an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/lis
ect.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
--
_
bout configuring oversized database was
> interresting:
> at first I did not capped the value to 1Gb and the basic import
> scenario was spending
> hours before failing because disk was full (with a real db size
> around 10Gb on the test VM)
> while once c
orm searches against both of the first 2
servers? Basic ldapsearch/ldapwhoami over TLS. That way we can rule out
connectivity issues.
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
--
___
3
ars to be 3.x (see above
> re: preferred production version).
>
Due to how we build the docker containers we tend to track the "latest" right
now. But there was some talk to fix that.
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE
c/plugins/pwdchan/src/lib.rs#L114)
but this version is much easier to extend and improve.
This is generally why we advise the use of the PBKDF2-SHA256 pwhash algorithm
(note it's a '-' not '_'. For historical reasons the C version uses the '_'
(underscore) and the rust one the '-' (hypen)).
Hope
,
and I.
If that's not clear, let me know and I can draw a diagram.
--
William Faulk
--
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https
memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn
krblastsuccessfulauth krblastfailedauth krbloginfailedcount
--
William Faulk
--
___
389-users mai
r in time some updates go through as the RUV in the R.A. have been
> updated by a better knowledgeable replica.
> but this seems to repeat (strange)
> I want to suggest deleting the changelog, and re-init that replica, but maybe
> Thierry or Pierre or William B. have a better suggestio
> FYI: There is a list of pending operations to ensure that the RUV is not
> updated while an older operation is not yet completed. And I suspect that
> you hit a bug about this list. I remember that we fixed something in that
> area a few years ago ...
I think I found it, or something closely
ement in symptoms. It might be different,
though. It doesn't look like it discarded its changelog.
I definitely don't relish reinitializing from this bad replica, though. I'd
have to perform a rolling reinitialization throughout our whole environment,
and it takes ages
hat problem, too, where some CSNs just seem to
get missed, but the max CSN in the RUV is well past that. But that's a
different problem and not the one I'm working on now.
Thanks for the input.
--
William Faulk
--
___
389-users mailing list --
> On 29 Feb 2024, at 05:20, William Faulk wrote:
>
> I'm having another replication problem where changes made on a particular
> server are not being replicated outward at all. Right now, I'm trying to
> determine what's going on during the replication process.
>
&g
, but I'm not having any luck with that yet.)
In particular, I see the max CSN for this server in all of these RUVs less than
CSNs recorded in the server's own log files.
--
William Faulk
--
___
389-users mailing list -- 389-users@lists.fedoraproject.org
I completed this last night. I found that deleting the active entry did not
automatically promote the conflict entry. I still had to perform the modrdn
operation.
Also, in addition to deleting the "nsds5ReplConflict" attrbute, I also manually
deleted the "ConflictCSN" attribute, and the
I was prepping to make this change and realized there's a part of the
documentation I don't understand.
It says to delete the active entry, then perform a modrdn on the conflict
entry, then delete the old RDN value of the naming attribute.
That last step can't be correct in this case, right?
Thanks for the confirmation.
I'll follow up with the results, just in case anyone in the future comes across
this thread, and to let folks know how the membership gets handled upon rename
of the conflict entry.
--
___
389-users mailing list --
> On 12 Jan 2024, at 11:21, John Thurston wrote:
>
> Excellent, thank you very much, William!
> But know that I've read that, I think I'll want to start with the
> underscore-implementation. That should result in ldifs from my DS 2.1 which I
> could, if needed, use with
same? Is there some significance I'm missing
> in the "_" and the "-" characters?
>
https://fy.blackhats.net.au/blog/2022-11-25-why-are-pbkdf2-sha256-and-pbkdf2-sha256-different-in-389-ds/
tl;dr Use PBKDF2-SHA256. (hyphen, not underscore).
--
Sincerely,
William Br
Sorry. I did confirm that the nsuniqueid of the bad replica's active entry is
different from the other replicas' entries and I forgot to say that. (The
conflict entry's nsuniqueid and the entries on the good replicas match, too.)
Here are the entries, with names and crypto stuff redacted, but
Oh, that's surprising to me.
