[389-users] Re: access log - successful authentication

On 12/10/21 11:52 AM, Karandikar, Neel wrote: Hello Is there a simple way to tell that a user has been authenticated by looking at the access log? /var/log/dirsrv//access/ something like “authentication successful” in the access log I have been looking at the access log file and enabled

[389-users] Re: any chages to DS looging - performance in last version ?

the ability to audit the server's activity.  I don't recommend it unless you never check the access log and really need a 5-10% perf improvement. Regards, Mark *From:*Mark Reynolds [mailto:marey...@redhat.com] *Sent:* December 6, 2021 8:12 AM *To:* General discussion list for the 389 Directory

[389-users] Re: any chages to DS looging - performance in last version ?

On 12/6/21 11:08 AM, Ghiurea, Isabella wrote: Good morning , Based on the doc link bellow  from 2019 :” Logging Performance Improvement “ I would like to learn if there are any change in related to access , error log performance in last 389DS version  ?

[389-users] Re: Recent commits in stable 389ds branches - discussion

Hi Andrey, See comments below... On 12/3/21 6:29 AM, Ivanov Andrey (M.) wrote: Hi, I'd like to discuss several recent (since a couple of months) commits in stable branches of 389ds. I will be talking about 1.4.4 https://github.com/389ds/389-ds-base/tree/389-ds-base-1.4.4 since it's the one

[389-users] Announcing 389 Directory Server 2.0.11

389 Directory Server 2.0.11 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.11 Fedora packages are available on Fedora 34 and Rawhide Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=79178995

[389-users] Re: 389-DS Internal unindexed search

On 11/15/21 9:46 AM, Pierre Rogier wrote: I feel a bit weird that we try to perform substring searches in the referential integrity plugin. I would rather expect equality searches. Does anyone know why the * are needed ? It is used for MODRDN's like Thierry stated.  The code states that we

[389-users] Re: 389-DS Internal unindexed search

On 11/15/21 9:00 AM, Ciber dgtnt wrote: Hi, I have a problem in 389-ds version 1.3.10.2-10 intalled on Centos7 , we have a multimaster enviroment with consumers and suppliers, we have referential integrity plugin to control the group members. In the master node where we have the referential

[389-users] Re: Cleaning up a disabled replica

On 11/1/21 8:41 PM, Simon Pichugin wrote: Hi Iain, what 389 DS version do you have? You can safely remove the changelog on the test servers where replication is disabled. As it no longer holds a true record of all modifications while replication is disabled. So a changelog can be

[389-users] Re: anonymous binds

On 10/21/21 9:26 AM, Michael Starling wrote: *From:* Mark Reynolds *Sent:* Tuesday, October 19, 2021 3:47 PM *To:* General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.

[389-users] Re: anonymous binds

On 10/19/21 1:43 PM, Michael Starling wrote: Good afternoon. I have a few questions about anon binds. In theory if you have 3000 user objects in the directory and anonymous binds have a limit returning 2000 entries can you still use anonymous binds in LDAP client configurations without

[389-users] Re: changelog program - _cl5AddThread - Invalid changelog state - 2

On 10/19/21 11:07 AM, Kees Bakker wrote: On 19-10-2021 15:58, Kees Bakker wrote: On 19-10-2021 14:13, Mark Reynolds wrote: On 10/19/21 5:35 AM, Kees Bakker wrote: On 18-10-2021 20:18, Mark Reynolds wrote: On 10/18/21 1:52 PM, Kees Bakker wrote: On 18-10-2021 16:30, Mark Reynolds wrote

[389-users] Re: changelog program - _cl5AddThread - Invalid changelog state - 2

On 10/19/21 5:35 AM, Kees Bakker wrote: On 18-10-2021 20:18, Mark Reynolds wrote: On 10/18/21 1:52 PM, Kees Bakker wrote: On 18-10-2021 16:30, Mark Reynolds wrote: On 10/18/21 8:17 AM, Kees Bakker wrote: Hi, Today I tried 389-base 1.4.4.17 for a fix of retro cl trimming [1] Unfortunately

[389-users] Re: changelog program - _cl5AddThread - Invalid changelog state - 2

On 10/18/21 1:52 PM, Kees Bakker wrote: On 18-10-2021 16:30, Mark Reynolds wrote: On 10/18/21 8:17 AM, Kees Bakker wrote: Hi, Today I tried 389-base 1.4.4.17 for a fix of retro cl trimming [1] Unfortunately the ns-slapd got into some sort of deadlock, I think. Anyway, I reverted 389-base

