[389-users] Re: disk i/o: very high write rates and poor search performance

On 08/15/2018 10:56 AM, David Boreham wrote: On 8/15/2018 10:36 AM, Rich Megginson wrote: Updating the csn generator and the uuid generator will cause a lot of churn in dse.ldif.  There are other housekeeping tasks which will write dse.ldif But if those things were being done so

[389-users] Re: disk i/o: very high write rates and poor search performance

On 08/15/2018 10:13 AM, David Boreham wrote: in strace.log: [pid 8088] 12:55:39.739539 poll([{fd=435, events=POLLOUT}], 1, 180 [pid 8058] 12:55:39.739573 <... write resumed> ) = 1 <0.87> [pid 8088] 12:55:39.739723 <... poll resumed> ) = 1 ([{fd=435, revents=POLLOUT}]) <0.000168> [p

[389-users] How to use lib389 to create an instance?

I keep getting this error: Traceback (most recent call last):   File "/home/rmeggins/scripts/repltest.py", line 53, in     m1 = tools.DirSrvTools.createInstance(createargs)   File "/home/rmeggins/ds/ds.git/src/lib389/lib389/tools.py", line 627, in createInstance     cfgdn = lib389.CFGSUFFIX Na

[389-users] Re: [389-devel] Anyone still building 389 on HPUX?

On 03/31/2017 07:58 AM, Mark Reynolds wrote: On 03/30/2017 09:05 PM, William Brown wrote: On Thu, 2017-03-16 at 15:16 -0400, Mark Reynolds wrote: Just curious if anyone is building 389 on HPUX? There is very old code in our server that is specific to HPUX that we'd like to remove. Most of

[389-users] Re: Need help to tune 389 DS

On 02/23/2017 01:11 AM, William Brown wrote: On Wed, 2017-02-22 at 22:20 -0800, Gordon Messmer wrote: On 02/22/2017 09:25 PM, William Brown wrote: Default indexes only apply to new databases (It's a template iirc). You need to edit the index on the cn=userRoot,cn=ldbm database,cn=plugins,cn=con

[389-users] Re: performance degrades over time on CentOS 7

On 11/15/2016 05:51 PM, Gordon Messmer wrote: On 11/15/2016 12:08 PM, Rich Megginson wrote: It is also useful to get a few stacktraces which will give us detailed information about what the server is doing. For example, if you can "catch" the server while it is misbehavin

[389-users] Re: performance degrades over time on CentOS 7

On 11/15/2016 12:58 PM, Marc Sauton wrote: What is the test filter like? Can we see a sanitized sample of the access log with the SRCH and RESULT? If using SSL, review the output of cat /proc/sys/kernel/random/entropy_avail Do we have replication? (and large attribute values?) You may want to

[389-users] Re: Is it possible to bind using nsview as part of DN?

On 06/19/2016 06:18 AM, kash...@arissystem.com wrote: In a normal setup environment I have created an organizationUnit named View, which is an nsView object. using nsViewFilter, I have several users in this organizationUnit. I can bind to these users with their actual DN with no problem : uid=

[389-users] Re: x-forwarded-for

AM, Rich Megginson <mailto:rmegg...@redhat.com>> wrote: On 05/17/2016 02:04 PM, Robert Viduya wrote: We run a cluster of directory servers (4 masters, 2 hubs, 14 slaves) behind a set of F5 Bigip load balancers. Our Bigip admins recently decided to switch the boxes to "one-armed&

[389-users] Re: x-forwarded-for

On 05/17/2016 02:04 PM, Robert Viduya wrote: We run a cluster of directory servers (4 masters, 2 hubs, 14 slaves) behind a set of F5 Bigip load balancers. Our Bigip admins recently decided to switch the boxes to "one-armed" mode and that services would have to use X-Forwarded-For headers or eq

[389-users] Re: Sync problems with AD 2012 R2

On 05/17/2016 08:01 AM, Alberto Viana wrote: Noriko, Just to let you know, after I replicated/created the exactly same OU structure on both side, the replication seems to works fine. I'm still not sure that is the expected behavior: Yes, it is. Winsync does _not_ sync the OU structure - you

[389-users] Re: ldap dbmon output questions

On 04/25/2016 01:24 PM, ghiureai wrote: Hello List, I am running some search performance tests , basic ldapsearch augument "cn" , on local ldap host with rsearch, and seeing readwaiters: values chainng , here is a sample from dbmon This is not from dbmon. This is from cn=monitor: https:

[389-users] Re: ldap-ping with 389-ds version

On 04/07/2016 10:45 AM, ghiureai wrote: Hello Gurus, I was searching the web for some scripts to monitor DS performance , and found the Open Ldap: ldap-ping.pl script, I wonder if there is a version for 389-DS or if are other similar performance measure scripts available for 389-ds? Looks

[389-users] Re: locking performance and scalability (eye candy gnuplots inside!)

