Hello everyone,
i am writing a small php application in order to manage D389 users.
Currently, in order to connect to it, i saved the admin password in clear text
in a config.php file, just for test.
Now i would move these settings into mysql database and hash the password for
secure reason,
Hi,
i'm struggling with this request made by my customer.
He has some AD users that needs to be replicated with D389, stardard attributes
is ok but there are also some extended attributes to replicate.
Searching in documentation i was not able to find anything related.
Is there any way to do
Yes, only users.
#5052 opened by me.
Many Thanks
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
Doing some tests i've found that deletion does not work when
winSyncWindowsFilter entry is present on winsync agreement
This is my filter:
winSyncWindowsFilter: (&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=
Portal Users,OU=Groups,DC=lab,DC=local))
Removing that entry the deletion
The recycle bin is disable.
This is a Windows 2019 Server with 2016 forest and functional level.
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of
Ok reported on GitHub, hope someone could make a step further on this.
Many Thanks
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
Hello,
trying to delete an entry in AD configured winsync replication OneWay
fromWindows.
The synced entry has not been deleted also in DS389.
This the error message:
DEBUG - clcache_initial_anchorcsn - anchor is now: 61b2611900010001
[09/Dec/2021:21:04:03.381822400 +0100] - DEBUG -
Unfortunately one thing is still missing in Winsync configuration.
Changing the Windows Subtree config, i've noticed that it replicates full DN
and if missing in the destination(ex: contained OU in AD), D389 it fails.
Just to explain me well.
The source AD subtree has become:
dc=lab,dc=local
The
Thanks for your support.
Everything seems up and running as expected.
Regards
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
Thanks for your analysis.
I've got it worked and i've found a problem in AD DN plugin.
The filter was evaluating only objectClass=nsAccount.
However your PAM config is for sure better than my, and i must confess i'm not
a PAM guru. This will be a change to make a better understanding about the
Thank you for your suggestions.
I've got it working after realized that the problem were in AD DN plugin where
addn_filter was set to evaluate only nsAccount as objectClass.
However your PAM config looks better and i must confess, i am not a PAM guru. I
will explore better this topic.
Hi William,
the pam, for users created manually is working fine to me.
The only problem is related to synced users from AD whch seems doesn't have all
the necessary objectClasses.
However, this is ldapserver pam service:
# here are the per-package modules (the "Primary" block)
auth[success=2
Sure,
this is the relative parts.
PAM PASS THROUGH
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
objectClass: pamConfig
cn: PAM Pass Through Auth
nsslapd-pluginPath: libpam-passthru-plugin
nsslapd-pluginInitfunc:
Sure,
this is the relative parts.
PAM PASS THROUGH
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
objectClass: pamConfig
cn: PAM Pass Through Auth
nsslapd-pluginPath: libpam-passthru-plugin
nsslapd-pluginInitfunc:
14 matches
Mail list logo