[389-users] Re: changelog program - _cl5AddThread - Invalid changelog state - 2

On 10/18/21 8:17 AM, Kees Bakker wrote: Hi, Today I tried 389-base 1.4.4.17 for a fix of retro cl trimming [1] Unfortunately the ns-slapd got into some sort of deadlock, I think. Anyway, I reverted 389-base back to 1.4.3.23. Yeah the replication changelog was moved in 1.4.4, so by

[389-users] Re: Lock table is out of available lock entries

On 10/18/21 5:18 AM, Kees Bakker wrote: On 12-10-2021 14:29, Kees Bakker wrote: On 11-10-2021 20:58, Viktor Ashirov wrote: On Mon, Oct 11, 2021 at 8:33 PM Mark Reynolds wrote: On 10/11/21 2:29 PM, Kees Bakker wrote: On 11-08-2021 15:21, Mark Reynolds wrote: On 8/11/21 9:09

[389-users] Re: 389 1.4.x Change Log Config

On 10/13/21 9:53 AM, Sean Weldon wrote: Hello, Can someone tell me where the change log config has moved in 1.4.x+? Looking at https://directory.fedoraproject.org/docs/389ds/design/integrate-changelog-database-and-backend-database.html , I understand it's now part of the back end and can be

[389-users] Re: syntax passwd policy trivial words restrictions issues

On 10/12/21 5:27 PM, Ghiurea, Isabella wrote: Hi List, We are testing a new  passwd syntax policy  in ldap  we have only cfg password length to 8 char and according to this RH Doc   bellow there are some exceptions( *aka “trivial words”  and uid, cn, givenName which can not be used* )  

[389-users] Re: Lock table is out of available lock entries

On 10/11/21 2:29 PM, Kees Bakker wrote: On 11-08-2021 15:21, Mark Reynolds wrote: On 8/11/21 9:09 AM, Pierre Rogier wrote: Hi, I suspect that Kees discovered a new bug ... As the retro changelog is persistent across reboot, it is normal that their timestamp are absolute, so IMHO

[389-users] Re: passwordAdminDN help

On 9/28/21 5:53 PM, Morgan Jones wrote: May I have a sanity check here? I am attempting to add pre-hashed passwords to users. If I’ve read the documentation correctly this should work. I’ve also tried putting uid=selectivesync389,ou=svc_accts,dc=domain,dc=org directly in passwordAdminDN:

[389-users] Re: DSIDM/TLS: certificate verify failed (unable to get local issuer certificate)

On 9/25/21 12:52 PM, Daniel wrote: Hello, currently i am a bit stuck with getting 389- Server working and would appreciate any help... I have followed https://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html and a guide to import certificates and keys from letsencrypt, which seems

[389-users] Re: Password lockout policy max failure.

On 9/24/21 9:47 AM, Michael Starling wrote: *From:* Mark Reynolds *Sent:* Friday, September 24, 2021 9:38 AM *To:* General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.

[389-users] Re: Password lockout policy max failure.

On 9/24/21 9:23 AM, Michael Starling wrote: Hello. I'm having an issue where we have passwordMaxFailure set to "5" in the global policy but users are getting locked out after 3 attempts. This is because you have a mix of global and local policies. Local policies override the global policy.

[389-users] Re: dsidm utility inconsistencies

On 9/23/21 11:59 AM, Michael Starling wrote: *From:* Michael Starling *Sent:* Thursday, September 23, 2021 10:10 AM *To:* Mark Reynolds ; General discussion list for the 389 Directory server project. <389-us

[389-users] Re: dsidm utility inconsistencies

On 9/22/21 5:11 PM, Michael Starling wrote: *From:* Mark Reynolds *Sent:* Wednesday, September 22, 2021 3:38 PM *To:* General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.

