[389-users] Re: user privileges needed to run repl-monitor.pl

On 08/17/2018 04:59 PM, Sergei Gerasenko wrote: Hi Mark, I have a test instance of 389-ds running on a vm. I’ve tried updating the aci like this: dn: cn=mapping tree,cn=config changetype: modify replace: aci aci: (targetattr = "cn || nsuniqueid || createtimestamp || description ||

[389-users] Re: user privileges needed to run repl-monitor.pl

little differently, but it should be an easy test though. Regards, Mark Thanks,   Sergei On Aug 17, 2018, at 12:23 PM, Mark Reynolds <mailto:mreyno...@redhat.com>> wrote: Add an ACI to this entry (using your suffix of course) allowing the user or group to read/search/comp

[389-users] Re: user privileges needed to run repl-monitor.pl

On 08/17/2018 11:51 AM, Sergei Gerasenko wrote: Hi, I’ve been using repl-monitor.pl for monitoring replication problems. I would like to use an account with a minimal set of permissions needed for the functionality. I created a user and added the permission to Read Replication Agreements.

[389-users] Re: Help with NSS Database

On 08/17/2018 11:27 AM, Cassandra Reed wrote: Hi Everyone, We are in a sticky spot right now where we need to install a new certificate in our 389 Production system, but we do not have the password that was used when the system was built years ago.  We have tried all of the possible

[389-users] Re: LDAP group to provide 389-console access?

On 08/16/2018 08:12 PM, Nick W. Harrison wrote: Hello – I am wanting to provide some GUI-based management console for my coworkers. To that end, I’m trying to make it so members of a certain LDAP-based group can login to 389-console as themselves, register LDAP instances, and start

[389-users] Announcing 389 Directory Server 1.4.0.15

389 Directory Server 1.4.0.15 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.15 Fedora packages are available on Fedora 28, 29, and rawhide. Rawhide https://koji.fedoraproject.org/koji/taskinfo?taskID=29119556

[389-users] Re: Importing users from open-ds

On 08/16/2018 10:09 AM, rai...@ultra-secure.de wrote: Am 2018-08-16 15:58, schrieb Mark Reynolds: On 08/16/2018 09:51 AM, rai...@ultra-secure.de wrote: How can I switch it to sha512 - and how can I store encrypted passwords with different algorithms? You have to reset/change the passwords

[389-users] Re: Importing users from open-ds

On 08/16/2018 09:51 AM, rai...@ultra-secure.de wrote: Am 2018-08-16 15:33, schrieb Mark Reynolds: I created a user in 389-ds and exported it and it did not contain any such hint. How did you "export" the user?  Did you use db2ldif tool? I used the gui ;-) I also used th

[389-users] Re: Importing users from open-ds

On 08/16/2018 09:20 AM, rai...@ultra-secure.de wrote: Hi, I have a very old installation of open-ds sitting around and recently we got the "go" for upgrading it. I installed ds389 on CentOS7 64bit, from EPEL. The first obstacle I hit when simply trying to import users from and export of

[389-users] Re: LDBM recommended Setting

On 08/14/2018 11:32 AM, Paul Whitney wrote: Hi guys, Am looking to improve performance in my 389 DS deployment.  In reviewing the documentation, the recommended size for the LDBM cache is the sum of the backend database + 15% of the backend database.  For me that comes out to almost 27GB. 

[389-users] Re: simple question: do I need an admin server at all ?

