I found the issue. Please disregard.
From: Michael Starling
Sent: Tuesday, October 26, 2021 3:29 PM
To: 389-users@lists.fedoraproject.org <389-users@lists.fedoraproject.org>
Subject: [389-users] Unable to lock accounts with dsidm utility
Running the c
Running the command below as root:
dsidm slapd-mydomainDS -b dc=mydomain,dc=com account lock
uid=mstarlingt,ou=People,dc=mydomain,dc=com
Error: Insufficient access - Insufficient 'write' privilege to the
'nsAccountLock' attribute of entry
'uid=mstarlingt,ou=people,dc=mydomain,dc=com'.
Versio
From: Mark Reynolds
Sent: Thursday, October 21, 2021 9:36 AM
To: Michael Starling ; General discussion list for
the 389 Directory server project. <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] anonymous binds
On 10/21/21 9:26 AM, M
From: Mark Reynolds
Sent: Tuesday, October 19, 2021 3:47 PM
To: General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>; Michael Starling
Subject: Re: [389-users] anonymous binds
On 10/19/21 1:43 PM, M
Good afternoon.
I have a few questions about anon binds.
In theory if you have 3000 user objects in the directory and anonymous binds
have a limit returning 2000 entries can you still use anonymous binds in LDAP
client configurations without issues? Or does something else take place when a
use
From: Mark Reynolds
Sent: Friday, September 24, 2021 9:38 AM
To: General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>; Michael Starling
Subject: Re: [389-users] Password lockout policy max failure.
On 9/2
Hello.
I'm having an issue where we have passwordMaxFailure set to "5" in the global
policy but users are getting locked out after 3 attempts.
Right now, when a user is locked out the only way I can tell is by looking at
the attributes below.
One is likely to assume that once the "accountUn
From: Mark Reynolds
Sent: Thursday, September 23, 2021 12:16 PM
To: Michael Starling ; General discussion list for
the 389 Directory server project. <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] dsidm utility inconsistencies
On 9/23/21
From: Michael Starling
Sent: Thursday, September 23, 2021 10:10 AM
To: Mark Reynolds ; General discussion list for the 389
Directory server project. <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] dsidm utility inconsist
From: Mark Reynolds
Sent: Wednesday, September 22, 2021 8:14 PM
To: Michael Starling ; General discussion list for
the 389 Directory server project. <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] dsidm utility inconsistencies
On 9/22/21 5
From: Mark Reynolds
Sent: Wednesday, September 22, 2021 3:38 PM
To: General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>; Michael Starling
Subject: Re: [389-users] dsidm utility inconsistencies
On 9/22/21 2
Unless I'm interpreting the man pages, and documentation wrong there seems to
be some issues with the dsidm utility. Perhaps I'm doing something wrong?
This works.
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com
account get-by-dn uid=mstarlingt,ou=People,dc=mydom
e:
>
>> On 3 Sep 2021, at 23:37, Michael Starling wrote:
>>
>> Given the current settings on a directory server I'm still seeing the errors
>> below in the logs at peak times.
>>
>> "ERR - setup_pr_read_pds - Not listening for new connections - too
From: Mark Reynolds
Sent: Friday, September 3, 2021 9:49 AM
To: General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>; Michael Starling
Subject: Re: [389-users] update_pw_encoding messages
On 9/3/21 9
I see these errors in my logs for some accounts on my consumers with chaining
enabled.
- WARN - update_pw_encoding - Could not read password attribute on
'uid=someuser,ou=people,dc=domain,dc=lott'
Are these spurious messages or something that needs to be addressed?
I came across this:
https
Given the current settings on a directory server I'm still seeing the errors
below in the logs at peak times.
"ERR - setup_pr_read_pds - Not listening for new connections - too many fds
open"
nsslapd-reservedescriptors: 64
nsslapd-maxdescriptors: 65535
nsslapd-conntablesize: 8192
At the OS le
From: William Brown
Sent: Wednesday, September 1, 2021 7:20 PM
To: 389-users@lists.fedoraproject.org <389-users@lists.fedoraproject.org>
Subject: [389-users] Re: Database and OS tuning. (open files)
> On 2 Sep 2021, at 00:50, Michael Starli
e_intvl = 75
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 300
On Wed, Sep 1, 2021 at 10:11 AM Michael Starling
wrote:
>
>
> Hello.
>
> I enabled chaining in our environment to replicate password policy attributes
> from the consumers and hubs back to the masters and now we are
Hello.
I enabled chaining in our environment to replicate password policy attributes
from the consumers and hubs back to the masters and now we are seeing these
errors in the logs
We have to reboot for the system to become stable again.
31/Aug/2021:23:31:36.584135966 -0400] - ERR - configure
From: Michael Starling
Sent: Monday, August 16, 2021 10:54 AM
To: Pierre Rogier ; General discussion list for the 389
Directory server project. <389-users@lists.fedoraproject.org>
Subject: [389-users] Re: How to replicate password lockout attributes
From: Pierre Rogier
Sent: Monday, August 16, 2021 6:33 AM
To: General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>
Cc: Michael Starling
Subject: Re: [389-users] Re: How to replicate password lockout attribute
From: Mark Reynolds
Sent: Friday, August 13, 2021 3:41 PM
To: Michael Starling ; General discussion list for
the 389 Directory server project. <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] How to replicate password lockout attributes
From: Michael Starling
Sent: Friday, August 13, 2021 10:41 AM
To: Mark Reynolds ; General discussion list for the 389
Directory server project. <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] How to replicate password lockout attributes
From: Michael Starling
Sent: Thursday, August 12, 2021 3:29 PM
To: Mark Reynolds ; General discussion list for the 389
Directory server project. <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] How to replicate password lockout attributes
From: Mark Reynolds
Sent: Thursday, August 12, 2021 3:16 PM
To: Michael Starling ; General discussion list for
the 389 Directory server project. <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] How to replicate password lockout attributes
From: Mark Reynolds
Sent: Thursday, August 12, 2021 11:48 AM
To: General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>; Michael Starling
Subject: Re: [389-users] How to replicate password lockout attributes
Hello.
I've taken over a large 389-ds environment running on Oracle Linux 8 and the
first task I need to complete is to enable password lockouts.
I was able to enable password lockouts successfully however it only works if
the client is pointed directly to a master. The account locks out and
27 matches
Mail list logo