389-console
by warron.french
I recently installed 389-ds-base-1.2.11.15-48.el6_6.x86_64 on my CentOS-6.6
machine.
The installation was a little different from my documentation that I
personally wrote up. No problem, I adapted.
Now however, the configuration and setup of DSes on my server don't quite
work the same way. I have in my document the command to run
setup-ds-admin.pl, but that script no longer exist.
No big deal, I ran setup-ds.pl instead (not really knowing the different
between the to versions). But there is still no 389-console anywhere to be
found with this version running on my server.
Where is the GUI tool that enables me to build DITs or dirsrv instances? I
used to use 389-console (the binary that interacted with my server's LDAP
instance that I created using setup-ds-admin.pl but I can't seem to find
the new version of this application. Was the tool entirely disbanded? Is
there no longer any support with a GUI tool and everything must be done
with command line using ldapadd/ldapmodify to insert and create the
appropriate OUs?
Please help, I don't want to try and fight and use openldap, I never got it
working and their user pool is not very helpful at all. It is the major
reason why I took the time to write my own installation instructions for my
organization.
Thank you.
--------------------------
Warron French
9 years, 2 months
Issues with Password Policy when password is about to expire (e.g date reached passwordExpirationTime attribute value)
by Predrag Zecevic [Unix Systems Administrator]
Hi all,
we are faced with strange issue (started in last 4-5months; tried to fix it ourselves - didn't worked):
our password policy require password change every 90 days... As soon as it reaches period (passwordExpirationTime) no one can log-in
until DM changes password (and thus resets passwordExpirationTime attribute).
So, how we can fix that (tried to search forums and Net, but no luck)?
Info:
$ uname -rosv
Linux 2.6.18-400.el5.028stab117.2 #1 SMP Wed Dec 17 17:19:54 MSK 2014 GNU/Linux
$ cat /etc/redhat-release
CentOS release 5.11 (Final)
$ rpm -qa | grep 389 | sort
389-admin-1.1.29-1.el5
389-admin-console-1.1.8-1.el5
389-admin-console-doc-1.1.8-1.el5
389-adminutil-1.1.20-1.el5
389-console-1.1.7-3.el5
389-ds-1.2.1-1.el5
389-ds-base-1.2.11.32-1.el5
389-ds-base-libs-1.2.11.32-1.el5
389-ds-console-1.2.6-1.el5
389-ds-console-doc-1.2.6-1.el5
389-dsgw-1.1.11-1.el5
[All 389 packages are installed from EPEL repository; SSLv3 disabled; only secure port is in use]
Our (in house) solution for password expiry notification is to get user's details from LDAP export (LDIF) file:
script greps for some attribute values from 'ou=People' and from 'cn=nsPwPolicyEntry' section for user and then check
passwordExpirationTime and passwordWarning attribute values and decide if e-mail to user has to be send in advance...
As soon as passwordExpirationTime value is reached, e.g. 20150201103158Z user is not able to authenticate against LDAP.
Case I have missed some existing solution, can someone point to it, or to any other suitable solution.
Thank you
Regards.
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zecevic(a)2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
"Rembrandt's first name was Beauregard, which is why he never used it." -- Dave Barry
9 years, 2 months