Phil, The admin server is only used for 389-console/GUI.  If you aren't using the java UI, then you can remove the 389-admin* packages, and remove the o=netscaperoot suffix (if present). We are currently working on ramping up our new python CLI tools (dscreate, dsctl, dsconf, and dsidm) and

[389-users] Announcing 389 Directory Server 1.3.8.7

389 Directory Server 1.3.8.7 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.8.7 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=28971371

[389-users] Announcing 389 Directory Server 1.4.0.14

389 Directory Server 1.4.0.14 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.14 Fedora packages are available on Fedora 28 and 29(rawhide). Rawhide(F29) https://koji.fedoraproject.org/koji/taskinfo?taskID=28969308

[389-users] Announcing 389 Directory Server 1.3.8.6

389 Directory Server 1.3.8.6 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.8.6 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=28470951

[389-users] Announcing 389 Directory Server 1.4.0.13

389 Directory Server 1.4.0.13 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.13 Fedora packages are available on Fedora 28 and 29(rawhide). Rawhide(F29) https://koji.fedoraproject.org/koji/taskinfo?taskID=28468953

[389-users] Re: simple question: do I need an admin server at all ?

On 07/18/2018 02:49 PM, Robert Watterson wrote: Hi forgive the newbie question, but I've searched the 389-users archive and didn't see an answer. If I manage ldap entries and dirsrv server options via command line only, do I even need an admin server component? Nope I've been

[389-users] Announcing 389 Directory Server 1.3.8.5

389 Directory Server 1.3.8.5 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.8.5 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=28375593

[389-users] Announcing 389 Directory Server 1.4.0.12

389 Directory Server 1.4.0.12 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.12 Fedora packages are available on Fedora 28 and 29(rawhide). Rawhide(F29) https://koji.fedoraproject.org/koji/taskinfo?taskID=28373966

[389-users] Re: cfg nsidletimeout per user

On 07/11/2018 03:20 PM, Ghiurea, Isabella wrote: Hi List I am looking to cfg nsIdleTimeout attribute for a specific  DS user, I tryed using 389-console and ldapmodify but I not successful, in 389-console this attribute is in grey when trying to add a value will not allowed , with

[389-users] Re: Expected Write/Read Behavior in a Supplier/Consumer scenario...

On 07/03/2018 10:25 AM, David Boreham wrote: On 7/2/2018 2:54 PM, Artur Lojewski wrote: Question: If I issue a delete operation to a read-only replica, and the delete request ist properly resend to the actual supplier, can I expect (?) that an immediate read to the consumer does not find

[389-users] Announcing 389 Directory Server 1.3.8.4

389 Directory Server 1.3.8.4 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.8.4 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=27769199

[389-users] Re: Problem trying to use REST api

Sorry we never fully implemented a REST API, that project has been put on hold indefinitely.  Maybe for we can do it in RHEL 8.1/8.2 (Fedora 30/31), but no promises (we are always accepting contributions though). Also 389-console and admin server are being deprecated in F28, and probably

[389-users] Re: Master-slave replication procedure

Michal, You can check these attributes in the agmt:     nsds5replicalastinitend     nsds5replicalastinitstatus These are probably more accurate for what you are trying to do. Regards, Mark On 06/20/2018 07:02 AM, Michal Medvecky wrote: Adding a 60s sleep between replication setup (step

[389-users] Re: Master-slave replication procedure

On 06/19/2018 04:47 PM, Michal Medvecky wrote: Hello, I’m trying hard to figure out the right (ansible-automated) procedure for setting up master-slave replication, but I often get RUV errors on agreements pointing to already initialized replicas. My scenario is with 4 master servers

[389-users] Announcing 389 Directory Server 1.4.0.11

389 Directory Server 1.4.0.11 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.11 Fedora packages are available on Fedora 28 and 29(rawhide). Rawhide(F29) https://koji.fedoraproject.org/koji/taskinfo?taskID=27738498

[389-users] Re: ldapsearch performance problem

On 06/15/2018 05:41 PM, Jan Kowalsky wrote: Hi Marc, thanks for help. Am 15.06.2018 um 22:50 schrieb Mark Reynolds: You did not run logconv.pl the way I requested, can you please run it again this way: logconv.pl -ulatn  I omitted the detailed searches because there are user-data

