[389-users] Re: Disable LDAPv2

On 2/8/21 6:45 PM, William Brown wrote: On 9 Feb 2021, at 08:39, Mark Reynolds wrote: On 2/8/21 4:21 AM, Sahin, Erhan wrote: Hello everyone, is it possible to deactivate LDAPv2 completely on server side and only allow LDAPv3? There is no way to do that at this time. Just curious, what

[389-users] Re: Disable LDAPv2

On 2/8/21 4:21 AM, Sahin, Erhan wrote: Hello everyone, is it possible to deactivate LDAPv2 completely on server side and only allow LDAPv3? There is no way to do that at this time.  Just curious, what are your reasons for wanting to deactivate it? Mark Stay safe! Best regards __

[389-users] Re: ACI with groupdn to target multiple groups

On 2/4/21 9:33 PM, William Brown wrote: On 5 Feb 2021, at 12:30, William Brown wrote: On 4 Feb 2021, at 22:23, Pierre Rogier wrote: Hi Nicolas, The documentation does not say that wildcard is supported in groupdn evaluation and I have not seen anything in the code that handles it. IMH

[389-users] Announcing 389 Directory Server 1.4.4.12

389 Directory Server 1.4.4.12 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.12 Fedora packages are available on Fedora 33. Fedora 33: https://koji.fedoraproject.org/koji/taskinfo?taskID=61137714

[389-users] Re: plugin names and debian packages

On 1/27/21 2:57 PM, Angel Bosch wrote: Again I think you are looking at the older version of the server. ok, I understand. I see that version 2 is already out. Can I expect additional changes in dsconf interface or will you try to mantain a stable set of parameters? Great question.  Ther

[389-users] Re: plugin names and debian packages

t? abosch - Missatge original ----- De: "Mark Reynolds" Per: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>, "Angel Bosch Mora" Enviats: Dimecres, 27 de Gener 2021 14:43:19 Assumpte: [389-users] Re: plugin

[389-users] Re: plugin names and debian packages

Well 1.4.0 is quite old and is no longer maintained/supported. In newer versions of 389 it was changed to "retro-changelog".  It probably was changed in 1.4.1. HTH, Mark On 1/27/21 5:41 AM, Angel Bosch Mora wrote: hi! I'm testing my install recipes on debian and I've found two little proble

[389-users] Announcing 389 Directory Server 1.4.4.11

389 Directory Server 1.4.4.11 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.11 Fedora packages are available on Fedora 33. Fedora 33: https://koji.fedoraproject.org/koji/taskinfo?taskID=60484248

[389-users] Announcing 389 Directory Server 1.4.4.10

389 Directory Server 1.4.4.10 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.10 Fedora packages are available on Fedora 33. Fedora 33: https://koji.fedoraproject.org/koji/taskinfo?taskID=59728248

[389-users] Announcing 389 Directory Server 2.0.2

389 Directory Server 2.0.2 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.2 Fedora packages are available on Rawhide (Fedora 34). Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=59725113

[389-users] Re: ERR - _entryrdn_insert_key - Same DN (dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=cesnet,dc=cz) is already in the ,entryrdn file with different ID 10458. Expected ID is 10459

Hi Jan, This is definitely an older version of the server, I would highly suggest to get onto the latest 1.4.x version that you can.  1.4.0 has not been maintained in a very long time, and is missing important fixes. As for this error, I have not seen this before.  The first thing to try wou

[389-users] Announcing 389 Directory Server 1.4.4.9

389 Directory Server 1.4.4.9 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.9 Fedora packages are available on Fedora 33. Fedora 33: https://koji.fedoraproject.org/koji/taskinfo?taskID=56470736

[389-users] Announcing 389 Directory Server 1.4.3.17

389 Directory Server 1.4.3.17 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.17 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=56455191 - Fedora 3

[389-users] Re: dsconf broken for ldaps instances in 1.4.3 but working in 1.4.2

On 11/23/20 11:30 AM, Ivanov Andrey (M.) wrote: Hi William, thanks for your reply. Our managed by dsconf LDAP is signed by a commercial certificate, and both intermediate certificates are added to system bundles using "trust anchor" or "update-ca-trust" (https://access.redhat.com/documentati

[389-users] Fwd: How to manage 389DS on CentOS8 ?

