[389-users] Re: replicating specific attributes from AD to DS
I'm affraid that 388ds doesn't support this. We are using LSC here to do this. Em qui, 24 de mai de 2018 13:48, Paulo Castescreveu: > hi guys, > > just wondering how to get specific attributes from AD > (cn=users,dc=domain,dc=com) replicated to DS (389-ds-base-1.3.8.1-1.fc27). > I already have the Windos Sync Agreement working so far but I can't get > few extra attributes like EmployeeID, EmployeeNumber, etc. Or nor can get > the password policy replicated. Any ideas in how to do it? > > thx, > > sergio > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org/message/UAMSPNY5Z46TNPIMECJZGXTWH4IL6DIP/ > ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org/message/HTXMZES44LR2GSESST3FHVDDHBLVFST5/
[389-users] Re: rest389
Oh, it's a shame, the REST interface would be very interesting and useful. Thanks, Danilo Em 26 de dez de 2017 5:49 PM, "Mark Reynolds" <mreyno...@redhat.com> escreveu: On 12/26/2017 12:34 PM, carne_de_passaro wrote: Hello guys, how can I install and test the rest389 on my 389ds servers? Is there any rpm package? Or how can I build, and with what version of 389ds is it compatible? I'm sorry the rest389 project never really got off the ground and it's being abandoned. The goal was to use it for a UI replacement, but we are going in a different direction now. We are writing a Cockpit plugin for the new web UI - the hopes are to have it ready for F28/RHEL8 (389-ds-base-1.4.0) Regards, Mark Thanks. Danilo ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] rest389
Hello guys, how can I install and test the rest389 on my 389ds servers? Is there any rpm package? Or how can I build, and with what version of 389ds is it compatible? Thanks. Danilo ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: Multimaster replication + one way replication Q
We have 19 master servers and more than 150 slave servers replicating with each other and all replication agreements are full replication, but only one master server have the memberof plugin activated. We never have a problem with this. Em 4 de out de 2017 2:17 PM, "Mark Reynolds"escreveu: On 10/04/2017 12:43 PM, isabella.ghiu...@nrc-cnrc.gc.ca wrote: > William , thank you for feedback , 2 years ago when I set up 389-DS multi-mater replication with Memberof plugin I was advised by people on this list to use fractional replication (we were seeing strange behavior) Correct, you should use fractional replication if you are using memberOf in a MMR env: https://access.redhat.com/documentation/en-us/red_hat_ directory_server/10/html/administration_guide/advanced_ entry_management#memberof-topology > : to exclude Memberof plugin from replication, your reply here mentioned I do not need that anymore , is this correct ? I am a bit confuse , if I should reconsider my replication configuration and use full replication for multi -master ? > Here is my present 389-DS version , your feedback much appreciate! > 389-ds-base-libs-1.3.5.15-1.fc24.x86_64 > 389-ds-base-1.3.5.15-1.fc24.x86_64 > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: multimaster replication -preventing clients writes
Hi, I don't know if it will perform well but, you can create an ACI on the top of the tree and negate writes for all, except the master 2 IP. 2016-01-21 15:27 GMT-02:00 ghiureai: > Hi List, > I would like to know if there is a cfg option in a multimaster replication > ( 2 servers both accept read-writes) to prevent users/clients application > writes to one of the master without affecting the replication agreements. > my env 389-ds 1.3.4.4 > Thank you > Isabella > -- > 389 users mailing list > 389-users@%(host_name)s > > http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
Re: [389-users] Recreating replica agreements