[389-users] Re: ldapsearch performance problem

On 06/15/2018 05:17 PM, Jan Kowalsky wrote: Hi Davind, thanks for answer Am 15.06.2018 um 22:15 schrieb David Boreham: On 6/15/2018 2:04 PM, Jan Kowalsky wrote: What I can see are a log of unindexec component queries, most of them like: [15/Jun/2018:21:51:14 +0200] conn=462 op=31251

[389-users] Re: ldapsearch performance problem

On 06/15/2018 04:04 PM, Jan Kowalsky wrote: Hi Marc, thanks for answer, and the hint for indexes. Am 15.06.2018 um 00:53 schrieb Mark Reynolds: Can we see your access log showing the slow searches?  Are they unindexed?  If you have unindexed searches they will bog down the entire Whole log

[389-users] Re: ldapsearch performance problem

Can we see your access log showing the slow searches?  Are they unindexed?  If you have unindexed searches they will bog down the entire server.  Do you see high cpu for ns-slapd? Can you also run logconv.pl? logconv.pl -ulatn /var/log/dirsrv/slapd-YOUR_INSTANCE/access* Thanks, Mark On

[389-users] Re: [389-announce] Announcing 389 Directory Server 1.4.0.10 (fixed link)

Fixed install page link.  Sorry for any inconvenience. 389 Directory Server 1.4.0.10 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.10 Fedora packages are available on Fedora 28 and 29(rawhide). Rawhide(F29)

[389-users] Announcing 389 Directory Server 1.3.8.3

389 Directory Server 1.3.8.3 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.8.3 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=27563282

[389-users] Announcing 389 Directory Server 1.4.0.10

389 Directory Server 1.4.0.10 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.10 Fedora packages are available on Fedora 28 and 29(rawhide). Rawhide(F29) https://koji.fedoraproject.org/koji/taskinfo?taskID=27497180

[389-users] Re: SSL replication error

What version of openldap is on your system?  There is known issue fixed in openldap-2.4.23-31 and up Can you do a ldapsearch from one system to the the other? ldapsearch -ZZ -xLLL -h HOST -p PORT -b "" -s base Then check the DS access and errors logs.  There should be more info there for the

[389-users] Re: PassSync issue

On 05/31/2018 11:11 PM, DaV wrote: Hi all, There is an issue when I try to communicate between 389ds and windows AD. CentOS 7.4 (389ds server) 389-ds-base-1.3.6.1-16.el7.x86_64 Windows 2008R2 (AD DC) 389-PassSync-1.1.7-x86_64 I follow

[389-users] Re: tls encryption and key changes: symmetric key failed to unwrap

On 06/01/2018 08:51 AM, Jan Kowalsky wrote: Hi Viktor, Thanks for the hint. Am 01.06.2018 um 12:16 schrieb Viktor Ashirov: Hi, It's possible to regenerate encryption keys from the new certificate:

[389-users] Announcing 389 Directory Server 1.3.8.2

389 Directory Server 1.3.8.2 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.8.2 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=27171470

[389-users] Re: PBKDF2_SHA256 not available as Password Storage Scheme

On 05/15/2018 03:19 AM, Marian Rainer-Harbach wrote: > Hi William, > >> PBKDF2_SHA256 does not work on EL7 due to a limitation with the NSS >> crypto provider. At start up it will drop and error in your logs like >> "crypto provider not available" or something. >> >> It's only available in

[389-users] Re: SSL replication error

On 05/09/2018 04:59 PM, Michal Medvecky wrote: > >> I'm not sure what is wrong/mismatched as it's failing inside of the >> openldap client library.  I wonder if the cert nickname having the >> "CN=" in it is a problem?  It shouldn't be, but who knows. >> > I tried changing it to “server-cert”,

[389-users] Re: SSL replication error

On 05/09/2018 03:37 PM, Michal Medvecky wrote: >>> >> The server uses the openldap client libraries for replication >> connections.  Setting nsslapd-ssl-check-hostname sets these flags on >> the connection as follows: >> >> For server authentication it sets this flag: >> >>    

[389-users] Re: SSL replication error

On 05/09/2018 05:56 AM, Michal Medvecky wrote: >> Under cn=config, what is "nsslapd-ssl-check-hostname" set to?  Try >> setting it to "off" to see if it makes a difference. > > Ok, this “helped”, but I have no idea why? The server uses the openldap client libraries for replication connections. 

