Set of Attributes Uniqueness
by A Robinson
Hello,
I'm trying to check that values contained in one than one attribute is
unique. A solution exists for other directory servers, but I wondered
if it was achievable in 389?
Is there an equivalent to the NSUniqueAttrSet plugin -- which appears
similar to NSUniqueAttr, but for across multiple attributes?
http://docs.sun.com/app/docs/doc/819-4438/gcfeh?l=en&n=1&a=view
nsslapd-pluginInitfunc: NSUniqueAttrSet_Init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: attributeset=mail,mailalternateaddress,mailequivalentaddress
nsslapd-pluginarg1: ugldapbasedn
Thanks,
A Robinson
13 years, 7 months
Console breaks when enabling no anoymous binding
by Gerrard Geldenhuis
Hi
If I set
nsslapd-allow-anonymous-access: off
I am not able to login to the 389-console. I can remedy this by checking the checkbox "Use SSL in Console" in the Encryption tab on the Directory Server console. This seems a strange solution to the problem. Why would disabing anonymous access break console access and why would enabling "Use SSL in Console" fix it?
I get another interesting error as well with the "Use SSL in Console" checkbox checked.
Login to Management Console
Open Directory Console
Click on Configuration tab
Click on Encryption tab
I get "An error has occured"
Could not open file(null). File does not exist or filename is invalid.
After I click on OK, I can proceed to the Encryption tab. Is this a bug or me not configuring something. The error message is not very helpfull.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 7 months
Security Level = Domestic
by Gerrard Geldenhuis
Hi
In the management console there is a Security level: domestic
I found no reference to this in the documentation and a quick google revealed this page:
http://docs.sun.com/source/816-5567-10/3_consol.htm
which suggest that this has to do with the type and level of encryption used.
Thus this refer to the level of encryption used in the SSL certificates?
Best Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 7 months
entryrdn-index error message in error log
by Andrey Ivanov
Hi,
i'm continuing to test the latest version of 389. Here are the error
messages that i've seen (it happened only once for now) in error log :
[25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: Param error: Failed to convert cn=salon d',honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN
[25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for cn=salon d',honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34)
[25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: Param error: Failed to convert honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN
[25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34)
The object in question is
cn=SALON D'HONNEUR,ou=Objets,dc=id,dc=polytechnique,dc=edu
departmentNumber: DG/SG/MG/REST
objectClass: top
cn: SALON D'HONNEUR
What is the problem with this entry, conversion to Slapi_DN and entryrdn index? Here are the
corresponding entries extracted with dbscan :
5370:cn=salon d'honneur
ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur"
C3106:ou=objets
ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur"
P5370:cn=salon d'honneur
ID: 3106; RDN: "ou=Objets"; NRDN: "ou=objets"
I have not made any upgrades of the existing server. Instead, i have
exported the ldif by db2ldif and then imported it into the new server,
so there was no conversion phase.
Andrey Ivanov
tel +33-(0)1-69-33-99-24
fax +33-(0)1-69-33-99-55
Direction des Systemes d'Information
Ecole Polytechnique
91128 Palaiseau CEDEX
France
13 years, 8 months
Incremental Replication over SSL ( and startTLS) with simple bind crashes the latest version
by Andrey Ivanov
I wanted to configure the replication over SSL (both with SSL
mechanism which was available in previous versions) and by TLS using
simple bind (both in multimaster or single master-dedicated consumer models).
I've tried to configure it with command line and with the console. The
configuration and the initial initialisation are ok :
[25/Aug/2010:18:30:44 +0200] NSMMReplicationPlugin - replica_config_delete: Warning: The changelog for replica dc=id,dc=polytechnique,dc=edu is no longer valid since the replica config is being deleted. Removing the changelog.
[25/Aug/2010:18:34:33 +0200] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=id,dc=polytechnique,dc=edu is going offline; disabling replication
[25/Aug/2010:18:34:33 +0200] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[25/Aug/2010:18:34:39 +0200] - import userRoot: Workers finished; cleaning up...
[25/Aug/2010:18:34:40 +0200] - import userRoot: Workers cleaned up.
[25/Aug/2010:18:34:40 +0200] - import userRoot: Indexing complete. Post-processing...
[25/Aug/2010:18:34:40 +0200] - import userRoot: Flushing caches...
[25/Aug/2010:18:34:40 +0200] - import userRoot: Closing files...