Forwarding to the correct list... Forwarded Message Subject:How to manage 389DS on CentOS8 ? Date: Thu, 19 Nov 2020 07:04:45 -0400 From: Alix FALEME To: 389-users-ow...@lists.fedoraproject.org <389-users-ow...@lists.fedoraproject.org> > Hello guys, i’m here

[389-users] Announcing 389 Directory Server 1.4.4.8

389 Directory Server 1.4.4.8 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.8 Fedora packages are available on Fedora 33. Fedora 33: https://koji.fedoraproject.org/koji/taskinfo?taskID=55146435

[389-users] Announcing 389 Directory Server 2.0.1

389 Directory Server 2.0.1 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.1 Fedora packages are available on Rawhide (Fedora 34). Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=54870733

[389-users] Announcing 389 Directory Server 1.4.4.6

389 Directory Server 1.4.4.6 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.6 Fedora packages are available on Fedora 33 and Rawhide (Fedora 34). Fedora 33: https://koji.fedoraproject.org/koji/taskinfo?taskID=54270607

[389-users] Announcing 389 Directory Server 1.4.3.14

389 Directory Server 1.4.3.14 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.14 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=54261773 - Fedora 3

[389-users] Fwd: 389-AD on CentOS 8

Forwarding to the correct list... First it is NOT 389 Actrive Directory Server.  Active Directory is Microsoft's LDAP server... Going back to your question, there is no 389-admin package on CentOS 8 anymore.  There is a new Web UI that is a Cockpit plugin (cockpit-389-ds).  For more info see

[389-users] Re: ldapdelete error

ldapdelete has a "-r" option to recursiviely delete.  So that would solve your problem, but you better make sure you know what is under that user entry before blindly removing it and its child entries :-) On 10/13/20 10:23 PM, William Brown wrote: Generally this means there is content still un

[389-users] Announcing 389 Directory Server 1.4.3.13

389 Directory Server 1.4.3.13 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.13 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=52811659 - Fedora 3

[389-users] Re: 389 DS on CentOS 8

What you do is install cockpit-bridge on all systems, then you can register each system within cockpit.  Then log into cockpit and you can pick which system you want to look at.  So no you won't see all the DS instances within a single page, but you can easily access each system within cockpit.

[389-users] Re: Clarification on passwordMaxSeqSets

On 9/22/20 2:56 PM, Bryan K. Walton wrote: I'm looking at the RH documentation for passwordMaxSeqSets, found here: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-passwordMaxSeqSe

[389-users] Re: Change of storage scheme

On 9/22/20 12:33 PM, Tornóci László wrote: Hi, On 9/22/20 6:23 PM, Mark Reynolds wrote: On 9/22/20 3:42 AM, Tornóci László wrote: Hi, I recently upgraded my system from RHEL7 to RHEL8, together with 389ds. Apparently this has caused to upgrade the storage scheme of the user passwords to

[389-users] Re: Change of storage scheme

On 9/22/20 3:42 AM, Tornóci László wrote: Hi, I recently upgraded my system from RHEL7 to RHEL8, together with 389ds. Apparently this has caused to upgrade the storage scheme of the user passwords to PBKDF2_SHA256. Everything works fine except freeradius does not support this storage scheme

[389-users] Re: Anyway to incorporate haveibeenpwned.com db into password policy?

On 9/22/20 11:45 AM, Bryan K. Walton wrote: We are running 389ds with CentOS 8. Can anybody confirm if there is a way to check passwords against the haveibeenpwned.com database when users are changing passwords? No, there is only the option to use Cracklib's database for dictionary checks. 

[389-users] Re: How do I connect to 389-server via ldapsearch?