[389-users] Re: dsidm utility inconsistencies

On 9/22/21 2:58 PM, Michael Starling wrote: Unless I'm interpreting the man pages, and documentation wrong there seems to be some issues with the dsidm utility.  Perhaps I'm doing something wrong? This works. dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b

[389-users] Re: attribute passwordMinLength cfg issues/error

On 9/22/21 1:52 PM, Ghiurea, Isabella wrote: As part of user global policy we need to configure  user password min length , see my  cfg in dse.ldif , when trying to update  a user password to a   password with length > 0 seeing the following error:. I think you meant "length > 8".  Looks

[389-users] Re: can't get admin console to connect

Hi Chase, On 9/21/21 3:59 PM, Chase Miller wrote: I have done many of 389 ldap server setups. Have a new install, and I can't get for the life of me able to get the admin console to connect to the server. Message i get is [Tue Sep 21 14:55:44.279828 2021] [:notice] [pid 1337:tid

[389-users] Re: ns-newpolicy/pl documentation/use case

On 9/20/21 6:36 PM, Ghiurea, Isabella wrote: *From:*Ghiurea, Isabella *Sent:* September 20, 2021 3:32 PM *To:* 'Mark Reynolds' ; General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org> *Subject:* RE: [389-users] ns-newpolicy/pl documentation/us

[389-users] Announcing 389 Directory Server 1.4.4.17

389 Directory Server 1.4.4.17 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.17 Fedora packages are available on Fedora 33. Fedora 33: https://koji.fedoraproject.org/koji/taskinfo?taskID=76027095

[389-users] Re: ns-newpolicy/pl documentation/use case

Isabella - *From:*Mark Reynolds [mailto:mreyno...@redhat.com] *Sent:* September 20, 2021 6:01 AM *To:* General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org>; Ghiurea, Isabella *Subject:* Re: [389-users] ns-newpolicy/pl documentation/use cas

[389-users] Announcing 389 Directory Server 2.0.10

389 Directory Server 2.0.10 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.10 Fedora packages are available on Fedora 34 and Rawhide Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=76007874

[389-users] Re: Audit entries of Account Policy Plug-In behavior

On 9/20/21 7:44 AM, Claudionor Raymundo wrote: Hi folks. There is any way to deactivate audit of lastlogintime in audit file, in the directory server with Account Policy Plug-In enabled? My directory server have 190,000+ users, and many of then logs 200 a 300 times a day (emails clients,

[389-users] Re: ns-newpolicy/pl documentation/use case

On 9/17/21 4:46 PM, Ghiurea, Isabella wrote: Hi List I am searching for  some  documentation  for ns-newpolicy.pl file , as per RH Doc I can  use that script to add the attribute : pwdUpdateTime to each uid  entry after I  already cfg in  DS  Password TrackUpdateTime and  pwdpolicy-  

[389-users] Re: Insufficient Access Rights

On 9/15/21 11:51 AM, Xinhuan Zheng wrote: I set up Self Service Password Tool. https://ltb-project.org/documentation/self-service-password. I configured a bind DN for password reset. $ldap_binddn = "cn=proxyagent,ou=profile,dc=mycompany,dc=com"; $ldap_bindpw = "mypassword"; I'm getting

[389-users] Re: global passwd policy for DS with existing users

es  and which ones ? You need to set the password policies the same on /all/ servers, or else those servers will not enforce the password policies. HTH, Mark ·Thank you ·Isabella *From:*Mark Reynolds [mailto:mreyno...@redhat.com] *Sent:* September 10, 2021 12:38 PM *To:* General discuss

[389-users] Re: Additional IP-Address

are about established/stable releases. Regards, Mark Thx, Bernd Am 13.09.21 um 16:04 schrieb Mark Reynolds: On 9/13/21 9:51 AM, Bernd Nachtigall wrote: Hi, during my first steps with 389DS I wonder how I can configure a dedicated IP-Address for the different instances. Are there some hints

[389-users] Re: Additional IP-Address

On 9/13/21 9:51 AM, Bernd Nachtigall wrote: Hi, during my first steps with 389DS I wonder how I can configure a dedicated IP-Address for the different instances. Are there some hints? This is probably what you are looking for:

[389-users] Re: global passwd policy for DS with existing users

On 9/10/21 1:46 PM, Ghiurea, Isabella wrote: Hi List, I need your expertise  , I am looking to configure global  password policy for an existing DS  with aprox 7 k users, at present we are using only the userPassword attribute  , no extra password plugins or  attributes are  enabled , the

[389-users] Re: update_pw_encoding messages

On 9/3/21 9:43 AM, Michael Starling wrote: I see these errors in my logs for some accounts on my consumers with chaining enabled. - WARN - update_pw_encoding - Could not read password attribute on 'uid=someuser,ou=people,dc=domain,dc=lott' This means the user does not have a userpassword

