[389-users] IMPORTANT - Fedorahosted trac ticket system is being replaced by Pagure

On February 28th the fedorahosted trac ticket system/repo is being decommissioned, and we will be moving to Pagure (https://pagure.io/) as our ticketing system and source code repository. The Pagure work flow is very similar to trac, and we will be adding a wiki doc on how to use it once we get

[389-users] Re: 389-console blank UI

On 12/08/2016 06:55 PM, Josh England wrote: > Does anyone know what this is? I've never seen it before. It could be an ACI issue. Are you logging into the console as directory manager? > Some of the tabs just show 'Missing Title' and much of the text for > configuration elements is

[389-users] Re: subtree password policy problems

On 11/21/2016 07:51 AM, Alberto Viana wrote: > Mark, > > Done, https://fedorahosted.org/389/ticket/49047 Thank you! > > Thanks. > > On Fri, Nov 18, 2016 at 5:14 PM, Mark Reynolds <marey...@redhat.com > <mailto:marey...@redhat.com>> wrote: > > > >

[389-users] Re: Migration of 389-ds from Centos6 to Centos7

On 11/21/2016 07:50 AM, Todor Petkov wrote: > Hello, > > I am planning to migrate our 389-ds servers, which are currently on > Centos6, to Centos7. > > My plan: > > Install 2 machines, create SSL certificates, set the hostnames as the > old one, put the old IPs in /etc/hosts, use the 389 GUI on

[389-users] Re: subtree password policy problems

cket Thanks! Mark > > Should I file a ticket anyway? > > Thanks > > Alberto Viana > > On Wed, Nov 16, 2016 at 10:24 AM, Mark Reynolds <marey...@redhat.com > <mailto:marey...@redhat.com>> wrote: > > > > On 11/16/2016 07:06 AM, Alberto Viana wrot

[389-users] Re: subtree password policy problems

On 11/16/2016 07:06 AM, Alberto Viana wrote: > Hi, > > Anyone? I really need some help on this. All you should need to do is setup a subtree policy on those OU's, and those should override the global policy. There was bug, that I can not seem to find anymore, where this was not working:

[389-users] Announcing 389 Directory Server 1.3.15.15-1

389 Directory Server 1.3.5.15 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.5.15. Fedora packages are available from the Fedora 24, 25 and Rawhide repositories. The new packages and versions are: * 389-ds-base-1.3.5.15-1 Source tarballs are available for

[389-users] Re: Get user password expiration date

/documentation/en-US/Red_Hat_Directory_Server/10.1/html/Administration_Guide/User_Account_Management.html#Managing_the_Password_Policy-Configuring_a_Local_Password_Policy Regards, Mark > > Back to playing with the GUI:) > > Thanks, > > > > On Fri, Nov 4, 2016 at 3:20 PM, Ma

[389-users] Re: Get user password expiration date

'systemsgr...@example.com > <mailto:systemsgr...@example.com>', > > Subject => "$USER YOUR PASSWORD IS ABOUT TO > EXPIRE", > > Message => "$user, your password will expire > in $DAYS days. Reference b

[389-users] Re: Get user password expiration date

Todor, All you need to do is request the passwordexpirationtime attribute from the user entry: For example: # ldapsearch -D "cn=directory manager" -W -b "dc=domain,dc=com" uid=USERID passwordexpirationtime Regards, Mark On 11/03/2016 03:10 AM, Todor Petkov wrote: > Hello, > > I am trying to

[389-users] Re: Announcing 389 Directory Server 1.3.5.14

On 10/27/2016 05:08 PM, Timo Aaltonen wrote: > On 14.10.2016 18:51, Mark Reynolds wrote: >> 389 Directory Server 1.3.5.14 >> >> The 389 Directory Server team is proud to announce 389-ds-base >> version 1.3.5.14. >> >> Fedora packages are availabl

[389-users] Re: Password expiration doubts

On 10/25/2016 11:10 AM, Mark Reynolds wrote: > > > On 10/25/2016 10:37 AM, Alberto Viana wrote: >> Hello, >> >> Version >> 389-Directory/1.3.4.11 <http://1.3.4.11> B2016.182.1718 >> >> I'm trying to implement password expiration policy with

