December 2009 - 389-users - Fedora Mailing-Lists

by Emmanuel BILLOT

Hi, Is it possible to "paste" a CoS on a Role ? I mean when one use a Role definition to "group" several users and those users may inherit attribut because they belong to this Role. BR,

13 years, 9 months

2
1
0 / 0

RE: [389-users] PosixGroup and groupOfUniqueNames

by Prashanth Sundaram

I followed HowTo:Posix on 389-ds documentation and added shadowAccount and posixAccount object class to all my users. Is shadowAccount ObjectClass really required? I vaguely remember it is required for password policy to work, but any other usage other than that? I can get it to work fine without adding it. TY

13 years, 9 months

2
1
0 / 0

Announcing 389 Directory Server 1.2.5 Release Candidate 2

by Rich Megginson

The 389 team is pleased to announce the availability of Release Candidate 2 of version 1.2.5. We need your help! Please help us test this software. It is a Release Candidate, so it is fairly stable at this point. We have worked hard to make sure upgrades from previous releases are as smooth as possible, and we would really appreciate feedback about upgrades. The Fedora system strongly encourages packages to be in Testing until verified and pushed to Stable. If we don't get any feedback while the packages are in Testing, the packages will remain in limbo, or get pushed to Stable. The more testing we get, the faster we can release these packages to Stable. * Release Notes - http://directory.fedoraproject.org/wiki/Release_Notes * Install_Guide - http://directory.fedoraproject.org/wiki/Install_Guide * Download - http://directory.fedoraproject.org/wiki/Download === New features === None - this release is primarily to fix some bugs found in 1.2.5.rc1, including a bug that causes import to crash when reading the userPassword attribute. === Bugs Fixed === This release contains a couple of bug fixes. The complete list of bugs fixed is found at the link below. Note that bugs marked as MODIFIED have been fixed but are still in testing. * Tracking bug for 1.2.5 release - [https://bugzilla.redhat.com/showdependencytree.cgi?id=533025&hide_resolved=0 https://bugzilla.redhat.com/showdependencytree.cgi?id=533025&hide_resolved=0] * [https://bugzilla.redhat.com/show_bug.cgi?id=195302 195302] local pwp can't set storage scheme * [https://bugzilla.redhat.com/show_bug.cgi?id=387681 387681] "windows_process_dirsync_entry: failed to map tombstone dn." with , in DisplayName * [https://bugzilla.redhat.com/show_bug.cgi?id=486171 486171] [RFE] Access log - Failed binds * [https://bugzilla.redhat.com/show_bug.cgi?id=497199 497199] 'failed to send dirsync search request 2' error * [https://bugzilla.redhat.com/show_bug.cgi?id=504817 504817] [Double quoted distinguished names not working in fedora-ds 1.2.0 * [https://bugzilla.redhat.com/show_bug.cgi?id=515329 515329] Multiple mods in one operation can result in an inconsistent replica * [https://bugzilla.redhat.com/show_bug.cgi?id=540559 540559] selinux policy needs to allow log pipe [See dependency tree for bug 540559]

13 years, 9 months

3
6
0 / 0

PosixGroup and groupOfUniqueNames

by Prashanth Sundaram

Hi All, Is there any interOp issues by having both posixGroup and groupOfUnique names as object class for Groups? I was going to add members as : uniqueMember: uid=gcarter,ou=people,dc=example,dc=com I will be using this for host based access. It is so far working for me, but wanted to know if any one had any issues. Thanks, Prashanth

13 years, 9 months

1
0
0 / 0

Password Policy not working fine

by Allan Hougham

Dears, I have a problem with my passwords policies, I enabled "Enable fine-grained password policy", I apply this but is not working fine. I followed the steps of Administration Guide pag 364 - 7.1.1.2. Configuring a Subtree/User Password Policy Using the Console But it´s not working, i have that setting any more? Can you help me? Thanks a lot in advance! Allan Hougham _________________________________________________________________ ¿Vos ya tenés SMS Messenger en tu celular? Registrate Aquí http://www.somosmessengersiempre.com

13 years, 9 months

3
13
0 / 0

Announcing 389 Directory Server 1.2.5 Release Candidate 1

by Rich Megginson

The 389 team is pleased to announce the availability of Release Candidate 1 of version 1.2.5. We need your help! Please help us test this software. It is a Release Candidate, so it is fairly stable at this point. We have worked hard to make sure upgrades from previous releases are as smooth as possible, and we would really appreciate feedback about upgrades. The Fedora system strongly encourages packages to be in Testing until verified and pushed to Stable. If we don't get any feedback while the packages are in Testing, the packages will remain in limbo, or get pushed to Stable. The more testing we get, the faster we can release these packages to Stable. * Release Notes - http://directory.fedoraproject.org/wiki/Release_Notes * Install_Guide - http://directory.fedoraproject.org/wiki/Install_Guide * Download - http://directory.fedoraproject.org/wiki/Download === New features === * Named Pipe Log Script - this script allows you to replace the access/errors/audit log file with a named pipe attached to a script - this allows you to do things like ** enable full debug error log level in production environments without suffering too much performance degradation ** log only certain events e.g. failed bind attempts only, or only messages that contain a specified pattern ** send data to a remote server, send email, anything that can be scripted ** http://port389.org/wiki/Named_Pipe_Log_Script === Bugs Fixed === This release contains a couple of bug fixes. The complete list of bugs fixed is found at the link below. Note that bugs marked as MODIFIED have been fixed but are still in testing. * Tracking bug for 1.2.5 release - [https://bugzilla.redhat.com/showdependencytree.cgi?id=533025&hide_resolved=0 https://bugzilla.redhat.com/showdependencytree.cgi?id=533025&hide_resolved=0] * [https://bugzilla.redhat.com/show_bug.cgi?id=195302 195302] local pwp can't set storage scheme * [https://bugzilla.redhat.com/show_bug.cgi?id=387681 387681] "windows_process_dirsync_entry: failed to map tombstone dn." with , in DisplayName * [https://bugzilla.redhat.com/show_bug.cgi?id=486171 486171] [RFE] Access log - Failed binds * [https://bugzilla.redhat.com/show_bug.cgi?id=497199 497199] 'failed to send dirsync search request 2' error * [https://bugzilla.redhat.com/show_bug.cgi?id=504817 504817] [Double quoted distinguished names not working in fedora-ds 1.2.0 * [https://bugzilla.redhat.com/show_bug.cgi?id=515329 515329] Multiple mods in one operation can result in an inconsistent replica * [https://bugzilla.redhat.com/show_bug.cgi?id=540559 540559] selinux policy needs to allow log pipe [See dependency tree for bug 540559]

13 years, 9 months

2
4
0 / 0

389 Server/AD/Openldap comparison, 389 implementation case in french

by Ivanov Andrey (M.)

Hi, for the french-speaking readers of this mailing list here is a rather comprehensive paper on the implementation and the architecture of 389 in heterogeneous environments (universities). There is also a discussion of a real experience of cohabitation of 389 Server and Active Directory as well as comparison and argumentation of the choice among AD/389/OpenLDap. It is a presentation made on bi-annual JRES (les journées réseaux, "network days") conference. Here is the link : https://2009.jres.org/soumission/papers/render/pdf/55.pdf @+

13 years, 9 months

1
0
0 / 0

dsktune is wrong

by Alan McKay

Hey folks, Now that I want to install this in production, I have to ask about dsktune :-) Some of what it is telling me just seems plain incorrect. Let's have a look WARNING: There are only 1024 file descriptors (hard limit) available, which limit the number of simultaneous connections. WARNING: There are only 1024 file descriptors (soft limit) available, which limit the number of simultaneous connections. Yet : [root@fileserver ~]# !cat cat /proc/sys/fs/file-max 306460 I'm also wondering about whether or not this is really something to worry about : NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120 minutes). This may cause temporary server congestion from lost client connections. I've got 20 or so users. Is this really an issue for me? Changing it is of course pretty trivial, but I'd rather not if I do not have to. thanks, -Alan -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of "In Defense of Food"

13 years, 9 months

2
4
0 / 0

identifying new entries

by Derek Alexander

Hi, Does Fedora Directory have an equivalent of Active Directory's 'whenCreated' attribute? If not, do you know of any standard schema that contain such an attribute? Reason for asking is that I need to identify new entries to the directory. I'd considered using the LDAP persistent search extension to receive notification of new entries but that requires a connection to the directory which is hard to guarantee always. I could of course use some other arbitrary attribute to recognise new entries but an equivalent of 'whenCreated' seems like the cleanest solution. Thanks, Derek Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm

13 years, 10 months

3
2
0 / 0

389-ds help

by Shouben Zhou

I am new in this list. I have tried centos-ds (v8), the latest version of 389-ds as well as 389-ds 1.25.rc1 version on CentOS 5.4 system. None of installation works with password expiration policy. I did see the passwordexpwarned is set to 1 on the server, but the client has never got any warning whatsoever and still get into the system. However the password lockout does work though. From client (CentOS 5.4), the ldap.conf is configured as recommended to set pam_lookup_policy to yes and system-auth is also configured as recommended as well. -- -- Shouben Zhou Science Systems and Applications Inc.(SSAI) 1 Enterprise Pkwy, Hampton, VA 23666 Tel: (757)951-1905 Fax: (757)951-1900 Email: Shouben.Zhou(a)nasa.gov

13 years, 10 months

1
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users December 2009