Hi all,
i have OpenLDAP in my environment. And i am experimenting 389-ds and their functionalities. In my OpenLDAP, i have entries with following attributes: entryCSN, contextCSN, entryUUID.
1. For entryCSN and contextCSN - any equivalent attribute available in 389-ds
2. When i check for the above attributes in 389-ds, i am unable to find those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
Is this issue got fixed. https://pagure.io/389-ds-base/issue/137
Any suggestions for the above queries.
Thanks & Regards cooldharma06
On 20 Nov 2019, at 15:41, cool dharma06 cooldharma06@gmail.com wrote:
Hi all,
i have OpenLDAP in my environment. And i am experimenting 389-ds and their functionalities. In my OpenLDAP, i have entries with following attributes: entryCSN, contextCSN, entryUUID.
For entryCSN and contextCSN - any equivalent attribute available in 389-ds
When i check for the above attributes in 389-ds, i am unable to find those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
Is this issue got fixed. https://pagure.io/389-ds-base/issue/137
Any suggestions for the above queries.
OpenLDAP and 389-ds use a really different replication model. That's probably why you can't find the same types and datapoints.
My question is "what are you trying to achieve". You shouldn't need to look at our replication state, that's an internal detail.
If you want a "did this entry change" look at the entryUSN plugin.
If you need the entries unique id, look at nsUniqueID attribute - we have spoken about adding entryUUID too, but it's just never materialised.
It's not recommended to set nsUniqueID manually, you should let 389-ds generate that itself.
Does that help? Really happy to help as much as possible with your 389-ds experimenting :)
Thanks & Regards cooldharma06 _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
Hi William,
Thanks for your reply.
I want to enable 389ds to generate nsUniqueID, modifiedTimestamp, creators name for all enteries which is added/getting added to 389-ds. Any suggestions or reference link to enable this.
I have OpenLdap set up with replication enabled and I want to make one more 389-ds with replication in sles 15.1 machine . I am unable to find admin-console package. So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools to experiment and add users in my local 389ds setup.
Once it's done I am planning to enable sync and replication in 389-ds.
It will be very helpful if u have any guidelines on this.
Thanks & Regards cooldharma06
On Thu, Nov 21, 2019, 4:33 AM William Brown wbrown@suse.de wrote:
On 20 Nov 2019, at 15:41, cool dharma06 cooldharma06@gmail.com wrote:
Hi all,
i have OpenLDAP in my environment. And i am experimenting 389-ds and
their functionalities. In my OpenLDAP, i have entries with following attributes:
entryCSN, contextCSN, entryUUID.
- For entryCSN and contextCSN - any equivalent attribute available in
389-ds
- When i check for the above attributes in 389-ds, i am unable to find
those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
Is this issue got fixed. https://pagure.io/389-ds-base/issue/137
Any suggestions for the above queries.
OpenLDAP and 389-ds use a really different replication model. That's probably why you can't find the same types and datapoints.
My question is "what are you trying to achieve". You shouldn't need to look at our replication state, that's an internal detail.
If you want a "did this entry change" look at the entryUSN plugin.
If you need the entries unique id, look at nsUniqueID attribute - we have spoken about adding entryUUID too, but it's just never materialised.
It's not recommended to set nsUniqueID manually, you should let 389-ds generate that itself.
Does that help? Really happy to help as much as possible with your 389-ds experimenting :)
Thanks & Regards cooldharma06 _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
On 21 Nov 2019, at 10:49, cool dharma06 cooldharma06@gmail.com wrote:
Hi William,
Thanks for your reply.
I want to enable 389ds to generate nsUniqueID, modifiedTimestamp, creators name for all enteries which is added/getting added to 389-ds. Any suggestions or reference link to enable this.
They are all generated by default as part of the server - it may be the access controls preventing you from viewing them instead ....
I have OpenLdap set up with replication enabled and I want to make one more 389-ds with replication in sles 15.1 machine . I am unable to find admin-console package. So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools to experiment and add users in my local 389ds setup.
SUSE does not ship admin-console, and never will - we are in the process of actually bringing the new ds* tools into SLE 15.0 and 15.1 which will make it much easier to administer the server. You can see these on the wiki or on Red Hat's correspending 389 docs
http://www.port389.org/docs/389ds/howto/quickstart.html https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
We are also in the progress of releasing 389-ds docs for SUSE as well,
Once it's done I am planning to enable sync and replication in 389-ds.
It will be very helpful if u have any guidelines on this.