[389-users] Re: Password expiration doubts

On 10/25/2016 10:37 AM, Alberto Viana wrote: > Hello, > > Version > 389-Directory/1.3.4.11 B2016.182.1718 > > I'm trying to implement password expiration policy with no sucess, > I've changed my config: > > dn: cn=config > changetype: modify > replace: passwordExp >

[389-users] Announcing 389-ds-console 1.2.16

389 DS Console 1.2.16 The 389 Directory Server team is proud to announce 389-ds-console version 1.2.16. Fedora packages are available from the EPEL7, Fedora 24, Fedora 25 and Rawhide repositories. The new packages and versions are: * 389-ds-console-1.2.16-1 Source tarballs are

[389-users] Announcing 389 Directory Server 1.3.5.14

389 Directory Server 1.3.5.14 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.5.14. Fedora packages are available from the Fedora 24, 25 and Rawhide repositories. The new packages and versions are: * 389-ds-base-1.3.5.14-1 Source tarballs are available for

[389-users] Announcing 389 Admin Server 1.1.45 and Console packages

The 389 Directory Server team is proud to announce 389-admin, 389-adminutil, 389-console, 389-ds-console, 389-admin-console, and idm-console-framework. Fedora packages are available from the Fedora 24, Fedora 25, and Rawhide repositories. The new packages and versions are: *

[389-users] Re: Remote Management Console doesn't show "Directory Server" entry anymore

I've never heard of this happening. What version of the windows console do you have? The only thing I can suggest for now is to compare the configuration DS's access log when you connect locally, and when you connect from the windows box. For example on my test system (localhost.localdomain),

[389-users] Re: 389ds gets killed for memory usage

Hi Julian, I suggest you an alternative memory allocator (tcmalloc). Install the "gperftools-libs" package. Then edit /etc/sysconfig/dirsrv and add this line at the bottom: LD_PRELOAD=/usr/lib64/libtcmalloc.so.4 If you are _not_ using systemd (but you probably are), then also add: "export

[389-users] Re: user changing pass crashes 389ds

On 09/01/2016 01:38 PM, Frank Rosquin wrote: > Hi, > > Mark Reynolds told me on IRC about a bug in 389ds where changing a user pass > with CLEAR password plugin disabled crashes the ds. > > This is what was affecting me. I enabled CLEAR scheme again, and it stopped &

[389-users] Re: problems with memberof attribute updating

On 08/12/2016 01:22 PM, Anderson, Cary@CIO wrote: > > All, > > > > I am not able to get the memberof attribute to update when I add a > user to a group. I have added users to a group using CLI LDIF and via > the 389 Console. Any thoughts on what I may be missing? > Does the user entry have

[389-users] Announcing python-lib389 version 1.0.2

python-lib389-1.0.2 The 389 Directory Server team is proud to announce python-lib389 version 1.0.2. python-lib389 is a python library for accessing, configuring, and testing the 389 Directory Server. http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html Source tarballs

[389-users] Re: Promoting two replicas to master/replica

"getent passwd" and there > is no traffic. > > Oh, and the /etc/nsswitch.conf on Solaris says: > > -- > passwd: files ldap > group: files ldap > > -----

[389-users] Re: Promoting two replicas to master/replica

Hi Gary On 07/28/2016 03:55 PM, Gary Algier wrote: > Hello, > > I have an old directory server (Sun's) as a master and it is > replicating to two slave 389 servers. I want to pull the plug on the > old server and promote one of the replicas to a master. > > Here's what it looks like: > > *

[389-users] Re: Operational attributes

On 07/27/2016 09:28 AM, Mitja Mihelič wrote: > Hi! > > We have an application, that does not honour the shadowExpire > attribute. It does however use a search filter to find users. The idea > is, that we would extend the search filter to include an additional > attribute. We would then set this

[389-users] Re: ldapsearch and 389ds

On 06/07/2016 12:35 PM, Job Cacka wrote: It looks like 6.7 has 389-ds-base-1.2.11.15-68.el6_7.src.rpm available, but that isn't 70. Hmmm, -70 came out as an errata update for 6.7 (but you need to be a paying customer to get that). If you are using centOS it will eventually be released for

[389-users] Re: ldapsearch and 389ds

On 06/07/2016 11:54 AM, Job Cacka wrote: Hmmm, well we are running that version. vendorName: 389 Project vendorVersion: 389-Directory/1.2.11.15 B2013.238.2155 No you are not. That build is from 2013. This is what you posted before: 389-ds-base-1.2.11.15*-22*.el6_4.x86_64 This is

