I have several questions about syntax and attributes, hope you can help me.
- Why the attribute mail in DS is case sensitive?? Is there any problem
changing it to non case sensitive? If there is no problem, how can I modify
- I have a problem whit the syntax of the nsViewFilter attribute, the value
of the attribute is: (ou=*ou=D. PERIÓDICO,o=xxxxx,dc=xxxx,dc=xxxx). I guess
the problem is the character "Ó" but if it is possible to create the ou
with special characters, should be possible create a nsViewFilter with
special characters to??? (389DS 1.2.5)
- I have read about the attribute nsslapd-allidsthreshold and its use in
older versions. I have 389DS 1.2.5, have I to use it or it is deprecated???
I have search this parameters in my ldap servers and someones have it, and
others don't, maybe this behaviour is because of actualizations of the DS
but I would like to know if in 1.2.5 is needed or if i can delete it.
Thank you in advance.
I'm wondering if this is a bug in the logging of CMP operations. What we have empirically determined is the right thing is happening but the log is not indicating a CMP of a member attribute against a specific DN which is NOT any of the DNs in the log snippet below. The dn="" is the area of concern on the CMP operation. If you're interested, we are using the pam ldap client on RHEL6 to generate this behavior.
DS is 126.96.36.199 on RHEL5
[01/May/2012:10:55:52 -0400] conn=143810 op=0 BIND dn="uid=compserv-unix-nss,ou=Specials,dc=cmu,dc=edu" method=128 version=3
[01/May/2012:10:55:52 -0400] conn=143810 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=compserv-unix-nss,ou=specials,dc=cmu,dc=edu"
[01/May/2012:10:55:52 -0400] conn=143810 op=1 SRCH base="dc=cmu,dc=edu" scope=2 filter="(uid=gettes)" attrs="host authorizedService shadowExpire shadowFlag shadowInactive shadowLastChange shadowMax shadowMin shadowWarning uidNumber"
[01/May/2012:10:55:52 -0400] conn=143810 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[01/May/2012:10:55:52 -0400] conn=143810 op=2 CMP dn="" attr="member"
[01/May/2012:10:55:52 -0400] conn=143810 op=2 RESULT err=5 tag=111 nentries=0 etime=0
[01/May/2012:10:55:52 -0400] conn=143810 op=3 UNBIND
I think I made a mistake but not sure what.
I successfully installed the Server Certs and CA certs generated from my
dogtag CA. I set all the necessary parameters. I confirmed that the
New Certificates were installed and restarted the directory server. Now
I get the error message in /var/log/dirsrv/slapd-SonshineServer/errors
[30/Apr/2012:21:57:16 -0500] - SSL alert: Security Initialization:
Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O
error occurred during security authorization.)
[30/Apr/2012:21:57:16 -0500] - ERROR: SSL Initialization Failed.
Any ideas on what I can do to fix the problem would be greatly
appreciated. I'm on F15 and updated my 389 packages to the following:
Hello, all. We would like to enforce unique cn for groupofuniquenames
only and only under a specific part of the DIT.
I'll illustrate with:
So we want to enforce unique CNs on groups under Internal but not under
External and only CNs on groups (because our current DN based uniqueness
constraint on CN means we can't create multiple password policy
nscontainer objects under Internal).
If we configure set nsslapd-pluginarg1 to
"O=Internal,DC=mycompany,DC=com", we enforce uniqueness in that
container but for all objects.
Although we haven't tried it (lest we create a bigger problem than we
already have!), I believe it we set nsslapd-pluginarg1 to
markerObjectClass=O and nsslapd-pluginarg2 to
requiredObjectClass=groupofuniquenames, it will enforce CN uniqueness on
groups but will do so both in Internal AND External. Is that correct?
So is it possible to combine them somehow to achieve what we want?
Thanks - John