On 03/08/2016 03:36 PM, liblfds admin wrote: On 08/03/16 22:35, Howard Chu wrote: Even though it's a VM, numactl -H may still show something relevant. I'll try it next time I have one running. BerkeleyDB did adaptive locking, using a spinlock before falling back to a heavier weight system mu

[389-users] Re: Can't use local time format on a Generalized Time attribute

On 02/18/2016 04:15 PM, jfill...@central1.com wrote: Hmm. There seems to be differing opinions on the valid format for Generalized Time. I've seen docs that allow for 20160215133951.842. Can you provide links to those docs? Because that is certainly not the valid LDAP format. Without a 'Z

[389-users] Re: Can't use local time format on a Generalized Time attribute

On 02/18/2016 02:52 PM, jfill...@central1.com wrote: Hi Rich, Is the code your referenced found in 389-ds-base-1.2.11 ? yes https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/servers/plugins/syntaxes/cis.c?h=389-ds-base-1.2.11#n694 -- 389 users mailing list 389-users@%(host_name)s http:

[389-users] Re: Can't use local time format on a Generalized Time attribute

On 02/18/2016 02:10 PM, Noriko Hosoi wrote: On 02/18/2016 01:00 PM, Mark Reynolds wrote: On 02/18/2016 03:55 PM, Mark Reynolds wrote: On 02/18/2016 03:43 PM, jfill...@central1.com wrote: I'm migrating a DS from RHDS 8.2 to 389 DS and i'm having an issue attributes of type 'Generalized Time

[389-users] Re: Synchronize Active Directory custom extension attributes to 389 DS

On 01/25/2016 02:59 AM, Mor Ndoye wrote: Hi, Using WinSync, is there any way to synchronize Active Directory custom extension attributes. Here is what I read from the Red Hat documentation: Only a subset of Directory Server and Active Directory attributes are synchronized. These attributes ar

[389-users] Re: CentOS 7: unable to create AdmldapInfo

On 01/04/2016 08:50 PM, David Barr wrote: On Jan 4, 2016, at 07:53, Rich Megginson wrote: We'll need to know what platform/version you are upgrading from, because there is not supposed to be a missing log directory, and the SELinux labels are already supposed to be provided. In order f

[389-users] Re: 389 Windows Console

On 01/04/2016 10:22 AM, Phil Daws wrote: - On 4 Jan, 2016, at 16:45, Rich Megginson rmegg...@redhat.com wrote: On 01/04/2016 09:23 AM, Phil Daws wrote: Hello Rich, Have ran in debug mode and connected to the admin interface which has been secured with a cert: {SUBJECT_DN=CN=ads01

[389-users] Re: 389 Windows Console

valid algorithm" but it looks as though that is the root cause. The console doesn't know what to do with that error, so it asks you to select another cert, which is just a distraction at that point. Please open a ticket. Thanks, Phil - On 4 Jan, 2016, at 15:50, Rich

[389-users] Re: CentOS 7: unable to create AdmldapInfo

On 01/02/2016 11:06 PM, David Barr wrote: Good Morning, I’m experimenting with upgrading 389DS to 1.3.4.0-21.el7_2 on CentOS 7 (I neglected to note what version I had previously). `setup-ds-admin.pl —upgrade` can’t connect to the admin server. Oh look, it’s not running! And, to make this more

[389-users] Re: 389 Windows Console

On 01/04/2016 01:11 AM, Phil Daws wrote: Any thoughts on this please ? - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: Hello, Have now got to the point where it says "Select a certificate to authenticate" yet the drop down box is empty. Can you run the console with -D 9

[389-users] Re: ldapsearch question

On 12/14/2015 11:16 PM, Frank Munsche wrote: Hi Guys, I'm trying to understand why ldapsearch returns some objects of the dit only when the dn is set to the object I'm looking for and the search scope has to be base, e.g.: There is an object at the dn: cn=repl keep alive 1,dc=example,dc=

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/02/2015 09:58 AM, ghiureai wrote: Hi Rich, Yes I totally agree I should see the prompt as you put here, this is working in my case only when running: setup-ds.pl -u but not for ds-admin. If you are (or can find) a perl hacker, you can use perl -d /usr/sbin/setup-ds-admin.pl and see

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/01/2015 03:07 PM, ghiureai wrote: Rich, still see bellow : and bellow only for ds no admin _setup-ds-admin.pl -u -d_ == This program will set up the 389 Directory and Administration Servers. It is recommen

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/01/2015 02:23 PM, ghiureai wrote: On 12/01/2015 11:42 AM, ghiureai wrote: Rich, pls see the answers to your Q's ( the DS upgrade worked but the DS Admin set up will not behave same way ) ...