[389-users] Re: ldapsearch and 389ds

On 06/07/2016 11:30 AM, Mark Reynolds wrote: On 06/07/2016 11:03 AM, Job Cacka wrote: On 06/06/2016 05:02 PM, Job Cacka wrote: Okay, so I think the gidNumber index just needs to be regenerated: db2index.pl -n userroot _D "cn=directory manager" -w PASSWORD -t gidNumber

[389-users] Re: ldapsearch and 389ds

On 06/03/2016 07:12 PM, Job Cacka wrote: Hmmm, I don't have a result, and I of course overwrote it not really expecting it to work. Six months ago I was playing with a CSV file in a perl script for another project that was encoded differently and that is what originally made me think of it.

[389-users] Re: ldapsearch and 389ds

On 06/03/2016 06:08 PM, Job Cacka wrote: On 06/03/2016 03:18 PM, Job Cacka wrote: Here there are NO entries that match this filter in "dc=domain,dc=com": (&(objectClass=posixAccount)(uid=test06032016d)) We found this entry (nentries=1) We modify it We do NOT find any entry matching

[389-users] Re: ldapsearch and 389ds

On 06/03/2016 03:18 PM, Job Cacka wrote: As I was investigating this, I realized I missed a bunch of log entries. My script 'createusr test06032016d' runs three commands, and at least one of them looks like it 'spawns?' another process in the 389ds server. I think it is the first

[389-users] Re: ldapsearch and 389ds

On 06/03/2016 11:25 AM, Job Cacka wrote: On 06/02/2016 07:34 PM, Job Cacka wrote: Right, the problem was that you added "[-x]" which was treated as a requested attribute. This obviously is not a real attribute so no other attributes were returned. It was also breaking the filter for some

[389-users] Re: ldapsearch and 389ds

On 06/02/2016 07:34 PM, Job Cacka wrote: so I did this: ldapsearch -H ldaps://ds1.domain.com -D "cn=directory manager" -w "pass" -b "uid=test2015,ou=USERS,dc=domain,dc=com Right, the problem was that you added "[-x]" which was treated as a requested attribute. This obviously is not a real

[389-users] Re: ldapsearch and 389ds

On 06/02/2016 05:54 PM, Job Cacka wrote: On 06/02/2016 03:22 PM, Job Cacka wrote: It is another set of client tools for accessing a directory server(it uses the same names: ldapsearch, ldapmodify, etc). It works just fine, as does the openldap version. Its command line usage is different

[389-users] Re: ldapsearch and 389ds

On 06/02/2016 03:22 PM, Job Cacka wrote: I have been looking for a comprehensive, easy to understand writeup on how to use ldapsearch. Why? I am troubleshooting a connectivity problem, that may be related to SSL/TLS, or some change to that config. OR it may be related to permissions. The

[389-users] Re: POODLE: cve-2014-3566

On 05/03/2016 11:38 AM, Derek Belcher wrote: The 389ds website is down. We are currently working on getting the site back up. The hosting service(openshift) is misbehaving, and we are waiting for assistance. Here is the contents of that page: # How to Disable SSLv3

[389-users] Re: Admin-server connection

On 05/02/2016 01:14 PM, Job Cacka wrote: Today I attempted to restore the dirsrv-admin to a previous version. I used this Documentation, "4.3.4. Restoring a Single Database" from Redhat's web site.

[389-users] Re: 389 directory server console and httpd.worker process

The console can run from anywhere, but each Directory Server system needs an admin server. Host A - Just 389-console Host B - DS instance and Admin Server Host C - DS instance A, DS instance B, and Admin Server etc, etc You can cross register all the systems and use console to administer all

[389-users] Re: 389 directory server console and httpd.worker process

On 04/13/2016 02:11 PM, xinhuan zheng wrote: I want to understand more about 389 directory server. There is a administrative console, 389-console, appearing to be a complete GUI written in Java. There is another process, httpd.worker. When I launch the 389-console, I need to type in (3)

[389-users] Re: admin and Directory Manager accounts cannot log into 389-console

On 04/07/2016 10:45 AM, Mark Reynolds wrote: On 04/07/2016 10:34 AM, Mark Reynolds wrote: On 04/07/2016 09:50 AM, Warron French wrote: Mr. Brown, As much as I can now log into 389-console to access the Directory Server and the Admin Server entities through the GUI console, and I can