[389-users] Re: changing nsslapd-sizelimit in cn=config

On 9/2/21 4:44 PM, Rob Crittenden wrote: Mark Reynolds wrote: On 9/2/21 3:04 PM, Rob Crittenden wrote: In IPA I'm trying to set the value of nsslapd-sizelimit in cn=config online using our LDAP tool. It is failing with LDAP error 16. What I'm seeing is: ipapython.ipaldap: DEBUG: update_entry

[389-users] Re: changing nsslapd-sizelimit in cn=config

On 9/2/21 3:04 PM, Rob Crittenden wrote: In IPA I'm trying to set the value of nsslapd-sizelimit in cn=config online using our LDAP tool. It is failing with LDAP error 16. What I'm seeing is: ipapython.ipaldap: DEBUG: update_entry modlist [(1, 'nsslapd-sizelimit', [b'2000']), (0,

[389-users] Re: What is the preferred way to make config changes

On 8/30/21 4:20 AM, Kees Bakker wrote: Hi, In one of the GitHub issues [1] it was mentioned that > People "should" be using the python CLI & UI to make these config changes What CLI and/or UI is this? Starting in 389-ds-base-1.4.x we offer a web UI Cockpit plugin: cockpit-389-ds.  We

[389-users] Announcing 389 Directory Server 2.0.8

389 Directory Server 2.0.8 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.8 Fedora packages are available on Fedora 34 Fedora 34: https://koji.fedoraproject.org/koji/taskinfo?taskID=74413473 - Koji

[389-users] Re: How to replicate password lockout attributes from a consumer or hub to a master(s)

n list for the 389 Directory server project. <389-users@lists.fedoraproject.org> *Cc:* Michael Starling *Subject:* Re: [389-users] Re: How to replicate password lockout attributes from a consumer or hub to a master(s) On Fri, Aug 13, 2021 at 9:42 PM Mark Reynolds <mailto:mreyno...@red

[389-users] Re: How to replicate password lockout attributes from a consumer or hub to a master(s)

On 8/13/21 2:40 PM, Michael Starling wrote: *From:* Michael Starling *Sent:* Friday, August 13, 2021 10:41 AM *To:* Mark Reynolds ; General discussion list for the 389 Directory server project. <389-us

[389-users] Re: How to replicate password lockout attributes from a consumer or hub to a master(s)

On 8/12/21 2:33 PM, Michael Starling wrote: *From:* Mark Reynolds *Sent:* Thursday, August 12, 2021 11:48 AM *To:* General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.

[389-users] Re: How to replicate password lockout attributes from a consumer or hub to a master(s)

On 8/12/21 10:53 AM, Michael Starling wrote: Hello. I've taken over a large 389-ds environment running on Oracle Linux 8 and the first task I need to complete is to enable password lockouts. I was able to enable password lockouts successfully however it only works if the client is

[389-users] Re: Several "DB retried operation targets" messages per day

On 8/12/21 10:21 AM, Kees Bakker wrote: On 12-08-2021 16:00, Mark Reynolds wrote: On 8/12/21 9:57 AM, Kees Bakker wrote: On 12-08-2021 14:21, Mark Reynolds wrote: On 8/12/21 5:16 AM, William Brown wrote: hey there, Some of your messages have been bouncing or being caught in spam filters

[389-users] Re: Several "DB retried operation targets" messages per day

On 8/12/21 9:57 AM, Kees Bakker wrote: On 12-08-2021 14:21, Mark Reynolds wrote: On 8/12/21 5:16 AM, William Brown wrote: hey there, Some of your messages have been bouncing or being caught in spam filters due to DMARC/DNS SPF failures. That may be why no one is answering

[389-users] Re: Several "DB retried operation targets" messages per day

On 8/12/21 5:16 AM, William Brown wrote: hey there, Some of your messages have been bouncing or being caught in spam filters due to DMARC/DNS SPF failures. That may be why no one is answering. No, this was not filtered.  We have a lot of engineers on PTO at the moment, and the rest of us

[389-users] Re: Lock table is out of available lock entries

/389ds/389-ds-base/issues/4869 Mark Regards Pierre, On Wed, Aug 11, 2021 at 11:50 AM Kees Bakker <mailto:ke...@ghs.com>> wrote: On 09-08-2021 20:23, Mark Reynolds wrote: > On 8/9/21 1:47 PM, Kees Bakker wrote: >> On 09-08-2021 19:25, Mark Reynolds wrote: >

