In Fedora 28 (389-ds-base-1.4.0) we are deprecating the
389-console/Admin Server. Instead we will be offering a new web UI via
a Cockpit plugin to handle the Directory Server Administration. See
Why Cockpit? Well Cockpit has its pros & cons, but since it has
built-in functionality that solves many problems for us we decided to
use it instead of developing a full-blown standalone web application
that needs run on Apache.
- Authentication is built into Cockpit. However, you must login as a
system user, and one with superuser rights, in order to administer the
server. You will not log in with an LDAP entry. Authentication to the
Directory Server is then done via LDAPI/autobind. See
- Remote server administration. You can register other systems into
Cockpit. Cockpit then establishes ssh sessions with those remote
systems. This allows us to securely manage all your Directory Servers
from a single location.
- Lightweight. The new UI will no longer need things like
"o=netscaperoot", or a full blown http server. It will be very
lightweight and it will run inside of Cockpit (which is also VERY
lightweight). However, this also means if you are on a platform that
does not offer Cockpit (like Solaris/HPUX) then unfortunately you will
not have a console/UI available to you.
- We can not use fancy UI frameworks like django/jinja in cockpit. So
the UI will be simple - that's not really a big con, but it does limit
what functionality we can easily add.
- Authentication. You must use a system user (root or a user with
superuser privileges), not an LDAP account/DN, but you can use
autobind/LDAPI to map a system user to an ldap account.
Note - there will NOT be an LDAP browser in the new web UI. However, we
will be accepting upstream source contributions towards an LDAP
browser, but as of right right now we just do not have the resources to
add a nicely polished LDAP tree browser. Perhaps in a future release
we can do it, but it is considered a low priority. In the meantime for
F28 (389-ds-base-1.4.0), there are other free third-party LDAP browsers
out there that you can use, we just won't have one built into the UI at
As development continues on the new "web console" we will be providing
alpha/beta releases for review/feedback. And your feedback is
important! Expect to start seeing these "test releases" in a few
months, and installing Cockpit and adding the DS UI plugin is very
simple and only takes a few seconds.
If you have any questions/requests please let us know.
We have recently notice that there is a significant fault in thread
safety of the i686 platform of 389 Directory Server. ONLY the i686
version is affected, all other versions are safe.
Large parts of the servers thread safety are affected including
reference counting, monitor counters, and io-event notification and
safety. The fault may cause unbounded memory leaks, crashes,
inconsistent data reporting and more. This fault has been present for
at least 6 months or more.
However, we have received no reports from users related to this error
As a result, we suspect no one is using i686 anymore.
Given the extensive effort to fix this, combined with the short future
life of i686 as a whole (given topics like 2038 problem), and the fact
fedora stopped supporting server i686 last year, we would like to
remove our i686 support from the project.
It is likely we will target this for 1.4.x series of Directory Server,
and retroactively for 1.3.x.
Red Hat, Australia/Brisbane