[389-users] Re: admin and Directory Manager accounts cannot log into 389-console

On 04/07/2016 10:34 AM, Mark Reynolds wrote: On 04/07/2016 09:50 AM, Warron French wrote: Mr. Brown, As much as I can now log into 389-console to access the Directory Server and the Admin Server entities through the GUI console, and I can also perform ldapsearch successfully, I am

[389-users] Re: admin and Directory Manager accounts cannot log into 389-console

On 04/07/2016 09:50 AM, Warron French wrote: Mr. Brown, As much as I can now log into 389-console to access the Directory Server and the Admin Server entities through the GUI console, and I can also perform ldapsearch successfully, I am still having one irksome problem. I still cannot

[389-users] Re: Replication critical problem

On 03/22/2016 11:31 AM, Dael Maselli wrote: It happens sometimes, maybe you delete a value and works then delete another value of the same attribute in the same entry after 2-3 seconds and it is deleted only on the master you are connected. We noticed it months ago with one operational

[389-users] Re: 389 Backup

On 03/09/2016 08:12 PM, William Brown wrote: On Wed, 2016-03-09 at 20:05 -0500, Mark Reynolds wrote: On 03/09/2016 05:37 PM, William Brown wrote: On Wed, 2016-03-09 at 12:06 +0100, wodel youchi wrote: Hi, Is it possible to create a specific user to use to backup 389DS server other than

[389-users] Re: 389 Backup

On 03/09/2016 05:37 PM, William Brown wrote: On Wed, 2016-03-09 at 12:06 +0100, wodel youchi wrote: Hi, Is it possible to create a specific user to use to backup 389DS server other than the Directory Manager, to use the db2bak.pl with a cronjob without exposing the DM password. Try using

[389-users] Re: automembership plugin questions

On 03/04/2016 08:59 AM, Frank Munsche wrote: Hi Guys, I try to get the automembership plugin configured and running in the right way, but it still causes some headaches. I'm running CentOS 6.7 and the following 389 packages: 389-ds-base-1.2.11.15-69.el6_7.x86_64

[389-users] Re: Unable to connect to Admin server via 389 windows console

Franciscus Systems Administrator Information Technology Group Institute for Advanced Study 609-734-8138 ---- *From: *"Mark Reynolds" <marey...@redhat.com> *To: *"General discussion list for the 389 Directory

[389-users] Re: Unable to connect to Admin server via 389 windows console

609-734-8138 *From: *"Mark Reynolds" <marey...@redhat.com> *To: *"General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org> *Sent: *Tuesday, March 1,

[389-users] Re: Unable to connect to Admin server via 389 windows console

Are you using SSL in the Admin Server? If so, you should use the latest console for Windows: === 389 Windows Console 1.1.15 The 389 Directory Server team is proud to announce 389-console-win version 1.1.15. Windows

[389-users] Re: Can't use local time format on a Generalized Time attribute

On 02/18/2016 03:55 PM, Mark Reynolds wrote: On 02/18/2016 03:43 PM, jfill...@central1.com wrote: I'm migrating a DS from RHDS 8.2 to 389 DS and i'm having an issue attributes of type 'Generalized Time'. One my old LDAP server, i could set dates in this format: 20160215133951.842 389

[389-users] Re: Can't use local time format on a Generalized Time attribute

On 02/18/2016 03:43 PM, jfill...@central1.com wrote: I'm migrating a DS from RHDS 8.2 to 389 DS and i'm having an issue attributes of type 'Generalized Time'. One my old LDAP server, i could set dates in this format: 20160215133951.842 389 DS 1.2.11 doesn't seem to allow this local time

[389-users] Re: MemberOf group restrictions to a client system (server and client running CentOS 7)

rOf plugin, and there isn't an option to add the attribute "memberofAutoAddOC" and set the default value to inetUser. An ldapsearch still fails to show any entries with cn=MemberOf Plugin,. I'm sure I'm missing the obvious. Any suggestions would be appreciated. Thanks. On 2/

[389-users] Re: MemberOf group restrictions to a client system (server and client running CentOS 7)

and I will get back to you once I have this info. Mark I'm sure I'm missing the obvious. Any suggestions would be appreciated. Thanks. On 2/17/16 12:58 PM, Mark Reynolds wrote: The memberOf plugin is trying to add the "memberOf" attribute to the entry, but the entry is missing