389-ds can replicate with other 389-ds servers, but *not* openldap. So I think you need to do a datamigration ....
Thanks & Regards cooldharma06
On Thu, Nov 21, 2019, 4:33 AM William Brown wbrown@suse.de wrote:
On 20 Nov 2019, at 15:41, cool dharma06 cooldharma06@gmail.com wrote:
Hi all,
i have OpenLDAP in my environment. And i am experimenting 389-ds and their functionalities. In my OpenLDAP, i have entries with following attributes: entryCSN, contextCSN, entryUUID.
For entryCSN and contextCSN - any equivalent attribute available in 389-ds
When i check for the above attributes in 389-ds, i am unable to find those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
Is this issue got fixed. https://pagure.io/389-ds-base/issue/137
Any suggestions for the above queries.
OpenLDAP and 389-ds use a really different replication model. That's probably why you can't find the same types and datapoints.
My question is "what are you trying to achieve". You shouldn't need to look at our replication state, that's an internal detail.
If you want a "did this entry change" look at the entryUSN plugin.
If you need the entries unique id, look at nsUniqueID attribute - we have spoken about adding entryUUID too, but it's just never materialised.
It's not recommended to set nsUniqueID manually, you should let 389-ds generate that itself.
Does that help? Really happy to help as much as possible with your 389-ds experimenting :)
Thanks & Regards cooldharma06 _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
Hi,
On Thu, Nov 21, 2019 at 7:48 AM William Brown wbrown@suse.de wrote:
On 21 Nov 2019, at 10:49, cool dharma06 cooldharma06@gmail.com wrote:
Hi William,
Thanks for your reply.
I want to enable 389ds to generate nsUniqueID, modifiedTimestamp,
creators name for all enteries which is added/getting added to 389-ds. Any suggestions or reference link to enable this.
They are all generated by default as part of the server - it may be the
access controls preventing you from viewing them instead ....
Sure, I will verify the access policy. And I used following commands to retrieve the user information.
$ dsidm ceenext-sles account get-by-dn Enter dn to retrieve : cn=sudo,ou=Groups,dc=cee,dc=test,dc=com dn: cn=sudo,ou=Groups,dc=cee,dc=test,dc=com cn: sudo gidNumber: 1950 objectClass: posixGroup objectClass: groupOfNames objectClass: top
I have OpenLdap set up with replication enabled and I want to make one
more 389-ds with replication in sles 15.1 machine . I am unable to find admin-console package.
So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools to
experiment and add users in my local 389ds setup.
SUSE does not ship admin-console, and never will - we are in the process
of actually bringing the new ds* tools into SLE 15.0 and 15.1 which will make it much easier to administer the server. You can see these on the wiki or on Red Hat's correspending 389 docs
http://www.port389.org/docs/389ds/howto/quickstart.html https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
We are also in the progress of releasing 389-ds docs for SUSE as well,
It will be very helpful if you share the ds* tools and 389-ds docs release dates.
Once it's done I am planning to enable sync and replication in 389-ds.
It will be very helpful if u have any guidelines on this.
389-ds can replicate with other 389-ds servers, but *not* openldap. So I
think you need to do a datamigration ....
Yes, with multiple 389-ds i am planning for replication. Any guidelines or reference link to configure replication.
Thanks & Regards cooldharma06
On Thu, Nov 21, 2019, 4:33 AM William Brown wbrown@suse.de wrote:
On 20 Nov 2019, at 15:41, cool dharma06 cooldharma06@gmail.com
wrote:
Hi all,
i have OpenLDAP in my environment. And i am experimenting 389-ds and
their functionalities. In my OpenLDAP, i have entries with following attributes:
entryCSN, contextCSN, entryUUID.
- For entryCSN and contextCSN - any equivalent attribute available
in 389-ds
- When i check for the above attributes in 389-ds, i am unable to
find those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
Is this issue got fixed. https://pagure.io/389-ds-base/issue/137
Any suggestions for the above queries.
OpenLDAP and 389-ds use a really different replication model. That's
probably why you can't find the same types and datapoints.
My question is "what are you trying to achieve". You shouldn't need to
look at our replication state, that's an internal detail.
If you want a "did this entry change" look at the entryUSN plugin.
If you need the entries unique id, look at nsUniqueID attribute - we
have spoken about adding entryUUID too, but it's just never materialised.
It's not recommended to set nsUniqueID manually, you should let 389-ds
generate that itself.
