some tests later I stumble in this problem:
[14/03/12:10:03:41] - [Setup] Info Could not authenticate as user 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot' to server 'ldap://testcsw.contac.lan:389/o=NetscapeRoot'. Error: Authentication method not supported
[14/03/12:10:03:41] - [Setup] Fatal Could not register the directory server with the configuration directory server.
I found in the mail archive a similar thread for PPC:
[389-users] Authentication method not supported (https://lists.fedoraproject.org/pipermail/389-users/2013-July/016073.html)
was there a solution found or a ticket created?
We received this strange error a few hours ago for one of our DNS entries:
[10/Mar/2014:15:56:01 +0000] - str2entry_fast: Error. Non-contiguous attribute values for tXTRecord
[10/Mar/2014:15:56:01 +0000] - Entry "relativeDomainName=testingstatus,zoneName=OURORG.com,dc=DNS,o=Internet" required attribute "objectclass" missing
This is a monitor DNS entry that we update every four minutes to verify that our
Replication is working across the board, so that next error repeats every four
minutes as we try to update the entry.
The entry looks like it's had everything except for the tXTRecord field deleted
as well. Fortunately it's a testing entry, so we can easily rebuild it manually.
This error occurred a few minutes after a bad restart which required a changelog
regenerate, so that may be related.
Anyone know what might cause this?
Am 11.03.14 schrieb Rich Megginson <rmeggins(a)redhat.com>:
> On 03/11/2014 05:57 AM, Carsten Grzemba wrote:
> > interessting: it is only on 32bit build. 64bit build on Solaris10 Sparc works as expected.
> I'm not sure. I guess we could try to reproduce on Fedora 32-bit.
the Solaris10 i386 build works without problems, only on Sparc.
> > --
> > 389 users mailing list
> > 389-users(a)lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
I have this very old installation:
into an old FC12.
Now certs under /etc/httpd/alias
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Not Before: Mon Mar 01 10:50:54 2010
Not After : Sat Mar 01 10:50:54 2014
and I have this error into log:
[error] SSL Library Error: -8181 Certificate has expired
the it suggests to
" Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the
prob lem can be resolved."
I did, and it works.
Now I wonder how can I renew that expired cert.
I have googled around but I have not found any simple to re-create the cert.
I find this
but it is not so easy to regenerate an expired certificate.
Is there something simpler?
Can you help me?
My best rgards
If I try to setup an DS184.108.40.206 DS intance on Solaris10 Sparc I got a error on setup-ds-admin.pl:
+Entry cn=PD Managers,ou=groups,dc=contac,dc=lan is added
+changeOwnerMode: changed mode of /tmp/ldifuO_wjV.ldif to 440
+changeOwnerMode: changed ownership of /tmp/ldifuO_wjV.ldif to user 389 group 389
+importing data ...
[11/Mar/2014:09:26:40 +0100] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[11/Mar/2014:09:26:40 +0100] - check_and_set_import_cache: pagesize: 8192, pages: 262144, procpages: 2640
[11/Mar/2014:09:26:40 +0100] - Import allocates 838856KB import cache.
[11/Mar/2014:09:26:40 +0100] - import userRoot: Beginning import job...
[11/Mar/2014:09:26:40 +0100] - import userRoot: Index buffering enabled with bucket size 100
[11/Mar/2014:09:26:41 +0100] - import userRoot: Processing file "/tmp/ldifuO_wjV.ldif"
[11/Mar/2014:09:26:41 +0100] - import userRoot: Finished scanning file "/tmp/ldifuO_wjV.ldif" (9 entries)
[11/Mar/2014:09:26:41 +0100] - import userRoot: WARNING: Skipping entry "dc=example,dc=lan" which has no parent, ending at line 17 of file "/tmp/ldifuO_wjV.ldif"[11/Mar/2014:09:26:41 +0100] entryrdn-index - _entryrdn_index_read: Suffix "dc=example,dc=lan" not found: Successful return: 0(0)
a lot of such errors following and the userRoot db or base db is not setup correctly.
I have tried the patch: https://fedorahosted.org/389/attachment/ticket/47734 without success.
Your help is greatly appreciated.
1. replication changelog
I've been running multi-master replication setup for a while and
realised hadn't configured expiration (changelog max age). Now my
changelog file is rather big and I would like get size down. I'm
planning to delete changelog and start with a fresh one following these
But since I have two multi-master servers, I was wondering what is the
best way to start with a fresh changelog?
Guide says I need to re-initialize consumers again, but if both
multi-master servers get new data during replication is off, I'm worried
I get into trouble when trying to get replication running again. In case
there is a risk, I rather keep the current state.
2. Tombstone entries
I was reading this:
I noticed that at least in 220.127.116.11 value
nsDS5ReplicaTombstonePurgeInterval is not set at all. I guess because it
depends on environment? But is there a reason why it's not directly
visible in Console => Configuration => Replication (on the same page as
changelog max age)? Just saying I would not have noticed tombstone
purging unless reading administration guide carefully.
I'm trying to accomplish a poor mans replication from OpenDS from
Oracle/Sun. Basically the logic is as follows:
OpenDS is attached to our corporate IDM.
User is managed in OpenDS.
User updates information in OpenDS.
OpenDS read-replica is updated in our local read-slave.
Python script notices there was a change in our local read-slave.
Script isolates the change from our read-slave and sends the DNs to
sync to my 389 (FreeIPA) server.
FreeIPA replica receives input over the network from notification
agent which includes DNs.
DNs attributes are re-organized (OpenDS doesn't use anything logical,
all 100% custom attributes/objectclasses).
DNs with re-organized attributes are inserted/updated in 389 server
(FreeIPA), minus the updated SSHA password hash.
I get an error saying that adding pre-encoded passwords isn't allowed.
But, that makes me say "How the hell do you import an LDIF" backup,
and frankly, I can't find anything on the subject (albeit, I
admittedly didn't quite know how to search this issue either).
I've never seen a server not accept pre-encoded password hashes (or at
least I don't recall this specific error in OpenDS/LDAP), so my
question is, how can I store the SSHA password hash from OpenDS in my
389server (FreeIPA) server?