[389-users] Announcing 389 Directory Server 3.0.1

2024-02-01 Thread Simon Pichugin
389 Directory Server 3.0.1 The 389 Directory Server team is proud to announce 389-ds-base version 3.0.1 Fedora packages are available on RawHide. (For Fedora 40) Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=112619489 - Koji

[389-users] Re: 389 DS 2.3.6 on RHEL 9 replication over TLS

2024-01-25 Thread Simon Pichugin
Hello Alex, I think we need a bit more information here. First of all, could you please run the "dsconf repl-agmt create" (LDAPS one) with "-v" flag? It will give a detailed verbose output. Also, I recommend checking the server's error and access log for more information why it fails

[389-users] Re: Using dsctl and .dscrc: How to properly connect to a remote instance?

2023-04-18 Thread Simon Pichugin
Hi folks, Just to add a bit more details about dsconf-dsidm and .dsrc interactions: - If a user tries to use URL in dsconf-dsidm call, then we consider it a remote connection, and we check /etc/openldap/ldap.conf and system-wide settings regarding TLS, etc.; - If a user provides an instance name

[389-users] Re: Migrating passwd, group, & shadow to 389-ds

2022-05-12 Thread Simon Pichugin
Hi Felipe, We have a nice library called lib389. It's a part of the 389 DS repo and packaged in Fedora as python3-lib389. I'd recommend using the latest Fedora version available to you. https://github.com/389ds/389-ds-base/tree/master/src/lib389 Generally, if you need more control and

[389-users] Re: multimaster replcation port used

2022-04-01 Thread Simon Pichugin
Hi Isabella, I'm not sure if I fully understood what you want to achieve. But you can configure your replication agreements with secure 636 port connections. You can check examples here:

[389-users] Re: Netrgoups referenced in the SUDOers Group do not work

2022-03-22 Thread Simon Pichugin
Hi Tibor, To give you more helpful advice, we'll need more info. What package versions do you use? Can you attach your server (access and error logs) and SSSD logs? Also, it'll be helpful to see your netgroup entry and other related configuration. Sincerely, Simon P.S. I'd recommend also asking

[389-users] Re: Issues with passwordmustchange in a local policy on 389-ds 1.4

2021-11-16 Thread Simon Pichugin
low-hashed-passwords: off > >> nsslapd-pwpolicy-inherit-global: off > >> > >> Local: > >> # dsconf -y ~/dirman.txt -D "cn=Directory Manager" pro02 localpwp get > >> ou=People,dc=example,dc=com > >> Local User Policy Policy for "

[389-users] Re: Issues with passwordmustchange in a local policy on 389-ds 1.4

2021-11-16 Thread Simon Pichugin
yContainer,ou=People,dc=example,dc=com > > passwordstoragescheme: ssha512 > passwordchange: on > passwordmustchange: on > passwordhistory: off > passwordadmindn: cn=siteops sa,ou=sa groups,dc=example,dc=com > passwordexp: off > passw

[389-users] Re: Issues with passwordmustchange in a local policy on 389-ds 1.4

2021-11-15 Thread Simon Pichugin
Hi Brian, could you please provide your full Password Policy setup (but global and local, entries and attributes)? Please, check this chapter for the details:

[389-users] Re: Cleaning up a disabled replica

2021-11-02 Thread Simon Pichugin
thread. Sincerely, Simon On Tue, Nov 2, 2021 at 11:56 AM Morgan, Iain (ARC-TN)[InuTeq, LLC] < iain.mor...@nasa.gov> wrote: > Hi, > > Thanks for the response. We are using the Redhat-provided RPM's of 389-ds > 1.3.10.2 on RHEL 7.9. > > -- > Iain > > On 11/1/21, 18:16,

[389-users] Re: Cleaning up a disabled replica

2021-11-01 Thread Simon Pichugin
Hi Iain, what 389 DS version do you have? You can safely remove the changelog on the test servers where replication is disabled. As it no longer holds a true record of all modifications while replication is disabled. So a changelog can be effectively deleted by deleting the log file. If your 389

[389-users] Re: how could I set nsslapd-db-home-directory?

2021-05-27 Thread Simon Pichugin
On Thu, May 27, 2021 at 2:22 PM Marco Favero wrote: > Hello, could you help me to set `nsslapd-db-home-directory`? > Hello, Marko! > > I would like to change that path in order to move the cache in a RAM fs. > > I tried with > > ` /usr/sbin/dsconf -D "cn=Directory Manager" -w *** ldap:// >

[389-users] Re: LDAP: error code 12 - Unavailable Critical Extension

2020-12-21 Thread Simon Pichugin
Hello Oleg, 'Unavailable Critical Extension' can come from a lot of places (mostly plugins but not only). So yes, you need to find that in logs. First of all, you can check the access log and check if some operations have requested something unusual (some server-side control or something). Or,

[389-users] Re: Account Policy Plugin combined with user policy and "passwordexp: off" impossible?

2020-09-21 Thread Simon Pichugin
Hi Eugen, okay, another option will be to define Local Account Policy for the users you want to be locked after the expiration. Check out this setup for Local Account Policy (CoS configuration):

[389-users] Re: Account Policy Plugin combined with user policy and "passwordexp: off" impossible?

2020-09-16 Thread Simon Pichugin
Hi Eugen, if I understood correctly, the customer already has Password Policy set up for common users which should not be able to change the password after the expiration. And the customer needs another policy for the special users which should be able to change the password after expiration (or

[389-users] 389-ds-base repository has migrated to GitHub

2020-09-13 Thread Simon Pichugin
Hi team, so the migration to GitHub was successfully completed! 389 Directory Server repo is now available on: https://github.com/389ds/389-ds-base The issue tracker is here: https://github.com/389ds/389-ds-base/issues Pull-requests are

[389-users] Re: master to master replication cfg Q

2019-10-22 Thread Simon Pichugin
On Tue, Oct 22, 2019 at 03:58:40PM +, Ghiurea, Isabella wrote: >Hi List, > >I have a question regarding the cfg for a slave replication ldap >server: > >we have 2 DS cfg as master to master replication with only one acting >as write DS at a given time, now we have a

[389-users] Re: error moving an user

2018-03-21 Thread Simon Pichugin
Hi, could you please enable 16385 errorlog-level (16384 defaults and 1 trace) just before the operation and send us the /var/log/dirsrv/slapd-INSTNAME/errors: ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w password << EOF dn: cn=config changetype: modify replace: