389-users February 2012

389-users@lists.fedoraproject.org

35 participants
60 discussions

Re: [389-users] admserv_host_ip_check: ap_get_remote_host could not resolve
by Rich Megginson 07 Feb '12

07 Feb '12

On 02/07/2012 01:05 AM, MATON Brett wrote: > > How can I stop admin server from logging theses messages? > > I realize from the console.conf file that the messages are created > because HostnameLookups is Off. > > My /etc/dirsrv.admin-serv/httpd.conf file has LogLevel set to warn, so > why is it logging notice messages? > > I'm probably overlooking some other configuration file somewhere. > > Any help appreciated > > As a side note, why is it whining about name resolution when the > configuration specifically says Don't do name lookups? > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt > > ------------------------------------------------------------------- > > *GreeNRB > */NRB considers its environmental responsibility and goes for green IT./ > /May we ask you to consider yours before printing this e-mail? /** > > *NRB, daring to commit > */This e-mail and any attachments, which may contain information that > is confidential and/or protected by intellectual property rights, are > intended for the exclusive use of the above-mentioned addressee(s). > Any use (including reproduction, disclosure and whole or partial > distribution in any form whatsoever) of their content is prohibited > without prior authorization of NRB. If you have received this message > by error, please contact the sender promptly by resending this e-mail > back to him (her), or by calling the above number. Thank you for > subsequently deleting this e-mail and any files attached thereto./ > > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users

1 0

read only replica
by Karoly Czovek 06 Feb '12

06 Feb '12

Hi, can i do the $subject somehow, even for the directory manager? once i set up the dirsrv to readonly, it refusing the replication :) as logical.. I want a local replica, but without the possibility to screw it up, just authenticating from it. -- Karoly CZOVEK Senior Systems Administrator MoveOne IT Department Eastern Europe - Balkans - CIS& Central Asia - Middle East& Africa - Asia Pacific phone: +36 1 266 0181 - ext.6710 mobile: +36 70 708 9953 skype: mo_karoly.czovek email: karoly.czovek(a)moveoneinc.com web: http://www.moveoneinc.com

2 2

Announcing 389 Directory Server version 1.2.10 Release Candidate 1 Testing
by Rich Megginson 06 Feb '12

06 Feb '12

The 389 Project team is pleased to announce the release of 389-ds-base-1.2.10.rc1. No new features were added between alpha 8 and rc1, just many bug fixes. There are also 389-adminutil, 389-admin, and 389-dsgw packages in Testing. NEW: EL6 support Beginning with RHEL 6.2, the 389-ds-base package is included in the base OS. Therefore, the 389-ds-base package can no longer be provided via EPEL, due to RHEL/EPEL packaging restrictions. However, the 389 Project will still make the full 389-ds-base package available via http://repos.fedorapeople.org/repos/rmeggins/389-ds-base. See http://directory.fedoraproject.org/wiki/Download for more information. NEW: Issue Tracking System We have moved our ticket tracking system from the Red Hat Bugzilla https://bugzilla.redhat.com/enter_bug.cgi?product=389 to our Fedora Hosted Trac https://fedorahosted.org/389. All of the old 389 bugs have been copied to Trac. All new bugs, feature requests, and tasks should be entered in Trac NEW: Plugin Authors WARNING: Plugins should be made transaction aware so that they can be called from within a backend pre/post transaction plugin. Otherwise, attempting to perform an internal operation will cause a deadlock. See http://directory.fedoraproject.org/wiki/Plugins Installation yum install --enablerepo=updates-testing 389-ds # or for EPEL yum install --enablerepo=epel-testing [--enablerepo=epel-testing-389-ds-base] 389-ds setup-ds-admin.pl Upgrade yum upgrade --enablerepo=updates-testing 389-ds-base idm-console-framework 389-admin 389-ds-console 389-admin-console 389-dsgw 389-adminutil # or for EPEL yum upgrade --enablerepo=epel-testing [--enablerepo=epel-testing-389-ds-base] 389-ds-base idm-console-framework 389-admin 389-ds-console 389-admin-console 389-dsgw 389-adminutil setup-ds-admin.pl -u How to Give Feedback The best way to provide feedback is via the Fedora Update system. * Go to https://admin.fedoraproject.org/updates * In the Search box in the upper right hand corner, type in the name of the package * In the list, find the version and release you are using (if you're not sure, use rpm -qi <package name> on your system) and click on the release * On the page for the update, scroll down to "Add a comment" and provide your input Or just send us an email to 389-users(a)lists.fedoraproject.org Reporting Issues https://fedorahosted.org/389 More Information * Release Notes - http://port389.org/wiki/Release_Notes * Install_Guide - http://port389.org/wiki/Install_Guide * Download - http://port389.org/wiki/Download

