keeping nsDS5ReplicaBindDN on manager deletion
by Angel Bosch Mora
I'm testing this new command:
dsconf instance replication create-manager
and when I create a new manager I can see a new nsDS5ReplicaBindDN on the replica entry.
but when I remove the manager with "delete-manager" the nsDS5ReplicaBindDN is not removed.
is there a reason for that? why do I need to mantain an old manager entry? should I fill a bug?
regards,
abosch
-- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol fitxer annex, es dirigeix exclusivament a la persona que n'es destinataria i pot contenir informacio confidencial. En cap cas no heu de copiar aquest missatge ni lliurar-lo a terceres persones sense permis expres de l'IMAS. Si no sou la persona destinataria que s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho notifiqueu immediatament a l'adreca electronica de la persona remitent.
-- Abans d'imprimir aquest missatge, pensau si es realment necessari.
3 years, 10 months
last logon timestamp
by Chase Miller
Hello,
I'm trying to get the lastlogon timestamp populated when users login/bind.
I have enabled the account policy plugin, what else do I need to do?
regards,
3 years, 10 months
replication in containerized 389ds
by aravind gosukonda
Hello,
I plan to run 389ds in containers (docker image on kubernetes), with a multi-master replication setup, as described below.
Setup:
- Deployment: I'm using kubernetes statefulsets so the containers get created with the same name
- Name resolution: A headless service is created, so the containers can talk to each other using hostnames
- Data: Persistent volumes, auto-created by using a storage class, mounted using persistent volume claims
- replication:
- replica id: extracted from the hostname
- replica host: I'm looking for containers in the same stateful set and extracting their names
I have a few questions about replication in this setup. When a container is destroyed, and replaced with a new one
i. should I disable changelog and re-enable it?
ii. should I delete the replication agreements and recreate them?
iii. should I re-initialize the ds instance in the newly created container?
iv. are there any known conditions that can break replication or corrupt the ds instance if the new container still reads data from the same volume?
Thanks,
Aravind
3 years, 10 months
Non-packaged (tar?) version of 389ds
by Vandenburgh, Steve Y
Is there a version of 389ds that does not install into and use the OS directories for storage (perhaps a tarball version somewhere)? The Linux team that manages our services does not want the application data from 389ds in the OS directories.
Thanks for the assistance
Steve Vandenburgh
LDAP Directory Services/Identity Management
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
3 years, 10 months
configuring nsslapd-referral with virtual host
by Angel Bosch Mora
hi!
I'm creating my own MMR script and I would like to know if there's any limitation with the FQDN used in nsslapd-referral as stated in
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
we use a virtual IP/hostname for consumer readonly servers (ldapr.example.com) and another one for suppliers writable servers (ldapw.example.com).
we configure certs using -8 parameter with additional hostnames so client don't complain about name mismatch but I'm not sure if we can find any other problem configuring nsslapd-referral with this virtual name instead of real hostname.
any advice?
abosch
-- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol fitxer annex, es dirigeix exclusivament a la persona que n'es destinataria i pot contenir informacio confidencial. En cap cas no heu de copiar aquest missatge ni lliurar-lo a terceres persones sense permis expres de l'IMAS. Si no sou la persona destinataria que s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho notifiqueu immediatament a l'adreca electronica de la persona remitent.
-- Abans d'imprimir aquest missatge, pensau si es realment necessari.
3 years, 10 months
docs for 1.4
by Angel Bosch Mora
hi!
is there a way to access documentation for upcoming 1.4 release?
I would like to see specifically changes in ACIs as stated in this thread:
https://lists.fedorahosted.org/archives/list/389-users@lists.fedoraprojec...
thanks in advance,
abosch
-- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol fitxer annex, es dirigeix exclusivament a la persona que n'es destinataria i pot contenir informacio confidencial. En cap cas no heu de copiar aquest missatge ni lliurar-lo a terceres persones sense permis expres de l'IMAS. Si no sou la persona destinataria que s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho notifiqueu immediatament a l'adreca electronica de la persona remitent.
-- Abans d'imprimir aquest missatge, pensau si es realment necessari.
3 years, 11 months