[389-users] Re: SSL replication error

On 05/08/2018 04:47 PM, Michal Medvecky wrote: > >> On 8 May 2018, at 17:45, Mark Reynolds <mreyno...@redhat.com> wrote: >> >> >> >> On 05/07/2018 08:00 AM, Michal Medvecky wrote: >>> [07/May/2018:13:51:13 +0200] slapi_ldap_bind - Er

[389-users] Announcing 389 Directory Server 1.4.0.9

in your feedback! Please provide feedback and comments to the 389-users mailing list: https://lists.fedoraproject.org/admin/lists/389-users.lists.fedoraproject.org If you find a bug, or would like to see a new feature, file it in our Pagure project: https://pagure.io/389-ds-base * Tue May

[389-users] Announcing 389 Directory Server 1.3.6.15

389 Directory Server 1.3.6.15 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.15 Fedora packages are available from the Fedora 26. https://koji.fedoraproject.org/koji/taskinfo?taskID=26850712

[389-users] Announcing 389 Directory Server 1.3.8.1

389 Directory Server 1.3.8.1 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.8.1 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=26850516

[389-users] Re: SSL replication error

On 05/07/2018 08:00 AM, Michal Medvecky wrote: > [07/May/2018:13:51:13 +0200] slapi_ldap_bind - Error: could not send bind > request for id [cn=MasterMasterReplicationManager,cn=config] authentication > mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5987 > (Invalid

[389-users] Re: ns-slapd segfault

On 04/26/2018 08:14 AM, Bart wrote: > Hi all, > > I am using 389-ds as a part of FreeIPA setup. I've established trust with AD > domain but ds server crashes when I try to authenticate with an AD user on a > linux system. > > The version I am using is: > > 389-ds-base.x86_64

[389-users] Announcing 389 Directory Server 1.4.0.8

389 Directory Server 1.4.0.8 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.8 Fedora packages are available on Fedora 28 and 29(rawhide). Rawhide(F29) https://koji.fedoraproject.org/koji/taskinfo?taskID=26461258

[389-users] Re: Help with ldapsearch query

On 04/16/2018 01:25 PM, Sergei Gerasenko wrote: > Hi, > > I need to get a list of hosts from 389-ds that have ipaSshPubKey set > and I’m having trouble contructing that. I’ve tried this: > > ldapsearch -h HOST -b cn=computers,cn=accounts,dc=cnvr,dc=net > 'ipaSshPubKey=*’ It could be an access

[389-users] Announcing 389 Directory Server 1.4.0.7

389 Directory Server 1.4.0.7 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.7 Fedora packages are available on Fedora 28 and 29(rawhide). Rawhide(F29) https://koji.fedoraproject.org/koji/taskinfo?taskID=26347575

[389-users] Re: status of the LDAP REST API

On 04/12/2018 10:38 AM, Stephen Osella wrote: > What is the status of the LDAP REST API? As described at: > > http://directory.fedoraproject.org/docs/389ds/design/ldap-rest-api.html This project is unfortunately on hold (permanently?). We are writing the new UI as a Cockpit plugin (which does

[389-users] Re: Configuring TLS/SSL Enabled 389 Directory Server

On 04/02/2018 04:19 AM, Michal Medvecky wrote: >> Now I am trying to modify the settings of my dse.ldif file.  I can >> modify the file without issue.  If I restart the service all my file >> edits are lost.  Why are my edits lost when restarting the service?  >> Thanks for your advice! > > >

