August 2014 - 389-users - Fedora Mailing-Lists

by Chris Bryant

When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS. When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well. I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also. Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration. Thanks, Chris USA.NET You Run Your Business. We'll Run Your Email. This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.

2 years, 9 months

3
2
0 / 0

multi-valued nsAccountLock

by Pierre ROUDIER

Hi all, RedHat DS's doc states that the nsAccountLock attribute is multi-valued [1]. Some tests with 389ds led me to think it's also true for 389ds. I cannot think of any reason explaining why it would have to be multi-valued. Do you have any idea? Thank you. [1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Serv...

7 years, 11 months

3
2
0 / 0

changelog

by Denise Cosso

Hi, How to modify the attribute nsslapd-encryptionalgorithm in Centos? Thanks, Denise Stop Master servers and set nsslapd-encryptionalgorithm. The allowed value is AES or 3DES. dn: cn=changelog5,cn=config [...] nsslapd-encryptionalgorithm: AES --- Em ter, 4/6/13, Rich Megginson <rmeggins(a)redhat.com> escreveu: De: Rich Megginson <rmeggins(a)redhat.com> Assunto: Re: [389-users] changelog Para: "Denise Cosso" <guanaes51(a)yahoo.com.br> Data: Terça-feira, 4 de Junho de 2013, 16:34 On 06/04/2013 01:26 PM, Denise Cosso wrote: Hi, Rich CentOS release 6.3 (Final) 389-ds-base-libs-1.2.10.2-20.el6_3.x86_64 389-ds-1.2.2-1.el6.noarch 389-dsgw-1.1.10-1.el6.x86_64 389-ds-console-1.2.6-1.el6.noarch 389-ds-console-doc-1.2.6-1.el6.noarch 389-ds-base-1.2.10.2-20.el6_3.x86_64 As far as replication goes - you will need to use a security layer (SSL, TLS, or GSSAPI) to protect the clear text password on the wire As far as encrypting it in the changelog - not sure Denise --- Em ter, 4/6/13, Rich Megginson <rmeggins(a)redhat.com> escreveu: De: Rich Megginson <rmeggins(a)redhat.com> Assunto: Re: [389-users] changelog Para: "General discussion list for the 389 Directory server project." <389-users(a)lists.fedoraproject.org> Cc: "Denise Cosso" <guanaes51(a)yahoo.com.br> Data: Terça-feira, 4 de Junho de 2013, 16:11 On 06/04/2013 12:39 PM, Denise Cosso wrote: Hi, Description of problem: When a userPassword is changed in a server with changelog, the hashed password is logged and also a cleartext pseudo-attribute version. It looks like this: change:: replace: userPassword userPassword: {SHA256}vqtiN2LHdrEUOJUKu+IBVqAVFsAlvFw+11kD/Q== - replace: unhashed#user#password unhashed#user#password: secret12 This unhashed version is used in winsync where the cleartext version of the password must be written to the AD. Now if the DS is involved in replication with another DS, the change will be replayed exactly as it is logged to the other DS replicas, including the cleartext pseudo-attribute password. What platform? What version of 389-ds-base are you using? thanks, Denise -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

8 years, 1 month

2
2
0 / 0

389 GUI/Console

by Gonzalo Fernandez Ordas

Hi I got 389 running on a remote linux box,and I would like to get use of the Console without the need of exporting the X-Windows whenever I want to make a change as I also would prefer not to keep tweaking the configuration files all the time. is there anyway of doing this through any remote client? Any advise on this matter? Thanks very much

8 years, 3 months

4
11
0 / 0

SASL configuration

by Dhiraj Deshpande

Hi folks, Need to configure sasl mecanism so that i can use DIGEST-MD5 mechanism with my autofs configuration. With PLAIN it is working fine but need to use DIGEST-MD5. Where i can specify. [root@ibm001 ~]# cat /etc/autofs_ldap_auth.conf <?xml version="1.0" ?>  <autofs_ldap_sasl_conf usetls="no" tlsrequired="no" authrequired="yes" authtype="DIGEST-MD5" user="proxyuser" secret="XXX" /> -- Thanks & Regards Dhiraj S. Deshpande

8 years, 7 months

1
1
0 / 0

389 Master - Master Replication

by Santos Ramirez

Good Morning, We have a master - master replication agreement. When we initialize the replication it works perfectly we can see changes to a test user we have set up go up and down from the two servers. However at some point the replication stops and we cannot get replication to start once again. The only way we can get replication to start once again is to recreate the replication agreement and then it fails again. Can anyone please point us in a direction. I am relatively new to 389 so any help would be greatly appreciated. Santos U. Ramirez Linux Systems Administrator National DCP, LLC 150 Depot Street Bellingham, Ma. 02019 Phone: 508-422-3089 Fax: 508-422-3866 Santos.Ramirez(a)natdcp.com<mailto:Santos.Ramirez@natdcp.com> This email and any attachments are intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, do not copy or forward to any unauthorized persons, permanently delete the original and notify the sender by replying to this email.

