Re: [389-users] admserv_host_ip_check: ap_get_remote_host could not resolve
by Rich Megginson
On 02/07/2012 01:05 AM, MATON Brett wrote:
>
> How can I stop admin server from logging theses messages?
>
> I realize from the console.conf file that the messages are created
> because HostnameLookups is Off.
>
> My /etc/dirsrv.admin-serv/httpd.conf file has LogLevel set to warn, so
> why is it logging notice messages?
>
> I'm probably overlooking some other configuration file somewhere.
>
> Any help appreciated
>
> As a side note, why is it whining about name resolution when the
> configuration specifically says Don't do name lookups?
>
http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt
>
> -------------------------------------------------------------------
>
> *GreeNRB
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
12 years, 2 months
read only replica
by Karoly Czovek
Hi,
can i do the $subject somehow, even for the directory manager?
once i set up the dirsrv to readonly, it refusing the replication :) as logical..
I want a local replica, but without the possibility to screw it up, just authenticating from it.
--
Karoly CZOVEK
Senior Systems Administrator
MoveOne IT Department
Eastern Europe - Balkans - CIS& Central Asia - Middle East& Africa -
Asia Pacific
phone: +36 1 266 0181 - ext.6710
mobile: +36 70 708 9953
skype: mo_karoly.czovek
email: karoly.czovek(a)moveoneinc.com
web: http://www.moveoneinc.com
12 years, 2 months
Announcing 389 Directory Server version 1.2.10 Release Candidate 1 Testing
by Rich Megginson
The 389 Project team is pleased to announce the release of
389-ds-base-1.2.10.rc1. No new features were added between alpha 8 and
rc1, just many bug fixes. There are also 389-adminutil, 389-admin, and
389-dsgw packages in Testing.
NEW: EL6 support
Beginning with RHEL 6.2, the 389-ds-base package is included in the base
OS. Therefore, the 389-ds-base package can no longer be provided via
EPEL, due to RHEL/EPEL packaging restrictions.
However, the 389 Project will still make the full 389-ds-base package
available via http://repos.fedorapeople.org/repos/rmeggins/389-ds-base.
See http://directory.fedoraproject.org/wiki/Download for more information.
NEW: Issue Tracking System
We have moved our ticket tracking system from the Red Hat Bugzilla
https://bugzilla.redhat.com/enter_bug.cgi?product=389 to our Fedora
Hosted Trac https://fedorahosted.org/389. All of the old 389 bugs have
been copied to Trac. All new bugs, feature requests, and tasks should be
entered in Trac
NEW: Plugin Authors
WARNING: Plugins should be made transaction aware so that they can be
called from within a backend pre/post transaction plugin. Otherwise,
attempting to perform an internal operation will cause a deadlock. See
http://directory.fedoraproject.org/wiki/Plugins
Installation
yum install --enablerepo=updates-testing 389-ds
# or for EPEL
yum install --enablerepo=epel-testing
[--enablerepo=epel-testing-389-ds-base] 389-ds
setup-ds-admin.pl
Upgrade
yum upgrade --enablerepo=updates-testing 389-ds-base
idm-console-framework 389-admin 389-ds-console 389-admin-console
389-dsgw 389-adminutil
# or for EPEL
yum upgrade --enablerepo=epel-testing
[--enablerepo=epel-testing-389-ds-base] 389-ds-base
idm-console-framework 389-admin 389-ds-console 389-admin-console
389-dsgw 389-adminutil
setup-ds-admin.pl -u
How to Give Feedback
The best way to provide feedback is via the Fedora Update system.
* Go to https://admin.fedoraproject.org/updates
* In the Search box in the upper right hand corner, type in the name of
the package
* In the list, find the version and release you are using (if you're not
sure, use rpm -qi <package name> on your system) and click on the release
* On the page for the update, scroll down to "Add a comment" and provide
your input
Or just send us an email to 389-users(a)lists.fedoraproject.org
Reporting Issues
https://fedorahosted.org/389
More Information
* Release Notes - http://port389.org/wiki/Release_Notes
* Install_Guide - http://port389.org/wiki/Install_Guide
* Download - http://port389.org/wiki/Download
12 years, 2 months
Error in logmaxdiskspace config
by Moisés Barba Pérez
Hi,
I'm trying to set the logmaxdiskspace to -1 (infinite) whit this
another parameters:
nsslapd-accesslog-maxlogsperdir: 100
nsslapd-accesslog-maxlogsize: 100
nsslapd-accesslog-logrotationtimeunit: day
nsslapd-accesslog-logrotationtime:1
nsslapd-accesslog-logrotationsync-enable: on
nsslapd-accesslog-logrotationsynchour: 23
nsslapd-accesslog-logrotationsyncmin: 59
Actually, the attached ldif...