On 9/21/20 5:14 AM, rai...@ultra-secure.de wrote: Am 2020-09-18 22:33, schrieb Mark Reynolds: This means you used the wrong password, you need to use whatever was set for "root_password" in the INF file.  But it wouldn't hurt to check the access log for "err=49"

[389-users] Re: LDAPS only plugin & how to disable LDAP protocol at all

You can set nsslapd-port to 0 and that will disable the port. See also: https://www.port389.org/docs/389ds/howto/howto-listensslonly.html https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/configuring-special-binds#requiring-secure-binds https:/

[389-users] Re: How do I connect to 389-server via ldapsearch?

On 9/18/20 11:18 AM, rai...@ultra-secure.de wrote: Hi, I've installed the latest version on CentOS 8 https://directory.fedoraproject.org/docs/389ds/howto/quickstart.html [root@radius-389-test ~]# rpm -qa |grep 389 |sort 389-ds-base-1.4.2.16-1.module_el8+9435+e6daf39f.x86_64 389-ds-base-lib

[389-users] We've moved to github, make sure you are watching...

https://github.com/389ds/389-ds-base/ All developers, and any other interested individuals, should make sure to "watch" this repo.  We moved off of Pagure and onto github, but the Pagure subscribers were not migrated.  So if you want to keep an eye on what's happening make sure to watch this p

[389-users] Re: Question Regarding Intermediate Cert Install in RHEL/CentOS 8

On 9/14/20 7:30 PM, William Brown wrote: It sounds like there might be a few things going on here. On 14 Sep 2020, at 23:44, Bryan K. Walton wrote: We have two CentOS 8 directory servers running 389ds. They are setup with one as a master and the other as a consumer. Both of these servers u

[389-users] Re: LDAP Error Code 21- Invalid Syntax

Something about the entry you are adding is incorrect.  Can you provide the entry so we can look it over?  Looks like you have an attribute "c" with an invalid value(missing value?), but we need to see the entry to confirm... On 8/28/20 11:08 AM, Thad wrote: I am working with rh 9.1/389 1.2.1

[389-users] Re: Plugin-in Guide for 1.4.0

Sorry the plugin guide has not been maintained in a long time. There was a discussion to just remove it.  Can you provide the stack trace from the crash?  I'm sure we help get it straightened out... On 8/28/20 6:32 AM, Jan Tomasek wrote: Hi, I'm migrating 389DS from 1.2.11 to 1.4.0.11 on Debi

[389-users] Re: Creating extra backend database for sub-sub-suffix

On 8/28/20 3:51 AM, Jan Tomasek wrote: Hi, I've this directory structure: dc=example,dc=cz + o=apps,dc=example,dc=cz + o=TCS2,o=aps,dc=example,dc=cz I would like store o=TCS2,o=aps,dc=example,dc=cz in it's own database, to be able create custom indexes only for entries under o=TCS2,o

[389-users] Re: dsconf-adding pkcs12 cert to 398ds/1.4.3.12 fails : "could not decode certificate: SEC_ERROR_INPUT_LEN: security library has experienced an input length error." ?

On 8/27/20 3:10 PM, PGNet Dev wrote: On 8/27/20 11:27 AM, Mark Reynolds wrote: This is the old "archived" link - it is definitely outdated. Here's a newer one: https://www.port389.org/docs/389ds/howto/howto-ssl.html Or better yet check out the official docs which tells you ho

[389-users] Re: dsconf-adding pkcs12 cert to 398ds/1.4.3.12 fails : "could not decode certificate: SEC_ERROR_INPUT_LEN: security library has experienced an input length error." ?

On 8/27/20 3:10 PM, PGNet Dev wrote: On 8/27/20 11:27 AM, Mark Reynolds wrote: This is the old "archived" link - it is definitely outdated. Here's a newer one: https://www.port389.org/docs/389ds/howto/howto-ssl.html Or better yet check out the official docs which tells you ho

[389-users] Re: dsconf-adding pkcs12 cert to 398ds/1.4.3.12 fails : "could not decode certificate: SEC_ERROR_INPUT_LEN: security library has experienced an input length error." ?