Does that help? Really happy to help as much as possible with your
389-ds experimenting :)
Thanks & Regards cooldharma06 _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to
389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
On 21 Nov 2019, at 16:13, cool dharma06 cooldharma06@gmail.com wrote:
Hi,
On Thu, Nov 21, 2019 at 7:48 AM William Brown wbrown@suse.de wrote:
On 21 Nov 2019, at 10:49, cool dharma06 cooldharma06@gmail.com wrote:
Hi William,
Thanks for your reply.
I want to enable 389ds to generate nsUniqueID, modifiedTimestamp, creators name for all enteries which is added/getting added to 389-ds. Any suggestions or reference link to enable this.
They are all generated by default as part of the server - it may be the access controls preventing you from viewing them instead ....
Sure, I will verify the access policy. And I used following commands to retrieve the user information.
$ dsidm ceenext-sles account get-by-dn Enter dn to retrieve : cn=sudo,ou=Groups,dc=cee,dc=test,dc=com dn: cn=sudo,ou=Groups,dc=cee,dc=test,dc=com cn: sudo gidNumber: 1950 objectClass: posixGroup objectClass: groupOfNames objectClass: top
You already have dsidm as a command ?! Which suse version are you on.
Anyway, trying looking at the entry as "cn=Directory Manager" instead of anonymous, as cn=dm bypasses aci's.
I have OpenLdap set up with replication enabled and I want to make one more 389-ds with replication in sles 15.1 machine . I am unable to find admin-console package. So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools to experiment and add users in my local 389ds setup.
SUSE does not ship admin-console, and never will - we are in the process of actually bringing the new ds* tools into SLE 15.0 and 15.1 which will make it much easier to administer the server. You can see these on the wiki or on Red Hat's correspending 389 docs
http://www.port389.org/docs/389ds/howto/quickstart.html https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
We are also in the progress of releasing 389-ds docs for SUSE as well,
It will be very helpful if you share the ds* tools and 389-ds docs release dates.
I don't have a release date yet I'm sorry - not because I can't share, but because there is some administration going on with the packages and I'm not sure of when it will be done (but it's necessary steps :) )
Once it's done I am planning to enable sync and replication in 389-ds.
It will be very helpful if u have any guidelines on this.
389-ds can replicate with other 389-ds servers, but *not* openldap. So I think you need to do a datamigration ....
Yes, with multiple 389-ds i am planning for replication. Any guidelines or reference link to configure replication.
In the red_hat_directory_server/11 link from redhat, look at their replication section :)
Thanks & Regards cooldharma06
On Thu, Nov 21, 2019, 4:33 AM William Brown wbrown@suse.de wrote:
On 20 Nov 2019, at 15:41, cool dharma06 cooldharma06@gmail.com wrote:
Hi all,
i have OpenLDAP in my environment. And i am experimenting 389-ds and their functionalities. In my OpenLDAP, i have entries with following attributes: entryCSN, contextCSN, entryUUID.
For entryCSN and contextCSN - any equivalent attribute available in 389-ds
When i check for the above attributes in 389-ds, i am unable to find those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
Is this issue got fixed. https://pagure.io/389-ds-base/issue/137
Any suggestions for the above queries.
OpenLDAP and 389-ds use a really different replication model. That's probably why you can't find the same types and datapoints.
My question is "what are you trying to achieve". You shouldn't need to look at our replication state, that's an internal detail.
If you want a "did this entry change" look at the entryUSN plugin.
If you need the entries unique id, look at nsUniqueID attribute - we have spoken about adding entryUUID too, but it's just never materialised.
It's not recommended to set nsUniqueID manually, you should let 389-ds generate that itself.
Does that help? Really happy to help as much as possible with your 389-ds experimenting :)
Thanks & Regards cooldharma06 _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
hi,
On Fri, Nov 22, 2019 at 4:41 AM William Brown wbrown@suse.de wrote:
On 21 Nov 2019, at 16:13, cool dharma06 cooldharma06@gmail.com wrote:
Hi,
On Thu, Nov 21, 2019 at 7:48 AM William Brown wbrown@suse.de wrote:
On 21 Nov 2019, at 10:49, cool dharma06 cooldharma06@gmail.com wrote:
Hi William,
Thanks for your reply.
I want to enable 389ds to generate nsUniqueID, modifiedTimestamp, creators name for all enteries which is added/getting added to 389-ds. Any suggestions or reference link to enable this.
They are all generated by default as part of the server - it may be the access controls preventing you from viewing them instead ....
Sure, I will verify the access policy. And I used following commands to retrieve the user information.
