March 2015 - 389-users - Fedora Mailing-Lists

by Chris Bryant

When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS. When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well. I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also. Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration. Thanks, Chris USA.NET You Run Your Business. We'll Run Your Email. This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.

3 years, 1 month

3
2
0 / 0

multi-valued nsAccountLock

by Pierre ROUDIER

Hi all, RedHat DS's doc states that the nsAccountLock attribute is multi-valued [1]. Some tests with 389ds led me to think it's also true for 389ds. I cannot think of any reason explaining why it would have to be multi-valued. Do you have any idea? Thank you. [1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Serv...

8 years, 2 months

3
2
0 / 0

changelog

by Denise Cosso

Hi, How to modify the attribute nsslapd-encryptionalgorithm in Centos? Thanks, Denise Stop Master servers and set nsslapd-encryptionalgorithm. The allowed value is AES or 3DES. dn: cn=changelog5,cn=config [...] nsslapd-encryptionalgorithm: AES --- Em ter, 4/6/13, Rich Megginson <rmeggins(a)redhat.com> escreveu: De: Rich Megginson <rmeggins(a)redhat.com> Assunto: Re: [389-users] changelog Para: "Denise Cosso" <guanaes51(a)yahoo.com.br> Data: Terça-feira, 4 de Junho de 2013, 16:34 On 06/04/2013 01:26 PM, Denise Cosso wrote: Hi, Rich CentOS release 6.3 (Final) 389-ds-base-libs-1.2.10.2-20.el6_3.x86_64 389-ds-1.2.2-1.el6.noarch 389-dsgw-1.1.10-1.el6.x86_64 389-ds-console-1.2.6-1.el6.noarch 389-ds-console-doc-1.2.6-1.el6.noarch 389-ds-base-1.2.10.2-20.el6_3.x86_64 As far as replication goes - you will need to use a security layer (SSL, TLS, or GSSAPI) to protect the clear text password on the wire As far as encrypting it in the changelog - not sure Denise --- Em ter, 4/6/13, Rich Megginson <rmeggins(a)redhat.com> escreveu: De: Rich Megginson <rmeggins(a)redhat.com> Assunto: Re: [389-users] changelog Para: "General discussion list for the 389 Directory server project." <389-users(a)lists.fedoraproject.org> Cc: "Denise Cosso" <guanaes51(a)yahoo.com.br> Data: Terça-feira, 4 de Junho de 2013, 16:11 On 06/04/2013 12:39 PM, Denise Cosso wrote: Hi, Description of problem: When a userPassword is changed in a server with changelog, the hashed password is logged and also a cleartext pseudo-attribute version. It looks like this: change:: replace: userPassword userPassword: {SHA256}vqtiN2LHdrEUOJUKu+IBVqAVFsAlvFw+11kD/Q== - replace: unhashed#user#password unhashed#user#password: secret12 This unhashed version is used in winsync where the cleartext version of the password must be written to the AD. Now if the DS is involved in replication with another DS, the change will be replayed exactly as it is logged to the other DS replicas, including the cleartext pseudo-attribute password. What platform? What version of 389-ds-base are you using? thanks, Denise -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

8 years, 5 months

2
2
0 / 0

Valgrind on a slapi plugin

by Prashant Bapat

Hi, Is there a documentation on how to run Valgrind on a Slapi plugin for 389 ds. Thanks. --Prashant

8 years, 6 months

2
1
0 / 0

Automating a 389 DS Build

by Paul Whitney

Has anyone deployed 389 DS on a system using a script to setup, create instances, SSL enable, etc? Paul W.

8 years, 6 months

6
5
0 / 0

Logstash

by Joshua Brodie

Hi List: Got Elasticsearch, Logstatsh, Kibana set up for a MMR environment - works mostly like a charm - can't quite get the grok parser completed for all the 'access' logs scenarios - are there any recipes out there from anyone who has walked this path previously?

8 years, 6 months

1
0
0 / 0

389 DS Plugin development

by Prashant Bapat

Hi All, I'm trying to write a rather straightforward plugin. I need to search for an entry and return a specific attribute. But when I'm using the slapi_search_internal_set_pb and slapi_search_internal_pb functions, I'm always getting all the attributes. My code is on the lines of whats is described here http://docs.oracle.com/cd/E19424-01/820-4810/aahhb/index.html The set_pb looks like this in my code. slapi_search_internal_set_pb( pb, dn, /* Base DN for search */ LDAP_SCOPE_SUBTREE, /* Scope */ "objectclass=*", /* Filter */ srch_attrs, /* Set to get all user attrs. */ 0, /* Return attrs. and values */ NULL, /* No controls */ NULL, /* DN rather than unique ID */ plugin_id, SLAPI_OP_FLAG_NEVER_CHAIN /* Never chain this operation. */ ); The attrs are set like this: char * srch_attrs[] = {"ipaSshPubKey", NULL}; Any help would be appreciated. Thanks. --Prashant

8 years, 6 months

1
0
0 / 0

389-console moves to background after opening

by Thomas Spuhler

When I open the the 389-console as root, I get a brief flash and then it moves to the background. Is this expected or did I package it wrong? I have currently 389-console-1.1.7 -- Best regards Thomas Spuhler All of my e-mails have a valid digital signature ID 60114E63

8 years, 6 months

1
0
0 / 0

389-admin-1.1.38 setup problems

by Thomas Spuhler

setup-ds-admin.pl returns an error. I packaged the new version of 389-admin-1.1.38 for Mageia (security update) and when running the setup script I am getting the error: httpd: Syntax error on line 136 of /etc/dirsrv/admin-serv/httpd.conf: Cannot load /usr/lib64/dirsrv/modules/mod_admserv.so into server: /usr/lib64/dirsrv/modules/mod_admserv.so: undefined symbol: admldapGetAuthDN I have not updated 389-adminutil as the fedora spec file doesn't require it. Could this be the problem? -- Best regards Thomas Spuhler All of my e-mails have a valid digital signature ID 60114E63

8 years, 6 months

2
3
0 / 0

Retro ChangeLog

by Joshua Brodie

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.... The document says can only be used in Single Master Replica - Are there any possibilities to utilize the Retro ChangeLog in an MMR setup - where there is 1 primary supplier at any time? The other supplier is on stand-by? Thanks.

8 years, 6 months

2
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users March 2015