When I try to apply the config I get this error:
me@myhost:~$ ldapmodify -H ldaps://ldaphost -D "cn=Directory Manager" -x -W
-f logs.ldif
Enter LDAP Password:
modifying entry "cn=config"
ldap_modify: Operations error (1)
additional info: nsslapd-errorlog-logmaxdiskspace: maxdiskspace "-1
(MB)" is less than max log size "100 (MB)"
My ldap version is 1.2.5, SO CentOS 5.5 x86
If I try to make this changes with the admin console also mark this
error.
¿Is there a way to set the logmaxdiskspace to -1 in this version or have I
to set a maxlogsperdir to a high value?
Regards,
Moses.
12 years, 2 months
SSH key based login bypasses password policies
by David Nguyen
Hi all,
I noticed that logins via ssh key bypass the LDAP password policies
(password ageing, password warning, and password lockout due to failed
attempts, etc). Is there any way to force key based ssh logins to
respect the password
policies?
I noticed that if I use the shadow attributes in LDAP for a user
(shadowWarning, shadowMax, shadowLastChange) instead of relying on the
password policy that, it works as expected - user is warned when
password is expiring and users with an expired password are forced
into a password change. Unfortunately I don't see any way to enforce
password lockout due to failed attempts in the shadow attributes.
Any ideas on how to force ssh key based logins to respect the password policy?
Thanks in advance,
David
12 years, 2 months
Logging Creation and Deletion
by David Hoskinson
I am having a bit of trouble understanding creation and deletion of logs. Creation is max number of logs = 10, fie size 100 MB, and create a new log every day. This is the default I believe as I haven't changed it. My question is does one of these parameters over ride the other? For example we want to keep 24 weeks of logs, and for example create a log everyday. And logs are quite small for us, so would the 100 mb parameter take precedence or the one day setting?
Same with deletion... would like the when drive has less then 5 mb and delete files over 24 weeks old but don't care about the 500 mb total size.
I see some fields can be set with -1 to inactivate them but some can't...
If anyone can explain this a little clearer I am sure its just something I am missing
David Hoskinson | DATATRAK International
Systems Engineer
Mayfield Heights, Ohio, USA
+1.440.443.0082 x 124 (p) | +1.440.391.7753 (m)
david.hoskinson(a)datatrak.net<mailto:david.hoskinson@datatrak.net> | www.datatrak.net<http://www.datatrak.net/>
12 years, 2 months
Dir Admin Shows Stopped
by Dan Whitmire
When I bring up the 389-console it shows that the Administration Server
as being down. When I do 'service dirsrv-admin status' it shows as running.
I recently installed PKI CA, RA, TPS, and TKS. I'm experiencing
problems with TKS which I believe is TLS related. Could that be
affecting my directory server?
Thanks for all the help and support.
12 years, 2 months
Performance tuning OS side
by Marco Pizzoli
Hi *,
I'm exploring 389 after few years with OpenLDAP and I'm curious to know if
some perfomance tuning tricks on Linux are valid with this product too.
- having a db directory located in a dedicated filesystem mounted with the
"noatime" option
- LD_PRELOAD=tcmalloc
Any other hints?
Thanks in advance
Marco
--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison
12 years, 2 months
Lost Directory Manager user
by Marco Pizzoli
Hi,
I'm putting hands to a 389-ds deploy not installed by me and I'm trying to
find out what the Directory Manager entry is.
It is not "cn=Directory Manager". They chose to change it, and now nobody
knows/remember what it is.
Can I discover this in any way?
Thanks in advance
Marco
--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison
12 years, 2 months
Directory Server Error
by Gokser GUL
Hello All, I m using Directory server and had a problem while configuring single master replication. I m trying to implement a directory server architecture for a future project and I m trying to implement a single master replication environment. Online resources can not help me enough to solve my issue please forgive me about disturbing you all I follow the steps while configuring the replication.In the read only replica I stop the dirsrv service and add the following lines to the /etc/dirsrv/slapd-ds2/dse.ldif file dn: cn=replication manager,cn=configobjectClass: inetorgpersonobjectClass: personobjectClass: topcn: replication managersn: RMuserPassword: passwordpasswordExpirationTime: 20380119031407Zafter adding this lines I restart the dirsrv service in the readonly replica I follow the ways in the attached file and system generates the errorCould anyone please help me to solve this issue Kind Regards
12 years, 2 months
