization with fds 1.2.0 and 389-ds 1.2.10 failure

2013-04-10 Thread carne_de_passaro 
Both consumer.


2013/4/10 Rich Megginson rmegg...@redhat.com

  On 04/10/2013 03:33 PM, carne_de_passaro wrote:


  I guess that is not exactly the same problem because I test with a
 1.2.11.15

 supplier or consumer?

 and a 1.3.0.2

 supplier or consumer?

  (compiled) both in CentOS 6.3 and the the error persist. These two
 machine is on the same network, there is no firewall between them. I can't
 figure what could the supplier be disconnected.




 2013/4/10 Rich Megginson rmegg...@redhat.com

   On 04/09/2013 08:33 AM, carne_de_passaro wrote:

 Hello folks,

  I have a test environment with a FDS version 1.2.0 on a Debian 5.0 x86
 and a 389-ds 1.2.10.12-1.el6.x86_64 on a CentOS 6.3 x86_64.



  I have two suffix on the FDS, a root suffix and a subsuffix. I've
 configured two replication agreements, one for suffix. When I'm try to
 initialize the root suffix, which contains a few objects, it's works just
 fine, but when I try to initialize the subsuffix, which contains about
 90.000 objects, it's fails and give me the error Total update aborted.
 System error. Error code -2 on the FDS console.

  Looking at the 389-ds error log file I gave this:

  [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin -
 multimaster_be_state_change: replica dc=foo,dc=gov,dc=br is going offline;
 disabling replication
 [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - conn=0 op=0
 repl=dc=foo,dc=gov,dc=br: Replica in use locking_purl=conn=2 id=3
 [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin -
 replica_disable_replication: replica dc=foo,dc=gov,dc=br is acquired
 [09/Apr/2013:11:01:45 -0300] - WARNING: Import is running with
 nsslapd-db-private-import-mem on; No other process is allowed to access the
 database
 [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - conn=2 op=3
 repl=dc=foo,dc=gov,dc=br: StartNSDS50ReplicationRequest: response=0 rc=0
 [09/Apr/2013:11:02:06 -0300] - import foo: Processed 17727 entries --
 average rate 886.4/sec, recent rate 886.3/sec, hit ratio 0%
 [09/Apr/2013:11:02:29 -0300] - import foo: Processed 32924 entries --
 average rate 765.7/sec, recent rate 765.7/sec, hit ratio 98%
 [09/Apr/2013:11:02:43 -0300] - slapi_start_bulk_import: bulk import is
 not supported by this (default) backend
 [09/Apr/2013:11:02:46 -0300] NSMMReplicationPlugin - Error -12: could not
 import entry dn (null) for total update operation conn=2 op=43381
 [09/Apr/2013:11:02:46 -0300] - ERROR bulk import abandoned
 [09/Apr/2013:11:02:46 -0300] - import foo: Aborting all Import threads...
 [09/Apr/2013:11:02:51 -0300] - import foo: Import threads aborted.
 [09/Apr/2013:11:02:53 -0300] - import foo: Closing files...
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/nsuniqueid.db4: unable to
 flush: No such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/objectclass.db4: unable to
 flush: No such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/cn.db4: unable to flush: No
 such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/mailAlternateAddress.db4:
 unable to flush: No such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/uniquemember.db4: unable to
 flush: No such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/telephoneNumber.db4: unable to
 flush: No such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/parentid.db4: unable to flush:
 No such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/mail.db4: unable to flush: No
 such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/sn.db4: unable to flush: No
 such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/givenName.db4: unable to flush:
 No such file or directory
 [09/Apr/2013:11:02:57 -0300] - libdb: foo/entryrdn.db4: unable to flush:
 No such file or directory
  [09/Apr/2013:11:02:57 -0300] - libdb: foo/uid.db4: unable to flush: No
 such file or directory
 [09/Apr/2013:11:02:58 -0300] - libdb: foo/id2entry.db4: unable to flush:
 No such file or directory
 [09/Apr/2013:11:02:58 -0300] - import foo: Import failed.
 [09/Apr/2013:11:02:58 -0300] NSMMReplicationPlugin - Aborting total
 update in progress for replicated area dc=foo,dc=gov,dc=br connid=2
 [09/Apr/2013:11:02:58 -0300] - process_bulk_import_op: NULL target sdn
 [09/Apr/2013:11:02:58 -0300] NSMMReplicationPlugin - conn=2 op=-1
 repl=dc=foo,dc=gov,dc=br: Released replica