[389-users] Re: Using PBKDF2_SHA256 Hashes

On 03/27/2018 09:11 PM, Joe Cooter wrote: > Hi, > > I’m attempting to build an application using the userPassword attribute, with > hashes stored using PBKDF2_SHA256. However, using the passlib hash library > for pbkdf2_sha256 is complaining about a malformed hash. Looking at the > hash, it

[389-users] Re: replication question

dn: cn=replica,cn=dc\3Dnorthshore\2Cdc\3Dedu,cn=mapping tree,cn=config objectClass: nsDS5Replica objectClass: top nsDS5ReplicaRoot: dc=northshore,dc=edu nsDS5ReplicaType: 2 nsDS5Flags: 0 nsds5ReplicaPurgeDelay: 604800 nsDS5ReplicaBindDN:*cn=replication manager,cn=config* cn: replica creatorsName:

[389-users] Re: a replication problem

I must admit I don't know too much about troubleshooting kerberos, I just know that in your case its broken.  Perhaps ask for help on on the FreeIPA users list as they are much more familiar with this than I am: freeipa-us...@lists.fedorahosted.org On 03/23/2018 10:40 AM, Sergei Gerasenko wrote:

[389-users] Re: a replication problem

On 03/23/2018 10:01 AM, Sergei Gerasenko wrote: > > >> On Mar 23, 2018, at 8:58 AM, Mark Reynolds <mreyno...@redhat.com >> <mailto:mreyno...@redhat.com>> wrote: >> >> kinit -k -t /etc/dirsrv/ds.keytab > > kinit: Keytab contains no suita

[389-users] Re: a replication problem

the replica. Will retry later. This is because its not finding the your kerberos credentials.  It's something with your env/setup or keytab file. Can you do: # kinit -k -t /etc/dirsrv/ds.keytab ldap/ipa204.iad.auth.core.xxx@cnvr.net <mailto:ldap/ipa204.iad.auth.core.xxx@cnvr.net> and # k

[389-users] Re: replication question

g or  uid=RManager2,cn=config Then on the replication agreement(s) on 389ds1, make sure the agreement bind dn (and credentials) is for one of these replication managers. Fix this first, and lets see what happens. Mark > > > > On Thu, Mar 22, 2018 at 4:08 PM, Mark Reynolds <mre

[389-users] Re: a replication problem

On 03/23/2018 12:07 AM, Sergei Gerasenko wrote: > The error I’m basically getting is: > > [23/Mar/2018:03:23:29.461074995 +] - ERR - NSMMReplicationPlugin - > bind_and_check_pwp - agmt=“cn=HOST1-to-HOST2" (ipa203:389) - Replication bind > with GSSAPI auth failed: LDAP error 49 (Invalid

[389-users] Re: replication question

plication manager.  The errors log might also have useful info (on either server). Mark > > > Jesse > > Sent from my iPhone > > On Mar 22, 2018, at 1:30 PM, Mark Reynolds <mreyno...@redhat.com > <mailto:mreyno...@redhat.com>> wrote: > >> How man entries a

[389-users] Re: Cannot login to admin server after last update

On 03/16/2018 05:35 AM, Julian Kippels wrote: > Am Thu, 15 Mar 2018 16:25:41 -0400 > schrieb Mark Reynolds <mreyno...@redhat.com>: > >> On 03/15/2018 04:11 PM, Julian Kippels wrote: >>> Am Thu, 15 Mar 2018 12:00:06 -0400 >>> schrieb Mark Reynolds <mreyn

[389-users] Re: Cannot login to admin server after last update

On 03/15/2018 04:11 PM, Julian Kippels wrote: > Am Thu, 15 Mar 2018 12:00:06 -0400 > schrieb Mark Reynolds <mreyno...@redhat.com>: > >> On 03/15/2018 11:36 AM, Julian Kippels wrote: >>> Hi, >>> >>> since the last update (using RHEL 7, updated fr