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/01/2015 11:42 AM, ghiureai wrote: Thank you Rich for reply one more related issues I see : When need to run the ds admin update I do not see the options for update, seems goes back and asks all the Q's as a new fresh installation ( ??) setup-ds-admin.pl -u What we are missing f

[389-users] Re: upgrade to 389-ds-base-1.3.4 Q

On 12/01/2015 10:07 AM, ghiureai wrote: Hi List, we are tying to upgrade to 389-ds 1.3.4 from 1.2.2 , after rpm installed and update the server , when restarting the DS geting the following in DS errorlog, there is no such "entryallowWeakCipher" in cfg file , what should we dissable see entri

[389-users] Re: Slow search results until cache populated

On 11/25/2015 12:35 AM, Petteri Jekunen wrote: Hi, Is it just ordinary behavior with 389 DS that search results may take a very loong time just after starting the server when there are no entries in the cache yet? Yes. And when the cache is fully saturated (enough cache configured for all

[389-users] Re: ldapsearch Max Return Result

On 11/25/2015 10:26 PM, Joel Levin wrote: Not lucid in email below - apologies. >where is setting for max results returned by ldapsearch? i.e. Max return setting on the ldap server-side. nsslapd-sizelimit: 2 The above is set in our instance -- but >500K entries/responses are returne

[389-users] Re: multimaster replication and index corruption

On 11/24/2015 10:28 AM, ghiureai wrote: On 11/24/2015 09:11 AM, Rich Megginson wrote: On 11/24/2015 10:02 AM, ghiureai wrote: Rich and the List Thank for your continue support, We are still seeing a index issues with memberof plugging, we are not sure at this point if this is related to

[389-users] Re: multimaster replication and index corruption

please I need to know if I still need to exclude member of plugin from replication in this case ? Thanks a lot Isabella On 11/10/2015 09:23 AM, Rich Megginson wrote: On 11/10/2015 10:14 AM, Adrian Damian wrote: Rich, Thanks for your help. Let me jump in with more details. We've seen index

[389-users] Re: DS:caseIgnoreOrderingMatch-defaul messages

On 11/19/2015 10:02 AM, ghiureai wrote: Rich the version for 389-base is :( I know is old ,we are planing upgrading in next future, but I do not see this messages on all DS hosts running same DS version) 389-ds-base-1.2.11.15-34.el6_5.x86_64 Not sure. Either this is something we fixed a

[389-users] Re: DS:caseIgnoreOrderingMatch-defaul messages

On 11/19/2015 09:00 AM, ghiureai wrote: HI LIst, I am looking for clues to solve this messages after a export or DS reboot we are seeing this messages, I checked the 2 plugins: caseExactString and CaseIgnore String theya re both enabled , where else should I look? DS version: 389-ds-conso

Re: [389-users] multimaster replication and index corruption

amount of replication traffic and replication processing, and let the slave calculate the memberOf values. As far as the original issue - if we can't get enough information to diagnose/reproduce the problem, then we can be of little help. Thanks a lot Isabella On 11/10/2015 09:23 AM,

Re: [389-users] multimaster replication and index corruption

the servers. It is possible to had been written to both masters in the master replication configuration when the problem occurred but because there were multiple clients concurrently accessing the servers it is hard to figure out what triggered the issue. Adrian On 11/09/2015 05:06 PM, Rich

Re: [389-users] multimaster replication and index corruption

On 11/09/2015 05:47 PM, Ghiurea, Isabella wrote: Hi Rich, Thank you for your feedback , as always greatly appreciate when comes from 389-DS RH support. We are not using vm just plain hardware, here is the description I got from developers team related to the issues they are seeing when runn

Re: [389-users] multimaster replication and index corruption

On 11/09/2015 11:05 AM, ghiureai wrote: Hi List, We have cfg multimaster replication /fractional replication memberof plugging excluded ,we are seeing from time to time index corruption with some indexes , there is a strong feeling from developers this are related to DS multimaster rep