Ok Mark, thank you! Danilo 2015-01-14 12:21 GMT-02:00 Mark Reynolds marey...@redhat.com: On 01/14/2015 08:01 AM, carne_de_passaro wrote: Hello guys, I am planning to recreate my replica agreements, which today uses SSL on port 636, to use startTLS on port 389. My question is: Do I have to reinitialize the databases of the agreements that I recreate? Danilo, You should not have to reinit your replicas. Ideally, you would just modify an existing agreement, there is no need to delete it and recreate it. You would only need to reinit your replicas if you reloaded the database(like an import for example), but just modifying an agreement should be fine. Mark I'm using the 389-ds-base-1.2.11.15-34.el6_5.x86_64. Thanks in advance. Danilo -- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] Recreating replica agreements
Hello guys, I am planning to recreate my replica agreements, which today uses SSL on port 636, to use startTLS on port 389. My question is: Do I have to reinitialize the databases of the agreements that I recreate? I'm using the 389-ds-base-1.2.11.15-34.el6_5.x86_64. Thanks in advance. Danilo -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Initialization with fds 1.2.0 and 389-ds 1.2.10 failure
Both consumer. 2013/4/10 Rich Megginson rmegg...@redhat.com On 04/10/2013 03:33 PM, carne_de_passaro wrote: I guess that is not exactly the same problem because I test with a 1.2.11.15 supplier or consumer? and a 1.3.0.2 supplier or consumer? (compiled) both in CentOS 6.3 and the the error persist. These two machine is on the same network, there is no firewall between them. I can't figure what could the supplier be disconnected. 2013/4/10 Rich Megginson rmegg...@redhat.com On 04/09/2013 08:33 AM, carne_de_passaro wrote: Hello folks, I have a test environment with a FDS version 1.2.0 on a Debian 5.0 x86 and a 389-ds 1.2.10.12-1.el6.x86_64 on a CentOS 6.3 x86_64. I have two suffix on the FDS, a root suffix and a subsuffix. I've configured two replication agreements, one for suffix. When I'm try to initialize the root suffix, which contains a few objects, it's works just fine, but when I try to initialize the subsuffix, which contains about 90.000 objects, it's fails and give me the error Total update aborted. System error. Error code -2 on the FDS console. Looking at the 389-ds error log file I gave this: [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=foo,dc=gov,dc=br is going offline; disabling replication [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - conn=0 op=0 repl=dc=foo,dc=gov,dc=br: Replica in use locking_purl=conn=2 id=3 [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - replica_disable_replication: replica dc=foo,dc=gov,dc=br is acquired [09/Apr/2013:11:01:45 -0300] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - conn=2 op=3 repl=dc=foo,dc=gov,dc=br: StartNSDS50ReplicationRequest: response=0 rc=0 [09/Apr/2013:11:02:06 -0300] - import foo: Processed 17727 entries -- average rate 886.4/sec, recent rate 886.3/sec, hit ratio 0% [09/Apr/2013:11:02:29 -0300] - import foo: Processed 32924 entries -- average rate 765.7/sec, recent rate 765.7/sec, hit ratio 98% [09/Apr/2013:11:02:43 -0300] - slapi_start_bulk_import: bulk import is not supported by this (default) backend [09/Apr/2013:11:02:46 -0300] NSMMReplicationPlugin - Error -12: could not import entry dn (null) for total update operation conn=2 op=43381 [09/Apr/2013:11:02:46 -0300] - ERROR bulk import abandoned [09/Apr/2013:11:02:46 -0300] - import foo: Aborting all Import threads... [09/Apr/2013:11:02:51 -0300] - import foo: Import threads aborted. [09/Apr/2013:11:02:53 -0300] - import foo: Closing files... [09/Apr/2013:11:02:57 -0300] - libdb: foo/nsuniqueid.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/objectclass.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/cn.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/mailAlternateAddress.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/uniquemember.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/telephoneNumber.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/parentid.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/mail.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/sn.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/givenName.