[25/Aug/2010:18:34:40 +0200] - import userRoot: Import complete. Processed 9523 entries in 7 seconds. (1360.43 entries/sec)
[25/Aug/2010:18:34:40 +0200] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=id,dc=polytechnique,dc=edu is coming online; enabling replication
But when i continue and try to make a change on a master the consumer
server crashes. So the total replica initialisation is ok but even a
single incremental update crashes the consumer server. And there is
nothing helpful in logs. I haven't tried the 1.2.6.rc7 version, i've
tried the latest code version (as of today). Don't know if it matters
(there seem to be a lot of coverity defects that have been fixed
between rc7 and a1).
Andrey Ivanov
tel +33-(0)1-69-33-99-24
fax +33-(0)1-69-33-99-55
Direction des Systemes d'Information
Ecole Polytechnique
91128 Palaiseau CEDEX
France
13 years, 8 months
Chaining backend + nsFarmServerUrl failover
by Jonathan Boulle
To try keep this short:
https://bugzilla.redhat.com/show_bug.cgi?id=583622
Is this a widely known issue? I have hit it a few times when attempting to test the nsfarmserverurl failover, but I'm not sure whether it's a misconfiguration or a genuine bug.
Is there any way of debugging the "failover" when one of the farm servers is down? I have tried every different debugging level, but still see nothing helpful in the error log on the server with the link configured. For example I would like to see which backend servers it is attempting to reach at what time. (To trigger the chain I'm attempting a password change on a client, which simply hangs when the first farm server is down)
I can provide information to reproduce if necessary.
Thanks
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 8 months
Re: [389-users] entryrdn-index error message in error log
by Andrey Ivanov
AI> i'm continuing to test the latest version of 389. Here are the error
AI> messages that i've seen (it happened only once for now) in error log :
AI> [25/Aug/2010:17:21:10 +0200] entryrdn-index -
AI> entryrdn_index_read: Param error: Failed to convert cn=salon
AI> d',honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN
AI> [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for
AI> cn=salon d',honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34)
AI> [25/Aug/2010:17:21:10 +0200] entryrdn-index -
AI> entryrdn_index_read: Param error: Failed to convert
AI> honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN
AI> [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for
AI> honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34)
These messages continue to appear, each time for a new entry. All
these entries contain the apostrophe "'":
[25/Aug/2010:18:34:31 +0200] entryrdn-index - entryrdn_index_read: Param error: Failed to convert cn=cadre d',astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN
[25/Aug/2010:18:34:31 +0200] - dn2entry: Failed to get id for cn=cadre d',astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34)
[25/Aug/2010:18:34:31 +0200] entryrdn-index - entryrdn_index_read: Param error: Failed to convert astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN
[25/Aug/2010:18:34:31 +0200] - dn2entry: Failed to get id for astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34)
...
Andrey Ivanov
tel +33-(0)1-69-33-99-24
fax +33-(0)1-69-33-99-55
Direction des Systemes d'Information
Ecole Polytechnique
91128 Palaiseau CEDEX
France
13 years, 8 months
About how to create new attribute in 389 Directory Server
by 馬小布
Hi, guys:
I want to create new attribute value to define the VNC geometry
setting .
for example , if the users which is named test1, and when the vnc server
start ,
then his vnc geometry setting could also start , like 1280x1024,
1024x768...
so that it will save a lot of time , isn't it ?
So how could I do ? Is there have some manual about it ?
Thanks in advance .....
13 years, 8 months
Jumping Jack
by Gerrard Geldenhuis
Hi
This probably ties together with my previous question about not all masters begin equal. If I am using the concept of "edge" servers in each DC can each server that has been initialized as a multi-master be used in turn to initialize other multi masters? I am testing this at the moment but wanted to clarify this. The documentation refers to a data master and it is not clear whether this is a "relative master" or single server amongst the crowd that is the only authoritative source.
dc1 dc2
master01 -> master 02 -> master03 -> master04
Thus,
master01 initializes master02.
master02 initializes master03
master03 initializes master04
Create repl agreements in the other direction but don't initialize and end up with:
dc1 dc2
master01 <-> master 02 <-> master03 <-> master04
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 8 months
not all masters are born equal?
by Gerrard Geldenhuis
Hi
Just wanted to double check; We have not created replication agreements between all masters and in some instances it might take 2 hops for a change to be replicated everywhere. We are happy with this trade-off in delay for simplicity. Are we breaking some cardinal rule regarding multi-master or is this acceptable? The idea is to have edge servers in each DC that speaks to other DC edge servers and internally things are more verbal.
A simplified attempt at a diagram. changes in dc1master02 will take two replications before it reaches dc2master02
dc1 dc2
master02 <-> master01 <-> master01 <-> master02
This question pertains both to a shared NetscapeRootDB and userDB databases.
Best Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 8 months