Re: [389-users] nsAccountLock - Server is unwilling to perform

On 10/21/2015 01:00 AM, Mitja Mihelič wrote: On 20/10/15 15:57, Mark Reynolds wrote: On 10/20/2015 09:37 AM, Mitja Mihelič wrote: Hi! We are using using nsAccountLock=true to lock user accounts. We also have dovecot authenticating users against the 389DS. If we set nsAccountLock=true, the

Re: [389-users] fractional replication and consumers Q

, thread resource, CPU, file descriptor, etc. limits long before that. Thanks. On Mon, Oct 19, 2015 at 8:52 AM, Rich Megginson <mailto:rmegg...@redhat.com>> wrote: On 10/19/2015 09:43 AM, Mayberry, Alexander wrote: We refer to a dedicated consumer as "read only&q

Re: [389-users] fractional replication and consumers Q

On 10/19/2015 09:43 AM, Mayberry, Alexander wrote: We refer to a dedicated consumer as "read only". (we use these in our security zones.) Though, I'm sure that's probably not strictly true, it captures the spirit of things. Yes. What the console means by "dedicated consumer" is a read only

Re: [389-users] Missing 389-console?

On 10/15/2015 11:51 AM, Gary Algier wrote: Hello, I can't seem to get 389-console. I installed CentOS 7.1.1503 and EPEL 7 and tried to install 389-ds. There seems to no longer be a master 389-ds package: root@ds3 104% yum list \*389\* Loaded plugins: fastestmirror, langpacks Loading mirror

Re: [389-users] 389-users Digest, Vol 125, Issue 8 in reply to rich megginson

On 10/08/2015 08:59 AM, Karel Lang AFD wrote: Hello Rich and all, thanks for the extra work and concern. In comment to your reply (see below your text): On 10/08/2015 02:00 PM, 389-users-requ...@lists.fedoraproject.org wrote: > Message: 2 > Date: Wed, 7 Oct 2015 08:56:25 -0400 > F

Re: [389-users] Easy to use web interface to 389-ds?

On 10/12/2015 10:13 AM, Mark Hammons wrote: Hi, I've set up 389-ds, and so far it works well, but I'd like to let users be able to change their own passwords/user info on the directory server on a webpage, and hopefully in a simple manner (the users are biologists, they don't need to know stuff

Re: [389-users] uid case sensitivity

On 10/09/2015 12:33 AM, Juan Ramón Moral wrote: Hi, is it possible to change config to make uid case insensitive? this search return no entries. ldapsearch -x -D "uid=*U*ser01,cn=users,dc=XXX,dc=XXX" -w XXX -s base -b "cn=users,dc=XXX,dc=XXX" ldap_bind: No such object (32) matched DN:

Re: [389-users] Question RE: 389DS

On 10/07/2015 02:45 PM, Paul Whitney wrote: When SSL-enabling the directory server, am I allowed to use a wildcard certificate or is it mandatory the certificate include the FQHN? You can use a wildcard, but you are strongly recommended to use subject alt name instead. Thanks, Paul M. Whit

Re: [389-users] 389-users Digest, Vol 125, Issue 3

On 10/07/2015 08:34 AM, Karel Lang AFD wrote: hi, In reply to my own question (presented as topic no. 1 in vol.125 -see below- chainmail): It is solved, problem is the script, that is recommended by fedora wiki (setupssl2.sh) as a way for automatic SSL generation for 389-DS server, is not s

Re: [389-users] memberOf pluging and multimaster replication

because you are initializing it. Thank you On 10/05/2015 08:13 AM, Rich Megginson wrote: On 10/05/2015 08:57 AM, ghiureai wrote: Gmorning List and Rich, I manged some progress Friday with cfg multimaster replication fractional ( exclude memberOf plugin) the final goal is to have 3 ld

Re: [389-users] memberOf pluging and multimaster replication

48 PM, Rich Megginson wrote: On 10/02/2015 12:16 PM, ghiureai wrote: Hi List and Rich, as per last documentation update I am trying to cfg fractional replication ( excluding memberOf plunging) for a multimaster cfg server 3 ldap server, when starting with first one aftr mentioning "member

Re: [389-users] Random dirsrv freezes and high CLOSE_WAITs

tachments. https://fedorahosted.org/389/newticket Thanks. --Prashant On 3 September 2015 at 10:42, Prashant Bapat <mailto:prash...@apigee.com>> wrote: No nothing much in the error log. Let me wait for the next occurrence and get gdb. On 3 September 2015 at 22:11,