[389-users] Re: MemberOf group restrictions to a client system (server and client running CentOS 7)

The memberOf plugin is trying to add the "memberOf" attribute to the entry, but the entry is missing an objectclass that allows "memberOf". Typically you need to add "objectclass: inetuser" to all your entries for memberOf Plugin to work as you'd expect. If you are using "389-ds-base-1.3.4"

[389-users] Re: Crash logs

On 01/27/2016 02:09 PM, Todor Petkov wrote: On 1/27/2016 4:00 PM, Mark Reynolds wrote: On 01/27/2016 02:44 AM, Todor Petkov wrote: Hello, few weeks ago I posted that I am experiencing crashes of the ldap server and I was advised how to collect the logs. I have managed to collect them

[389-users] Re: Crash logs

On 01/27/2016 02:44 AM, Todor Petkov wrote: Hello, few weeks ago I posted that I am experiencing crashes of the ldap server and I was advised how to collect the logs. I have managed to collect them, the file is around 120k, where do I have to post it? Do you mean stack traces? If you have

[389-users] Re: REST API

On 01/20/2016 11:31 AM, Prashant Bapat wrote: http://directory.fedoraproject.org/docs/389ds/design/ldap-rest-api.html I found this document related to REST API for 389 DS. Is this a proposed feature in an upcoming release ? Where can I find more details ? Hi Prashant, The REST API is

[389-users] Re: Fractional replication issues after upgrading to DS 1.3.4

What are your replicas: Two masters? One master, one consumer? If you are using a consumer, the memberof plugin should "not" be enabled on it. It should only be enabled on the master/supplier. Mark On 01/15/2016 03:26 PM, ghiureai wrote: Hi List, After upgrading from DS 1.1.2 to 1.3.4.4

[389-users] Re: Fractional replication issues after upgrading to DS 1.3.4

On 01/15/2016 03:43 PM, ghiureai wrote: Hi Mark, my replication cfg is :master/slave ( one consumer only ) , I am using fractional replication with memberof plugin excluded from rep agreement ( this was suggested in my old version DS 1.1.2), Now after upgrade of both supplier and

[389-users] Re: 389-ds crash

Getting a stacktrace/core file would be very useful. Check out the link below so you can catch the next crash. http://www.port389.org/docs/389ds/FAQ/faq.html#sts=Debugging%C2%A0Crashes Mark On 01/11/2016 07:47 AM, Todor Petkov wrote: Hello, few days ago, as today, the ldap process crashed.

[389-users] Re: NSMMReplicationPlugin - replication keep alive entry

On 12/23/2015 10:53 AM, bahan w wrote: Hey Mark. Thanks for your answer. Just to be sure, you say this entry is regularly updated, but when I try to ldapsearch it, I cannot find it : ### ldapsearch -x -D "cn=Directory Manager" -h -p 389 -W -b "cn=repl keep alive 6,dc=mydomain" ###

[389-users] Re: NSMMReplicationPlugin - replication keep alive entry

On 12/23/2015 11:16 AM, bahan w wrote: Re. I have some additionnal questions, if I may ? Let's say I have 4 ipa masters : S1 S2 S3 S4 1. When a modification is performed on a specific server, S1 for example, then : - is it the replication plugin on S2, S3, and S4 which replicates the

[389-users] Re: Error enabling SSL

On 12/14/2015 10:23 AM, Phil Daws wrote: Hello, Am trying to enable SSL on my 389 lab instance but having real issues. I imported the CA certificate chain, created a CSR, signed and installed the certificate. Then went into Directory Server -> Configuration and enabled SSL. Restarted the

[389-users] Re: Error enabling SSL

On 12/14/2015 10:55 AM, Phil Daws wrote: - On 14 Dec, 2015, at 15:38, Mark Reynolds marey...@redhat.com wrote: On 12/14/2015 10:23 AM, Phil Daws wrote: Hello, Am trying to enable SSL on my 389 lab instance but having real issues. I imported the CA certificate chain, created a CSR