[389-users] Re: Lock table is out of available lock entries

On 8/11/21 8:52 AM, Kees Bakker wrote: On 11-08-2021 14:38, Mark Reynolds wrote: On 8/11/21 8:30 AM, Kees Bakker wrote: On 11-08-2021 11:49, Kees Bakker wrote: On 09-08-2021 20:23, Mark Reynolds wrote: On 8/9/21 1:47 PM, Kees Bakker wrote: On 09-08-2021 19:25, Mark Reynolds wrote: On 8/9

[389-users] Re: Lock table is out of available lock entries

On 8/11/21 8:30 AM, Kees Bakker wrote: On 11-08-2021 11:49, Kees Bakker wrote: On 09-08-2021 20:23, Mark Reynolds wrote: On 8/9/21 1:47 PM, Kees Bakker wrote: On 09-08-2021 19:25, Mark Reynolds wrote: On 8/9/21 1:16 PM, Kees Bakker wrote: On 09-08-2021 18:43, Mark Reynolds wrote: On 8/9

[389-users] Re: Lock table is out of available lock entries

On 8/9/21 1:47 PM, Kees Bakker wrote: On 09-08-2021 19:25, Mark Reynolds wrote: On 8/9/21 1:16 PM, Kees Bakker wrote: On 09-08-2021 18:43, Mark Reynolds wrote: On 8/9/21 11:20 AM, Kees Bakker wrote: On 09-08-2021 16:00, Mark Reynolds wrote: On 8/9/21 8:09 AM, Kees Bakker wrote: Hi, When

[389-users] Re: Lock table is out of available lock entries

On 8/9/21 1:16 PM, Kees Bakker wrote: On 09-08-2021 18:43, Mark Reynolds wrote: On 8/9/21 11:20 AM, Kees Bakker wrote: On 09-08-2021 16:00, Mark Reynolds wrote: On 8/9/21 8:09 AM, Kees Bakker wrote: Hi, When my dirsrv was trying to compact the databases I was getting this error [07/Aug

[389-users] Re: Lock table is out of available lock entries

On 8/9/21 11:20 AM, Kees Bakker wrote: On 09-08-2021 16:00, Mark Reynolds wrote: On 8/9/21 8:09 AM, Kees Bakker wrote: Hi, When my dirsrv was trying to compact the databases I was getting this error [07/Aug/2021:23:59:02.715984489 +0200] - NOTICE - bdb_compact - Compacting databases ... [07

[389-users] Re: Lock table is out of available lock entries

On 8/9/21 8:09 AM, Kees Bakker wrote: Hi, When my dirsrv was trying to compact the databases I was getting this error [07/Aug/2021:23:59:02.715984489 +0200] - NOTICE - bdb_compact - Compacting databases ... [07/Aug/2021:23:59:02.765932397 +0200] - NOTICE - bdb_compact - Compacting DB

[389-users] Re: Unable to promote a replica

Thanks John! I think this is enough to get an investigation started.  Sounds pretty easy to reproduce, so we should be able to get this fixed quickly and get some new builds out... Mark On 8/4/21 5:45 PM, John Thurston wrote: On 8/3/2021 4:59 PM, Mark Reynolds wrote: Are you saying

[389-users] Re: Unable to promote a replica

P server", 'ctrls': []} ERROR: Error: -1 - Can't contact LDAP server - [] -- Do things because you should, not just because you can. John Thurston    907-465-8591 john.thurs...@alaska.gov Department of Administration State of Alaska On 8/2/2021 3:35 PM, Mark Reynolds wrote: Looks like

[389-users] Re: Unable to promote a replica

Looks like there might be some patch missing on the 1.4.4 branch because dsconf should not be trying to create the changelog.  Can you provide this info: # rpm -qa | grep 389 Most likely this is a bug, but for now you can use ldapmodify (from our older docs):

[389-users] Re: memberOf Plugin report inconsistent states

On 7/15/21 9:21 AM, Thierry Bordaz wrote: On 7/15/21 2:56 PM, Tobias Ernstberger wrote: Hello, it is well known and documented, that the memberOf attribute can have inconsistent states (e.g. by manipulating it directly). There is also a Fix-Up Task to repair that. Question: Is there also