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/entryrdn.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/uid.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:58 -0300] - libdb: foo/id2entry.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:58 -0300] - import foo: Import failed. [09/Apr/2013:11:02:58 -0300] NSMMReplicationPlugin - Aborting total update in progress for replicated area dc=foo,dc=gov,dc=br connid=2 [09/Apr/2013:11:02:58 -0300] - process_bulk_import_op: NULL target sdn [09/Apr/2013:11:02:58 -0300] NSMMReplicationPlugin - conn=2 op=-1 repl=dc=foo,dc=gov,dc=br: Released replica This looks like https://fedorahosted.org/389/ticket/374 which was fixed in 1.2.11 and at the end of the 389-ds access log I gave this: [09/Apr/2013:11:02:43 -0300] conn=2 op=43380 EXT oid=2.16.840.1.113730.3.5.6 name=Netscape Replication Total Update Entry [09/Apr/2013:11:02:43 -0300] conn=2 op=43380 RESULT err=0 tag=120 nentries=0 etime=0 [09/Apr/2013:11:02:43 -0300] conn=2 op=43381 EXT oid=2.16.840.1.113730.3.5.6 name=Netscape Replication Total Update Entry [09/Apr/2013:11:02:46 -0300] conn=2 op=-1 fd=65 closed - B4 What does means that error B4 ? B4 means the supplier disconnected while the consumer
[389-users] Initialization with fds 1.2.0 and 389-ds 1.2.10 failure
Hello folks, I have a test environment with a FDS version 1.2.0 on a Debian 5.0 x86 and a 389-ds 1.2.10.12-1.el6.x86_64 on a CentOS 6.3 x86_64. I have two suffix on the FDS, a root suffix and a subsuffix. I've configured two replication agreements, one for suffix. When I'm try to initialize the root suffix, which contains a few objects, it's works just fine, but when I try to initialize the subsuffix, which contains about 90.000 objects, it's fails and give me the error Total update aborted. System error. Error code -2 on the FDS console. Looking at the 389-ds error log file I gave this: [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=foo,dc=gov,dc=br is going offline; disabling replication [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - conn=0 op=0 repl=dc=foo,dc=gov,dc=br: Replica in use locking_purl=conn=2 id=3 [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - replica_disable_replication: replica dc=foo,dc=gov,dc=br is acquired [09/Apr/2013:11:01:45 -0300] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [09/Apr/2013:11:01:45 -0300] NSMMReplicationPlugin - conn=2 op=3 repl=dc=foo,dc=gov,dc=br: StartNSDS50ReplicationRequest: response=0 rc=0 [09/Apr/2013:11:02:06 -0300] - import foo: Processed 17727 entries -- average rate 886.4/sec, recent rate 886.3/sec, hit ratio 0% [09/Apr/2013:11:02:29 -0300] - import foo: Processed 32924 entries -- average rate 765.7/sec, recent rate 765.7/sec, hit ratio 98% [09/Apr/2013:11:02:43 -0300] - slapi_start_bulk_import: bulk import is not supported by this (default) backend [09/Apr/2013:11:02:46 -0300] NSMMReplicationPlugin - Error -12: could not import entry dn (null) for total update operation conn=2 op=43381 [09/Apr/2013:11:02:46 -0300] - ERROR bulk import abandoned [09/Apr/2013:11:02:46 -0300] - import foo: Aborting all Import threads... [09/Apr/2013:11:02:51 -0300] - import foo: Import threads aborted. [09/Apr/2013:11:02:53 -0300] - import foo: Closing files... [09/Apr/2013:11:02:57 -0300] - libdb: foo/nsuniqueid.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/objectclass.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/cn.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/mailAlternateAddress.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/uniquemember.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/telephoneNumber.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/parentid.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/mail.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/sn.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/givenName.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/entryrdn.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:57 -0300] - libdb: foo/uid.