389-users January 2015

389-users@lists.fedoraproject.org

23 participants
25 discussions

by Jean Félix DESIR

Hi, I'am facing this import issue: I can't add this attribut to a object on my 389 DS: dn: cn=template,ou=services,ou=profiles,ou=Authent,dc=region,dc=enterprise,dc=net rbClientDnsPri: XXXXXXX *rbForwardPolicy: MYVALUE* rbContextName: PPP objectClass: top objectClass: radiusaccount objectClass: costemplate cn: template framedRouting: None framedProtocol: PPP framedIpNetmask: 255.255.255.255 framedCompression: Van-Jacobson-TCP-IP ldapadd -x -D "cn=Directory manager" -f ouservices.ldif -W Enter LDAP Password: adding new entry "cn=template,ou=services,ou=profiles,ou=Authent,dc=region,dc=enterprise,dc=net" ldap_add: Invalid syntax (21) additional info:* rbForwardPolicy*: value #0 invalid per syntax MY Schema definition objectClasses: ( RadAccount-oid NAME 'RadAccount' SUP top STRUCTURAL MAY( checkTunnelType $ filterID $ framedCompression $ framedIpAddress $ framedIpNetmask $ framedMtu $ framedProtocol $ framedRoute $ framedRouting $ msvBwProfile $ ServiceProfile $ rbAgentCircuitId $ rbClientDnsPri $ rbClientDnsSec $ rbContextName $ rbDhcpMaxLeases $* rbForwardPolicy *$ rbHttpRedirectProfileName $ rbIpAddressPoolName $ rbIpInterface $ rbNatPolicyName $ rbQosMeteringProfileName $ rbQosPolicingProfileName $ rbQosPq $ rbQosQueueingProfileName $ rbQosRateOutbound $ rbSessionTimeout $ rbShapingProfileName $ rbSubscriberProfileName $ TunnelAssignmentID $ tunnelClientEndpoint $ tunnelID $ tunnelMediumType $ tunnelServerEndpoint $ tunnelType ) X-ORIGIN 'user defined' ) objectClasses: ( RadiusAccount-oid NAME 'RadiusAccount' SUP top STRUCTURAL MUST cn MAY ( checkTunnelType $ filterID $ framedCompression $ framedIpAddress $ framedIpNetmask $ framedMtu $ framedProtocol $ framedRoute $ framedRouting $ msvBwProfile $ msvServiceProfile $ rbAgentCircuitId $ rbClientDnsPri $ rbClientDnsSec $ rbContextName $ rbDhcpMaxLeases $ *rbForwardPolicy *$ rbHttpRedirectProfileName $ rbIpAddressPoolName $ rbIpInterface $ rbNatPolicyName $ rbQosMeteringProfileName $ rbQosPolicingProfileName $ rbQosPq $ rbQosQueueingProfileName $ rbQosRateOutbound $ rbSessionTimeout $ rbShapingProfileName $ rbSubscriberProfileName $ TunnelAssignmentID $ tunnelClientEndpoint $ tunnelID $ tunnelMediumType $ tunnelServerEndpoint $ tunnelType $ uid $ userPassword ) X-ORIGIN 'user defined' ) attributeTypes: ( rbForwardPolicy-oid NAME *'rbForwardPolicy*' DESC 'Redback RADIUS RB-Forward-Policy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN 'user defined' ) What am i doing wrong? Best regards

9 years, 3 months

2
2
0 / 0

repl5_inc_waitfor_async_results

by shardulsk

Hi, Running 389-ds 1.1.2 on Centos 5. We have suddenly seen repl5_inc_waitfor_async_results errors crop up in our error log during peak traffic hours. The Master loses sight of Hubs and replication stalls. Most of the times it comes right back up after a couple of mins. However we have been restarting Hubs to make the process quicker. tail -f errors [08/Jan/2015:02:42:08 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub1" (hub1:2390): Simple bind resumed [08/Jan/2015:09:04:38 -0800] - repl5_inc_waitfor_async_results timed out waiting for responses: 0 34222 [08/Jan/2015:09:05:18 -0800] - repl5_inc_waitfor_async_results timed out waiting for responses: 0 33499 [08/Jan/2015:09:05:37 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub2" (hub1:2390): Warning: unable to receive endReplication extended operation response (Can't contact LDAP server) [08/Jan/2015:09:05:37 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub2" (hub1:2390): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error -5961 (TCP connection reset by peer.) [08/Jan/2015:09:05:59 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub2" (hub1:2390): Simple bind resumed [08/Jan/2015:09:07:43 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub1" (hub1:2390): Warning: unable to receive endReplication extended operation response (Can't contact LDAP server) [08/Jan/2015:09:07:43 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub1" (hub1:2390): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error -5961 (TCP connection reset by peer.) [08/Jan/2015:09:08:05 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub1" (hub1:2390): Simple bind resumed Any idea what is causing this? I checked ADD/DEL operations during the outage and none of them stand out. No MOD errors and all MODs completed within a second. ~Shardul

9 years, 3 months

2
6
0 / 0

Recreating replica agreements

by carne_de_passaro

Hello guys, I am planning to recreate my replica agreements, which today uses SSL on port 636, to use startTLS on port 389. My question is: Do I have to reinitialize the databases of the agreements that I recreate? I'm using the 389-ds-base-1.2.11.15-34.el6_5.x86_64. Thanks in advance. Danilo