$ dsidm ceenext-sles account get-by-dn Enter dn to retrieve : cn=sudo,ou=Groups,dc=cee,dc=test,dc=com dn: cn=sudo,ou=Groups,dc=cee,dc=test,dc=com cn: sudo gidNumber: 1950 objectClass: posixGroup objectClass: groupOfNames objectClass: top
You already have dsidm as a command ?! Which suse version are you on.
I am using SLES 15.1. I installed 389-ds-base from SUSE repo. Lib386-XXX.rpm i took from Tumbleweed.
Anyway, trying looking at the entry as "cn=Directory Manager" instead of anonymous, as cn=dm bypasses aci's.
Thanks for your suggestions, now i am able to view all the attributes.
I have OpenLdap set up with replication enabled and I want to make one more 389-ds with replication in sles 15.1 machine . I am unable to find admin-console package. So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools to experiment and add users in my local 389ds setup.
SUSE does not ship admin-console, and never will - we are in the process of actually bringing the new ds* tools into SLE 15.0 and 15.1 which will make it much easier to administer the server. You can see these on the wiki or on Red Hat's correspending 389 docs
http://www.port389.org/docs/389ds/howto/quickstart.html https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
We are also in the progress of releasing 389-ds docs for SUSE as well,
It will be very helpful if you share the ds* tools and 389-ds docs release dates.
I don't have a release date yet I'm sorry - not because I can't share, but because there is some administration going on with the packages and I'm not sure of when it will be done (but it's necessary steps :) )
No issue and thanks for the information. If official SUSE packages are there it will very useful.
Once it's done I am planning to enable sync and replication in 389-ds.
It will be very helpful if u have any guidelines on this.
389-ds can replicate with other 389-ds servers, but *not* openldap. So I think you need to do a datamigration ....
Yes, with multiple 389-ds i am planning for replication. Any guidelines or reference link to configure replication.
In the red_hat_directory_server/11 link from redhat, look at their replication section :)
Thank you, I will verify the redhat Guide links.
Thanks & Regards cooldharma06
On Thu, Nov 21, 2019, 4:33 AM William Brown wbrown@suse.de wrote:
On 20 Nov 2019, at 15:41, cool dharma06 cooldharma06@gmail.com wrote:
Hi all,
i have OpenLDAP in my environment. And i am experimenting 389-ds and their functionalities. In my OpenLDAP, i have entries with following attributes: entryCSN, contextCSN, entryUUID.
For entryCSN and contextCSN - any equivalent attribute available in 389-ds
When i check for the above attributes in 389-ds, i am unable to find those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
Is this issue got fixed. https://pagure.io/389-ds-base/issue/137
Any suggestions for the above queries.
OpenLDAP and 389-ds use a really different replication model. That's probably why you can't find the same types and datapoints.
My question is "what are you trying to achieve". You shouldn't need to look at our replication state, that's an internal detail.
If you want a "did this entry change" look at the entryUSN plugin.
If you need the entries unique id, look at nsUniqueID attribute - we have spoken about adding entryUUID too, but it's just never materialised.
It's not recommended to set nsUniqueID manually, you should let 389-ds generate that itself.
Does that help? Really happy to help as much as possible with your 389-ds experimenting :)
Thanks & Regards cooldharma06 _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
On 22 Nov 2019, at 19:11, cool dharma06 cooldharma06@gmail.com wrote:
hi,
On Fri, Nov 22, 2019 at 4:41 AM William Brown wbrown@suse.de wrote:
On 21 Nov 2019, at 16:13, cool dharma06 cooldharma06@gmail.com wrote:
Hi,
On Thu, Nov 21, 2019 at 7:48 AM William Brown wbrown@suse.de wrote:
On 21 Nov 2019, at 10:49, cool dharma06 cooldharma06@gmail.com wrote:
Hi William,
Thanks for your reply.
I want to enable 389ds to generate nsUniqueID, modifiedTimestamp, creators name for all enteries which is added/getting added to 389-ds. Any suggestions or reference link to enable this.
They are all generated by default as part of the server - it may be the access controls preventing you from viewing them instead ....
Sure, I will verify the access policy. And I used following commands to retrieve the user information.
$ dsidm ceenext-sles account get-by-dn Enter dn to retrieve : cn=sudo,ou=Groups,dc=cee,dc=test,dc=com dn: cn=sudo,ou=Groups,dc=cee,dc=test,dc=com cn: sudo gidNumber: 1950 objectClass: posixGroup objectClass: groupOfNames objectClass: top
You already have dsidm as a command ?! Which suse version are you on.
