Re: [389-users] ldappasswd

> -Original Message- > From: 389-users-boun...@lists.fedoraproject.org [mailto:389-users- > boun...@lists.fedoraproject.org] On Behalf Of upen > Sent: Friday, October 12, 2012 1:12 PM > To: 389-users@lists.fedoraproject.org > Subject: [389-users] ldappasswd > > Hi, > > On my system there a

Re: [389-users] Do I need separate directory instances for Linux authentication and (for example) IMAP authentication?

> On 08/17/2012 12:27 AM, Ray wrote: > > Steve & Rich: > > > > I prefer different passwords because of security concerns: If a user > > (with both IMAP and SSH access) hacks his/her mail password into a > > comprimised box (keylogger, for instance, internet café…), then the > > expected damage woul

Re: [389-users] Question about expired/expiring passwords

It's up to the client to support warnings about password expiration (that true in general, not just where LDAP is involved). I have no idea how, or even if, WS_FTP, Filezilla or pGina support that, but I suspect they don't. In my environment I've written scripts that will send emails when a pa

Re: [389-users] Question regarding Combining ObjectClasses to add attributes

The second link you provided (at port 389.org) specifically mentions using the “account” objectclass. I don’t have access to RHN to read the first link, though. From: 389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Rich Megginson Sen

Re: [389-users] Sensitivity to changes in /etc/resolv.conf or lack there of

On 11/23/2010 5:48 AM, Gerrard Geldenhuis wrote: > Hi > I believe this is down to system libraries but is there any way to make > 389-ds aware of changes in /etc/resolv.conf? In my test environment I have > had to restart the dirsrv to get get changes in resolv.conf take effect. > > Specifically

Re: [389-users] automount via LDAP/NFS

On 11/18/2010 1:16 PM, John Mancuso wrote: > /home/jmancuso just disappeared after restarting autofs. no idea why > > On Thu, Nov 18, 2010 at 4:03 PM, John Mancuso wrote: >> Oh I see. /home/jmancuso is mounting properly. good. wonder why it is >> trying to chdir to /export/home/jmancuso It's prob

Re: [389-users] SSH AllowGroups and LDAP authentication

Again, try listing them all on one line. SSH is probably only looking at one of them. From man sshd_config: *AllowGroups* This keyword can be followed by a list of group name patterns, separated by spaces. On 11/17/2010 12:08 PM, Allan Hougham wrote: Hi Patrick, This is my sshd_conf, and

Re: [389-users] openldap ldapsearch command

On 10/26/2010 9:14 AM, Frederic Hornain wrote: Rich, ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter

Re: [389-users] access control

http://directory.fedoraproject.org/wiki/Howto:AccessControl On 10/23/2010 6:38 PM, Mike Li wrote: > I am using the latest 389 DS (1.1), on Linux. Searching the entries > works but cannot do add/modify, ldap_add_s() and ldap_modify_s() APIs > return: Insufficient access. > > How do I give the wri

Re: [389-users] how to get password expiration warnings and password policy

On 9/23/2010 8:13 PM, Ondrej Ivanič wrote: > Hi, > > Is there any way how to query user's password policy related > attributes? I'm interested in password expiration date in order to > show warning message. Just look for "passwordExpirationTime" on the account entry. You'll need to ask for it

Re: [389-users] modifying the server of the sync Agreement

jean-Noël Chardron wrote: > hello, > > In my company, the AD server that is sync with a 389 directory server > will be changed by a new one (because the actual AD is used and old and > not eternal) > In the documentation > http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Windows_Sync.html

Re: [389-users] getent group returns empty group list

John A. Sullivan III wrote: > Hello, all. I'm having a miserable time getting CUPS to work with > Directory Server for group authentication. I think it is more > fundamental than CUPS. When I do getent group to a local > group, the result is populated with members. However, if I do it for an >

Re: [389-users] With LDAP server stopped, local authentication fails...

Tom Lanyon wrote: > On 05/02/2010, at 3:16 AM, Sean Carolan wrote: > > >>> What is listed in your /etc/nsswitch.conf for passwd, shadow and group? >>> >> Here's what I have on one of the clients: >> >> passwd: files ldap >> shadow: files ldap >> group: files ldap >> >> >

Re: [389-users] nss_ldap: failed to bind to LDAP server

Majian wrote: > The LDAP Server is located in the other server and It takes around 10 > minuted for ldao to come up waiting for all the bind timeouts . > > I've tried googling without some useful imformation . Check the log on the server; that may give you a place to start. It could also be cau

Re: [389-users] Migrating to LDAP authentication

Sean Carolan wrote: >> It's not clear to me what OS/distribution you're doing this on, but for >> the most part we have cfengine run authconfig on our Red Hat boxes to >> set up the basic LDAP auth (it's a one-liner if done that way), and then >> push around the sshd_config file. >> > > We hav

Re: [389-users] Migrating to LDAP authentication

Sean Carolan wrote: >> This allows to to control who has access to the systems directly from >> ldap. Add the entitlement and they have access. Remove the entitlement >> and their access is revoked. >> >> My $0.02 CDN >> > > Terry, this is perfect, just what I was looking for. I like being

Re: [389-users] Migrating to LDAP authentication

Sean Carolan wrote: >> Thanks for the info, the sshd_config file may be the way to go. We >> already use cfengine so it would be fairly easy to implement and push >> out to all our servers. >> > > Speaking of cfengine, I would like to use this to push out the > /etc/pam.d/system-auth and othe

Re: [389-users] Migrating to LDAP authentication

Sean Carolan wrote: >> You can either continue as usual with an authorized_keys file in their >> home directories, or look at the LPK patch available for OpenSSH that >> allows storing public keys in LDAP. >> >> Having the users in LDAP has absolutely no effect on how key-based >> logins work with

Re: [389-users] Migrating to LDAP authentication

Sean Carolan wrote: >> #2 >> a.there is also a setting in /etc/ldap.conf called pam_groupdn. This >> lets you define an LDAP object with multiple membe attributes to >> control who can login. I find it easy to use >> b. SSH can be told to only accept logins from a posix group (same deal >> just han

Re: [389-users] DNA Plugin for Auto-Increment starting with UID:500

Ajeet S Raina wrote: > I have been reading > http://www.redhat.com/docs/manuals/dir-server/8.1/admin/dna.html and > DNA Plugin is rightly configured. When I am adding user through script > it does increase UID by 1. > Is it possible to modify the entry through Console? > I want it to take UID f

Re: [389-users] excessive clock skew. Error Code: 2

Ajeet S Raina wrote: > Incremental update has failed and requires administrator actionSystem > error. Error Code: -1 > Replication error acquiring replica: excessive clock skew. Error Code: 2 > > The Output has been taken from consumer Management Console. > Same error at Supplier end too. Keep

Re: [389-users] error log showing Detected Disorderly Shutdown on startup

y > first. > > Curiously, the GUI management tool can start the server... apparently it does > something that we're not doing. > > > Thanks for your help. > > > > -Original Message- > From: 389-users-boun...@lists.fedoraproject.org on behalf of Morr

Re: [389-users] error log showing Detected Disorderly Shutdown on startup

Rankin, Kent wrote: > > Upon startup, this is occurring: > > [23/Jan/2010:12:31:42 -0500] - 389-Directory/1.2.4 B2009.307.1545 > starting up > [23/Jan/2010:12:31:42 -0500] - Detected Disorderly Shutdown last time > Directory Server was running, recovering database. > > Any ideas? > How was the t