Re: [389-users] memberOf pluging and multimaster replication

l#groups-cmd-memberof Thank you Isabella On 10/01/2015 11:20 AM, Rich Megginson wrote: On 10/01/2015 12:06 PM, ghiureai wrote: Hi Rich Unless the issue involves some sort of security problem that involves a potential CVE, or contains sensitive data internal to your organization that you cann

Re: [389-users] Performance with macro acis

children.Is there a plugin that can update this attribute automatically when an new child entry is added or deleted to the base node? No. Thanks, Adrian On 09/17/2015 10:44 AM, Noriko Hosoi wrote: On 09/17/2015 10:39 AM, Rich Megginson wrote: On 09/17/2015 11:33 AM, Noriko Hosoi wrote: Hell

Re: [389-users] memberOf pluging and multimaster replication

/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof Thank you Isabella On 10/01/2015 11:20 AM, Rich Megginson wrote: On 10/01/2015 12:06 PM, ghiureai wrote: Hi Rich Unless the issue involves some sort of security problem that involves a potential CVE, or

Re: [389-users] Performance with macro acis

, Adrian Damian wrote: 389-ds-base-1.2.11.15-34.el6_5.x86_64 On 09/17/2015 09:56 AM, Rich Megginson wrote: On 09/17/2015 10:52 AM, Adrian Damian wrote: Hi Rich, Sorry for missing this info. It's 1.2.11 running on SL6. We need the exact version, which is why I asked for the output of rpm -q 3

Re: [389-users] Performance with macro acis

On 09/17/2015 10:52 AM, Adrian Damian wrote: Hi Rich, Sorry for missing this info. It's 1.2.11 running on SL6. We need the exact version, which is why I asked for the output of rpm -q 389-ds-base Adrian On 09/17/2015 08:54 AM, Rich Megginson wrote: On 09/16/2015 03:11 PM, Adrian D

Re: [389-users] performance indexes questions "memberOf" performance

an use logconv.pl to look for them. On 09/17/2015 08:48 AM, Rich Megginson wrote: On 09/17/2015 09:41 AM, ghiureai wrote: Rich, which internal logging you are referring ? I have auditing and access log on ,are other loggin option ? https://access.redhat.com/documentation/en-US/Red_Hat

Re: [389-users] Recommended method to remove DB path?

On 09/17/2015 09:50 AM, Striker Leggette wrote: Greetings, What is the recommended way to remove a database with the following example path?: 5G /db/slapd-389/db/testentry Would it be simply stopping slapd, remove the path and start slapd? Did you do https://access.redhat.com/documentatio

Re: [389-users] Performance with macro acis

On 09/16/2015 03:11 PM, Adrian Damian wrote: Hi There, The scenario is simple: we have a subtree in the DIT with a few thousand children node. The parent node of the subtree has a few acis including a couple of macro acis that apply to each of the child nodes. We've observed a significant perfor

Re: [389-users] performance indexes questions "memberOf" performance

On 09/17/2015 09:41 AM, ghiureai wrote: Rich, which internal logging you are referring ? I have auditing and access log on ,are other loggin option ? https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Configuring_Logs.html#configuring-log-levels

Re: [389-users] performance indexes questions

On 09/16/2015 12:12 PM, William Brown wrote: Hi Isabella, we are trying to understand are performance issues and start investigating the ACI's and indexes , I need to know if all "default indexes" showing in 389-console admin are necessary beside the one which we create for our application r

Re: [389-users] DS not responding , but no errors in logfile

On 09/14/2015 09:10 AM, ghiureai wrote: Hi , we are having issues with one of our DS , part of multimaster replication , after was onlin for several hours and brought up the DS is not respoding running a basic ldapsearch to count the users or grous will hang not results or messages in error o

Re: [389-users] performance Q with ldapsearch

as the base? Is this normal or we are doing something wrong? Is there a solution to this?" Don't know, but yes, it looks as though the performance is related to macro ACI handling. Please file a bug/ticket with 389. Thanks, Isabella On 09/11/2015 08:35 AM, Rich Megginson wrote: O

Re: [389-users] performance Q with ldapsearch

On 09/11/2015 08:50 AM, ghiureai wrote: Fast query: ldapsearch -x -h xxx -b "ou=ds,dc=cb,dc=net" -W -D "uid=axxx,ou=Users,ou=ds,dc=cb,dc=net" "(objectclass=groupofuniquenames)" "cn" | sort -u | wc Slow query: ldapsearch -x -h xxx-b "ou=groups,ou=ds,dc=cb,dc=net" -W -D "uid=axxx,ou=Users,ou=ds