1 0

Error in logmaxdiskspace config
by Moisés Barba Pérez 06 Feb '12

06 Feb '12

Hi, I'm trying to set the logmaxdiskspace to -1 (infinite) whit this another parameters: nsslapd-accesslog-maxlogsperdir: 100 nsslapd-accesslog-maxlogsize: 100 nsslapd-accesslog-logrotationtimeunit: day nsslapd-accesslog-logrotationtime:1 nsslapd-accesslog-logrotationsync-enable: on nsslapd-accesslog-logrotationsynchour: 23 nsslapd-accesslog-logrotationsyncmin: 59 Actually, the attached ldif... When I try to apply the config I get this error: me@myhost:~$ ldapmodify -H ldaps://ldaphost -D "cn=Directory Manager" -x -W -f logs.ldif Enter LDAP Password: modifying entry "cn=config" ldap_modify: Operations error (1) additional info: nsslapd-errorlog-logmaxdiskspace: maxdiskspace "-1 (MB)" is less than max log size "100 (MB)" My ldap version is 1.2.5, SO CentOS 5.5 x86 If I try to make this changes with the admin console also mark this error. ¿Is there a way to set the logmaxdiskspace to -1 in this version or have I to set a maxlogsperdir to a high value? Regards, Moses.

1 0

SSH key based login bypasses password policies
by David Nguyen 03 Feb '12

03 Feb '12

Hi all, I noticed that logins via ssh key bypass the LDAP password policies (password ageing, password warning, and password lockout due to failed attempts, etc). Is there any way to force key based ssh logins to respect the password policies? I noticed that if I use the shadow attributes in LDAP for a user (shadowWarning, shadowMax, shadowLastChange) instead of relying on the password policy that, it works as expected - user is warned when password is expiring and users with an expired password are forced into a password change. Unfortunately I don't see any way to enforce password lockout due to failed attempts in the shadow attributes. Any ideas on how to force ssh key based logins to respect the password policy? Thanks in advance, David

1 0

Logging Creation and Deletion
by David Hoskinson 03 Feb '12

03 Feb '12

I am having a bit of trouble understanding creation and deletion of logs. Creation is max number of logs = 10, fie size 100 MB, and create a new log every day. This is the default I believe as I haven't changed it. My question is does one of these parameters over ride the other? For example we want to keep 24 weeks of logs, and for example create a log everyday. And logs are quite small for us, so would the 100 mb parameter take precedence or the one day setting? Same with deletion... would like the when drive has less then 5 mb and delete files over 24 weeks old but don't care about the 500 mb total size. I see some fields can be set with -1 to inactivate them but some can't... If anyone can explain this a little clearer I am sure its just something I am missing David Hoskinson | DATATRAK International Systems Engineer Mayfield Heights, Ohio, USA +1.440.443.0082 x 124 (p) | +1.440.391.7753 (m) david.hoskinson(a)datatrak.net<mailto:david.hoskinson@datatrak.net> | www.datatrak.net<http://www.datatrak.net/>

4 3

Dir Admin Shows Stopped
by Dan Whitmire 02 Feb '12

02 Feb '12

When I bring up the 389-console it shows that the Administration Server as being down. When I do 'service dirsrv-admin status' it shows as running. I recently installed PKI CA, RA, TPS, and TKS. I'm experiencing problems with TKS which I believe is TLS related. Could that be affecting my directory server? Thanks for all the help and support.

2 3

Performance tuning OS side
by Marco Pizzoli 01 Feb '12

01 Feb '12

Hi *, I'm exploring 389 after few years with OpenLDAP and I'm curious to know if some perfomance tuning tricks on Linux are valid with this product too. - having a db directory located in a dedicated filesystem mounted with the "noatime" option - LD_PRELOAD=tcmalloc Any other hints? Thanks in advance Marco -- _________________________________________ Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi. Jim Morrison

3 2

Lost Directory Manager user
by Marco Pizzoli 01 Feb '12

01 Feb '12

Hi, I'm putting hands to a 389-ds deploy not installed by me and I'm trying to find out what the Directory Manager entry is. It is not "cn=Directory Manager". They chose to change it, and now nobody knows/remember what it is. Can I discover this in any way? Thanks in advance Marco -- _________________________________________ Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi. Jim Morrison

2 2

Directory Server Error‏
by Gokser GUL 01 Feb '12

01 Feb '12

Hello All, I m using Directory server and had a problem while configuring single master replication. I m trying to implement a directory server architecture for a future project and I m trying to implement a single master replication environment. Online resources can not help me enough to solve my issue please forgive me about disturbing you all I follow the steps while configuring the replication.In the read only replica I stop the dirsrv service and add the following lines to the /etc/dirsrv/slapd-ds2/dse.ldif file dn: cn=replication manager,cn=configobjectClass: inetorgpersonobjectClass: personobjectClass: topcn: replication managersn: RMuserPassword: passwordpasswordExpirationTime: 20380119031407Zafter adding this lines I restart the dirsrv service in the readonly replica I follow the ways in the attached file and system generates the errorCould anyone please help me to solve this issue Kind Regards

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users February 2012