On 8/27/20 2:18 PM, PGNet Dev wrote: I'm no expert but it looks to me like it is expecting a certificate, not a PKCS#12 file. The man page isn't exactly clear on what types are acceptable but based on the certutil error it looks like it only accepts PEM files. It isn't at all clear to me how one

[389-users] Re: dsconf-adding pkcs12 cert to 398ds/1.4.3.12 fails : "could not decode certificate: SEC_ERROR_INPUT_LEN: security library has experienced an input length error." ?

On 8/27/20 1:17 PM, PGNet Dev wrote: i've installed ns-slapd -v 389 Project 389-Directory/1.4.3.12 B2020.213. on grep PRETTY /etc/os-release PRETTY_NAME="Fedora 32 (Server Edition)" a server instance is up dsctl tes

[389-users] Re: Installing an instance of 389ds from scratch - how?

On 8/27/20 11:08 AM, Graham Leggett wrote: On 27 Aug 2020, at 15:32, Mark Reynolds <mailto:mreyno...@redhat.com>> wrote: All of this works correctly for me: [general] config_version = 2 full_machine_name = localhost.localdomain start = False [slapd] instance_name = graham p

[389-users] Re: Installing an instance of 389ds from scratch - how?

On 8/27/20 5:52 AM, Graham Leggett wrote: On 27 Aug 2020, at 02:32, William Brown wrote: Is there a documented method of installing an instance from scratch without setup-ds.pl or dscreate? look at "dscreate create-template" and "dscreate from-template". That’s what I've been working from.

[389-users] Re: Trying to renew a certificate - nss error 8168

I think the issue was that the new certificate "might" have had the same name as the old one? On 8/24/20 9:28 AM, rai...@ultra-secure.de wrote: Am 2020-08-24 15:18, schrieb Mark Reynolds: Not sure what the problem is, but if you create a second test DS instance, can you impor

[389-users] Re: Trying to renew a certificate - nss error 8168

Not sure what the problem is, but if you create a second test DS instance, can you import it there? Maybe remove the old cert first?  If you try that though please make a backup of these files under /etc/dirsrv/slapd-INST: cert8.db, key3.db, and secmod.db in case it doesn't work. HTH, Mark

[389-users] Re: How to disable attribute encryption

On 8/18/20 9:24 AM, Jan Tomasek wrote: On 8/18/20 3:21 PM, Mark Reynolds wrote: Looks like you are all good then... Yes, but... is it possible to prevent creating "encrypted attribute keys" and seeing in logs message:  ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap

[389-users] Re: How to disable attribute encryption

On 8/18/20 9:13 AM, Jan Tomasek wrote: Hi Mark, On 8/18/20 2:56 PM, Mark Reynolds wrote: The best option would be config option to disable attribute encryption for all databases but I failed to find if it is possible. You have to delete each attribute that was configured for attribute

[389-users] Re: How to disable attribute encryption

On 8/18/20 8:47 AM, Jan Tomasek wrote: Hello, is it possible to disable attribute encryption in 389 DS? I'm running 1.4.0.21 @ Debian Buster. After replacing TLS certificate I'm receiving errors: [18/Aug/2020:10:25:16.099482453 +0200] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for

[389-users] Re: CPU Scalability / Scaling

On 8/16/20 1:14 PM, Ben Spencer wrote: On Fri, Aug 14, 2020 at 6:19 PM Marc Sauton > wrote: On Fri, Aug 14, 2020 at 1:31 PM Ben Spencer mailto:isatworkto...@gmail.com>> wrote: On Fri, Aug 14, 2020, 10:53 AM David Boreham mailto:da...@b

[389-users] Re: Changing the name of a DS-389 attribute or adding a new field

On 8/6/20 9:11 AM, Janet Houser wrote: Hi Folks, I'm working to set up a PingFederate server to communicate with Apps at a sister location.  I'm told that the software needs to send the "employeeID" in order to authenticate with the offsite server. Under the Directory Server --> Schema --> 

[389-users] Announcing 389 Directory Server 1.4.3.12

389 Directory Server 1.4.3.12 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.12 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=48296695 - Fedora 3

[389-users] Re: Limitations with large numbers of ACIs?