[389-users] Re: Error enabling SSL

On 12/14/2015 02:20 PM, Phil Daws wrote: - On 14 Dec, 2015, at 17:16, Mark Reynolds marey...@redhat.com wrote: On 12/14/2015 10:55 AM, Phil Daws wrote: - On 14 Dec, 2015, at 15:38, Mark Reynolds marey...@redhat.com wrote: On 12/14/2015 10:23 AM, Phil Daws wrote: Hello, Am

[389-users] Re: Slow search results until cache populated

On 12/03/2015 05:02 PM, William Brown wrote: Hi, The ldapsearch numbers are down below. Not all the numbers to all the indexed attributes are there ... but all the "cachemiss" -numbers for them were 0's. In the log there are not many "notes=U" lines but some "notes=A" lines: # grep

Re: [389-users] ACIs caching issue

On 11/16/2015 12:30 PM, Adrian Damian wrote: Hello 389 Gurus, This is a very subtle issue that we are seeing on our LDAP server. Sometimes, the ACIs return different results for the same search executed from different clients (a Java client vs. a Python or the ldapsearch client). More

Re: [389-users] ACIs caching issue

group read", acidn="ou=admingroups,ou=abc" ... [16/Nov/2015:10:41:43 -0800] NSACLPlugin - STAR Access allowed on attr:uniqueMember; entry:cn=jcmt-mjlsg14b,ou=admingroups,ou=abc [16/Nov/2015:10:41:43 -0800] NSACLPlugin - conn=57465 op=52 (on attr): Allow read on entry(cn=jcmt-mjlsg1

Re: [389-users] ACIs caching issue

the client to list larger number of entries and it works fine. Or is there a different configurable size limit? What should I look for? Thanks, Adrian On 11/16/2015 12:23 PM, Mark Reynolds wrote: On 11/16/2015 01:58 PM, Adrian Damian wrote: Hi Mark, Thanks for the quick reply. I don't exactl

Re: [389-users] making a dedicated consumer a supplier

On 11/12/2015 02:09 PM, ghiureai wrote: Gmorning Mark, Thank you again for fast reply, do I stilll need to create a rep agreement ? Yes, if you want to replicate changes to another server. This was also the last step in my previous reply. Here's how to do it through the command line:

Re: [389-users] making a dedicated consumer a supplier

On 11/12/2015 12:31 PM, ghiureai wrote: Hi List , I'm looking for cmd line steps to make a dedicated consumer in a supplier in single master replication ( if original master goes offline), I have the steps from Admin GUI , I would like to hase same steps but using cmd's line : - add

Re: [389-users] DS crashed /killed by OS

On 11/01/2015 08:50 PM, William Brown wrote: On Thu, 2015-10-22 at 17:48 +, Fong, Trevor wrote: Hi German, Thanks for your suggestion. I’m happy to confirm that setting userRoot’s nsslapd-cachememsize: 429496730 (1/15th of previous value of 6 GB) has addressed the memory issue for now,

Re: [389-users] updating/removing user indexes Q

On 10/21/2015 01:33 PM, ghiureai wrote: Gmorning Mark the indexes had been removed at developers request to improve performance , now I reboot the DS and the indexes come up online. Maybe there was a misunderstanding. I'm sure a developer did not recommend you remove the default system

Re: [389-users] updating/removing user indexes Q

On 10/20/2015 11:42 AM, ghiureai wrote: Hi List, I would like to know if after removing user indexes using the admin console there is need to run the |db2index.pl| script while the ldap is shutdown or should be fine to run with DS online? There is no need to run db2index if you are

Re: [389-users] updating/removing user indexes Q

On 10/20/2015 11:58 AM, ghiureai wrote: Mark , thank you for reply, the main reason I was asking is: I seen several times when I removed user indexes using admin console and after 2-3 days they re-appeared back ? This is something strange, I am running backups and exports on daily

Re: [389-users] Anyone know where to report dead links on directory.fedoraproject.org

On 10/08/2015 03:47 PM, Rolf E. Sonneveld wrote: Hi, anyone know where to report two dead links on: Hi Rolf, Just sending an email to this mailing list, like you just did, will be fine. I'll look into these links first thing tomorrow. Thanks, Mark

Re: [389-users] can't recreate root suffix

On 09/20/2015 11:52 PM, Chase Miller wrote: Hello All, I deleted my root suffix, Hi Chase, What version of DS are you running? rpm -qa | grep 389-ds-base How did you delete the suffix? Under the configuration tab or the Directory tab? You need to do it under the Configuration tab ->

