Hi guys! Being an absolute NOOB, mailing the first time to this group, I hope you're patient with my lack of knowledge ...
I have an issue with following documentation (is this the right place for issues?):
https://directory.fedoraproject.org/docs/389ds/howto/quickstart.html
My company works with RHDS11 (RHEL8) so I tried to recreate some stuff (Fedora 32): useradd -c "RedHat Directory Server" -u 389 -g 389 -s /sbin/nologin slapd groupadd -g 389 ds Needs to be done before the installation of "389-base", or user and group will be created automatically (dirsrv.dirsrv).
Adapting basic configuration as described (instance.inf): [general] group = ds user = slapd
leads to ERR - dse_read_one_file - The configuration file /etc/dirsrv/slapd-example/schema//usr/share/dirsrv/schema/60trust.ldif could not be accessed, error -1
after a copy: cp /usr/share/dirsrv/schema/60trust.ldif /etc/dirsrv/schema/ instance creation works like a charm ...
Sorry again for being annoying, but ...
where am I doing wrong? also having some SELinux related questions, is this the right place for such kind of issues?
Best regards, Hendrik Steiner
On 4 Oct 2020, at 03:18, Hendrik Steiner hendrik.steiner@gmail.com wrote:
Hi guys! Being an absolute NOOB, mailing the first time to this group, I hope you're patient with my lack of knowledge ...
It's not problem at all - welcome to 389-ds, we hope we can help out :)
I have an issue with following documentation (is this the right place for issues?):
Yep it is :)
https://directory.fedoraproject.org/docs/389ds/howto/quickstart.html
My company works with RHDS11 (RHEL8) so I tried to recreate some stuff (Fedora 32): useradd -c "RedHat Directory Server" -u 389 -g 389 -s /sbin/nologin slapd groupadd -g 389 ds Needs to be done before the installation of "389-base", or user and group will be created automatically (dirsrv.dirsrv).
Adapting basic configuration as described (instance.inf): [general] group = ds user = slapd
I don't think you should change this username/group. By default you should probably rely on the dirsrv user and group created by the rpm. Especially if you are using RHDS, Red Hat support will probably prefer you to use the "way it's tested" so that means using the shipped dirsrv username and group. Is there some reason you want to change this?
leads to ERR - dse_read_one_file - The configuration file /etc/dirsrv/slapd-example/schema//usr/share/dirsrv/schema/60trust.ldif could not be accessed, error -1
after a copy: cp /usr/share/dirsrv/schema/60trust.ldif /etc/dirsrv/schema/ instance creation works like a charm ...
I suspect that this is a permissions problem with the files, as instance creation (probably) assumes dirsrv:dirsrv and you've changed that. Can you show us the ls -al of /etc/dirsrv/slapd-example/schema and /usr/share/dirsrv/schema/ ?
Sorry again for being annoying, but ...
where am I doing wrong? also having some SELinux related questions, is this the right place for such kind of issues?
Yep, please ask them :)
Hope that helps,
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia
Thanks 4 the quick response, I appreciate it :)
Working for my company, migrating rhds10 -> 11, I will try your recommendations (using default user/ group). Maybe this will also answer my SELinux related questions. ^^
Thanks a lot!
Am So., 4. Okt. 2020 um 01:22 Uhr schrieb William Brown wbrown@suse.de:
On 4 Oct 2020, at 03:18, Hendrik Steiner hendrik.steiner@gmail.com
wrote:
Hi guys! Being an absolute NOOB, mailing the first time to this group, I hope
you're patient with my lack of knowledge ...
It's not problem at all - welcome to 389-ds, we hope we can help out :)
I have an issue with following documentation (is this the right place
for issues?):
Yep it is :)
https://directory.fedoraproject.org/docs/389ds/howto/quickstart.html
My company works with RHDS11 (RHEL8) so I tried to recreate some stuff
(Fedora 32):
useradd -c "RedHat Directory Server" -u 389 -g 389 -s /sbin/nologin slapd groupadd -g 389 ds Needs to be done before the installation of "389-base", or user and
group will be created automatically (dirsrv.dirsrv).
Adapting basic configuration as described (instance.inf): [general] group = ds user = slapd
I don't think you should change this username/group. By default you should probably rely on the dirsrv user and group created by the rpm. Especially if you are using RHDS, Red Hat support will probably prefer you to use the "way it's tested" so that means using the shipped dirsrv username and group. Is there some reason you want to change this?
leads to ERR - dse_read_one_file - The configuration file
/etc/dirsrv/slapd-example/schema//usr/share/dirsrv/schema/60trust.ldif could not be accessed,
error -1
after a copy: cp /usr/share/dirsrv/schema/60trust.ldif /etc/dirsrv/schema/ instance creation works like a charm ...
I suspect that this is a permissions problem with the files, as instance creation (probably) assumes dirsrv:dirsrv and you've changed that. Can you show us the ls -al of /etc/dirsrv/slapd-example/schema and /usr/share/dirsrv/schema/ ?
Sorry again for being annoying, but ...
where am I doing wrong? also having some SELinux related questions, is this the right place for such kind of issues?
Yep, please ask them :)
Hope that helps,
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
It might! I know that Red Hat certainly test RHDS with SELinux enabled, so it should "just work".
If you have any other questions, please let us know!
On 7 Oct 2020, at 05:26, Hendrik Steiner hendrik.steiner@gmail.com wrote:
Working for my company, migrating rhds10 -> 11, I will try your recommendations (using default user/ group). Maybe this will also answer my SELinux related questions. ^^
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia
389-users@lists.fedoraproject.org
-
Hendrik Steiner -
William Brown