in docker-compose.yaml use "dsconf localhost***" error
by Hu, Xudong
Hello
I want to ask a question with using 389ds/dirsrv 389 Directory Server Container in dockerhub
When I create 389ds database ,I use dsconf localhost backend create *** command,it is OK
Now , I want to use docker-compose.yaml to start container,I set parameter like this :
command: /bin/bash -c "sleep 20 && dsconf localhost backend create ****",but the error is as follows:
Error: Could not find configuration for instance: localhost
Thank you for reply
2 days, 2 hours
I have some problem with 389 Directory Server container project
by Hu, Xudong
Hi ,I want to ask a question
When I use docker pull 389ds/dirsrv to install 389ds,then I use docker run 389ds/dirsrv:latest command
I meet some problems like this:
ERROR: Unable to find pid (/data/run/slapd-localhost.pid) of ns-slapd process Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/lib389/instance/setup.py", line 696, in create_from_args
self._install_ds(general, slapd, backends)
File "/usr/lib/python3.10/site-packages/lib389/instance/setup.py", line 962, in _install_ds
ds_instance.start(timeout=60)
File "/usr/lib/python3.10/site-packages/lib389/__init__.py", line 1157, in start
raise ValueError('Failed to start DS')
ValueError: Failed to start DS
My operateSystem: This is on the Linux version 5.4.0-107-generic (buildd@lcy02-amd64-070) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #121~18.04.1-Ubuntu SMP Thu Mar 24 17:21:33 UTC 2022
Thank you for reply
3 days, 10 hours
I have some problem with 389 Directory Server container project
by Hu, Xudong
Hello
I want to ask a question with using 389ds/dirsrv 389 Directory Server Container in dockerhub
When I create 389ds database ,I use dsconf localhost backend create *** command,it is OK
Now , I want to use docker-compose.yaml to start container,I set parameter like this :
command: /bin/bash -c "sleep 20 && dsconf localhost backend create ****",but the error is as follows:
Error: Could not find configuration for instance: localhost
Thank you for reply
3 days, 10 hours
Crash with SEGV after compacting
by Niklas Schmatloch
Hi
My organisation is using a replicated 389-dirsrv. Lately, it has been crashing
each time after compacting.
It is replicable on our instances by lowering the compactdb-interval to
trigger the compacting:
dsconf -D "cn=Directory Manager" ldap://127.0.0.1 -w 'PASSWORD_HERE' backend config set --compactdb-interval 300
This is the log:
[03/Aug/2022:16:06:38.552781605 +0200] - NOTICE - checkpoint_threadmain - Compacting DB start: userRoot
[03/Aug/2022:16:06:38.752592692 +0200] - NOTICE - bdb_db_compact_one_db - compactdb: compact userRoot - 8 pages freed
[03/Aug/2022:16:06:44.172233009 +0200] - NOTICE - bdb_db_compact_one_db - compactdb: compact userRoot - 888 pages freed
[03/Aug/2022:16:06:44.179315345 +0200] - NOTICE - checkpoint_threadmain - Compacting DB start: changelog
[03/Aug/2022:16:13:18.020881527 +0200] - NOTICE - bdb_db_compact_one_db - compactdb: compact changelog - 458 pages freed
dirsrv(a)auth-alpha.service: Main process exited, code=killed, status=11/SEGV
dirsrv(a)auth-alpha.service: Failed with result 'signal'.
dirsrv(a)auth-alpha.service: Consumed 2d 6h 22min 1.122s CPU time.
The first steps are done very quickly, but the step before the 458 pages of the
retro-changelog are freed, takes several minutes. In this time the dirsrv writes
more than 10 G and reads more than 7 G (according to iotop).
After this line is printed the dirsrv crashes within seconds.
What I also noticed is, that even though it said it freed a lot of pages the
retro-changelog does not seem to change in size.
The file `/var/lib/dirsrv/slapd-auth-alpha/db/changelog/id2entry.db` is 7.2 G
before and after the compacting.
Debian 11.4
389-ds-base/stable,now 1.4.4.11-2 amd64
Does someone have an idea how to debug / fix this?
Thanks
4 days
Forward LDAP Auth SASL or SSSD
by Axel Tischer
Hi
We try to migrate from slapd to 389-dirserver.
Authentication is only used by our application login, not for system logon.
We forward our ldap authentication to a central ldap server
saslauthd:
ldap_servers
ldap_bind_dn: cn=binduser,ou=emea,o=services
ldap_bind_pw: secret
ldap_search_base: o=auth
ldap_timeout: 3
ldap_time_limit: 10
ldap_filter: (&(objectClass=inetOrgPerson)(uid=%u))
sasl2/slapd:
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /run/sasl2/mux
and sysconfig/saslauthd
SASLAUTHD_AUTHMECH=ldap
And a simple user attribute: userpassword: {SASL}johndoe
It would be great it saslauthd is supported in 389-DS, but I fear it isn't.
I wonder how to configure 389-ds to use this simple LDAP auth
forwarding. I could not find anything about this in the docs (or I'm too
dumb..). I tried sssd but no luck yet, reconfiguration of PAM is not
allowed....
It would be grateful to get a working example ( like the one above)
Thanx
4 days, 14 hours
Login problems.
by Phill Harvey-Smith
Hi all,
I've been following the quickstart guide at :
https://www.port389.org/docs/389ds/howto/quickstart.html
My environment is Rocky Linux 9, on 3 KVM virtual machines.
The machines are :
192.168.122.1 host machine
192.168.122.2 frontend
192.168.122.3 exec1
192.168.122.4 exec2
I have DNS running on frontend so that all the machines can resolve each
other in the DNS domain .cluster, so frontend.cluster etc.
The two exec nodes have firewalls enabled, but frontend currently has it
disabled (to aid in debugging).
Following the quickstart I have got to the point where I can ssh to
frontend as alice, but not as eve. However trying to replicate the setup
on exec1, but pointing at the ldap on frontend leads to an odd situation
where I can't login as alice, but su to alice from root works, and id
alice returns the correct uid.
I copied over /etc/openldap/ldap.conf and /etc/sssd/sssd.conf from
frontend to exec1.
I have however only installed the 389-ds packages on frontend, as I
assumed that you would only need them on the server machine.
Any clues as to what might be wrong here?
Cheers.
Phill.
6 days, 6 hours