389-users January 2012

389-users@lists.fedoraproject.org

20 participants
24 discussions

Problem browsing LDAP with Outlook
by Chris Bryant 26 Aug '20

26 Aug '20

When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS. When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well. I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also. Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration. Thanks, Chris USA.NET You Run Your Business. We'll Run Your Email. This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.

3 2

Logging Creation and Deletion
by David Hoskinson 03 Feb '12

03 Feb '12

I am having a bit of trouble understanding creation and deletion of logs. Creation is max number of logs = 10, fie size 100 MB, and create a new log every day. This is the default I believe as I haven't changed it. My question is does one of these parameters over ride the other? For example we want to keep 24 weeks of logs, and for example create a log everyday. And logs are quite small for us, so would the 100 mb parameter take precedence or the one day setting? Same with deletion... would like the when drive has less then 5 mb and delete files over 24 weeks old but don't care about the 500 mb total size. I see some fields can be set with -1 to inactivate them but some can't... If anyone can explain this a little clearer I am sure its just something I am missing David Hoskinson | DATATRAK International Systems Engineer Mayfield Heights, Ohio, USA +1.440.443.0082 x 124 (p) | +1.440.391.7753 (m) david.hoskinson(a)datatrak.net<mailto:david.hoskinson@datatrak.net> | www.datatrak.net<http://www.datatrak.net/>

4 3

Dir Admin Shows Stopped
by Dan Whitmire 02 Feb '12

02 Feb '12

When I bring up the 389-console it shows that the Administration Server as being down. When I do 'service dirsrv-admin status' it shows as running. I recently installed PKI CA, RA, TPS, and TKS. I'm experiencing problems with TKS which I believe is TLS related. Could that be affecting my directory server? Thanks for all the help and support.

2 3

Packages for Solaris10
by Carsten Grzemba 31 Jan '12

31 Jan '12

Hi, the 389 Directory Server packages are now also available on Solaris10 + on opencsw.org http://wiki.opencsw.org/project-389directoryserver I will add there also the posix-winsync-plugin: https://cgrzemba@github.com/cgrzemba/Posix-Winsync-Plugin-for-389-directory… (at the moment only on http://buildfarm.opencsw.org/experimental.html#389directoryserver) -- Carsten

1 0

Announcing 389 Directory Server version 1.2.10 Alpha 8 Testing
by Rich Megginson 27 Jan '12

27 Jan '12

The 389 Project team is pleased to announce the release of 389-ds-base-1.2.10.a8. 1.2.10 has some new features and fixes for bugs found in 1.2.10 testing and bugs from earlier releases. There is also a 389-admin package in testing NEW: EL6 support Beginning with RHEL 6.2, the 389-ds-base package is included in the base OS. Therefore, the 389-ds-base package can no longer be provided via EPEL, due to RHEL/EPEL packaging restrictions. However, the 389 Project will still make the full 389-ds-base package available via http://repos.fedorapeople.org/repos/rmeggins/389-ds-base. See http://directory.fedoraproject.org/wiki/Download for more information. NEW: Issue Tracking System We have moved our ticket tracking system from the Red Hat Bugzilla https://bugzilla.redhat.com/enter_bug.cgi?product=389 to our Fedora Hosted Trac https://fedorahosted.org/389. All of the old 389 bugs have been copied to Trac. All new bugs, feature requests, and tasks should be entered in Trac NEW: Plugin Authors WARNING: Plugins should be made transaction aware so that they can be called from within a backend pre/post transaction plugin. Otherwise, attempting to perform an internal operation will cause a deadlock. See http://directory.fedoraproject.org/wiki/Plugins Installation yum install --enablerepo=updates-testing 389-ds # or for EPEL yum install --enablerepo=epel-testing [--enablerepo=epel-testing-389-ds-base] 389-ds setup-ds-admin.pl Upgrade yum upgrade --enablerepo=updates-testing 389-ds-base idm-console-framework 389-admin 389-ds-console 389-admin-console # or for EPEL yum upgrade --enablerepo=epel-testing [--enablerepo=epel-testing-389-ds-base] 389-ds-base idm-console-framework 389-admin 389-ds-console 389-admin-console setup-ds-admin.pl -u How to Give Feedback The best way to provide feedback is via the Fedora Update system. * Go to https://admin.fedoraproject.org/updates * In the Search box in the upper right hand corner, type in the name of the package * In the list, find the version and release you are using (if you're not sure, use rpm -qi <package name> on your system) and click on the release * On the page for the update, scroll down to "Add a comment" and provide your input Or just send us an email to 389-users(a)lists.fedoraproject.org Reporting Issues https://fedorahosted.org/389 More Information * Release Notes - http://port389.org/wiki/Release_Notes * Install_Guide - http://port389.org/wiki/Install_Guide * Download - http://port389.org/wiki/Download