  This looks like https://fedorahosted.org/389/ticket/374 which was fixed
 in 1.2.11



  and at the end of the 389-ds access log I gave this:

  [09/Apr/2013:11:02:43 -0300] conn=2 op=43380 EXT
 oid=2.16.840.1.113730.3.5.6 name=Netscape Replication Total Update Entry
 [09/Apr/2013:11:02:43 -0300] conn=2 op=43380 RESULT err=0 tag=120
 nentries=0 etime=0
 [09/Apr/2013:11:02:43 -0300] conn=2 op=43381 EXT
 oid=2.16.840.1.113730.3.5.6 name=Netscape Replication Total Update Entry
 [09/Apr/2013:11:02:46 -0300] conn=2 op=-1 fd=65 closed - B4

  What does means that error B4 ?


  B4 means the supplier disconnected while the consumer

[389-users] Initialization with fds 1.2.0 and 389-ds 1.2.10 failure

2013-04-09 Thread carne_de_passaro 
Hello folks,

I have a test environment with a FDS version 1.2.0 on a Debian 5.0 x86 and
a 389-ds 1.2.10.12-1.el6.x86_64 on a CentOS 6.3 x86_64.

I have two suffix on the FDS, a root suffix and a subsuffix. I've
configured two replication agreements, one for suffix. When I'm try to
initialize the root suffix, which contains a few objects, it's works just
fine, but when I try to initialize the subsuffix, which contains about
90.000 objects, it's fails and give me the error Total update aborted.
System error. Error code -2 on the FDS console.

Looking at the 389-ds error log file I gave this:

[09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=foo,dc=gov,dc=br is going offline;
disabling replication
[09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - conn=0 op=0
repl=dc=foo,dc=gov,dc=br: Replica in use locking_purl=conn=2 id=3
[09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin -
replica_disable_replication: replica dc=foo,dc=gov,dc=br is acquired
[09/Apr/2013:11:01:45 -0300] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access the
database
[09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - conn=2 op=3
repl=dc=foo,dc=gov,dc=br: StartNSDS50ReplicationRequest: response=0 rc=0
[09/Apr/2013:11:02:06 -0300] - import foo: Processed 17727 entries --
average rate 886.4/sec, recent rate 886.3/sec, hit ratio 0%
[09/Apr/2013:11:02:29 -0300] - import foo: Processed 32924 entries --
average rate 765.7/sec, recent rate 765.7/sec, hit ratio 98%
[09/Apr/2013:11:02:43 -0300] - slapi_start_bulk_import: bulk import is not
supported by this (default) backend
[09/Apr/2013:11:02:46 -0300] NSMMReplicationPlugin - Error -12: could not
import entry dn (null) for total update operation conn=2 op=43381
[09/Apr/2013:11:02:46 -0300] - ERROR bulk import abandoned
[09/Apr/2013:11:02:46 -0300] - import foo: Aborting all Import threads...
[09/Apr/2013:11:02:51 -0300] - import foo: Import threads aborted.
[09/Apr/2013:11:02:53 -0300] - import foo: Closing files...
[09/Apr/2013:11:02:57 -0300] - libdb: foo/nsuniqueid.db4: unable to flush:
No such file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/objectclass.db4: unable to flush:
No such file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/cn.db4: unable to flush: No such
file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/mailAlternateAddress.db4: unable
to flush: No such file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/uniquemember.db4: unable to
flush: No such file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/telephoneNumber.db4: unable to
flush: No such file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/parentid.db4: unable to flush: No
such file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/mail.db4: unable to flush: No
such file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/sn.db4: unable to flush: No such
file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/givenName.db4: unable to flush:
No such file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/entryrdn.db4: unable to flush: No
such file or directory
[09/Apr/2013:11:02:57 -0300] - libdb: foo/uid.db4: unable to flush: No such
file or directory
[09/Apr/2013:11:02:58 -0300] - libdb: foo/id2entry.db4: unable to flush: No
such file or directory
[09/Apr/2013:11:02:58 -0300] - import foo: Import failed.
[09/Apr/2013:11:02:58 -0300] NSMMReplicationPlugin - Aborting total update
in progress for replicated area dc=foo,dc=gov,dc=br connid=2
[09/Apr/2013:11:02:58 -0300] - process_bulk_import_op: NULL target sdn
[09/Apr/2013:11:02:58 -0300] NSMMReplicationPlugin - conn=2 op=-1
repl=dc=foo,dc=gov,dc=br: Released replica

and at the end of the 389-ds access log I gave this:

