On 2/26/21 5:22 AM, Eugen Lamers wrote:
Documentation read so far:
It sounds like you're building a new replication monitor, so I'd think
that a good place to start would be with a review of the existing one:
On 6/12/19 5:55 AM, wodel youchi wrote:
The netstat on both ports 389 and 636 show that the daemon is
listening on tcp6 only.
Mine, too:
# netstat -tlnp
tcp6 0 0 :::389 :::* LISTEN
6922/ns-slapd
Yet:
$ telnet 10.1.10.11 389
Trying 10.1.10.11...
On 3/8/19 4:58 AM, Janet Houser wrote:
Thanks!
I read that but I can't switch to freeipa since that software doesn
support a hash needed with gsync.
h.. I wonder if I could sync the user/password DB to freeipa
and then use that to serve out samba shares.
I don't think
On 3/7/19 9:17 PM, William Brown wrote:
It uses the ipaNTHash field, and I don’t know if it’s in a samba compatible
format. Samba with IPA uses krb5 for security generally rather than reading the
NT hash IIRC.
It must be a compatible format, because I have a Samba server that
authenticates
On 3/7/19 1:11 PM, Janet H wrote:
I want to be able to change the LDAP password (userPassword) and have that then
update the sambaNTPassword.
I believe FreeIPA (which is built on 389 DS) will do that when you
install it with "--setup-adtrust"
This document might be sufficient:
On 09/06/2018 07:50 AM, isabella.ghiu...@nrc-cnrc.gc.ca wrote:
This does not justify this since running 1 tread takes 0.1564msec/op and
running 10 threads takes 0.0590ms/op
Yes, but that's an average. Running 10 threads doesn't make individual
searches take less time.
When you're running
On 04/05/2017 10:04 AM, Paul Whitney wrote:
Is there something special that needs to be done to "initialize" the
new DB files that can be scripted (ansible) that will set the password
for the new server, then copy the DB files/pin.txt.?
After importing the keys, I apply these configuration
On 03/01/2017 08:15 AM, tua...@gmail.com wrote:
So if you change the password as directory manager it will let you do whatever you want.
So make sure you always change passwords as a "database user" if you expect
password policies to be enforced.
Not correct, below is a test from another LDAP
On 02/23/2017 12:11 AM, William Brown wrote:
As Noriko pointed you, you are missing nsIndexType: pres on this
I hate to repeat myself, but is that a thing that changed *recently*? I
just checked another, newer 389-ds server, and I don't see "pres" index
on objectclass on any servers that I
On 02/22/2017 09:25 PM, William Brown wrote:
Default indexes only apply to new databases (It's a template iirc). You
need to edit the index on the cn=userRoot,cn=ldbm
database,cn=plugins,cn=config
Thanks for clarification, but even when I look in the correct location,
it's "eq" as I said
On 02/22/2017 12:56 PM, Noriko Hosoi wrote:
Take a look at either the 389 console or
/etc/dirsrv/slapd-/dse.ldif (where you will look for
default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config). You
should see equality indexes (nsIndexType: eq) for both of those
attributes by
On 01/06/2017 08:13 AM, Gordon Messmer wrote:
If you can give me a hint there, I can fix those bugs as well.
Nevermind. I figured it out. A suggested fix for the latter bugs is
attached to a ticket for those as well:
https://fedorahosted.org/389/ticket/49082
On 01/05/2017 10:11 PM, Noriko Hosoi wrote:
Sorry about the misunderstanding. Please file a ticket with the
expected behaviour.
https://fedorahosted.org/389/ticket/49080
I've included a patch to correct that behavior.
The rest of the shadow attribute implementation is buggy, too. First,
After upgrading to CentOS 7.3, I found that shadowExpire attributes were
not returned correctly. Searching for an account shows:
dn: UID=gmessmer,ou=People,dc=...
uid: gmessmer
shadowexpire: 117170
The same value is shown in the 389-ds console. The correct value,
however, appears in our
On 11/16/2016 01:23 PM, William Brown wrote:
What's your ioblocktimeout set to?
nsslapd-ioblocktimeout: 180
How many connections are idle on the server?
How would I check?
Are you seeing OOM behaviour or memory not being released to the OS?
No, the systems use very little memory:
On 11/16/2016 09:21 AM, Rich Megginson wrote:
I suggest you file a ticket at https://fedorahosted.org/389/newticket
and attach this and the other information for tracking. This doesn't
seem like an issue that will be easily resolved . . .
OK. Is there any other data I can gather right
On 11/15/2016 12:08 PM, Rich Megginson wrote:
It is also useful to get a few stacktraces which will give us detailed
information about what the server is doing. For example, if you can
"catch" the server while it is misbehaving, and get stacktraces every
second for 10 seconds.
On 11/15/2016 05:16 PM, Noriko Hosoi wrote:
rpm -q 389-ds-base?