[389-users] Re: Cockpit and 389

On 7/7/21 5:18 PM, Gary Waters wrote: Hello Everyone, I have been having trouble with Cockpit and 389 since I upgraded to 389-ds-base to 1.4.X from 1.3.X. I was initially having trouble with rendering the replication page but I have determined that the monitoring page is not rendering as

[389-users] Re: Replica's nsslapd-referral uri is ldap: instead of ldap:

the agreement's configuration.  There could be a good reason for it, but we need to look into it closer... Regards, Mark Not sure whether that's helpful, but it sure baffled me. Thanks again for the help! *From: *Mark Reynolds *Reply-To: *"General discussion list for the 389 Directory server pr

[389-users] Re: Replica's nsslapd-referral uri is ldap: instead of ldap:

rals in a long time.  We will need investigate it. Can you open a github issue describing the issue, and how it's blocking password updates? https://github.com/389ds/389-ds-base/issues/new/choose Thanks, Mark Thanks again, Brian *From: *Mark Reynolds *Date: *Thursday, July 1, 2021 at 8:

[389-users] Re: Replica's nsslapd-referral uri is ldap: instead of ldap:

Hi Brian, You can just change nsslapd-referral attribute to use ldaps instead of ldap. Now you "should" be able to do that in the console, but I just found out that there is a bug in the console where we don't actually grab the referrals from the mapping tree entry.   Glad I found it now

[389-users] Monthly internal scheduled task failure resulting in segfault

stion.  So it should never run.  There is no way to verify it except for the server not crashing. HTH, Mark Cheers Nelson. On Thu, May 27, 2021 at 0:08 Mark Reynolds <mailto:mreyno...@redhat.com>> wrote: On 5/26/21 11:05 AM, Nelson Bartley wrote: I can confirm we do n

[389-users] Freenode IRC channel #389 has been closed, please use Libera.chat (#389)

Everyone has been kicked out of the freenode channel.  Please join irc://irc.libera.chat/389 to continue chatting about 389 Directory Server! Thanks -- 389 Directory Server Development Team ___ 389-users mailing list --

[389-users] Re: Monthly internal scheduled task failure resulting in segfault, also...

On 5/26/21 8:15 AM, Mark Reynolds wrote: HI Nelsen, I'm working on a db compaction improvement.,  Now DB compaction occurs every 30 days, and I found a bug if you don't have replication set up then the server crashes when trying to compact a changelog (that does not exist).  This only

[389-users] Re: Monthly internal scheduled task failure resulting in segfault

HI Nelsen, I'm working on a db compaction improvement.,  Now DB compaction occurs every 30 days, and I found a bug if you don't have replication set up then the server crashes when trying to compact a changelog (that does not exist).  This only happens on 389-ds-base-1.4.3, or newer, and only

[389-users] Re: Replication and operational attributes / cockpit-389-ds

On 5/22/21 9:47 AM, Tornóci László wrote: Hi, I plan to set up a read only replica to my 389-ds server. I would like to have all my users authenticate againts the read only replica. Can I still use the account-policy plugin to store the lastLoginTime operational attribute? You can, you just

[389-users] IRC server change

Same as #freeipa has done, we have also moved off of freenode and on to libera:     irc://irc.libera.chat/389 Sooner than later we will shutdown the freenode channel #389 ... Thanks, Mark Forwarded Message Subject:[Freeipa-users] IRC server change Date: Wed, 19

[389-users] Re: 389 console on Windows - command logging

On 5/17/21 5:29 PM, Marc Sauton wrote: There isn't a console log, but there is all the activity from the HTTP server, in  /var/log/dirsrv/admin-serv/access The other possibility is to run the console in debug mode. If its an issue you can reproduce then run this:   389-console -D 9 HTH,

[389-users] Re: fips enabled error

On 5/17/21 9:14 AM, Angel Bosch Mora wrote: is it possible to lower the severity of fips enabled info from ERR to WARN in messages like this? Absolutely, changing it now... wow! that was truly fast :) No problem, here is the ticket for the fix if you are curious:

[389-users] Re: fips enabled error

On 5/17/21 7:00 AM, Angel Bosch Mora wrote: Hi, is it possible to lower the severity of fips enabled info from ERR to WARN in messages like this? Absolutely, changing it now... [17/May/2021:10:57:02.753271017 +] - ERR - slapd_system_isFIPS - Can not access

[389-users] Announcing 389 Directory Server 1.4.3.23

389 Directory Server 1.4.3.23 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.23 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=67913862 - Fedora 

[389-users] Re: how to configure cn attribute case sensitive

On 4/26/21 3:34 PM, Ghiurea, Isabella wrote: Hi List, I need help with the following  ldap issue , we are running 389-ds-base-1.3.7.5-24.el7_5.x86_64 -how to check if 389-DS  is cfg to be case sensitive? - how  to cfg the cn attribute  which is indexed in my DS   to be case sensitive ?