On 7/28/20 12:30 PM, Winstanley, Anthony wrote: We're running with 458 ACIs right now (verified the same number on all nodes), running on RHEL 7 with: 389-admin-1.1.46-1.el7.x86_64 389-admin-console-1.1.12-1.el7.noarch 389-admin-console-doc-1.1.12-1.el7.noarch 389-adminutil-1.1.22-2.el7.x86_64

[389-users] Re: syncronizing users to 389ds from Azure AD

On 7/10/20 12:54 AM, William Brown wrote: On 10 Jul 2020, at 14:26, Jonathan Aquilina wrote: Hi Will, I actually just confirmed that you can create a console .net core app, as well as an asp.net core web app that you can use the .net core with or fully fledged .net framework. My question is

[389-users] Re: ldap_bind: Invalid credentials (49)

You must be entering the wrong password... Reset the password like this: # ldapmodify -D "cn=directory manager" -W dn: uid=ambaribind,cn=users,cn=accounts,dc=infodetics,dc=net changetype: modify replace: userpassword userpassword: NEW_PASSWORD Then try the ldapsearch again using the reset pass

[389-users] Re: ldap_bind: Invalid credentials (49)

What is in the directory server access log? /var/log/dirsrv/slapd-YOUR_INSTANCE/access It might give more information about the failure.  But error 49 typically means you are using the wrong password, but it could be another issue and the access log will have that information, just look for "

[389-users] Announcing 389 Directory Server 1.4.2.16

389 Directory Server 1.4.2.16 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.2.16 Fedora packages are available on Fedora 31. https://koji.fedoraproject.org/koji/taskinfo?taskID=46843300 Bodhi h

[389-users] Announcing 389 Directory Server 1.4.3.11

389 Directory Server 1.4.3.11 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.11 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=46830973 - Fedora 3

[389-users] Announcing 389 Directory Server 1.4.4.4

389 Directory Server 1.4.4.4 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.4 Fedora packages are available on Rawhide (Fedora 33). https://koji.fedoraproject.org/koji/taskinfo?taskID=46829414

[389-users] Re: question related to EnabledCiphers values

usion here which one of the existing 389-DS  dbs is the “nss database “ as per doc ? /etc/dirsrv/slapd-ldap/cert8.db /etc/dirsrv/slapd-ldap/key3.db /etc/dirsrv/slapd-ldap/secmod.db *From:*Mark Reynolds [mailto:mreyno...@redhat.com] *Sent:* Thursday, July 02, 2020 12:27 PM *To:* General discu

[389-users] Re: question related to EnabledCiphers values

, according to doc link there is  a cmd: dsconf  which I do not see available in 389-DS to list all available chippers on the host  is there any other solution to check  ,  my OS is Linux ns1-01 3.10.0-862.14.4.el7.x86_64 #1 SM Thank you Isabella *From:*Mark Reynolds [mailto:mreyno...@redhat.com

[389-users] Re: question related to EnabledCiphers values

On 7/2/20 2:21 PM, Ghiurea, Isabella wrote:  Running the following ldapsearch returns a lots of entries for nsSSLEnabledCiphers, but I do not see this values in dse.ldif , where are this values configured or  read, please advise ? nsldapsearch -LLLxD 'cn=directory manager' -W -b cn=encry

[389-users] Re: Provider Node Not Restarting Following Failed Schema Update

Trevor, I have not seen this before, but I also have not seen what happens when you add invalid schema. But to try and get the server back up and running try removing the /var/lib/dirsrv/slapd-YOUR_INSTANCE/db/__db.00* files.  So make sure the ns-slapd process is not running, kill it if you

[389-users] Re: LMDB vs BDB where locks are exhausted

On 6/23/20 12:22 PM, David Boreham wrote: On 6/23/2020 10:07 AM, Mark Reynolds wrote: In 389 what we are seeing is that our backend txn plugins are doing unindexed searches, but I would not call it a bug. The unindexed search is fine per se (although probably not a great idea if you want

