Using JNDI and 389DS
by Chaudhari, Rohit K.
Hey everyone,
I need help implementing a client-server SSL connection. I've been researching on the web and I have no idea how to get my Java application to talk to the 389DS securely. I have been looking into keytool and JSSE, but there is no clear cut explanation on how it should be done. I have a self-signed CA certificate that I created using certutil, and then a server certificate generated from that self-signed CA. Is there anyone who knows a path to a solution?
Thanks,
Rohit
11 years, 1 month
389-ds-base-devel and rhel6
by Robert Viduya
I'm trying to set up 389 on an RHEL6 server, all our previous installs have been on RHEL5 or earlier. We have a locally developed plugin and we need the include files from package 389-ds-base-devel. I've got both epel and epel-389-ds-base configured as repos. However, yum is balking at installing that particular dev package with the following:
Error: Package: 389-ds-base-devel-1.2.10.26-1.el6_3.x86_64 (epel-389-ds-base)
Requires: svrcore-devel
Error: Package: 389-ds-base-devel-1.2.10.26-1.el6_3.x86_64 (epel-389-ds-base)
Requires: 389-ds-base-libs = 1.2.10.26-1.el6_3
Available: 389-ds-base-libs-1.2.8.2-1.el6.i686 (rhel-x86_64-server-6)
389-ds-base-libs = 1.2.8.2-1.el6
Available: 389-ds-base-libs-1.2.8.2-1.el6_1.3.i686 (rhel-x86_64-server-6)
389-ds-base-libs = 1.2.8.2-1.el6_1.3
Available: 389-ds-base-libs-1.2.9.14-1.el6.i686 (rhel-x86_64-server-6)
389-ds-base-libs = 1.2.9.14-1.el6
Available: 389-ds-base-libs-1.2.9.14-1.el6_2.2.i686 (rhel-x86_64-server-6)
389-ds-base-libs = 1.2.9.14-1.el6_2.2
Available: 389-ds-base-libs-1.2.10.2-15.el6.i686 (rhel-x86_64-server-6)
389-ds-base-libs = 1.2.10.2-15.el6
Available: 389-ds-base-libs-1.2.10.2-18.el6_3.i686 (rhel-x86_64-server-6)
389-ds-base-libs = 1.2.10.2-18.el6_3
Available: 389-ds-base-libs-1.2.10.2-20.el6_3.i686 (rhel-x86_64-server-6)
389-ds-base-libs = 1.2.10.2-20.el6_3
Available: 389-ds-base-libs-1.2.10.12-1.el6.x86_64 (epel-389-ds-base)
389-ds-base-libs = 1.2.10.12-1.el6
Available: 389-ds-base-libs-1.2.10.14-1.el6.x86_64 (epel-389-ds-base)
389-ds-base-libs = 1.2.10.14-1.el6
Available: 389-ds-base-libs-1.2.10.26-1.el6_3.x86_64 (epel-389-ds-base)
389-ds-base-libs = 1.2.10.26-1.el6_3
Available: 389-ds-base-libs-1.2.11.15-11.el6.i686 (rhel-x86_64-server-6)
389-ds-base-libs = 1.2.11.15-11.el6
Available: 389-ds-base-libs-1.2.11.15-12.el6_4.i686 (rhel-x86_64-server-6)
389-ds-base-libs = 1.2.11.15-12.el6_4
I've tried enabling and disabling either repo with no success. Am I missing something simple?
11 years, 1 month
Using JNDI and 389DS
by Chaudhari, Rohit K.
Hey everyone,
I need help implementing a client-server SSL connection. I've been researching on the web and I have no idea how to get my Java application to talk to the 389DS securely. I have been looking into keytool and JSSE, but there is no clear cut explanation on how it should be done. I have a self-signed CA certificate that I created using certutil, and then a server certificate generated from that self-signed CA. Is there anyone who knows a path to a solution?
Thanks,
Rohit
11 years, 1 month
dsadmin python library
by Roberto Polli
Hi Rich,
why don't move the useful dsadmin python library in a separate repo?
I could contribute:
* doc
* code refactoring with new-style classes
* some more exception stuff
Let me know + Peace,
R.
--
Roberto Polli
Community Manager
Babel S.r.l. - http://www.babel.it
T: +39.06.9826.9651 M: +39.340.652.2736 F: +39.06.9826.9680
P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma)
CONFIDENZIALE: Questo messaggio ed i suoi allegati sono di carattere
confidenziale per i destinatari in indirizzo.
E' vietato l'inoltro non autorizzato a destinatari diversi da quelli indicati
nel messaggio originale.