[389-users] Re: Compact problem solved with nsslapd-db-locks: 1500000, should i keep it?

On 4/26/21 8:33 AM, murma...@hotmail.com wrote: We had a problem today, one of our two 389 DS servers hanged showing the errors: ERR - libdb - BDB2055 Lock table is out of available lock entries ERR - NSMMReplicationPlugin - changelog program - _cl5CompactDBs - Failed to compact

[389-users] Re: Forbidden uid?

You can create aci's that restrict specific DN's from doing specific actions like ADD.  Is that what you mean?  If so, look at the Admin guide for more information: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_access_control HTH,

[389-users] Re: How do I change the root password storage scheme to CRYPT-SHA512 through dsconf?

On 4/16/21 3:04 AM, spike wrote: Hi everyone, I'd like to change the default root password storage scheme from PBKDF2_SHA256 to CRYPT-SHA512 but I'm not having much success. I'm using the RHDS 11 documentation

[389-users] Re: dsctl healthcheck bug - or bad at least a bad resolution

On 4/15/21 4:23 PM, Gary Waters wrote: These entries look fine.  I'm assuming you are running this on a hub or consumer, is that correct?  Does it work correctly on the supplier replica?  I think the "nsslapd-state=referral on update" might be tripping up the healthcheck. Yes I am using

[389-users] Re: dsctl healthcheck bug - or bad at least a bad resolution

On 4/15/21 1:24 PM, Gary Waters wrote: Hi Mark , Thank you so much for your time. On 4/15/21 7:54 AM, Mark Reynolds wrote: I don't see your backend entry in your output, just the mapping tree entry.  It takes two entgries to define a backend and suffix (annoying I know but that's how

[389-users] Re: dsctl healthcheck bug - or bad at least a bad resolution

On 4/14/21 9:41 PM, Gary Waters wrote: Hi Guys! I think I found a bug in dsctl, and wanted to give some background and see what you guys thought. I am setting up my ldaphub.. and I am getting an odd issue when running the dsctl $instance healthcheck on it, but the dsctl $instance

[389-users] Re: Cert Problems with dsidm, and...

2fslapd-YOUR_INSTANCE.socket| HTH, Mark -Bryan On Mon, Apr 05, 2021 at 12:18:00PM -0400, Mark Reynolds wrote: On 4/5/21 12:06 PM, Mark Reynolds wrote: On 4/5/21 10:55 AM, Bryan K. Walton wrote: On Mon, Apr 05, 2021 at 10:42:45AM -0400, Mark Reynolds wrote: Hi Bryan, What version of 389-ds-base i

[389-users] Re: Cert Problems with dsidm, and...

On 4/5/21 12:06 PM, Mark Reynolds wrote: On 4/5/21 10:55 AM, Bryan K. Walton wrote: On Mon, Apr 05, 2021 at 10:42:45AM -0400, Mark Reynolds wrote: Hi Bryan, What version of 389-ds-base is installed? Results of "rpm -qi 389-ds-base" Version : 1.4.3.17 Release : 1.module

[389-users] Re: Cert Problems with dsidm

On 4/5/21 10:55 AM, Bryan K. Walton wrote: On Mon, Apr 05, 2021 at 10:42:45AM -0400, Mark Reynolds wrote: Hi Bryan, What version of 389-ds-base is installed? Results of "rpm -qi 389-ds-base" Version : 1.4.3.17 Release : 1.module_el8+10764+2b5f8656 Install Date: Mon 01 Feb

[389-users] Re: Cert Problems with dsidm

Hi Bryan, What version of 389-ds-base is installed? On 4/5/21 10:18 AM, Bryan K. Walton wrote: We have/had a working 389 directory server running on Centos 8. It was working fine, and for the most part, it still is. We can sucessfully manage it through the cockpit service. We can