I am using SLES 15.1. I installed 389-ds-base from SUSE repo. Lib386-XXX.rpm i took from Tumbleweed.
There are some updates coming soon to this package I think which will make things better.
Anyway, trying looking at the entry as "cn=Directory Manager" instead of anonymous, as cn=dm bypasses aci's.
Thanks for your suggestions, now i am able to view all the attributes.
Great!
I have OpenLdap set up with replication enabled and I want to make one more 389-ds with replication in sles 15.1 machine . I am unable to find admin-console package. So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools to experiment and add users in my local 389ds setup.
SUSE does not ship admin-console, and never will - we are in the process of actually bringing the new ds* tools into SLE 15.0 and 15.1 which will make it much easier to administer the server. You can see these on the wiki or on Red Hat's correspending 389 docs
http://www.port389.org/docs/389ds/howto/quickstart.html https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
We are also in the progress of releasing 389-ds docs for SUSE as well,
It will be very helpful if you share the ds* tools and 389-ds docs release dates.
I don't have a release date yet I'm sorry - not because I can't share, but because there is some administration going on with the packages and I'm not sure of when it will be done (but it's necessary steps :) )
No issue and thanks for the information. If official SUSE packages are there it will very useful.
Happy to help, and feel free to ask questions anytime!
Once it's done I am planning to enable sync and replication in 389-ds.
It will be very helpful if u have any guidelines on this.
389-ds can replicate with other 389-ds servers, but *not* openldap. So I think you need to do a datamigration ....
Yes, with multiple 389-ds i am planning for replication. Any guidelines or reference link to configure replication.
In the red_hat_directory_server/11 link from redhat, look at their replication section :)
Thank you, I will verify the redhat Guide links.
As above, if you have any questions, please let us know.
Thanks & Regards cooldharma06
On Thu, Nov 21, 2019, 4:33 AM William Brown wbrown@suse.de wrote:
On 20 Nov 2019, at 15:41, cool dharma06 cooldharma06@gmail.com wrote:
Hi all,
i have OpenLDAP in my environment. And i am experimenting 389-ds and their functionalities. In my OpenLDAP, i have entries with following attributes: entryCSN, contextCSN, entryUUID.
For entryCSN and contextCSN - any equivalent attribute available in 389-ds
When i check for the above attributes in 389-ds, i am unable to find those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
Is this issue got fixed. https://pagure.io/389-ds-base/issue/137
Any suggestions for the above queries.
OpenLDAP and 389-ds use a really different replication model. That's probably why you can't find the same types and datapoints.
My question is "what are you trying to achieve". You shouldn't need to look at our replication state, that's an internal detail.
If you want a "did this entry change" look at the entryUSN plugin.
If you need the entries unique id, look at nsUniqueID attribute - we have spoken about adding entryUUID too, but it's just never materialised.
It's not recommended to set nsUniqueID manually, you should let 389-ds generate that itself.
Does that help? Really happy to help as much as possible with your 389-ds experimenting :)
Thanks & Regards cooldharma06 _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
hi,
On Mon, Nov 25, 2019 at 4:34 AM William Brown wbrown@suse.de wrote:
On 22 Nov 2019, at 19:11, cool dharma06 cooldharma06@gmail.com wrote:
hi,
On Fri, Nov 22, 2019 at 4:41 AM William Brown wbrown@suse.de wrote:
On 21 Nov 2019, at 16:13, cool dharma06 cooldharma06@gmail.com
wrote:
Hi,
On Thu, Nov 21, 2019 at 7:48 AM William Brown wbrown@suse.de wrote:
On 21 Nov 2019, at 10:49, cool dharma06 cooldharma06@gmail.com
wrote:
Hi William,
Thanks for your reply.
I want to enable 389ds to generate nsUniqueID, modifiedTimestamp,
creators name for all enteries which is added/getting added to 389-ds. Any suggestions or reference link to enable this.
They are all generated by default as part of the server - it may be
the access controls preventing you from viewing them instead ....
Sure, I will verify the access policy. And I used following commands
to retrieve the user information.
$ dsidm ceenext-sles account get-by-dn Enter dn to retrieve : cn=sudo,ou=Groups,dc=cee,dc=test,dc=com dn: cn=sudo,ou=Groups,dc=cee,dc=test,dc=com cn: sudo gidNumber: 1950 objectClass: posixGroup objectClass: groupOfNames objectClass: top
You already have dsidm as a command ?! Which suse version are you on.