Re: [389-users] performance Q with ldapsearch

On 09/10/2015 04:00 PM, ghiureai wrote: Hi Gurus, we are seening some performance issues when running ldapsearch with tree ou=Groups, ou=ds , dc=abc, dc=net takes longer than when looking for same user but from one level up of tree up aka :ou=ds, dc=abc,dc=net, the difference in time very high

Re: [389-users] Random dirsrv freezes and high CLOSE_WAITs

paSshPubKey", "ipaSshSigTimestamp", "loginshell"]) except LDAPError, e: print e print "Error getting info from LDAP. Either wrong username or issues with LDAP server " raise sys.exit(-1) On 3 September 2015 at 19:17, Rich Megginson &

Re: [389-users] Random dirsrv freezes and high CLOSE_WAITs

On 09/02/2015 09:45 PM, Prashant Bapat wrote: Hi, We have been using 389-ds as part of FreeIPA. In one of our environments, we have 2 389-ds installations with replication. What version? rpm -q 389-ds-base Randomly, the 389-ds on either of them completely freezes and there are high numbe

Re: [389-users] replica from DS to AD

On 08/28/2015 04:46 AM, Fabien Gasbayet wrote: Hi, I have 2 questions. 1 - On this diagram : https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Windows_Sync.html#Windows_Sync-About_Windows_Sync Password replication seems bi-directional… But

Re: [389-users] RHDS query directReports

On 08/05/2015 06:23 AM, Alpesh Shinde wrote: Hi Team, How to get the directReport values for a particular manager using RHDS queries? I am new to RHDS however have mostly worked on Microsoft AD and there is a powershell cmdlet to get this value. Can someone please help me with this? Or may be

Re: [389-users] MMR Dead-Lock

On 08/06/2015 05:20 PM, Joel Levin wrote: The 389 plug-in was enabled yesterday What is the "389 plug-in" - do you mean the DNA plugin? - we think the deadlock it is similar to case below: http://comments.gmane.org/gmane.linux.redhat.fedora.directory.user/15775 DNA plug-in has now been disa

Re: [389-users] How to use Host Based Attributes with Class of Service

On 07/22/2015 07:10 AM, Paul Tobias wrote: On 21/07/15 15:21, Rich Megginson wrote: On 07/21/2015 06:19 AM, Paul Tobias wrote: Hi guys, In short: Can I use Class of Service[1] together with Host Based Attributes[2]? It doesn't work for me. The directory server uses Host Based Attribut

Re: [389-users] How to use Host Based Attributes with Class of Service

On 07/21/2015 06:19 AM, Paul Tobias wrote: Hi guys, In short: Can I use Class of Service[1] together with Host Based Attributes[2]? It doesn't work for me. The directory server uses Host Based Attributes to give different loginshell on servers and desktops. The idea is that on a desktop machi

Re: [389-users] DNA Plugin Causes 389-DS to Crash if Large Number of Candidates

On 07/16/2015 05:47 PM, Fong, Trevor wrote: Hi Guys, We’re running 389-ds 1.2.11.29-1.el6 Can you upgrade to a newer version? There have been several releases since then. and are experimenting with the DNA plugin. When trying to set an existing account’s uidNumber to the magic regen

Re: [389-users] 389-ds access.log parsing - turning LDAP request type into an audit event

On 07/11/2015 09:29 PM, Burn Alting wrote: On Mon, 2015-07-06 at 08:00 -0600, Rich Megginson wrote: On 07/03/2015 05:49 AM, Burn Alting wrote: > Has anyone authored code to parse a 389 Directory Server's access.log > file(s) with an aim of generating audit events based around the LDA

Re: [389-users] winsyncsubtreepair

o:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Rich Megginson *Sent:* Tuesday, July 07, 2015 10:59 AM *To:* 389-users@lists.fedoraproject.org *Subject:* Re: [389-users] winsyncsubtreepair On 07/07/2015 11:49 AM, Mark Boyce wrote: Rich, The version of 389-ds-base is 1.3.3.10-1

Re: [389-users] winsyncsubtreepair

add clarity? *Mark L. Boyce* Senior Identity Management Analyst University of California, Office of the President *From:*389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Rich Megginson *Sent:* Tuesday, July 07, 2015 9:22 AM *To:* 389