[389-users] Re: Cannot login to admin server after last update

On 03/15/2018 11:36 AM, Julian Kippels wrote: > Hi, > > since the last update (using RHEL 7, updated from 389-ds-1.3.6.1-21 to > 389-ds-1.3.6.1-28) I cannot login as user admin in the administration > console anymore. > > Looking at the logs I see this error message popping up every time I > try

[389-users] Re: repl-monitor.pl

On 03/13/2018 06:00 PM, Sergei Gerasenko wrote: >> Is this a winsync replication agreement? If so, the lag time can not be >> determined if I am correct. > No, it’s all Linux servers. Not sure what winsync is. Me neither sometimes ;-) > >> This information is all determined from the replication

[389-users] Re: repl-monitor.pl

On 03/13/2018 05:07 PM, Sergei Gerasenko wrote: > Hi all, > > I think this is more a question for Mark since he wrote repl-monitor :) > > I built a new node and promoted it to be a domain/ca replica. Is this a winsync replication agreement?  If so, the lag time can not be determined if I am

[389-users] Announcing 389 Directory Server 1.3.6.14

389 Directory Server 1.3.6.14 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.14 Fedora packages are available from the Fedora 26. https://koji.fedoraproject.org/koji/taskinfo?taskID=25528676

[389-users] Announcing 389 Directory Server 1.3.7.10

389 Directory Server 1.3.7.10 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.10 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=25527932

[389-users] Announcing 389 Directory Server 1.4.0.6

389 Directory Server 1.4.0.6 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.6 Fedora packages are available on Fedora 28(rawhide). Rawhide(F29) https://koji.fedoraproject.org/koji/buildinfo?buildID=1054739

[389-users] Re: autosizing the cache

On 03/01/2018 03:18 PM, Sergei Gerasenko wrote: > Cool. The default setup of 389-ds (version 1.3.5.10) I don’t see > either |nsslapd-cache-autosize or ||nsslapd-cache-autosize-split. > Should I just add them to the dse file?| |I don't believe autotuning exists in 1.3.5, it was only added to

[389-users] Re: autosizing the cache

On 03/01/2018 02:32 PM, Sergei Gerasenko wrote: > Hello, > > My cn=userRoot,cn=ldbm database,cn=plugins,cn=config is currently: > > ... > nsslapd-cachesize: -1 > nsslapd-cachememsize: 1543503872 > nsslapd-readonly: off > nsslapd-require-index: off > nsslapd-dncachememsize: 5 > … > > But

[389-users] Re: replication issue

Jesse, Can you provide the exact replication agreement entry you are trying to add?  The errors log are at:  /var/log/dirsrv/slapd-YOUR_INSTANCE/errors - anything in there related to the error 53 (unwilling to perform)? Now I don't know much about Directory Server in RHEL5 (that's very old), but

[389-users] Re: password policy

Correct, all the "global" password policy settings are stored in the cn=config entry. On 02/27/2018 01:24 PM, Alberto Viana wrote: > Hi guys, > > When I enable global password policy, is that suppose to affect cn=config? > > I Just want to confirm that. > > >

[389-users] Re: Replication Delay

On 02/20/2018 06:53 PM, William Brown wrote: > On Tue, 2018-02-20 at 23:36 +, Fong, Trevor wrote: >> Hi William, >> >> Thanks a lot for your reply. >> >> That's correct - replication schedule is not enabled. >> No - there are definitely changes to replicate - I know, I made the >> change

[389-users] Re: password administrator

On 02/20/2018 12:44 PM, Alberto Viana wrote: > Hi Guys, > > Can I set multiple groups in passwordAdminDN?  > > I know that I can set per policy (subtree or user), but  there is any > other way to specify more than one group globally? Not currently.  It is limited to a single static group. 