[389-users] Re: LMDB vs BDB where locks are exhausted

On 6/23/20 11:42 AM, David Boreham wrote: On 6/23/2020 9:34 AM, Emmanuel Kasprzyk wrote: I am working on large Directory Server topology, which is reaching very fast the amount of available locks in BDB ( cf https://bugzilla.redhat.com/show_bug.cgi?id=1831812 ) - Can the planned switch in 3

[389-users] Re: 389 + sssd: Give user information about 389 server password policy

Directory Server has its own internal password policy that it manages itself.  It does not communicate with other services. 389's password policy does say why it rejects passwords.  But in IPA deployments IPA also has its own unique password policy plugin, and it does NOT use 389's password pol

[389-users] Announcing 389 Directory Server 1.4.2.15

389 Directory Server 1.4.2.15 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.2.15 Fedora packages are available on Fedora 31. https://koji.fedoraproject.org/koji/taskinfo?taskID=45761486 Bodhi h

[389-users] Announcing 389 Directory Server 1.4.3.10

389 Directory Server 1.4.3.10 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.10 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=45760593 - Fedora 3

[389-users] Announcing 389 Directory Server 1.4.2.14

389 Directory Server 1.4.2.14 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.2.14 Fedora packages are available on Fedora 31. https://koji.fedoraproject.org/koji/taskinfo?taskID=45153610 Bodhi h

[389-users] Announcing 389 Directory Server 1.4.3.9

389 Directory Server 1.4.3.9 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.9 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=45153038 - Fedora 32

[389-users] Announcing 389 Directory Server 1.4.4.3

389 Directory Server 1.4.4.3 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.3 Fedora packages are available on Rawhide (Fedora 33). https://koji.fedoraproject.org/koji/taskinfo?taskID=45152302

[389-users] Re: replication problems

f500, type=0x7fff84012780 "memberOf", vals=0x0, csn=0x7fff967fb340, urp=8, mod_op=2, replacevals=0x7fff840127c0) > > > >     at ldap/servers/slapd/entrywsi.c:777 > > > > 777 valueset_purge(a, &a->a_present_values, c

[389-users] Announcing 389 Directory Server 1.4.1.19

389 Directory Server 1.4.1.19 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.1.19 Fedora packages are available on Fedora 30. https://koji.fedoraproject.org/koji/taskinfo?taskID=44237705 Bodhi h

[389-users] Announcing 389 Directory Server 1.4.2.13

389 Directory Server 1.4.2.13 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.2.13 Fedora packages are available on Fedora 31. https://koji.fedoraproject.org/koji/taskinfo?taskID=44236196 Bodhi h

[389-users] Announcing 389 Directory Server 1.4.3.8

389 Directory Server 1.4.3.8 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.8 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=44235118 - Fedora 32

[389-users] Announcing 389 Directory Server 1.4.4.2

389 Directory Server 1.4.4.2 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.2 Fedora packages are available on Rawhide (Fedora 33). https://koji.fedoraproject.org/koji/taskinfo?taskID=44234677

[389-users] Re: pwadmin not working

On 5/7/20 8:18 AM, Alberto Viana wrote: William, I'm just a little bit confused about pwadmin concept vs nsslapd-allow-hashed-passwords. Once I turned on nsslapd-allow-hashed-passwords, it's no supposed to only users in my pwadmin(group/users) to be allowed to add pre-hashed password? Albe

[389-users] Re: pwadmin not working

On 5/5/20 7:09 PM, Alberto Viana wrote: William I want to let this user bypass the policy and add a pre-hashed password, I also have a global policy and some OU policies level. On this OU OU=POP-PA,dc=my,dc=domain I have a local policy set. Should I set pwadmin in local policy level? global

[389-users] Re: DNA plugin not working

nes so I can replicate that? Thanks, James On Apr 17, 2020, at 6:17 PM, Mark Reynolds <mailto:mreyno...@redhat.com>> wrote: On 4/17/20 5:19 PM, CHAMBERLAIN James wrote: Hi all, Thank you all for your help.  I’ve gotten DNA working.  I’ll be doing some further work to convince mys