9 years, 3 months

2
2
0 / 0

Unable to start dirsrv-admin after securing ldap

by Charlie Mordant

Hi contact experts! I’m trying to make a future OSS contribution making an OPSCode Chef recipe to install a secure LDAP. I (barely) migrate and use the https://github.com/richm/scripts/blob/master/setupssl2.sh#L238 shell to secure a provisionned LDAP, but while executed, restarting dirsrv-admin led me to an error: [code] [Sat Jan 03 18:19:36.940462 2015] [:info] [pid 8266:tid 140486247127104] Server: Apache/2.4.6, Interface: mod_nss/2.4.6, Library: NSS/3.15.2 Basic ECC [Sat Jan 03 18:19:36.940490 2015] [:debug] [pid 8266:tid 140486247127104] mod_admserv/mod_admserv.c(2467): Entering mod_admserv_post_config - pid is [8266] init count is [0] [Sat Jan 03 18:19:36.940495 2015] [:debug] [pid 8266:tid 140486247127104] mod_admserv/mod_admserv.c(2295): Entering do_admserv_post_config - pid is [8266] [Sat Jan 03 18:19:36.940498 2015] [:debug] [pid 8266:tid 140486247127104] mod_admserv/mod_admserv.c(2303): Entering do_admserv_post_config - init count is [1] [Sat Jan 03 18:19:36.940506 2015] [:debug] [pid 8266:tid 140486247127104] mod_admserv/mod_admserv.c(2327): [8266] Cache expiration set to 600 seconds [Sat Jan 03 18:19:36.943993 2015] [:debug] [pid 8266:tid 140486247127104] mod_admserv/mod_admserv.c(2431): Added StartConfigDs task entry [cn=startconfigds,cn=operation,cn=tasks,cn=admin-serv-contacts,cn=389 administration server,cn=server group,cn=contacts.osgiliath.is-a-chef.net,ou=osgiliath.is-a-chef.net,o=nets caperoot:start_config_ds:] for user [LocalSuper] [Sat Jan 03 18:19:36.945579 2015] [:info] [pid 8266:tid 140486247127104] host_ip_init(): problem creating secure AdmldapInfo (error code = 4) [Sat Jan 03 18:19:36.945670 2015] [:crit] [pid 8266:tid 140486247127104] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) AH00016: Configuration Failed [Sat Jan 03 18:19:36.956655 2015] [:info] [pid 8266:tid 140486247127104] Shutting down SSL Session ID Cache [/code] Using certutil to list certificates looks good, restarting the (main) ldap is OK. Have you got any clue to debug/find the source of the error? Best regards, Charlie -- Charlie Mordant Full OsgiEE like stack: https://github.com/OsgiliathEnterprise/net.osgiliath.parent

9 years, 3 months

2
3
0 / 0

Crash 389ds

by Ivanov Andrey (M.)

We've just had a crash of one of 3 multi-master replicated 389ds (v1.3.2 latest patch from GIT). The only interesting message is in the error log: [07/Jan/2015:15:33:42 +0100] - entry2str_internal_ext: array boundary wrote: bufsize=17001 wrote=17226 audit log and access log show nothing particular at the same moment. last record in audit log before the crash: time: 20150107153340 dn: uid=some_login,ou=Etudiants,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu changetype: modify replace: lastLoginTime lastLoginTime: 20150107143336Z - replace: entryusn entryusn: 457510 - in access log nothing special either: [07/Jan/2015:15:33:33 +0100] conn=75663 op=10512 SRCH base="ou=utilisateurs,dc=id,dc=polytechnique,dc=edu" scope=2 filter="(&(uid=...)(objectClass=inetOrgPerson)(objectClass=X-Misc))" attrs="X-Vlan-WiFi X-Vlan-WiFi" [07/Jan/2015:15:33:33 +0100] conn=75663 op=10512 RESULT err=0 tag=101 nentries=1 etime=0.001000 [07/Jan/2015:15:33:33 +0100] conn=86232 fd=275 slot=275 connection from 129.104.69.16 to 129.104.247.8 [07/Jan/2015:15:33:33 +0100] conn=86232 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [07/Jan/2015:15:33:33 +0100] conn=86232 op=0 RESULT err=0 tag=120 nentries=0 etime=0.000000 [07/Jan/2015:15:33:33 +0100] conn=86232 SSL 128-bit AES [07/Jan/2015:15:33:33 +0100] conn=86232 op=1 BIND dn="uid=...,ou=Etudiants,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu" method=128 version=3 [07/Jan/2015:15:33:33 +0100] conn=86232 op=1 RESULT err=0 tag=97 nentries=0 etime=0.027000 dn="uid=...,ou=Etudiants,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu" [07/Jan/2015:15:33:33 +0100] conn=86232 op=2 UNBIND [07/Jan/2015:15:33:33 +0100] conn=86232 op=2 fd=275 closed - U1 Nothing unusual in the logs of the other two replicas either. No special charge, nothing unusual... I am unable to reproduce the crash. It looks like the bug https://fedorahosted.org/389/ticket/47360 . However, this bug was fixed an anyway no attributes were deleted at this moment.on any replica (audit.log is active everywhere) Any ideas? Thanks!

9 years, 3 months

2
1
0 / 0

← Newer
1
2
3
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users January 2015