Se ricevuto per errore, l'uso del contenuto e' proibito; si prega di
comunicarlo al mittente e cancellarlo immediatamente.
11 years, 1 month
389 hang while upgrading from 1.2.2 to 1.2.10
by Roberto Polli
Hi all,
while upgrading with yum from 1.2.2 to 1.2.10, 389 hang while in ns-slapd
upgradedb.
gdb says it's in ldbm_ancestorid_create_index(), but it's running from 3hrs
on
an almost-empty database (there are just a few test entries).
Can somebody shed some light on that?
Thank you very much + Peace,
R.
--
Roberto Polli
Community Manager
Babel S.r.l. - http://www.babel.it
T: +39.06.9826.9651 M: +39.340.652.2736 F: +39.06.9826.9680
P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma)
CONFIDENZIALE: Questo messaggio ed i suoi allegati sono di carattere
confidenziale per i destinatari in indirizzo.
E' vietato l'inoltro non autorizzato a destinatari diversi da quelli indicati
nel messaggio originale.
Se ricevuto per errore, l'uso del contenuto e' proibito; si prega di
comunicarlo al mittente e cancellarlo immediatamente.
11 years, 1 month
Hiring for project
by Mike
Hello,
I'd like to hire someone to remotely setup and configure 389 directory
server running in vm's in my xen environment. I'm looking for a HA
configuration involving multimaster replication to serve in an ISP
environment, and secondly I am also wanting to import an existing ldap
with it's schema and data. I personally prefer debian but am willing to
go with whatever you are most comfortable with in order that the final
result meets my expectations for correctness and stability. I expect to
pay for quality work, and that someone with prior experience here likely
could get this done in a very reasonable amount of time.
Interested persons please send me a proposal including a brief
description of your experience as relates to this sort of work as well
as a quote for the work. I'd prefer a flat rate but everything is
negotiable. Job will likely be filled quickly so please respond soon.
Thank you.
Mike-
11 years, 1 month
Announcing 389 Directory Server Gateway version 1.1.10
by Mark Reynolds
The 389 Directory Server team is proud to announce 389-dsgw version 1.1.10.
Fedora packages are available from the Fedora 18 Testing repositories.
It will move to the Fedora 18 Stable repositories once it has received
enough karma in Bodhi. We encourage you to test and provide feedback
here in order to speed up the push to the Stable repositories.
The new packages and versions are:
389-dsgw-1.1.10-1
A source tarball is available for download at
http://port389.org/sources/389-dsgw-1.1.10.tar.bz2
Highlights in 1.1.10
Fixed format string errors that allowed for buffer overflows.
Installation and Upgrade
See Download for information about setting up your yum repositories.
To install, use yum install 389-dsgw
yum install 389-dsgw
To upgrade, use yum upgrade
yum upgrade
See Source for information about source tarballs and SCM (git) access.
Feedback
We are very interested in your feedback!
Please provide feedback and comments to the 389-users mailing list:
https://admin.fedoraproject.org/mailman/listinfo/389-users
If you find a bug, or would like to see a new feature, file it in
our Trac instance: https://fedorahosted.org/389
Detailed Changelog since 1.1.9
Mark Reynolds (2):
bump version to 1.1.10
https://fedorahosted.org/389/ticket/606 Ticket 606 - Format string
errors
--
Mark Reynolds
Red Hat, Inc
mreynolds(a)redhat.com
11 years, 1 month
Announcing 389 Directory Server version 1.3.0.4
by Mark Reynolds
The 389 Directory Server team is proud to announce 389-ds-base version
1.3.0.4.
The new packages and versions are:
389-ds-base-1.3.0.4-1
A source tarball is available for download at
http://port389.org/sources/389-ds-base-1.3.0.4.tar.bz2
Highlights in 1.3.0.4
Fix crash caused by a invalid control
Fix crash when attempting to delete a tombstone.
Fix issue with replication interfering with certain modify operations.
Improved role performance.
Installation and Upgrade
See Download for information about setting up your yum repositories.
To install, use yum install 389-ds
yum install 389-ds
After install completes, run setup-ds-admin.pl to set up your
directory server.
setup-ds-admin.pl
To upgrade, use yum upgrade
yum upgrade
After upgrade completes, run setup-ds-admin.pl -u to update your
directory server/admin server/console information.
setup-ds-admin.pl -u
Feedback
We are very interested in your feedback!