[389-users] Announcing 389 Directory Server 1.4.0.5

389 Directory Server 1.4.0.5 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.5 Fedora packages are available on Fedora 28(rawhide). https://koji.fedoraproject.org/koji/taskinfo?taskID=24602683 The

[389-users] Announcing 389 Directory Server 1.3.7.9

389 Directory Server 1.3.7.9 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.9 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/buildinfo?buildID=1022742

[389-users] Announcing 389 Directory Server 1.3.6.13

389 Directory Server 1.3.6.13 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.13 Fedora packages are available from the Fedora 26. https://koji.fedoraproject.org/koji/buildinfo?buildID=1022740

[389-users] Announcing 389 Directory Server 1.4.0.4

389 Directory Server 1.4.0.4 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.4 Fedora packages are available on Fedora 28(rawhide). https://koji.fedoraproject.org/koji/taskinfo?taskID=23262737 The

[389-users] Re: [SOLVED] Account lockout for failed logins not working as expected

On 01/16/2018 07:28 PM, William Brown wrote: > On Tue, 2018-01-16 at 23:22 +, Mitch Patenaude wrote: >> So the problems were  >> 1) I needed to set 'passwordUnlock: on' even though that's supposed >> to be the default value >> 2) In 'cn=config' I needed to set 'passwordIsGlobalPolicy: on' on

[389-users] Re: monitoring

On 01/03/2018 01:18 PM, Sergei Gerasenko wrote: > Cool, you saved me a lot of time. Quick question: where are all these > constants (LDAP_SUCCESS, etc) defined? Checkout /usr/include/ldap.h > >> On Jan 3, 2018, at 12:11 PM, Mark Reynolds <mreyno...@redhat.com >> <

[389-users] Re: monitoring

On 01/03/2018 01:03 PM, Sergei Gerasenko wrote: > For #1, I see the *-u* option, which does give me the name of the > unindexed entries. So, I think I can figure this one out from here. > >> On Jan 3, 2018, at 11:58 AM, Sergei Gerasenko > > wrote: >>

[389-users] Re: monitoring

On 01/03/2018 12:37 PM, Sergei Gerasenko wrote: > Digging deeper into the access log, I see that certain operations > return with non-zero error codes. The most prolific are 14 and 32. > These > are LDAP_SASL_BIND_IN_PROGRESS and LDAP_NO_SUCH_OBJECT respectively. > So *maybe* the SNMP counter is

[389-users] Re: monitoring

On 01/03/2018 11:16 AM, Sergei Gerasenko wrote: > So does anybody have more details on the errors attribute under > cn=snmp,cn=monitor? Should I increase the log level to see what the > errors are? If so, can you tell me how? Any time an error occurs on a search or write operation this counter

[389-users] Re: rest389

On 12/27/2017 03:26 AM, Graham Leggett wrote: > On 27 Dec 2017, at 2:27 AM, carne_de_passaro wrote: > >> Oh, it's a shame, the REST interface would be very interesting and useful. > +1. > > Admin dashboards are a huge attack surface, while they have their uses they >

[389-users] Re: rest389

EST interface, but for now we are going to be using Cockpit and Cockpit does not support any kind of REST API/interface. Regards, Mark > the REST interface would be very interesting and useful. > > Thanks, > Danilo > > Em 26 de dez de 2017 5:49 PM, "Mark Reynolds" <mre

[389-users] Re: rest389

On 12/26/2017 12:34 PM, carne_de_passaro wrote: > Hello guys, > > how can I install and test the rest389 on my 389ds servers? > > Is there any rpm package? Or how can I build, and with what version of > 389ds is it compatible? > I'm sorry the rest389 project never really got off the ground and

[389-users] ATTENTION: 389-console/Admin Server is being deprecated in Fedora 28

In Fedora 28 (389-ds-base-1.4.0) we are deprecating the 389-console/Admin Server.  Instead we will be offering a new web UI via a Cockpit plugin to handle the Directory Server Administration.  See http://cockpit-project.org/  Why Cockpit?  Well Cockpit has its pros & cons, but since it has