The LDAP spec seems to indicate that the only possible argument for a delete
operation is a DN, and, while I still can't reproduce the problem with
unimportant entries, access logs on replicas where deletes are being replicated
to seem to imply that the remote
I have an IdM/freeipa installation with around 30 replicas. I have an entry for
a computer that exist across all of those replicas. However, one of the
replicas has incorrect data in the DN, with the correct data found in a
conflict entry. (It appears that that entry was created on that
> I noticed there is code to dump the changelog to a flat file, but
> it isn't clear to me how to call it
Aha! I poked through the code and figured it out:
Perform an ldapmodify against "cn=replica,cn=...,cn=mapping tree,cn=config"
adding the attribute "nsds5Task" with the value "CL2LDIF". It
> I suspect the CSN is available as an operational attribute on
> each entry
If it is, I can't find it. Plus, a CSN seems to be associated with a change,
not an entry. Like, if I changed a user's city and then changed their initials,
that would be two different changes, each with its own CSN.
> What you are wondering about is attribute level conflicts
I don't *think* I am. The one problem I'm trying to understand right now is
based on a simple password change. That password change generates many
attribute changes on a single entry: password history, various krb attributes,
etc.
for attribute level conflict handling, so I don't think I
have a good answer here.
>
> On 17 Nov 2023, at 07:22, William Faulk wrote:
>
> Makes sense. I'll try to read some more documentation/source about the actual
> communication.
>
> Do you know how I can find mappings betwe
Makes sense. I'll try to read some more documentation/source about the actual
communication.
Do you know how I can find mappings between CSNs and changes? Or even just how
to see the changelog at all?
--
___
389-users mailing list --
I'm currently just using the Directory Manager credentials for my monitoring;
sorry.
--
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
This was helpful; thanks. I think my biggest misunderstanding was that the RUV
was just the most recent CSN, when it's actually a list of the most recent CSNs
from each replica.
--
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To
> A CSN is generated with each externally applied modification, not for a
> replicated operation
This is very useful information; thank you.
> The RUV is a vector of CSNs for all replicaids a specific replica has
> seen
So each replica has its own RUV which ideally should be the same across
> On 16 Nov 2023, at 14:19, John Apple II wrote:
>
> Hey, William,
>
> I have taken a look at the dsconf tooling as well, but so far all of the
> ones I've looked at and tested (dsconf, ipa-replica-manage, cipa, etc) fail
> if I try to use them with any sysaccount
> On 16 Nov 2023, at 11:50, John Apple II wrote:
>
> Hi, William,
>
> I am working on trying to figure out how to some basic monitoring IdM
> Replication with a non-Directory-Manager service-account for some internal
> work I do where we use IdM, and I'm trying to wor
Do you think those variables could add up to lags of weeks?
Also, are there known bugs with replication in earlier versions in older RHEL
releases? I am definitely very downrev, unfortunately. (I'm embarrassed to say
I'm still on 7.9.) I need to upgrade soon, since that's going EoS in less than
> The explanation below looks excellent to me
Things that I currently know I don't know include:
* When/where a new CSN is generated. If a piece of data is changed on a
particular replica, that must obviously create a new CSN. When that data is
replicated, does the accepting replica create its
> it isn't necessary to keep track of a list of CSNs
If it doesn't keep track of the CSNs, how does it know what data needs to be
replicated?
That is, imagine replica A, whose latest CSN is 48, talks to replica B, whose
latest CSN is 40. Clearly replica A should send some data to replica B.
of comparing the CSN values be? Anyway, these are the types of
questions I'm looking to understand. Can anyone help, please?
--
William Faulk
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le
oject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastr
ect.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
__
gt; https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infras
ck, would be
> appreciated.
The first check would be from on the host instance #1:
openssl s_client -connect hostname-of-instance-two:636 -showcerts
And assert that the connection proceeds and the certificate chain presented is
as you expect.
--
Sincerely,
William Brown
Senior Software
> On 19 Apr 2023, at 15:53, Johannes Kastl wrote:
>
> Hi William,
>
> thanks for the help.
>
> On 19.04.23 at 01:52 William Brown wrote:
>
>> dsctl requires root/dirsrv because it assumes you are on the same host as
>> the dirsrv instance.
> On 19 Apr 2023, at 15:44, Johannes Kastl wrote:
>
> Hi William,
>
> On 19.04.23 at 01:19 William Brown wrote:
>
>> The docker.com images are maintained by myself at SUSE. Because of how we
>> build them from https://build.opensuse.org/ and via
>> htt
ockpit', 'dblib')
>
> When calling it with an instance I am back to the "No such instance" error I
> had previously.
>
> OS is openSUSE Tumbleweed, package version is
> lib389-2.3.2~git53.a01e230-1.1.x86_64.
--
Sincerely,
William Brown
Sen
he challenge is building everything in that way.