[09/Apr/2013:11:02:43 -0300] conn=2 op=43380 EXT
oid=2.16.840.1.113730.3.5.6 name=Netscape Replication Total Update Entry
[09/Apr/2013:11:02:43 -0300] conn=2 op=43380 RESULT err=0 tag=120
nentries=0 etime=0
[09/Apr/2013:11:02:43 -0300] conn=2 op=43381 EXT
oid=2.16.840.1.113730.3.5.6 name=Netscape Replication Total Update Entry
[09/Apr/2013:11:02:46 -0300] conn=2 op=-1 fd=65 closed - B4

What does means that error B4 ?

Thanks in advance,

Danilo
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

[389-users] Console error

2013-02-05 Thread carne_de_passaro 
Hi,

I build all components of the 389-ds 1.3.0.2 version
The service is running alright, I've imported a ldif with my objects with
ldif2db and it did just fine.
My problem is with the console. I can enter on the first console, use my
credentials and so. When I try to open both, admin server or diretctory
server console, an error message appears and I can't open the console.

I try to open the console with this command:

root@server:~# 389-console -x nologo -D

* after select server group and try to open the admin server and the
directory server

ClassLoader: getLocalJarList():Unable to read /root/.389-console/patch/
directory
ClassLoader: start parsing
ClassLoader:  done
Instantiate  cn=admin-serv-foo-ldap02,cn=389 Administration
Server,cn=Server Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot
ClassLoaderUtil.getClass(com.netscape.management.admserv.adminser...@389-admin-1.1.jar@cn=admin-serv-foo-ldap02,cn=389
Administration Server,cn=Server
Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot)
ClassLoader: no manifest found for 389-admin-1.1.jar
ClassLoader: No manifest file for 389-admin-1.1.jar
ClassLoader: new LocalJarClassLoader 389-admin-1.1.jar:{389-admin-1.1.jar
389-admin-1.1_en.jar }
ClassLoader: Create loader 389-admin-1.1.jar
ERROR ServerNode.createServerInstance: could not create
com.netscape.management.admserv.adminser...@389-admin-1.1.jar@cn=admin-serv-foo-ldap02,cn=389
Administration Server,cn=Server
Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot
Exception: java.lang.ClassCastException:
com.netscape.management.admserv.AdminServer cannot be cast to
com.netscape.management.client.topology.IServerObject
Instantiate  cn=slapd-foo-ldap02,cn=389 Directory Server,cn=Server
Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot
ClassLoaderUtil.getClass(com.netscape.admin.dirserv.dsad...@389-ds-1.2.jar@cn=admin-serv-foo-ldap02,cn=389
Administration Server,cn=Server
Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot)
ClassLoader: manifest loaded for 389-ds-1.2.jar
ClassLoader: new LocalJarClassLoader 389-ds-1.2.jar:{389-ds-1.2.jar
389-ds-1.2_en.jar }
ClassLoader: Create loader 389-ds-1.2.jar
ERROR ServerNode.createServerInstance: could not create
com.netscape.admin.dirserv.dsad...@389-ds-1.2.jar@cn=admin-serv-foo-ldap02,cn=389
Administration Server,cn=Server
Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot
Exception: java.lang.ClassCastException:
com.netscape.admin.dirserv.DSAdmin cannot be cast to
com.netscape.management.client.topology.IServerObject

My java version is:
Java version 1.6.0_24
OpenJDK Runtime Environment (IcedTea6 1.11.5)
(rhel-1.50.1.11.5.el6_3-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)

Components used in this setup:
 389-ds-base-1.3.0.2
 389-adminutil-1.1.14
 389-admin-1.1.31
 idm-console-framework-1.1.7
 389-console-1.1.7
 389-ds-console-1.2.6
 389-admin-console-1.1.8

What am I missing here?

Thanks in advance
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users