Re: [389-users] winsyncsubtreepair

On 07/07/2015 10:07 AM, Mark Boyce wrote: Good Morning, Has anyone else seen this behavior; after configuring Winsync I add one or perhaps two “pairs” to the sync agreement (ds:AD) Firstly - what version of 389-ds-base? rpm -q 389-ds-base What version of Windows/AD? 2012 R2? I don't kn

Re: [389-users] Unit testing LDAP acis for fun and profit

On 07/06/2015 05:18 PM, William wrote: I will clean up and publish the usl tool set in the future to help other people test their own LDAP secuity controls. Nice! This would be a good addition to our admin/management tools, if you would like to submit it. Please open a ticket and attach the

Re: [389-users] Unit testing LDAP acis for fun and profit

On 07/04/2015 02:06 AM, William wrote: Hi, I am going to publish this as a blog post in the next few days on http://firstyear.id.au However, as it's relevant for this audience I decided to re-post it here. My workplace is a reasonably sized consumer of 389ds. We use it for storing pretty much

Re: [389-users] 389-ds access.log parsing - turning LDAP request type into an audit event

On 07/03/2015 05:49 AM, Burn Alting wrote: Has anyone authored code to parse a 389 Directory Server's access.log file(s) with an aim of generating audit events based around the LDAP request type. Basically, take the log sequence [21/Apr/2007:11:39:51 -0700] conn=11 fd=608 slot=608 connectio

Re: [389-users] Access to 389/636

On 06/26/2015 12:30 AM, Joshua Brodie wrote: Hi: Is it possible to source IP address restrict ldap transactions to ports 389 and 636 - outside of using external firewall or IP tables? Something like this? https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Adminis

Re: [389-users] Python3 support

On 06/24/2015 06:05 AM, Robert Kuska wrote: Hello everyone, I am Robert Kuska, I am a python co-maintainer and co-owner of change Python3 as default which aims to provide python3 only packages by default across different fedora platform releases[0]. The reason why I am contacting you is, that 3

Re: [389-users] Announcing 389 Directory Server version 1.3.4.0

On 06/22/2015 05:13 PM, Thomas Spuhler wrote: On Saturday, June 20, 2015 04:40:58 PM Noriko Hosoi wrote: 389 Directory Server 1.3.4.0 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.4.0. Fedora packages are available from the Fedora 22 and Rawhide repositories.

Re: [389-users] _cl5CompactDBs: failed to compact

On 06/19/2015 04:29 AM, Ivanov Andrey (M.) wrote: Hi Noriko, There are three MMR replicating servers. It's one month of uptime and the servers wanted to trim the replication log. Here is what i've

Re: [389-users] 389-admin-1.1.36

On 06/12/2015 09:44 AM, Derek Belcher wrote: Where can I go to see the difference between: 389-admin-1.1.36 and 389-admin-1.1.35-1.el6.x86_64 If you checkout the repo from git: https://git.fedorahosted.org/cgit/389/admin.git You could do $ git diff 389-admin-1.1.35..389-admin-1.1.36

Re: [389-users] dirsrv startup issue

On 06/09/2015 07:34 AM, John Hosie wrote: I have a 389-ds server in place in prod. I'm trying to set up turnkey operation, but when the system starts, and /etc/init.d/dirsrv kicks off, it asks for a password. How do I get past this? Running RHEL6.5 with 389-ds-base.x86_64 1.2.11.15-34.el6_5

Re: [389-users] sourceforge hijack 389 directory server page?

On 06/03/2015 03:54 AM, Sharuzzaman Ahmat Raslan wrote: Hi 389 developers, I was reading news about Sourceforge is hijacking nmap page in Sourceforge. When I listed the page owned by user sf-editor1, it looks like 389 directory server was also hijacked. Are you aware of this? I was not a

Re: [389-users] flag "user must change password at next logon" remains active after PassSync

On 05/20/2015 05:28 AM, Mihai Carabas wrote: Hello, We've setup an 389 Directory Server on a Fedora21 and configured synchronization with an Active Directory (running on an Windows2012R2 Datacenter). We've managed to synchronize all the accounts from the 389DS to AD (about 44000). All the acc

Re: [389-users] DS querying members groups not showing recent/updated members

On 05/15/2015 12:36 PM, Ghiurea, Isabella wrote: HI LIst, we are seeing some strange behavoiurs in our DS ( members of pluging is enabled) if we add a user to a group we can't see that new user in group for some minutes /days , the follwing curl returns 0 members in group but ( there were alr

Re: [389-users] selinux problem with centos 7.1

On 04/17/2015 08:19 AM, Angel Bosch wrote: I went through this with Mageia. You either need to enable selinux (permissive) or compile 389-ds without selinux. do you mean I won't be able to execute it without selinux? or is just the installer? Please file a ticket - https://fedorahosted.org/3

Re: [389-users] 389 DS merged with AD?