[389-users] Announcing 389 Directory Server 1.3.7.8

389 Directory Server 1.3.7.8 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.8 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=23264039

[389-users] Announcing 389 Directory Server 1.3.6.12

389 Directory Server 1.3.6.12 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.12 Fedora packages are available from the Fedora 26. https://koji.fedoraproject.org/koji/taskinfo?taskID=23264569

[389-users] Re: performance tuning

On 11/17/2017 11:45 AM, Sergei Gerasenko wrote: > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > changetype: modify > replace: nsslapd-dncachememsize > nsslapd-dncachememsize: 30 > - > replace: nsslapd-cachememsize > nsslapd-cachememsize: 30 After these changes you do

[389-users] Announcing 389 Directory Server 1.3.6.11

389 Directory Server 1.3.6.11 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.11 Fedora packages are available from the Fedora 26. https://koji.fedoraproject.org/koji/taskinfo?taskID=22974614

[389-users] announcing 389 Directory Server 1.3.6.10

389 Directory Server 1.3.6.10 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.6.10 Fedora packages are available from the Fedora 26. https://koji.fedoraproject.org/koji/taskinfo?taskID=22895230

[389-users] Announcing 389 Directory Server 1.3.7.7

389 Directory Server 1.3.7.7 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.7.7 Fedora packages are available on Fedora 27. https://koji.fedoraproject.org/koji/taskinfo?taskID=22895176

[389-users] Announcing 389 Directory Server 1.4.0.2

389 Directory Server 1.4.0.2 The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.2 Fedora packages are available on Fedora 28(rawhide). https://koji.fedoraproject.org/koji/taskinfo?taskID=22894633 The

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 02:53 PM, Sergei Gerasenko wrote: >>> Also, you mentioned that the agreement might have been disabled. What field >>> of the nsds5replicationagreement class shows that? >> nsds5ReplicaEnabled > Thank you > >>> Given the error in the log, and the low likelihood of the agreement

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 01:23 PM, Sergei Gerasenko wrote: >> ldapsearch -D "cn=directory manger" -W -b cn=config >> objectClass=nsDS5Replica > > nsDS5ReplicaPurgeDelay is not set listed in the output :(. It must be > at the default value of one week?  > > Also, you mentioned that the agreement might have

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 12:50 PM, Sergei Gerasenko wrote: >>> Ok, what brought this up is that about every week >> Ahh yes, this is the default replication purge interval (7 days) >> >>

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 12:28 PM, Sergei Gerasenko wrote: >> To look at the replication changelog you need to use the cli tool >> "cl-dump.pl" >> >>

[389-users] Re: Changelog, its location, ways to view, max life

On 11/03/2017 11:48 AM, Sergei Gerasenko wrote: > Hello, > > Some basic questions about the changelog: > > 1. What’s the location of the changelog where I can look up a CSN? typically its something like: /var/lib/dirsv/slapd-YOUR_INSTANCE/changelogdb To look at the replication changelog you

[389-users] Re: repl-monitor

On 10/30/2017 02:06 PM, Sergei Gerasenko wrote: >>> Question 1, in the script, the list of RUVs is retrieved like so: >>> >>>     $ruv = $conn->search($replicaroot, "one", >>>               >>>   >>> "(&(nsuniqueid=---)(objectClass=nsTombstone))", >>>              

[389-users] Re: repl-monitor

On 10/30/2017 12:37 PM, Sergei Gerasenko wrote: > Hi Mark, > >>> The replication is working. I wrote a script that makes a change on >>> *each* member of the topology and verifies that it got to all the >>> other members. So, it appears that all is good. >> >> Yup, the monitor output looks good

<    1   2   3   4   5   6   7   8   9   >