1 0

Re: [389-users] Problems with Database Import.
by Dan H. Eicher 27 Jan '12

27 Jan '12

Rich/All, I finally got my ldif to import. I found I had a small number of groups with bogus information in their records (I'll include one actual example below). Once these couple of entries where removed/corrected, everything imported. I have also including the specific on 389 / fedora version-ing information. The use of:*fedora-idm-console -D 9 2>&1 |tee console.log - was invaluable.* [dhe@localhost testdump]$ rpm -qi 389-ds-base Name : 389-ds-base Version : 1.2.10 Release : 0.5.a5.fc16 Architecture: x86_64 Install Date: Tue 17 Jan 2012 03:29:47 PM EST Group : System Environment/Daemons Size : 4907156 License : GPLv2 with exceptions Signature : RSA/SHA256, Fri 04 Nov 2011 02:31:54 PM EDT, Key ID 067f00b6a82ba4b7 Source RPM : 389-ds-base-1.2.10-0.5.a5.fc16.src.rpm Build Date : Fri 04 Nov 2011 07:13:20 PM EDT Build Host : x86-17.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. [root@localhost testdump]# cat /etc/issue Fedora release 16 (Verne) Kernel \r on an \m (\l) [root@localhost testdump]# uname -a Linux localhost.localdomain 3.2.1-3.fc16.x86_64 #1 SMP Mon Jan 23 15:36:17 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux dn: cn=DRSS,ou=Groups,dc=localdomain modifyTimestamp: 20110909040227Z modifiersName: uid=suser,dc=localdomain cn: DRSS gidNumber: 11380 memberUid: u1 memberUid: u2 memberUid: u3 memberUid: u4 ntUserDomainId: DRSS objectClass: top objectClass: groupofuniquenames objectClass: posixgroup objectClass: ntgroup uniqueMember: uid=u1,u2,u3,u4,ou=Users,dc=localdomain >> This doesn't look like a unique Member.... -or- uniqueMember: uid= >> Null uniqueMember: uid=u1,ou=Users, dc=localdomain uniqueMember: uid=u2,ou=Users, dc=localdomain uniqueMember: uid=u3,ou=Users, dc=localdomain creatorsName: uid=suser,dc=localdomain createTimestamp: 20110909040111Z nsUniqueId: 4cd49801-da9811e0-90ddb7ef-aa3939d0 I guess the take away is, you can create garbage inside LDAP, export said garbage, but don't expect it to import. Is the result of having slapd die the normal behavior, or should a bug report be filled? Thanks for the help, Dan On 01/24/2012 03:21 PM, Rich Megginson wrote: > On 01/24/2012 12:25 PM, Dan H. Eicher wrote: >> >> Hi, >> I will answer publicly so others might get some benefit, but first a >> dumb questions. >> >> When I try to do a ldif2db from the command line, nothing gets >> added, I get an error message similar >> to: >> >> >> *[24/Jan/2012:10:56:06 >> -0500] >> >> - import userRoot: WARNING: Skipping entry >> >> "uid=myuser,ou=Users,dc=localdomain" which has no parent, >> >> ending at line 533175 of file "/testdump/dr-out-mod2" >> >> >> >> >> >> >> >> I manually added an ou called Users under localdomain - but >> >> still no joy. >> >> * > Right. import is not an "additive" operation, it is a "destructive" > operation. If you want the entry to be added, add it first to the > LDIF file. That means your ldif file will first need an entry for > dc=localdomain, then under that an entry for *ou=Users,dc=localdomain, > then your user entries.* >> * >> >> >> >> >> >> Import Database does not seem to have this issue with no >> >> parent, but Initialize Database which is running now, seems >> to >> >> also. >> >> * > Right. In console "import" is additive and "initialize" is destructive. >> * >> >> >> >> >> >> Any tips? >> >> >> >> >> >> >> >> Thanks, >> >> >> >> Dan >> >> >> >> >> >> >> >> * >> >> >> >> On 01/23/2012 04:07 PM, Rich Megginson wrote: >>> On 01/23/2012 02:05 PM, Dan H. Eicher wrote: >>>> I’m attempting to port my ldap database from one machine to >>>> another, the machine I am attempting to port to is running a newer >>>> version of 389. The target machine is build 2011.308.2312. >>>> >>>> On the source machine I do an db2ldif - all looks good. >>>> >>>> I go to the target machine and start fedora-console, open the >>>> directory server and choose import database. >>> Have you tried Initialize database? >>>> >>>> The first couple of thousand entries/users seem to go well, but >>>> then by looking at both my ldif source file and the contents of my >>>> reject file after one particular user I get: >>>> >>>> Error adding object 'dn: uid=ctuser,ou=Users,dc=localdomain'. The >>>> error sent by the server was 'Cannot connect to the LDAP server'. >>> Did the server then crash? Do you have a core file? What platform? >>> What version is the target machine? rpm -qi 389-ds-base >>>> >>>> Every new user after that fails to be added. >>>> >>>> The import appears to complete and slapd doesn’t stop. >>>> >>>> Any tips here on how I can resolve this? >>> You could try to use ldif2db from the command line on the target >>> machine. >>>> >>>> Thanks, >>>> Dan >>>> -- >>>> 389 users mailing list >>>> 389-users(a)lists.fedoraproject.org >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >> >