[389-users] Re: [EXTERNAL] Re: setup-ds-admin fails to install admin server

-9393 deborah.croc...@ua.edu -Original Message- From: Mark Reynolds Sent: Friday, May 1, 2020 7:57 AM To: Crocker, Deborah ; General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org> Subject: [EXTERNAL] Re: [389-users] setup-ds-admin fails to i

[389-users] Re: [EXTERNAL] Re: setup-ds-admin fails to install admin server

70346 Tuscaloosa, AL 36587 Office 205-348-3758 | Fax 205-348-9393 deborah.croc...@ua.edu -Original Message- From: Mark Reynolds Sent: Friday, May 1, 2020 7:17 AM To: General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org>; Crocker, Deborah Su

[389-users] Re: setup-ds-admin fails to install admin server

ua.edu -----Original Message- From: Mark Reynolds Sent: Thursday, April 30, 2020 2:06 PM To: General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org>; CHAMBERLAIN James Subject: [EXTERNAL] [389-users] Re: [389-announce] Notice of Legacy Tool removal f

[389-users] Re: [389-announce] Notice of Legacy Tool removal for 389 Directory Server

On 4/30/20 2:34 PM, CHAMBERLAIN James wrote: Hi Mark, On Apr 29, 2020, at 5:10 PM, Mark Reynolds wrote: On 4/29/20 5:07 PM, Mark Reynolds wrote: We've been talking about this for quite some time... A majority of all the old legacy perl and shell scripts have now been ported to th

[389-users] Re: anonymous queries on second suffix subtrees

laugh...@id.ethz.ch <mailto:david.mclaugh...@id.ethz.ch> ---- *From:* Mark Reynolds *Sent:* 30 April 2020 4:21 PM *To:* Mc Laughlin David Bruce (ID BD); General discussion list for the 389 Directory server project. *Subject:* Re: [389-us

[389-users] Re: anonymous queries on second suffix subtrees

eries on the o=ethz,c=ch root suffix also return no records. with best regards, David e-mail: david.mclaugh...@id.ethz.ch <mailto:david.mclaugh...@id.ethz.ch> *From:* Mark Reynolds *Sent:* 30 April 2020 3:10 PM *To:* General discussion list for the 389 D

[389-users] Re: anonymous queries on second suffix subtrees

On 4/30/20 7:14 AM, Mc Laughlin David Bruce (ID BD) wrote: Hello, 389ers. I am migrating a whitepages server from OpenLDAP to 389-DS. My instance has a root suffix with two subtrees (for staff and students). Anonymous queries of the two root suffix subtrees return the expected results. The

[389-users] Re: [389-announce] Notice of Legacy Tool removal for 389 Directory Server

On 4/29/20 5:07 PM, Mark Reynolds wrote: We've been talking about this for quite some time... A majority of all the old legacy perl and shell scripts have now been ported to the new CLI tools.  Starting sometime in Fedora 33 we will stop shipping the legacy tools sub-package as part o

[389-users] Notice of Legacy Tool removal for 389 Directory Server

We've been talking about this for quite some time... A majority of all the old legacy perl and shell scripts have now been ported to the new CLI tools.  Starting sometime in Fedora 33 we will stop shipping the legacy tools sub-package as part of 389 Directory Server.  If you have any tools or

[389-users] Re: Change TLS protocol

This is a known problem.  We moved the default minimum to TLS 1.2 (from 1.0), but it's not working correctly and it will not allow you to set 1.0 at all.  We will fix it shortly... On 4/29/20 10:25 AM, Alberto Viana wrote: Hi Guys, My packages: 389-ds-base1.4.2.8-20200414gitfae920fc8.el8.x86_6

[389-users] Re: Weird bug in 389 DS : no spaces in admin console under CentOS 7

This is a bug in the java openJDK package (another reason our new UI is NOT in java): https://bugzilla.redhat.com/show_bug.cgi?id=1791982 It's supposed to be fixed in java-11-openjdk-11.0.7.1-0.1.ea.el7 according to the bug Try updating the java-1.8.0-openjdk package. HTH, Mark On 4/26/2