As well, worth pointing out that 389-ds does not support *downgrades*. only
upgrades. So downpatching may/may not always work.
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
_
ttle difference to 1.4.x ist still present :) ( 0.0x sec vs 0.9
> sec)
Can we see the access log between the 1.4.x and 2.x version? There still seems
to be a difference here which is curious :(
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SU
ci's on the directory data since 389-ds access controls are different
to openldap's.
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
___
389-users mailing list -- 389-users@lists.fedoraproject.
Yes but you don't need full re-inits.
You do:
ds1 -> ds2 (full init)
ds1 -> ds3 (full init)
ds2 -> ds1 (agmt only)
ds3 -> ds1 (agmt only)
ds2 -> ds3 (agmt only)
ds3 -> ds2 (agmt only)
This will give you a "full mesh" and correct csn/data generations.
--
Sincerel
not found, we aren't as up to date, or we purged
>
>
> Is there a method to know the correct sequence of definition of the
> agreements?
>
Did you do full re-inits when you create from 1 -> 2 and 1 -> 3?
--
Sincerely,
William Brown
Sen
an issue with how postfix is working with dovecot for the user/auth
process.
Sorry I don't think we can help much in this case :(
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
___
389-users mai
ks that would give
> some tips.
> regards
> thierry
we need to see the exact filter that's being used, as well as the access logs
lines of the slow query to really help here.
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Mana
raproject.org/archives/list/389-users@lists.fedoraproject.org
>>> Do not reply to spam, report it:
>>> https://pagure.io/fedora-infrastructure/new_issue
>
> --
> -----
> | | Julian Kippels
> | | M.Sc. Infor
SHA512
CRYPT_UNIX
CRYPT_MD5
PBKDF2
PBKDF2-SHA1
The following ARE suitable.
CRYPT_SHA256
CRYPT_SHA512
PBKDF2_SHA256
PBKDF2-SHA256
PBKDF2-SHA512
The *BEST* choices are:
1) PBKDF2-SHA256 (note this is the hyphen version, not the underscore version)
2) CRYPT_SHA256
It is *STRONGLY* recommended you use one
On Mon, 2022-01-03 at 14:43 -0500, Tom Horsley wrote:
> https://tomhorsley.com/hardware/mouse-tailor/mouse-tailor.html
>
> My latest silly project adds all the mouse settings to microcode
> outside of the operating system so my trackball can be useful
> when I'm forced to use Wayland (which seems
9-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
___
389-users m
ves:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
ling_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Ide
dora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the li
nfiguration_reference#cnconfig-nsslapd_conntablesize
Maximum number of connections. IIRC this might be automatically set from FD's
in the system, but if not you may need to set this to probably 80% of your FD
limit frlom the systemd service tunings you have provided.
Hope that helps,
--
Sin
project.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
___
389-users mailing list -- 389-users@lists.fe
rgets
>> "idnsname=example.com.,cn=dns,dc=example,dc=com" (op=0x7fd3cc00a200
>> idx_pl=0) => op not changed in PL
>>
>>
>> [1] https://github.com/389ds/389-ds-base/issues/4842
>> -- Kees
>> _______
>>
I am william roy, working for tockhop as PR consultant. With more than 6 years
experience in PR and Digital Industry, helping teams to achieve goals by
streamilining the process.
READ MORE:- https://www.tockhop.com/
___
users mailing list -- users
>>> Absolutely, changing it now...
>> wow!
>>
>> that was truly fast :)
>
> No problem, here is the ticket for the fix if you are curious:
>
Mark does set a high bar for us all :)
—
Sincerely,
William Brown
Senior Software Engineer, 389 D
org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
___
389-users m
org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructur
Distinguished name is already used (dn).
I'd probably choose something more like corpCn or mycn or something like that.
nrcCn maybe?
> On 27 Apr 2021, at 14:16, Ghiurea, Isabella
> wrote:
>
> Thank you Mark, William for reply , how about this user attribute :
> “Distinguish
Then youll need to disable everything except aes256 then I suspect ... :(
> On 25 Apr 2021, at 11:39, Trevor Vaughan wrote:
>
> Well, in this case, I've got to be able to work with regulatory requirements
> so not much I can do there.
>
> Trevor
>
> On Sat, Apr 2
; Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spa
Sorry to call this out, but my name is "William" not "Bill". I have personal
reasons to dislike being called that name.