Re: [389-users] Trouble enabling memberof plugin

You should only need to run it once(after setting up the plugin), then the plugin should handle it from there on after. Regards, Mark Thanks again for the help and sorry for any confusion. Craig On Tue, Sep 8, 2015 at 2:52 PM, Mark Reynolds <marey...@redhat.com <mailto:marey...@re

Re: [389-users] Trouble enabling memberof plugin

of plugin whatsoever, which I found very strange. When I was having issues trying to get the roles plugin working correct, I was at least getting error messages in the logs that helped me troubleshoot. Thanks again, Craig On Tue, Sep 8, 2015 at 1:58 PM, Mark Reynolds <marey...@redh

Re: [389-users] Trouble enabling memberof plugin

not being loaded. However, the configuration seems like it should be fine... Thanks again, Craig On Tue, Sep 8, 2015 at 2:12 PM, Mark Reynolds <marey...@redhat.com <mailto:marey...@redhat.com>> wrote: On 09/08/2015 03:06 PM, Craig Setera wrote: Mark, Thank

Re: [389-users] Trouble enabling memberof plugin

Craig, Full version of 389? rpm -qa | grep 389-ds-base You might need to restart the server after enabling the plugin, but how exactly are you "enabling" the plugin though? ldapmodify? Editing dse.ldif? Can you provide your plugin config entry, and what you are doing where the plugin

Re: [389-users] How to modify the logging dir

On 08/20/2015 10:20 AM, bahan w wrote: Hm ok. Ok, and to do that I use the ldapmodify command ? Something like : ldapmodify -x -D cn=Directory Manager -w mdp password manager -h FQDN hosting server -p 389 dn:cn=config changetype:modify replace:nsslapd-accesslog nsslapd-accesslog:MYPATH

Re: [389-users] Admin Server. How to turn off access control by host/domain name?

On 08/11/2015 10:14 AM, Aleksey Chudov wrote: Hi, I'm configuring 389 DS on CentOS 7 using some packages from epel-testing # rpm -qa | grep 389 | sort 389-admin-1.1.42-1.el7.x86_64 389-admin-console-1.1.10-1.el7.noarch 389-admin-console-doc-1.1.10-1.el7.noarch

Re: [389-users] 389-DS poor performance retrieving groups

On 08/05/2015 06:19 AM, Ludwig Krispenz wrote: On 08/04/2015 08:32 PM, Mark Reynolds wrote: On 08/04/2015 12:53 PM, German Parente wrote: - Original Message - From: Mark Reynolds marey...@redhat.com To: General discussion list for the 389 Directory server project. 389-users

Re: [389-users] 389-DS poor performance retrieving groups

On 08/04/2015 11:57 AM, ghiureai wrote: https://www.flowdock.com/app/canfar/access-control/threads/QyygOboGumgx3qw3tIO_828AMgQ We are seeing poor performance from LDAP retrieving 2500-4500 entries compare with one of our regular RDBMS , here is bellow the result for a ldapsearch. We are

Re: [389-users] 389-DS poor performance retrieving groups

On 08/05/2015 08:24 AM, Mark Reynolds wrote: On 08/04/2015 11:57 AM, ghiureai wrote: https://www.flowdock.com/app/canfar/access-control/threads/QyygOboGumgx3qw3tIO_828AMgQ We are seeing poor performance from LDAP retrieving 2500-4500 entries compare with one of our regular RDBMS , here

Re: [389-users] 389-DS poor performance retrieving groups

surrounding wildcards then you must use 3 characters: cn=*abc* Regards, Mark Thank you [389-users] 389-DS poor performance retrieving groups On 08/05/2015 08:24 AM, Mark Reynolds wrote: / // // On 08/04/2015 11:57 AM, ghiureai wrote: // https://www.flowdock.com/app/canfar/access-control

Re: [389-users] MemberOf plugin beahvior change in 1.3.3.

On 08/04/2015 07:50 AM, Andrey Ivanov wrote: Looks like the behavior change was introduced in this ticket: https://fedorahosted.org/389/ticket/47810 Yes, with the introduction of backend transaction plugins in 1.3.3, if a plugin fails to do its job, the entire operation should fail. This

Re: [389-users] MemberOf plugin beahvior change in 1.3.3.