[389-users] Announcing 389 Directory Server 1.4.3.7

389 Directory Server 1.4.3.7 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.7 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=43653374 - Fedora 32

[389-users] Announcing 389 Directory Server 1.4.4.1

389 Directory Server 1.4.4.1 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.1 Fedora packages are available on Rawhide (Fedora 33). https://koji.fedoraproject.org/koji/taskinfo?taskID=43651906

[389-users] Re: replication problems

ery useful to us. Thanks, Mark Thanks, Alberto Viana On Wed, Apr 22, 2020 at 4:22 PM Mark Reynolds mailto:mreyno...@redhat.com>> wrote: On 4/22/20 3:15 PM, Alberto Viana wrote: William, Here's: (gdb) frame 3 #

[389-users] Re: replication problems

that update, it would be very useful to us. Thanks, Mark Thanks, Alberto Viana On Wed, Apr 22, 2020 at 4:22 PM Mark Reynolds <mailto:mreyno...@redhat.com>> wrote: On 4/22/20 3:15 PM, Alberto Viana wrote: William, Here's: (gdb) frame 3 #3  0x77b716

[389-users] Re: replication problems

https://gist.github.com/albertocrj/4d74732e4e357fbc5a27296199127a62 (gdb) frame 3 (gdb) print *vs That would help to work out what condition is incorrectly being asserted here. Thanks! > > > Do you guys need something else? > > Thank

[389-users] Re: Exporting to LDIF

On 4/20/20 10:29 PM, William Brown wrote: On 21 Apr 2020, at 06:34, Johannes Kastl wrote: On 17.04.20 at 10:38 Johannes Kastl wrote: Hi again, I found several links on how to export from 389 to LDIF. On a related note: https://directory.fedoraproject.org/docs/389ds/howto/howto-ds-admin-m

[389-users] Re: Setting up replication: HowTo? Tutorials?

On 4/21/20 4:25 PM, Johannes Kastl wrote: Hi Mark, On 21.04.20 at 04:05 Mark Reynolds wrote: The first place you should look is the official documentation, it covers the new CLI and UI processes, including replication. https://access.redhat.com/documentation/en-us/red_hat_directory_server

[389-users] Re: Setting up replication: HowTo? Tutorials?

On 4/20/20 4:41 PM, Johannes Kastl wrote: Hi again, sorry, another question popped up. I want to play around with replication having multiple servers. I am not sure if Multi-Master-Replication is what I should have a look at first, or if there is a simpler form? IIRC multi-master fails when

[389-users] Re: DNA plugin not working

maxvalue: 10 dnamagicregen: 0 dnafilter: (objectclass=posixGroup) dnascope: dc=example,dc=com dnanextvalue: 25000 Best regards, James On Apr 13, 2020, at 2:25 PM, Mark Reynolds wrote: Enabling plugin logging will provide a little more detail about what is going wrong: ldapmodify -D &q

[389-users] Re: 389-ds on Leap 15.1 - teething pains - it is running (with some issues) - but I still cannot test authentication

Each section [] refers to an instance on your local system.  For example I have an instance named localhost.  It can be found on the FS under /etc/disrv/slapd-locahost, but I could have named the instance anything, like:  slapd-MARK (/etc/dirsrv/slapd-MARK).  In the second case I would use the

[389-users] Announcing 389 Directory Server 1.4.4.0

389 Directory Server 1.4.4.0 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.4.0 Fedora packages are available on Rawhide (Fedora 33). https://koji.fedoraproject.org/koji/taskinfo?taskID=43472534

[389-users] Announcing 389 Directory Server 1.4.3.6

389 Directory Server 1.4.3.6 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.3.6 Fedora packages are available on Fedora 32. https://koji.fedoraproject.org/koji/taskinfo?taskID=43473813 https://bo

[389-users] Announcing 389 Directory Server 1.4.2.12

389 Directory Server 1.4.2.12 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.2.12 Fedora packages are available on Fedora 31. https://koji.fedoraproject.org/koji/taskinfo?taskID=43476746 Bodhi h

<    1   2   3   4   5   6   7   8   9   10   >