Regardless, happy to help out :)
> On 23 Apr 2021, at 22:11, Trevor Vaughan wrote:
>
> Bill and Pierre,
>
> Thanks for the responses!
&
> On 23 Apr 2021, at 03:23, Trevor Vaughan wrote:
>
> Hi William,
>
> In terms of the STARTTLS bits (in theory) properly configuring your client
> software mitigates the password leak risk. But this also happens with pure
> (non-RFC) LDAPS connections.
No it doesn't.
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
—
Sincerely,
William
n email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedorap
sys.stdout.write("â
\n")
print(f"Complete: Processed {count} lines into {len(events)} events")
# Process dirty events to clean ones.
clean_events()
json.dump(events, outfile, sort_keys=True, indent=4)
if __name__ == '__main__':
mail to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-use
s:
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>> Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
> ___
> 389-users mailing list -- 389-users@lists.fe
> On 6 Apr 2021, at 23:25, Bryan K. Walton wrote:
>
> On Tue, Apr 06, 2021 at 12:06:02PM +1000, William Brown wrote:
>>
>> Because it's a cacertdir, have you run openssl rehash in the directory? Else
>> it can't find and load the certs ...
>
> Thank Willi
US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infr
conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
—
Since
ject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do
pport
services?
Another option is to raise it upstream against the version you are running.
https://github.com/389ds/389-ds-base
Regardless, once again, I guarantee that the RH developers of 389-ds really do
care :)
>
> Regards,
> Grant
> From: William Brown
> Sent:
have a
> few other migration related tasks to follow up at the moment.
>
>
https://github.com/389ds/389-ds-base/pull/4662
This PR adds support to import openldap formatted schemas to 389-ds.
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs,
disallowed anonymous bind for anything but
> rootdse, it will always fail to find another available server. I have
> confirmed this by allowing anonymous bind on our masters while the issue was
> present, then subsequent binds on the consumers start working again.
>
> I would
n
>
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
in turn reset
> the admin login on the 389 console gui.
>
> On Tue, Mar 2, 2021 at 5:21 PM William Brown wrote:
>
>
> > On 3 Mar 2021, at 02:10, Chris Patterson wrote:
> >
> > Using 389 DS and directory server replication is failing. I am getting:
> >
&
doraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://
n you please provide more details about the replication agreements and the
accounts you are using for authenticating these agreements?
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
___
389-users mailing li
/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Serv
ate of the instance at startup. IE post create.
>
> Thanks,
>
> Trevor
>
> On Thu, Feb 18, 2021 at 6:27 PM William Brown wrote:
> Hey mate,
>
> > On 19 Feb 2021, at 06:12, Trevor Vaughan wrote:
> >
> > Hi All,
> >
> > I'm currently worki
Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
___
389-users mailing list -- 389-users@lists.fedoraproject.or
e...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/a
ote:
>
> Interesting!
>
> You may want to put that in the documentation.
>
> On a related note, is it possible to use PEM files directly instead of
> messing about with conversions?
>
> Thanks,
>
> Trevor
>
> On Wed, Feb 10, 2021, 5:53 PM William Brown wrote:
89-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists
> On 10 Feb 2021, at 09:28, Mark Reynolds wrote:
>
>
> On 2/8/21 6:45 PM, William Brown wrote:
>>
>>> On 9 Feb 2021, at 08:39, Mark Reynolds wrote:
>>>
>>>
>>> On 2/8/21 4:21 AM, Sahin, Erhan wrote:
>>>> Hello everyone,
&
cs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Serv
e/defining_targets#targeting_attributes
As well, we also do NOT advise the use of != targetattr rules as these can lead
to bypasses.
Hope that helps! Happy to have you using 389-ds :)
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
+---cn=group1
>>>>>> |
>>>>>> +---cn=group2
>>>>>> ===
>>>>>> Container "proxy" is a "iphost" object.
>>>>>>
>> Sorry for the messy email. I re
> On 5 Feb 2021, at 12:30, William Brown wrote:
>
>
>
>> On 4 Feb 2021, at 22:23, Pierre Rogier wrote:
>>
>> Hi Nicolas,
>>
>> The documentation does not say that wildcard is supported in groupdn
>> evaluation and I have not seen anything
>> |
> >> +---cn=proxy < here is where I add the ACI
> >> |
> >> +---cn=group1
> >> |
> >> +---cn=group2
> >> ===
> >> Container "proxy" is a "iph
onduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
—
Sincerely,
William Br
___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedo
1 - 100 of 1383 matches
Mail list logo
