389 DS with two certificates
by murmansk@hotmail.com
I want to use two servers with multi-master replication behind a common DNS name (let's call it ldap.foo.net) with two IPs, balancing with round-robin. I plan to use only LDAPS.
I have one server installed, with a certificate issued to his own FQDN. I can use ldapsearch over TLS with the -ZZZ parameter without problems.
I have installed another certificate in the same server, issued to the common DNS name ldap.foo.net . I can ping my server using ldap.foo.net. But when I try to use 'ldapsearch' with -h ldap.foo.net, it errors with:
ldap_start_tls: Connect error (-11)
additional info: TLS error -8157:Certificate extension not found.
- Does anyone knows why this happens?
- Can I install and use several certificates to one DS?
6 years, 4 months
Get user password expiration date
by Todor Petkov
Hello,
I am trying to get the user password expiration date, so I can write a
script to send warning email before this. I am running the following:
ldapsearch -v -LLLx -h localhost -b
'cn="cn=nsPwPolicyEntry,uid=user,ou=People,dc=domain,dc=com",cn=nsPwPolicyContainer,ou=People,dc=domain,dc=com'
"(objectclass=ldapsubentry)"
But I don't see such attribute in the results. Can you give me a hint
what's the ldap query? My versions are:
389-admin-console-1.1.8-1.el6.noarch
389-ds-1.2.2-1.el6.noarch
389-adminutil-1.1.19-1.el6.x86_64
389-ds-base-libs-1.2.11.15-75.el6_8.x86_64
389-ds-base-1.2.11.15-75.el6_8.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-admin-console-doc-1.1.8-1.el6.noarch
389-admin-1.1.35-1.el6.x86_64
389-console-1.1.7-1.el6.noarch
389-ds-console-doc-1.2.6-1.el6.noarch
389-dsgw-1.1.11-1.el6.x86_64
Thanks in advance,
6 years, 4 months
Announcing Nunc-Stans 0.2.1
by William Brown
Nunc-Stans 0.2.1
The 389 Directory Server team is proud to announce nunc-stans version
0.2.1. This is an important release, as it corrects a defect
found in 0.2.0. The defect prevents servers shutting down cleanly or
correctly, and may lead to data corruption in some cases. All users of
Nunc Stans should upgrade to 0.2.1.
This does not affect any current release of 389 Directory Server.
Source tarballs are available for download at:
http://www.port389.org/binaries/nunc-stans-0.2.1.tar.xz
sha256sum nunc-stans-0.2.1.tar.xz
ee87a1e090e2b06616f3626c14c465226fadcf2d0d42bd4a178771b4a5ecf972
Highlights in 0.2.1
* Important fix for signal registration
* Remove autotools files.
Installation
See Source http://www.port389.org/docs/389ds/development/source.html
for information about source tarballs and SCM (git) access.
Feedback
We are very interested in your feedback!
Please provide feedback and comments to the 389-users mailing list:
https://lists.fedoraproject.org/admin/lists/389-users.lists.fedoraproject...
If you find a bug, or would like to see a new feature, file it in our
Trac instance: https://fedorahosted.org/nunc-stans/
Detailed Changelog since 0.2.0
- Ticket 69 - Remove configure outputs
- Ticket 68 - Missing event registration
- Ticket 66 - Nunc-stans requires c99
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
6 years, 5 months