Please provide feedback and comments to the 389-users mailing list:
https://admin.fedoraproject.org/mailman/listinfo/389-users
If you find a bug, or would like to see a new feature, file it in
our Trac instance: https://fedorahosted.org/389
Detailed Changelog since 1.3.0.3
Mark Reynolds (3):
bump version to 1.3.0.4
Ticket 570 - DS returns error 20 when replacing values of a
multi-valued attribute (only when replication is enabled)
Ticket 590 - ns-slapd segfaults while trying to delete a tombstone
entry
Noriko Hosoi (2):
Ticket #490 - Slow role performance
Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of
service vulnerability in handling of LDAPv3 control data
--
Mark Reynolds
Red Hat, Inc
mreynolds(a)redhat.com
11 years, 1 month
Announcing 389 Directory Server version 1.2.11.19
by Mark Reynolds
The 389 Directory Server team is proud to announce 389-ds-base version
1.2.11.19.
Fedora packages are available from the Fedora 18 Testing repositories.
It will move to the Fedora 18 Stable repositories once it has received
enough karma in Bodhi. We encourage you to test and provide feedback
here in order to speed up the push to the Stable repositories.
The new packages and versions are:
389-ds-base-1.2.11.19-1
A source tarball is available for download at
http://port389.org/sources/389-ds-base-1.2.11.19.tar.bz2
Highlights in 1.2.11.19
Fixed security issue with invalid controls.
Fixed crash casued by trying to delete a tombstone entry.
Fixed issue where the dse.ldif can get corrupted.
Fixed erroneous error message from WinSync.
Improved DNA plugin startup process.
Fixed issue where an invalid chaining plugin configuration would
accidentally casue the server to shutdown.
Fixed issue with replication interfering with certain modify
operations.
Fixed some ememory leaks.
Fixed issue with the PAM plugin schema not being upgraded correctly.
Installation and Upgrade
See Download for information about setting up your yum repositories.
To install, use yum install 389-ds
yum install 389-ds
After install completes, run setup-ds-admin.pl to set up your
directory server.
setup-ds-admin.pl
To upgrade, use yum upgrade
yum upgrade
After upgrade completes, run setup-ds-admin.pl -u to update your
directory server/admin server/console information.
setup-ds-admin.pl -u
Feedback
We are very interested in your feedback!
Please provide feedback and comments to the 389-users mailing list:
https://admin.fedoraproject.org/mailman/listinfo/389-users
If you find a bug, or would like to see a new feature, file it in
our Trac instance: https://fedorahosted.org/389
Detailed Changelog since 1.2.11.18
Noriko Hosoi (5):
Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of
service vulnerability in handling of LDAPv3 control data
Ticket 579 - Error messages encountered when using POSIX winsync
Ticket 576 - DNA: use event queue for config update only at the
start up
Ticket 572 - PamConfig schema not updated during upgrade
Bug 906005 - Valgrind reports memleak in
modify_update_last_modified_attr
Mark Reynolds (4):
bump version to 1.2.11.19
Ticket 570 - DS returns error 20 when replacing values of a
multi-valued attribute (only when replication is enabled)
Ticket 590 - ns-slapd segfaults while trying to delete a tombstone
entry
Ticket 367 - Invalid chaining config triggers a disk full error and
shutdown
Ludwig Krispenz (1):
Ticket #518 - dse.ldif is 0 length after server kill or machine kill
--
Mark Reynolds
Red Hat, Inc
mreynolds(a)redhat.com
11 years, 1 month
Forwarding client requests to AD
by David Barr
Good Morning,
I'm afraid my Google-fu is failing me, this morning. Synchronizing 389-ds with Active Directory is well understood.[1] However, for various non-technical reasons, I won't be able to do that for this environment.
What I need 389-ds to do is receive an ID/Auth requests from an LDAP client, forward that request into the AD environment, and then pass the response back to the end client. I suppose I would be tasking 389-ds to act as an AD proxy server, without doing full synchronization.
For bonus points, I will be loading sudoers information[2] into 389-ds and using it for *nix privilege authorization. So, "ou=SUDOers,dc=example,dc=com" would be locally served, while "ou=People,dc=example,dc=com" and "ou=Groups,dc=example,dc=com" would be forwarded. (My SudoUser attributes will use user and group names returned from AD.)
Is using 389-ds as a AD proxy documented somewhere? Am I just not finding it?
Thanks!
David
[1] - http://directory.fedoraproject.org/wiki/Howto:WindowsSync
[2] - http://www.sudo.ws/sudoers.ldap.man.html
--
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
Werner Heisenberg is driving down the autobahn. A police officer pulls
him over. The officer says, "Excuse me, sir, do you know how fast you
were going?"
"No," replies Dr. Heisenberg, "but I know where I am."
11 years, 1 month