# rpm -q 389-ds-base
389-ds-base-1.3.4.0-33.el7_2.x86_64
I wonder you are running the latest version?
https://git.centos.org/summary/rpms!!389-ds-base
2016-11-03 *imports/c7/389-ds-base-1.3.5.10-11.el7
On 11/15/2016 11:58 AM, Marc Sauton wrote:
What is the test filter like?
my $LDAP_BASE = 'dc=dept,dc=uni,dc=edu';
my $LDAP_ATTRS = [qw/cn/];
my $LDAP_FILTER= '(cn=sysadm)';
...
my $ldap =
Net::LDAP->new( $LDAP_SERVER, timeout => $TIMEOUT, onerror =>
'die' )
or
I'm trying to track down a problem we are seeing on two relatively
lightly used instances on CentOS 7 (and previously on CentOS 6, which is
no longer in use). Our servers have 3624 entries according to last
night's export (we export userRoot daily). There are currently just
over 400
On 11/12/2016 02:49 PM, murma...@hotmail.com wrote:
- Can I install and use several certificates to one DS?
That would require TLS SNI support in both the server and the client.
As far as I know, it doesn't exist in either. You'll need a certificate
with both FQDNs. If these hostnames
On 04/12/2016 02:50 AM, wodel youchi wrote:
the first one, didn't work for me, I get in the horde log : could not
replace userPassword attribute, LDAP server : constraint violation.
I don't work with Horde, but you might be seeing something like this:
On 04/07/2016 08:35 AM, Lutz Berger wrote:
Changing the SELINUX setting from "permissive" to "enforcing" and
rebooting afterwards causes port389 DS fail to start due to
a permission problem of /var/run/dirsrv
Interestingly, the ownership of /var/run/dirsrv changed from
port389:port389 to
On 04/07/2016 03:15 PM, William Brown wrote:
When you change from permissive to enforcing, you often need to re-label to make
sure the system is consistent.
From "permissive"? I know that's true if a system is set to enforcing
from "disabled" but I've never seen an indication that switching
On 03/30/2016 07:26 AM, Lutz Berger wrote:
Are there any plans to make the RHEL 7 packages available
in the EPEL channel soon? My customer restricts use of
EPEL-TEST packages.
Do the packages in epel-testing work for you? If so, then go to bodhi
and give them karma:
On 03/24/2016 05:10 PM, Jonathan Vaughn wrote:
TL;DR: Are 389-admin-console / 389-ds-console just the java GUI admin
tools, in which case I don't need them on the server?
https://fedorahosted.org/389/ticket/47865
Yes, they're the java console. IIRC, you do need them installed on the
server
On 03/02/2016 04:01 PM, William Brown wrote:
I believe there is a fix for a memory leak between 1.3.3 and 1.3.4. I strongly
advise upgrading to 1.3.4.8 as it fixes a number of issues.
Red Hat is still shipping 1.3.4.0 with RHEL 7.2. Are those fixes included?
# rpm -q 389-ds-base
On 11/02/2015 07:02 AM, Todor Petkov wrote:
when the group is with NOPASSWD:ALL, it's not working.
If the user has specific record, it's OK.
I can change the sudoers record with pssh, but if someone can give a
hint how to make the group record working, I will appreciate it.
First, check your
On 06/05/2015 10:58 AM, Mayberry, Alexander wrote:
We are currently using legacy ldap, with access.conf to control login
rights.
You should be able to continue using access.conf for netgroup filters.
The man pages for sssd do not indicate support for access filtering on
netgroups, internal
What's the status of 389 DS on RHEL 7? As I recall, when Red Hat
originally started shipping 389-ds-base it lacked replication and
windows sync, which were available with a separate paid subscription.
Do the RHEL packages include those bits now?
Are there any plans to get the admin and
On 11/25/2013 03:54 PM, Rich Megginson wrote:
Is there some reason you need to upgrade from the OS provided official
RHEL 6.4 version of 389-ds-base to the non-OS provided version from the
rmeggins epel6 repo?
I no longer remember why that's there, actually. I feel like there was
a feature
On 10/22/2013 06:51 AM, harry.dev...@faa.gov wrote:
We have enumerate set to true and we have ldap_group_member set to
uniqueMember.
uniqueMember can only be used for ldap_group_member if you also set
ldap_schema=rfc2307bis
If you don't set the ldap_schema, ldap_group_member is expected to
On 09/17/2013 04:28 AM, Parasit Hendersson wrote:
Thank you all guys, in default location everything works fine. Only one
strange thing is that selinux was disabled.
If that's true, then the permissions on any of the directories between /
and /lib/dirsrv/slapd-master2/db/Project, inclusive,
On 09/16/2013 07:49 AM, Parasit Hendersson wrote:
WARNING---no write permission to file
/lib/dirsrv/slapd-master2/db/Project/DBVERSION
But:
-rw-rw-rw-. 1 nobody nobody 0 Sep 16 16:40 DBVERSION
Probably an SELinux problem. I believe the correct location for those
files is /var/lib/dirsrv.
On 08/04/2013 07:55 AM, husam.shabeeb wrote:
Anyone can help me in installing Sogo with 389 directory server
I've run SOGo with 389. The setup follows the documentation very
closely. Can you be specific about the problem that you're having on
your install?
Relevant to the directory
On 11/13/2012 03:51 AM, Ali Jawad wrote:
*LDAP password information update failed: Confidentiality required*
PAM is attempting to use the password change extended operation. I
believe that only happens when /etc/ldap.conf contains pam_password
exop. If you don't care at all about security,
On 05/04/2012 01:47 AM, Alberto Suárez wrote:
Regarding FreeIpa, yes, I am inclined to add it to my setup, but
further on, not in the short term.
The last time I saw its documentation, it wasn't possible to add FreeIPA
to an existing directory server. You had to start with FreeIPA on a
37 matches
Mail list logo
