ass=inetOrgPerson" if the filter "uid=926*" is sufficient.
I have forwarded this suggestion…
Again, thanks everybody for the support.
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-us
ssage.
Also enabled SubString Indexes for the uid attribute.
What else could there be?
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Condu
> Am 01.06.2022 um 12:37 schrieb David Ritenour :
>
> Rainer,
>
> The directory's access log may provide you with the information you need to
> resolve the issue. Grep for the originating IP or bindDN, then grep for the
> connection number (conn=x) within the resu
.
The absurd thing is that it works in the test-environment, but not in
production :-(
The app itself is running outside my realm, I have no access to their logs.
Rainer
> Am 01.06.2022 um 10:16 schrieb Lewis Robson :
>
> Whats the app you're using? Is there any logging for this app?
of the user the app is using.
I set
nsslapd-errorlog-level: 128
but that slowed down the server too much because it still gets traffic from the
load-balancer health-checks…
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
OK, so I switched from ldaps to ldap in adm.conf and it started working
again.
I believe I had this working, at some point - but I don't use the
console very often and I haven't checked it in a while (several
update-cycles).
Rainer
Am 2022-05-30 16:17, schrieb rai...@ultra-secure.de:
Hi
.x86_64
389-ds-console-1.2.16-1.el7.noarch
389-ds-console-doc-1.2.16-1.el7.noarch
This seems to some sort of generic error, so I'm not sure how to
proceed..
Any ideas?
Best Regards
Rainer
___
389-users mailing list -- 389-users
Am 2020-09-21 11:14, schrieb rai...@ultra-secure.de:
Am 2020-09-18 22:33, schrieb Mark Reynolds:
This means you used the wrong password, you need to use whatever was
set for "root_password" in the INF file. But it wouldn't hurt to
check the access log for "err=49" and it will give you the
als
[21/Sep/2020:11:08:49.114878267 +0200] conn=8 op=1 UNBIND
[21/Sep/2020:11:08:49.114889967 +0200] conn=8 op=1 fd=64 closed - U1
Do you see any obvious error in the INF-file?
Best Regards
Rainer
___
389-users mailing list -- 389-user
Hi,
I've installed the latest version on CentOS 8
https://directory.fedoraproject.org/docs/389ds/howto/quickstart.html
[root@radius-389-test ~]# rpm -qa |grep 389 |sort
389-ds-base-1.4.2.16-1.module_el8+9435+e6daf39f.x86_64
389-ds-base-libs-1.4.2.16-1.module_el8+9435+e6daf39f.x86_64
k you.
I really just followed the documentation here - but I'll try that next
time.
Best Regards
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code
,
and secmod.db in case it doesn't work.
Hi Mark,
it seems that, yes indeed, you have to delete the old certificate first
(and then also re-import the intermediate certificate).
Thanks a lot for the hint!
Best Regards
Rainer
___
389-users mailing list
Am 2020-08-24 09:24, schrieb rai...@ultra-secure.de:
Hi,
[...]
Now, I tried to list the private keys with -K, I get
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an old, unsupported format.
Ah, forget the "-d" switch.
I can list the private
le-1.2.16-1.el7.noarch
389-ds-console-doc-1.2.16-1.el7.noarch
CentOS 7, 64bit.
Now, I tried to list the private keys with -K, I get
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an old, unsupported format.
Is there docume
ot;);
Couldn't really get this query here to work:
https://ldapwiki.com/wiki/View%20the%20Available%20Controls
How can I see what it was actually trying to do, what lead to the
exception?
Regards
Rainer
___
389-users mailing list -- 389-users@lists.fedora
Hi,
I'd like to define a special user just for monitoring the replication
(instead of using the Directory Manager).
What kind of permissions does that user need?
Or does that user need to many privileges that I could use the Directory
Manager anyway?
Rainer
that rely on that webserver being available on all
interfaces, from all IPs.
Best Regards
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code
Do this on both masters
Regards,
Mark
I had this already, sort of.
But "almost" is not good enough in this case...
Thanks a lot.
Best Regards
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe sen
Am 2018-09-04 17:39, schrieb Marc Muehlfeld:
Hi Rainer,
Yes it is a typo, it should be:
cn=dc\=sub\,dc\=domain\,dc\=ch,cn=mapping tree,cn=config
thanks for finding the typo. I fix it and republished the guide:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html
.
Best Regards
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https
_Directory_Server-10-Administration_Guide-en-US.pdf
page 387.
I've created the consumer on ldap1.
According to the same documentation
Though I always wondered if the cn=cn= part was a typo?
Anybody got an idea?
Best Regards
Rainer
___
389-users maili
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki
Hi,
there is this tutorial:
http://directory.fedoraproject.org/docs/389ds/howto/howto-walkthroughmultimasterssl.html
But it seems very old.
Does it still apply?
Best Regards
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
at correct?
Best Regards
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guideli
Hi,
I have a few users in my open-ds dump that have the following attribute:
ds-privilege-name: password-reset
Does something like this exist in 389-server or is it done purely on an
ACI level?
Best Regards
Rainer
___
389-users mailing list
configured in DS (either SHA512 or PBKDF2).
I'll try to use the ldif2db tool...
https://www.spinics.net/linux/fedora/389-users/msg16789.html
I didn't know this existed.
Thanks for your input so far.
Best Regards
Rainer
___
389-users mailing l
people all by snail-mail, possibly
with a registered letter if we ever needed to reset all these passwords.
I'm not 100% sure, but it's a good bet.
This is not something I'd look forward for to explain to the
customer
Best Regards
Rainer
___
to encrypt passwords?
How can I switch it to sha512 - and how can I store encrypted passwords
with different algorithms?
Best Regards
Rainer
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 38
Hi William,
> PBKDF2_SHA256 does not work on EL7 due to a limitation with the NSS
> crypto provider. At start up it will drop and error in your logs like
> "crypto provider not available" or something.
>
> It's only available in 1.4.x. on fedora today, and will be supported in
> a "future
Hi William,
thanks for looking at the stack traces! I upgraded to the latest version
available in RHEL 7.4 (1.3.6.1-21.el7_4), this didn't change the behavior. I
guess that the changes you're talking about aren't yet available in RHEL.
So I think that we'll have to remain on SSHA512 hashing
Hi William,
thanks for the explanation and links to the code!
However, I'm not sure if this is really related to the problem I'm seeing. As I
tried to explain above, the first few minutes of a load test run fine, but then
(after a variable time) there is a sudden jump from <25% CPU to almost
Hi everyone,
we are running a small 389 DS cluster on two RHEL 7.4 machines. The version
installed is the most recent in the Red Hat repositories, 1.3.6.1-19.el7_4. 389
DS is used as user storage for the Keycloak single sign-on system. It contains
about 150k person objects.
To test the whole
32 matches
Mail list logo