8 years, 8 months

3
9
0 / 0

Announcing the revised port389.org wiki

by Mark Reynolds

We are pleased to announce the launch of our new wiki http://www.port389.org The site has been significantly revised, and moved to a more stable environment. The layout, content, and organization has all been improved. Please note, you will need to revise any old bookmarks you may have, as the old ones will probably not work anymore. Also, if you would like to add/edit content on the site you just need to file a ticket <https://fedorahosted.org/389/newticket> (use "wiki" as the component), add your content(preferably in MarkDown format, but not required), and we will post it. Thanks! 389 Project Team

8 years, 9 months

4
7
0 / 0

Windows console download link

by Chase Miller

Is broke Sent from my iPhone

8 years, 9 months

2
1
0 / 0

389-ds-base-1.3.2.23 for RHEL5

by Wendt, Trevor

Cannot find the 389-ds-base-1.3.2.23-1 for RHEL5 in any repos, am I missing it or is it not being supported or built for 5? Most recent seems to be 389-ds-base-1.2.11.28-1 on Epel for EL5 (5.10)? Thanks. ________________________________ This electronic message transmission contains information from Black Hills Corporation, its affiliate or subsidiary, which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware the disclosure, copying, distribution or use of the contents of this information is prohibited. If you received this electronic transmission in error, please reply to sender immediately; then delete this message without copying it or further reading.

8 years, 9 months

2
1
0 / 0

Announcing 389 Directory Server 1.3.2.23

by Noriko Hosoi

389 Directory Server 1.3.2.23 The 389 Directory Server team is proud to announce 389-ds-base version 1.3.2.23. Fedora packages are available from the Fedora 20 and Rawhide repositories. The new packages and versions are: * 389-ds-base-1.3.2.23-1 A source tarball is available for download at Download Source <http://www.port389.org/binaries/389-ds-base-1.3.2.23.tar.bz2> Highlights in 1.3.2.23 * Various bugs were fixed. Installation and Upgrade See Download <http://www.port389.org/docs/389ds/download.html> for information about setting up your yum repositories. To install, use *yum install 389-ds* yum install 389-ds After install completes, run *setup-ds-admin.pl* to set up your directory server. setup-ds-admin.pl To upgrade, use *yum upgrade* yum upgrade After upgrade completes, run *setup-ds-admin.pl -u* to update your directory server/admin server/console information. setup-ds-admin.pl -u See Install_Guide <http://www.port389.org/docs/389ds/legacy/install-guide.html> for more information about the initial installation, setup, and upgrade See Source <http://www.port389.org/docs/389ds/development/source.html> for information about source tarballs and SCM (git) access. Feedback We are very interested in your feedback! Please provide feedback and comments to the 389-users mailing list: https://admin.fedoraproject.org/mailman/listinfo/389-users If you find a bug, or would like to see a new feature, file it in our Trac instance: https://fedorahosted.org/389 Detailed Changelog since 1.3.2.22 * Ticket 346 - Fixing memory leaks * Ticket 47446 - logconv.pl memory continually grows * Ticket 47692 - single valued attribute replicated ADD does not work * Ticket 47753 - Add switch to disable pre-hashed password checking * Ticket 47781 - Server deadlock if online import started while server is under load * Ticket 47797 - DB deadlock when two threads (on separated backend) try to record changes in retroCL * Ticket 47797 - fix the indentation * Ticket 47816 - v2- internal syncrepl searches are flagged as unindexed * Ticket 47824 - paged results control is not working in some cases when we have a subsuffix. * Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry’s DN must be adjusted. * Ticket 47858 - Internal searches using OP_FLAG_REVERSE_CANDIDATE_ORDER can crash the server * Ticket 47861 - Certain schema files are not replaced during upgrade * Ticket 47862 - Repl-monitor.pl ignores the provided connection parameters * Ticket 47862 - repl-monitor fails to convert “*” to default values * Ticket 47866 - Errors after upgrading related to attribute “dnaremotebindmethod” * Ticket 47869 - unauthenticated information disclosure (Bug 1123477) * Ticket 47871 - 389-ds-base-1.3.2.21-1.fc20 crashed over the weekend * Ticket 47872 - Filter AND with only one clause should be optimized * Ticket 47874 - Performance degradation with scope ONE after some load * Ticket 47875 - dirsrv not running with old openldap * Ticket 47877 - check_and_add_entry fails for changetype: add and existing entry http://www.port389.org/docs/389ds/releases/release-1-3-2-23.html

8 years, 9 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users August 2014