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:58 -0300] - libdb: foo/id2entry.db4: unable to flush: No such file or directory [09/Apr/2013:11:02:58 -0300] - import foo: Import failed. [09/Apr/2013:11:02:58 -0300] NSMMReplicationPlugin - Aborting total update in progress for replicated area dc=foo,dc=gov,dc=br connid=2 [09/Apr/2013:11:02:58 -0300] - process_bulk_import_op: NULL target sdn [09/Apr/2013:11:02:58 -0300] NSMMReplicationPlugin - conn=2 op=-1 repl=dc=foo,dc=gov,dc=br: Released replica and at the end of the 389-ds access log I gave this: [09/Apr/2013:11:02:43 -0300] conn=2 op=43380 EXT oid=2.16.840.1.113730.3.5.6 name=Netscape Replication Total Update Entry [09/Apr/2013:11:02:43 -0300] conn=2 op=43380 RESULT err=0 tag=120 nentries=0 etime=0 [09/Apr/2013:11:02:43 -0300] conn=2 op=43381 EXT oid=2.16.840.1.113730.3.5.6 name=Netscape Replication Total Update Entry [09/Apr/2013:11:02:46 -0300] conn=2 op=-1 fd=65 closed - B4 What does means that error B4 ? Thanks in advance, Danilo -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] Console error
Hi, I build all components of the 389-ds 1.3.0.2 version The service is running alright, I've imported a ldif with my objects with ldif2db and it did just fine. My problem is with the console. I can enter on the first console, use my credentials and so. When I try to open both, admin server or diretctory server console, an error message appears and I can't open the console. I try to open the console with this command: root@server:~# 389-console -x nologo -D * after select server group and try to open the admin server and the directory server ClassLoader: getLocalJarList():Unable to read /root/.389-console/patch/ directory ClassLoader: start parsing ClassLoader: done Instantiate cn=admin-serv-foo-ldap02,cn=389 Administration Server,cn=Server Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot ClassLoaderUtil.getClass(com.netscape.management.admserv.adminser...@389-admin-1.1.jar@cn=admin-serv-foo-ldap02,cn=389 Administration Server,cn=Server Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot) ClassLoader: no manifest found for 389-admin-1.1.jar ClassLoader: No manifest file for 389-admin-1.1.jar ClassLoader: new LocalJarClassLoader 389-admin-1.1.jar:{389-admin-1.1.jar 389-admin-1.1_en.jar } ClassLoader: Create loader 389-admin-1.1.jar ERROR ServerNode.createServerInstance: could not create com.netscape.management.admserv.adminser...@389-admin-1.1.jar@cn=admin-serv-foo-ldap02,cn=389 Administration Server,cn=Server Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot Exception: java.lang.ClassCastException: com.netscape.management.admserv.AdminServer cannot be cast to com.netscape.management.client.topology.IServerObject Instantiate cn=slapd-foo-ldap02,cn=389 Directory Server,cn=Server Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot ClassLoaderUtil.getClass(com.netscape.admin.dirserv.dsad...@389-ds-1.2.jar@cn=admin-serv-foo-ldap02,cn=389 Administration Server,cn=Server Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot) ClassLoader: manifest loaded for 389-ds-1.2.jar ClassLoader: new LocalJarClassLoader 389-ds-1.2.jar:{389-ds-1.2.jar 389-ds-1.2_en.jar } ClassLoader: Create loader 389-ds-1.2.jar ERROR ServerNode.createServerInstance: could not create com.netscape.admin.dirserv.dsad...@389-ds-1.2.jar@cn=admin-serv-foo-ldap02,cn=389 Administration Server,cn=Server Group,cn=foo-ldap02.bar,ou=foo-teste,o=NetscapeRoot Exception: java.lang.ClassCastException: com.netscape.admin.dirserv.DSAdmin cannot be cast to com.netscape.management.client.topology.IServerObject My java version is: Java version 1.6.0_24 OpenJDK Runtime Environment (IcedTea6 1.11.5) (rhel-1.50.1.11.5.el6_3-x86_64) OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) Components used in this setup: 389-ds-base-1.3.0.2 389-adminutil-1.1.14 389-admin-1.1.31 idm-console-framework-1.1.7 389-console-1.1.7 389-ds-console-1.2.6 389-admin-console-1.1.8 What am I missing here? Thanks in advance -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users