2 3

CN=Monitor 3.0 released
by Andreas Andersson 26 Jan '12

26 Jan '12

Hi! It has been over a year ago since I sent out information about CN=Monitor on this mailing list. It's a web based monitoring application with focus on directory server performance and configuration verification. From single installed servers to large scaled deployments with main focus on 389/RHDS and other directory servers. Just wanted to let you know that I recently released version 3.0 and would appreciate feedback and ideas for future versions. http://cnmonitor.sourceforge.net Best Regards – Andreas

1 0

dirsrv-admin stat not working
by Dan Whitmire 26 Jan '12

26 Jan '12

I am having a terrible time attempting to get dirsrv-admin working on Fedora 15. Can someone please help me? I have selinux in permissive mode. I have tried all that I know to do, so any advice is welcome. I get the following: # service dirsrv-admin start Starting dirsrv-admin: /usr/sbin/start-ds-admin: line 105: 2275 Segmentation fault $SELINUX_CMD $HTTPD $OMIT_DEFLATE -k start -f /etc/dirsrv/admin-serv/httpd.conf "$@" The logs are as follows: /var/log/messages Jan 20 10:12:42 SonshineServer kernel: [ 1779.299009] httpd.worker[2275]: segfault at 10 ip 00007fdc0f5019b0 sp 00007fff855d6528 error 4 in libpthread-2.14.1.so[7fdc0f4f8000+16000] /var/log/dirsrv/admin-serv/error [Fri Jan 20 10:12:42 2012] [error] Could not bind as []: ldap error -1: Can't contact LDAP server [Fri Jan 20 10:12:42 2012] [error] Could not bind as []: ldap error -1: Can't contact LDAP server [Fri Jan 20 10:12:42 2012] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache. [Fri Jan 20 10:12:42 2012] [notice] Access Host filter is: *.SonshineAccess.com [Fri Jan 20 10:12:42 2012] [notice] Access Address filter is: * /var/log/audit/audit.log type=CRED_DISP msg=audit(1327075262.337:65): user pid=2144 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1327075262.373:66): user pid=2144 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=ANOM_ABEND msg=audit(1327075962.009:67): auid=500 uid=0 gid=0 ses=1 subj=unconfined_u:system_r:httpd_t:s0 pid=2275 comm="httpd.worker" sig=11

4 6

Problems with Database Import.
by Dan H. Eicher 23 Jan '12

23 Jan '12

I’m attempting to port my ldap database from one machine to another, the machine I am attempting to port to is running a newer version of 389. The target machine is build 2011.308.2312. On the source machine I do an db2ldif - all looks good. I go to the target machine and start fedora-console, open the directory server and choose import database. The first couple of thousand entries/users seem to go well, but then by looking at both my ldif source file and the contents of my reject file after one particular user I get: Error adding object 'dn: uid=ctuser,ou=Users,dc=localdomain'. The error sent by the server was 'Cannot connect to the LDAP server'. Every new user after that fails to be added. The import appears to complete and slapd doesn’t stop. Any tips here on how I can resolve this? Thanks, Dan

2 1

389DS very slow shutdown
by Diego Woitasen 22 Jan '12

22 Jan '12

Hi, I have a weird problem with 389DS. It takes more than 5 minutes to shutdown. The init script sends a SIGTERM to the process and it finishes clean. That's clear looking at the log file too: grep "slapd shutting down" errors [10/Nov/2011:17:55:52 -0300] - slapd shutting down - waiting for 22 threads to terminate [10/Nov/2011:17:55:52 -0300] - slapd shutting down - closing down internal subsystems and plugins [10/Nov/2011:17:55:52 -0300] - slapd shutting down - waiting for backends to close down [10/Nov/2011:18:01:41 -0300] - slapd shutting down - backends closed down First I thought that I was related to my 150 DBs but I created a test case with a clean server, 150 DBs and 10.000 entries and the shutdown takes 2 seconds. The only weird thing that I see is the dse.ldif.tmp file being truncated and written and again and again... several times until shutdown. Strace shows me that the process is writting configuration entries too. I'm using DS 1.2.9.9 (same problem with 1.2.8.3) on Debian Squeeze. I set errorlevel to 1 but I don't know is there is something interesting in the log. I upload the log here if someone want to have a look: http://main.woitasen.com.ar/errors What can I do to start to discover what's happening here? Regards, Diego -- Diego Woitasen

2 4

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users January 2012