If you have toruble with the script, try this:
1. Produce the new DS server certificate:
certutil -S -n "DS_Server_cert_label"
-s "cn=myhost.myorg.example.com” -c “AC_cert_label”
-t “u,u,u” -m 1001 -v 120 -d . -k rsa -f
/etc/dirsrv/slapd-myhost/pwdfile.txt
2. Export it to p12 format:
pk12uti
Let me get your idea right. You want to use static and dynamic group as the
same time as 1 group?
Greg.
17 wrz 2012 21:03, "Nick Cappelletti" napisał(a):
> Hello Everyone,
>
> I've been banging my head against this one for a few hours and was hoping
> for some input. I have a group:
>
> dn: cn=
In red hat docs you may find some scenarios.
Your approach seems ok. The only question in my opinion is how big
redundancy you need. Lets say that master1 fails. Is this situation
problematic for your datacenter? If yes, then you should consider adding
two more ldap servers. They can act as master
I guess you used script on fedora site to create certs? I am not sure about
CA cert. This may require changing too becuse it may have your old fqdn in
cn field. Base on this it seems that easiest way may be using th script
again.
Greg.
18 wrz 2012 11:09, "Ray" napisał(a):
> Hi,
>
> I am running
You can create ACI on ou=Groups,dc=domain,dc=com. This ACI can deny search,
compare, read of ou=Sales. All ldap clients included in target of this ACI
will not see your sales OU. This can be targeted to some users and
annonymous bind. Pls look in red hat docs: red hat directory server admin
guide.
Hi,
I am running a 389 box with TLS enabled. Now I would like to change the
hostname, which would render the current certificate invalid. Is there
an easy way to create a new certificate with the new hostname?
Cheers,
Ray
--
389 users mailing list
389-users@lists.fedoraproject.org
https://a
You could use shell script to add user. Create template ldif and fill it
with bash script. Next run ldapadd in script. The only way I can think of
to change behavior of admin console will require change in sources.
Hope this helps.
Greg.
18 wrz 2012 10:58, "Alberto Suárez"
napisał(a):
> Hi,
>
>
Hi,
First big thanks for all people developing and maintaining 389ds! I've
been learning LDAP for a while and one question which I haven't been
able to figure out.
There are bunch of Debian servers authenticating against 389ds. I
started with anonymous bind to get the basic setup working. No