[389-users] Re: Password Upgrade on Bind modify

On 3/23/21 4:29 AM, Jan Tomasek wrote: Hi, I've upgraded from older 389DS to 1.4.4.11 and realized that server started upgrading hashing algorithm of userPassword it is fine, but it also moves forward passwordExpirationTime. I know I can set dn: cn=config nsslapd-enable-upgrade-hash: off

[389-users] Re: Unindexed search even on indexed database

On 3/4/21 7:24 AM, Pierre Rogier wrote: Hi Jan, IMHO the allids threshold has been reached for the "issued" value for entryStatus  index  (in other words: too many entries have  entryStatus: issued: ) You may want to grep for "conn=115 op=1" in access log and check how many entries where

[389-users] Re: Unindexed search

On 2/26/21 8:42 PM, William Brown wrote: Substring search indexes are based on trigraphs aka combinations of three letters. So for example, "search" would be broken down to: "sea" "ear" "arc" "rch" Just for completeness, it is actually broken down like: "^se "sea" "ear" "arc" "rch" "ch$"

[389-users] Re: Plugin for enforcing minimum attribute length

Sorry there is no way restrict the attribute value length.  The LDAP spec states that there is no limit on an attribute's value size.  If you must restrict it then you would need to write a custom plugin to enforce such a limit. Regards, Mark On 2/16/21 6:55 AM, Jan Tomasek wrote: Hi, is

[389-users] Announcing 389 Directory Server 1.4.4.13

389 Directory Server 1.4.4.13 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.13 Fedora packages are available on Fedora 33. Fedora 33: https://koji.fedoraproject.org/koji/taskinfo?taskID=61840324

[389-users] Announcing 389 Directory Server 1.4.3.20

389 Directory Server 1.4.3.20 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.20 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=61841707 - Fedora 

[389-users] Announcing 389 Directory Server 2.0.3

389 Directory Server 2.0.3 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.3 Fedora packages are available on Fedora 34 Fedora 34: https://koji.fedoraproject.org/koji/taskinfo?taskID=61843474 The

[389-users] Re: Disable LDAPv2

On 2/8/21 6:45 PM, William Brown wrote: On 9 Feb 2021, at 08:39, Mark Reynolds wrote: On 2/8/21 4:21 AM, Sahin, Erhan wrote: Hello everyone, is it possible to deactivate LDAPv2 completely on server side and only allow LDAPv3? There is no way to do that at this time. Just curious, what

[389-users] Re: Disable LDAPv2

On 2/8/21 4:21 AM, Sahin, Erhan wrote: Hello everyone, is it possible to deactivate LDAPv2 completely on server side and only allow LDAPv3? There is no way to do that at this time.  Just curious, what are your reasons for wanting to deactivate it? Mark Stay safe! Best regards

[389-users] Re: ACI with groupdn to target multiple groups

On 2/4/21 9:33 PM, William Brown wrote: On 5 Feb 2021, at 12:30, William Brown wrote: On 4 Feb 2021, at 22:23, Pierre Rogier wrote: Hi Nicolas, The documentation does not say that wildcard is supported in groupdn evaluation and I have not seen anything in the code that handles it.

[389-users] Announcing 389 Directory Server 1.4.4.12

389 Directory Server 1.4.4.12 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.12 Fedora packages are available on Fedora 33. Fedora 33: https://koji.fedoraproject.org/koji/taskinfo?taskID=61137714

[389-users] Re: plugin names and debian packages

On 1/27/21 2:57 PM, Angel Bosch wrote: Again I think you are looking at the older version of the server. ok, I understand. I see that version 2 is already out. Can I expect additional changes in dsconf interface or will you try to mantain a stable set of parameters? Great question. 

[389-users] Re: plugin names and debian packages

- Missatge original - De: "Mark Reynolds" Per: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>, "Angel Bosch Mora" Enviats: Dimecres, 27 de Gener 2021 14:43:19 Assumpte: [389-users] Re: plugin names and

[389-users] Re: plugin names and debian packages

Well 1.4.0 is quite old and is no longer maintained/supported. In newer versions of 389 it was changed to "retro-changelog".  It probably was changed in 1.4.1. HTH, Mark On 1/27/21 5:41 AM, Angel Bosch Mora wrote: hi! I'm testing my install recipes on debian and I've found two little

<    1   2   3   4   5   6   7   8   9   >