On 04/14/2015 12:41 PM, Gary Algier wrote: Hello, I am in search of a tool to solve a new directory server issue in relation to Active Directory... For a long time here at work, we have had LDAP as our authentication source and nsswitch source for Solaris and Linux. First it was the Solaris

Re: [389-users] No results from nsContainer subtree search

On 04/07/2015 12:00 AM, William wrote: I ran the following search: ldapsearch -H ldap://localhost -b 'cn=nsAccountInactivationTmp,dc=example' -s sub -Z -x -D 'cn=Directory Manager' -W '(objectClass=*)' '*' I was trying to locate the object: 'cn="cn=nsDisabledRole,dc=example",cn=nsAccountInac

Re: [389-users] Retro ChangeLog

On 03/20/2015 11:28 AM, Joshua Brodie wrote: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Replication-Using_the_Retro_Changelog_Plug_in.html You should use the latest docs - https://access.redhat.com/documentation/en-US/Red_Hat_

Re: [389-users] GUI console and Kerberos

On 03/11/2015 11:54 AM, Paul Robert Marino wrote: Hey every one I have a question I know at least once in the past i setup the admin console so it could utilize Kerberos passwords based on a howto I found once which after I changed jobs I could never find again. today I was looking for something

Re: [389-users] Review 389-ds install/upgrade procedures and requisites on http://directory.fedoraproject.org/docs/389ds/download.html

RHEL, then yes, for changes to the core 389-ds-base package. On Mar 9, 2015, at 8:01 PM, Rich Megginson <mailto:rmegg...@redhat.com>> wrote: On 03/09/2015 05:54 PM, Rich Megginson wrote: On 03/09/2015 04:44 PM, Robert Viduya wrote: On Mar 9, 2015, at 5:30 PM, Noriko Hosoi <ma

Re: [389-users] Review 389-ds install/upgrade procedures and requisites on http://directory.fedoraproject.org/docs/389ds/download.html

On 03/09/2015 05:54 PM, Rich Megginson wrote: On 03/09/2015 04:44 PM, Robert Viduya wrote: On Mar 9, 2015, at 5:30 PM, Noriko Hosoi <mailto:nho...@redhat.com>> wrote: Hello, On 03/09/2015 02:18 PM, Robert Viduya wrote: I'm in the same boat. We, as an enterprise, have standard

Re: [389-users] Review 389-ds install/upgrade procedures and requisites on http://directory.fedoraproject.org/docs/389ds/download.html

On 03/09/2015 04:44 PM, Robert Viduya wrote: On Mar 9, 2015, at 5:30 PM, Noriko Hosoi > wrote: Hello, On 03/09/2015 02:18 PM, Robert Viduya wrote: I'm in the same boat. We, as an enterprise, have standardized on RHEL6 as our OS, with RHEL7 only on the horizon. Swi

Re: [389-users] Review 389-ds install/upgrade procedures and requisites on http://directory.fedoraproject.org/docs/389ds/download.html

On 03/09/2015 12:39 AM, Juan Carlos Camargo wrote: I'd like to see an updated install/upgrade procedure for 389-ds. The info on the web page is outdated, links for coprs are not working either , maybe they are not valid anymore. They are not, and have been removed. It was just too difficult t

Re: [389-users] Unable to Run 389-console

ib/jvm/java/bin/java -version Exception in thread "main" java.lang.NoClassDefFoundError: error: at gnu.java.lang.MainThread.run(libgcj.so.10) Caused by: java.lang.ClassNotFoundException: error: not found in gnu.gcj.runtime.SystemClassLoader{urls=[file:/usr/bin/build-classpath,file:

Re: [389-users] Unable to Run 389-console

g to use gcj. Try # sh -x /usr/bin/389-console On 4 March 2015 at 10:49, Rich Megginson <mailto:rmegg...@redhat.com>> wrote: On 03/03/2015 07:45 PM, Hadoop Solutions wrote: Hi, please find the below 389 versions... [gse@sv2lxdpdsedi01 ~]$ *rpm -q idm-console-framework*

  1   2   3   4   5   6   7   8   9   10   >