I am using SLES 15.1. I installed 389-ds-base from SUSE repo. Lib386-XXX.rpm i took from Tumbleweed.
There are some updates coming soon to this package I think which will make things better.
Anyway, trying looking at the entry as "cn=Directory Manager" instead
of anonymous, as cn=dm bypasses aci's.
Thanks for your suggestions, now i am able to view all the attributes.
Great!
I have OpenLdap set up with replication enabled and I want to make
one more 389-ds with replication in sles 15.1 machine . I am unable to find admin-console package.
So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools
to experiment and add users in my local 389ds setup.
SUSE does not ship admin-console, and never will - we are in the
process of actually bringing the new ds* tools into SLE 15.0 and 15.1 which will make it much easier to administer the server. You can see these on the wiki or on Red Hat's correspending 389 docs
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
We are also in the progress of releasing 389-ds docs for SUSE as well,
It will be very helpful if you share the ds* tools and 389-ds docs
release dates.
I don't have a release date yet I'm sorry - not because I can't share,
but because there is some administration going on with the packages and I'm not sure of when it will be done (but it's necessary steps :) )
No issue and thanks for the information. If official SUSE packages are there it will very useful.
Happy to help, and feel free to ask questions anytime!
Once it's done I am planning to enable sync and replication in
389-ds.
It will be very helpful if u have any guidelines on this.
389-ds can replicate with other 389-ds servers, but *not* openldap.
So I think you need to do a datamigration ....
Yes, with multiple 389-ds i am planning for replication. Any
guidelines or reference link to configure replication.
In the red_hat_directory_server/11 link from redhat, look at their
replication section :)
Thank you, I will verify the redhat Guide links.
As above, if you have any questions, please let us know.
In my OpenLdap we have ACL policies is there any script available to convert OpenLDAP acl policies to 389-ds policies.?
Thanks & Regards cooldharma06
On Thu, Nov 21, 2019, 4:33 AM William Brown wbrown@suse.de wrote:
> On 20 Nov 2019, at 15:41, cool dharma06 cooldharma06@gmail.com
wrote:
> > Hi all, > > i have OpenLDAP in my environment. And i am experimenting 389-ds
and their functionalities. In my OpenLDAP, i have entries with following attributes:
> entryCSN, contextCSN, entryUUID. > > 1. For entryCSN and contextCSN - any equivalent attribute available
in 389-ds
> > 2. When i check for the above attributes in 389-ds, i am unable to
find those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
> > Is this issue got fixed. > https://pagure.io/389-ds-base/issue/137 > > Any suggestions for the above queries.
OpenLDAP and 389-ds use a really different replication model. That's
probably why you can't find the same types and datapoints.
My question is "what are you trying to achieve". You shouldn't need
to look at our replication state, that's an internal detail.
If you want a "did this entry change" look at the entryUSN plugin.
If you need the entries unique id, look at nsUniqueID attribute - we
have spoken about adding entryUUID too, but it's just never materialised.
It's not recommended to set nsUniqueID manually, you should let
389-ds generate that itself.
Does that help? Really happy to help as much as possible with your
389-ds experimenting :)
> > Thanks & Regards > cooldharma06 > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to
389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to
389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to
389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to
389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to
389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
In my OpenLdap we have ACL policies is there any script available to convert OpenLDAP acl policies to 389-ds policies.?
There is no script that I am aware of for such things. You will need to recreate them manually.
As for your IRC question, you can not have a single ACI with allow and deny rules. You need two separate ACI's to do that. If you give us some specific examples we can help with the syntax, etc.
On 27 Nov 2019, at 03:25, Mark Reynolds mreynolds@redhat.com wrote:
In my OpenLdap we have ACL policies is there any script available to convert OpenLDAP acl policies to 389-ds policies.?
There is no script that I am aware of for such things. You will need to recreate them manually.
As for your IRC question, you can not have a single ACI with allow and deny rules. You need two separate ACI's to do that. If you give us some specific examples we can help with the syntax, etc.
Thanks for following up Mark:
389's aci syntax is very different to OpenLDAP so you'll probably need to redesign your access controls in the migration. We're happy to help review,
In general you want allow-only rules, and it's the "lack of allow" that is a "deny".
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
i will close this thread and i will open new one. It will be easy to follow up.
thanks & regards Cooldharma06
389-users@lists.fedoraproject.org
-
cool dharma06 -
Dharmalingam S
-
Mark Reynolds -
William Brown