Hi Andrey, On 08/04/2015 10:33 AM, Andrey Ivanov wrote: Hi Mark, thank you for your rapid reply, 2015-08-04 16:14 GMT+02:00 Mark Reynolds marey...@redhat.com mailto:marey...@redhat.com: Looks like the behavior change was introduced in this ticket: https://fedorahosted.org/389

Re: [389-users] 389-DS poor performance retrieving groups

On 08/04/2015 12:53 PM, German Parente wrote: - Original Message - From: Mark Reynolds marey...@redhat.com To: General discussion list for the 389 Directory server project. 389-users@lists.fedoraproject.org Sent: Tuesday, August 4, 2015 6:04:17 PM Subject: Re: [389-users] 389-DS

Re: [389-users] 389-DS poor performance retrieving groups

On 08/04/2015 11:57 AM, ghiureai wrote: https://www.flowdock.com/app/canfar/access-control/threads/QyygOboGumgx3qw3tIO_828AMgQ We are seeing poor performance from LDAP retrieving 2500-4500 entries compare with one of our regular RDBMS , here is bellow the result for a ldapsearch. We are

Re: [389-users] access log error : Resource temporarily unavailable

On 07/31/2015 12:42 PM, ghiureai wrote: Hi lIst. we are getting the following in access files, would like to know wher eto look for clues , what means Resource temporarily unavailable ? op=1 RESULT err=0 tag=101 nentries=5514 etime=14 notes=U [31/Jul/2015:09:37:21 -0700] conn=143371

Re: [389-users] Regarding 389-ds on centos 7 seup

Hi MD Hasan, Did you install the 389-admin, 389-adminutil, 389-console, 389-admin-console, 389-ds-console packages, and run setup-ds-admin.pl? Mark On 07/09/2015 02:56 AM, Md. Hasan wrote: Hi, All I have installed and configured 389 ds on centos 7 successfully, All services are running

Re: [389-users] Python3 support - question

Hi Robert, Which version of Fedora is going to start being python3 only? Thanks, Mark On 06/24/2015 08:05 AM, Robert Kuska wrote: Hello everyone, I am Robert Kuska, I am a python co-maintainer and co-owner of change Python3 as default which aims to provide python3 only packages by default

Re: [389-users] Not able to enable audit logs

On 06/15/2015 05:23 AM, Prashant Bapat wrote: There is no error. It goes thru fine. When I restart the LDAP server after adding it, there is nothing in the audit file. And no entry in the dse.ldif. Are you directly modifying the dse.ldif? If so, you MUST do so while the server is stopped,

Re: [389-users] Limit on number of databases per directory server instance

is the resources available on the system (disk space, CPU, memory) *From:*389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Mark Reynolds *Sent:* Tuesday, May 19, 2015 2:31 PM *To:* General discussion list for the 389 Directory server project

Re: [389-users] Limit on number of databases per directory server instance

On 05/19/2015 02:25 PM, Colin Tulloch wrote: Hi all – Is there a limit to the number of databases that can be present on an instance of directory server – or on a server/VM itself? Some colleagues of mine seem to believe there is a limit of 10 DBs per server. I haven’t seen this in the

Re: [389-users] Migrating from openldap/slapd to 389

Hi Bobby, See comments below... On 05/14/2015 09:24 AM, Bobby Krupczak wrote: Hi! Hey, I'm sure you guys are tired of folks asking this question but I've spent the last day searching the InterWebs and still have questions. I'm fixing to switch from openldap/slapd to 389 for ldap

Re: [389-users] authenticated time stamp

On 05/08/2015 09:51 AM, Chase Miller wrote: Hello 389 Group, Is there an object class/attribute that I can add to a user's entry that will capture their last authenticated time stamp. I want to capture this so I can go delete users that have not authenticated after so many days. Chase,

Re: [389-users] Retrieve list of groups that a user belongs to

On 04/06/2015 10:28 AM, harry.dev...@faa.gov wrote: I know this is slightly off topic, but I thought that maybe someone on this list could be of some assistance. I need to get the list of groups that a particular user belongs to, similar to the linux command line program ‘groups’. I

Re: [389-users] Referential Integrity

On 03/17/2015 06:11 PM, William wrote: So in the case of having RI on two ldap servers, you would set this to off, since the server that handled the delete will replicate the other updates soon after. In the case of RI on a single server, when the non-RI server issues a delete, the RI enabled

<    3   4   5   6   7   8   9   >