Setting "lock" time of an account in the future
by Cenk Y.
Hello,
We are running 389-ds-base.2.2.7 .
While creating accounts, sometimes we know until when they need to be
active. Is there a way to manually set a "expiration date" for the account,
so after that date nsAccount is set to true?
Having gone through rhds and 389-ds pages, it seems it's only possible to
create a policy to deactivate accounts after an inactivity limit.
I can always create a mechanism myself (such as adding a new attribute and
checking it by a cron job ...) , but I want to see if there is a native way
to do this?
Thanks
Cenk
2 months, 1 week
389 in Ubuntu 22.04
by morgan jones
Hello,
We are moving to Ubuntu 22.04 across our servers: is there a recommended Ubuntu repo for 389 Directory?
On a related note is there an official Docker image?
We have about 250,000 users and currently have 6 replicas all running CentOS 7.
thanks,
-morgan
2 months, 1 week
Migration: importing an OU to a new instance
by tdarby@arizona.edu
I've read this doc:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/12...
The export from server A to an LDIF file works and I've done some testing but it seems like the import feature always deletes existing OUs on server B that aren't in the exported LDIF file. Am I missing something? I'd like to simply get an LDIF of all the entries in Server A and populate only that OU in server B.
Related, this bit is bewildering
Optional: By default, Directory Server sets the entry update sequence numbers (USNs) of all imported entries to 0. To set an alternative initial USN value, set the nsslapd-entryusn-import-initval parameter. For example, to set USN for all imported values to 12345, enter:
I don't understand what this means or the consequences of taking the default or not. Server B is already in multi-supplier replication with other servers, so I worry about screwing that up with any import choices I might make.
2 months, 3 weeks
Migration: importing an OU to a new instance
by tdarby@arizona.edu
I've read this doc:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/12...
The export from server A to an LDIF file works and I've done some testing but it seems like the import feature always deletes existing OUs on server B that aren't in the exported LDIF file. Am I missing something? I'd like to simply get an LDIF of all the entries in Server A and populate only that OU in server B.
Related, this bit is bewildering
Optional: By default, Directory Server sets the entry update sequence numbers (USNs) of all imported entries to 0. To set an alternative initial USN value, set the nsslapd-entryusn-import-initval parameter. For example, to set USN for all imported values to 12345, enter:
I don't understand what this means or the consequences of taking the default or not. Server B is already in multi-supplier replication with other servers, so I worry about screwing that up with any import choices I might make.
2 months, 4 weeks
389-ds freezes with deadlock
by Julian Kippels
Hi,
I am using 389-ds Version 2.3.1 and have encountered the same error
twice in three days now. There are some MOD operations and then I get a
line like this in the errors-log:
[23/Aug/2023:13:27:17.971884067 +0200] - ERR - ldbm_back_seq - deadlock
retry BAD 1601, err=0 Unexpected dbimpl error code
After this the server keeps running, systemctl status says everything is
fine, but new incoming connections are failing with timeouts.
Any advice would be welcome.
Thanks in advance
Julian Kippels
--
---------------------------------------------------------
| | Julian Kippels
| | M.Sc. Informatik
| |
| | Zentrum für Informations- und Medientechnologie
| | Heinrich-Heine-Universität Düsseldorf
| | Universitätsstr. 1
| | Raum 25.41.O1.32
| | 40225 Düsseldorf / Germany
| |
| | Tel: +49-211-81-14920
| | mail: kippels(a)hhu.de
---------------------------------------------------------
2 months, 4 weeks
