Mark,
Thank you for all of your help. It has been a pleasure, and I learned a
significant amount about 389 ds. If you think of any other recommendations
please let me know. I am off to make a set of backups and continue with the
next project.
Thanks!
Job Cacka
--
389-users mailing list
> On 06/07/2016 11:54 AM, Job Cacka wrote:
> No you are not. That build
> is from 2013. This is what you posted before:
>
> 389-ds-base-1.2.11.15*-22*.el6_4.x86_64
>
> This is update "-22", you need "-70". I'm not even sure that you
> ge
Hmmm, well we are running that version.
vendorName: 389 Project
vendorVersion: 389-Directory/1.2.11.15 B2013.238.2155
We ran some ldapmodify commands back in October while following a Howto for
modifying SSL/TLS versions and algorithms.
Thanks Mark! I ran the reindex command for all the indexes
I did the following ldapsearch. Should I reindex these on a regular basis?
Does the "nsSystemIndex: true" attribute indicate the system manages it?
ldapsearch -H ldaps://ds1.domain.com -D "cn=directory manager" -W -xLLL -b
"cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config"
dn:
> On 06/06/2016 05:02 PM, Job Cacka wrote:
> Okay, so I think the gidNumber index just needs to be regenerated:
>
db2index.pl -n userroot _D "cn=directory manager" -w PASSWORD -t gidNumber
Running that command with a '-D' instead of '_D' fixed the ldapsearch problem
when lo
> Correct, a blank or empty response. This is now fixed for the same command for
> gidnumber=514 and 550 because of my testing on Friday.
oops gidnumber=513 and 550. 514 still gives a blank response
--
389-users mailing list
389-users@lists.fedoraproject.org
> On 06/03/2016 07:12 PM, Job Cacka wrote:
> Just to confirm, you are saying the search below will not return
> the entry?
>
> ldapsearch -Hldaps://ds1.domain.com -D "cn=directory manager" -w
> "pass" -xLLL -b "dc=domain,dc=com" gidnumber=514
&g
Hmmm, I don't have a result, and I of course overwrote it not really expecting
it to work. Six months ago I was playing with a CSV file in a perl script for
another project that was encoded differently and that is what originally made
me think of it. After looking through the saved output files
> On 06/03/2016 03:18 PM, Job Cacka wrote:
> Here there are NO entries that match this filter in "dc=domain,dc=com":
> (&(objectClass=posixAccount)(uid=test06032016d))
>
> We found this entry (nentries=1)
> We modify it
> We do NOT find any entry matchi
As I was investigating this, I realized I missed a bunch of log entries. My
script 'createusr test06032016d' runs three commands, and at least one of them
looks like it 'spawns?' another process in the 389ds server. I think it is the
first 'conn=66087' entries that really matter.
here is the
> On 06/02/2016 07:34 PM, Job Cacka wrote:
>
> Right, the problem was that you added "[-x]" which was treated as a
> requested attribute. This obviously is not a real attribute so no other
> attributes were returned. It was also breaking the filter for some reason.
&
so I did this:
ldapsearch -H ldaps://ds1.domain.com -D "cn=directory manager" -w "pass" -b
"uid=test2015,ou=USERS,dc=domain,dc=com
and it gave me the expected results. All of the attributes for the uid=test2015
--
389-users mailing list
389-users@lists.fedoraproject.org
After playing a bit, I am getting closer, but I feel like there should be an
easier way than specifying every attribute.
Here is an obfuscated example:
ldapsearch -H ldaps://ds1.domain.com [-x] -D "cn=directory manager" -w "pass"
-b "uid=test2015,ou=USERS,dc=domain,dc=com" uid cn entryid
> On 06/02/2016 05:54 PM, Job Cacka wrote:
> Do you get entries back, or no entries?
I get back 222 entries. The entries are basically the contents of the directory
minus the attributes. like this, but with real data and commented lines removed:
dn: ou=USERS,dc=domain,dc=com
dn: uid=USE
> On 06/02/2016 03:22 PM, Job Cacka wrote:
> It is another set of client tools for accessing a directory server(it
> uses the same names: ldapsearch, ldapmodify, etc). It works just fine,
> as does the openldap version. Its command line usage is different
> though, especially
sive than they ought to be. A guide would be nice. the man page
omits examples with authentication. Is there a way to set defaults for the auth
to clean up the command?
Thanks,
Job Cacka
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fedoraproject.org/a
Can someone look at their /etc/dirsrv/admin-serv/local.conf and tell me what is
set on:
configuration.encryption.nsSSL2Ciphers:
-des,-rc2export,-rc4export,-desede3,-rc4,-rc2
configuration.encryption.nsSSL3Ciphers:
I looked at this directory location and only two config files are changed since
"go live". When I ran a diff against the originals in the backup file it
contains differences that turn on SSL and other related settings. There are
some anomalies though some parameters are in quotes and some are
"There are config files for the admin server: /etc/dirsrv/admin-serv"
That directory has many files that have changed recently. It looks like I have
two "backup" directories in there. One is labeled 10-21-15 and the other is
10-7-2013 from the original installation. So I could stop the
Thanks for the quick reply Mark.
Perhaps I do not understand the layout of 389 DS correctly.
Should there be a separate backup of the dirsrv-admin data?
I think I may have changed a setting in the 389-ds console that took affect
after one of the reboots we had this winter/spring.
My hope
stop both servers?
If this is the dirsrv-admin then how do I restore it?
If it is not the correct procedure then what is?
Thanks,
Job Cacka
--
389-users mailing list
389-users@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
I reinstalled the 389 Windows Management Console. I also reran the command:
certutil -A -d "C:\Users\\.389-console" -n "CA Certificate" -t CT,,
-i cacert.asc -a
from the administrative command line within the "C:\Program Files (x86)\389
Management Console" directory. This system has another
While looking for more backup information I stumbled upon this link. I think
you could create one.
https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Access_Control-Creating_ACIs_from_the_Console.html
Also, You might try looking here, as it says they can be listed.
The Idealx config file /usr/local/etc/smbldap-tools/smbldap.conf shows this:
# Master LDAP server: needed for write operations
# Ex: masterLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
masterLDAP="zigzag.ccbox.com"
# Master LDAP port
# If not defined, parameter is set to "389"
e.
thanks,
Job cacka
--
389-users mailing list
389-users@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
admin.
#357156 • Fedora Project Pastebin
|
|
|
| ||
|
|
|
| |
#357156 • Fedora Project Pastebin
Fedora Sticky Notes is a feature-rich, yet lightweight paste utility | |
|
|
Job Cacka
--
389-users mailing list
389-users@lists.fedoraproject.org
http://lists
26 matches
Mail list logo
