When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS.
When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well.
I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also.
Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration.
You Run Your Business. We'll Run Your Email.
This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.
I would like to know how can I confiige my console to see the stats for
"Connection Status "windows there 4-5 columns :TIme Opened,Started but
can't see any fields entries in my 389-admin GUI for thist particular
we are trying to cfg the DNA pluging the, ldap host has two dc's :
dc =top1,dc=net and dc=top2,dc=net I have added the extra
ldapmodify add using :
Now I would like to extend this attribute to next dc =top2 but running
ldapmodify with new entry for dnascope fails, see bellow the last lines:
adding new entry "cn=Numeric ID,cn=Distributed Numeric Assignment
ldap_add: Already exists (68)
Please advise how can you add mutiple dc's values
In short: Can I use Class of Service together with Host Based Attributes? It doesn't work for me.
The directory server uses Host Based Attributes to give different loginshell on servers and desktops. The idea is that on a desktop machine a user can use /bin/bash as the shell. But on a server the users get /bin/bash4, which is a patched bash with audit logging. (And is not installed on desktops).
So a user entry looks like this:
And then on a server there is this line in sssd.conf:
ldap_user_shell = loginShell;bash4
And everybody is happy.
The problem is I have to remember to add the `loginShell` and `loginShell;bash4` attributes to all new users, otherwise the user cannot log in and not everybody is happy.
To achieve this I've added Class of Service to have defaults for both of those loginshell attributes like this:
dn: cn=user defaults cos,ou=people,dc=example,dc=com
costemplatedn: cn=cos template,cn=user defaults cos,ou=people,dc=example,dc=com
cosattribute: loginshell;bash4 override
And the matching template:
dn: cn=cos template,cn=user defaults cos,ou=people,dc=example,dc=com
After this I deleted both `loginShell` and `loginShell;bash4` attributes from the user entries. And this works well for the `loginshell` attribute, ldapsearch returns `loginShell: /bin/bash`, even if the user doesn't have `loginShell` at all, this is exactly what I want. But it doesn't work for the `loginshell;bash4` attribute, ldapsearch doesn't return `loginShell;bash4`, even if I try to query it directly. Is this a limitation of the implementation or am I doing something wrong?
Have a nice day,
Has anyone authored code to parse a 389 Directory Server's access.log
file(s) with an aim of generating audit events based around the LDAP
request type. Basically, take the log sequence
[21/Apr/2007:11:39:51 -0700] conn=11 fd=608 slot=608 connection from
220.127.116.11 to 18.104.22.168
[21/Apr/2007:11:39:51 -0700] conn=11 op=0 BIND dn="cn=Directory
Manager" method=128 version=3
[21/Apr/2007:11:39:51 -0700] conn=11 op=0 RESULT err=0 tag=97
[21/Apr/2007:11:39:51 -0700] conn=11 op=1 SRCH
base="dc=example,dc=com" scope=2 filter="(uid=bjensen)"
[21/Apr/2007:11:39:51 -0700] conn=11 op=1 RESULT err=0 tag=101
nentries=1 etime=1000 notes=U
[21/Apr/2007:11:39:51 -0700] conn=11 op=2 UNBIND
[21/Apr/2007:11:39:51 -0700] conn=11 op=2 fd=608 closed - U1
And turn this into an audit event with
a date/time (21/Apr/2007:11:39:51 -0700), a client location
(22.214.171.124), server location (126.96.36.199), a user (cn=Directory
Manager), an event (SRCH) and event metadata of (query -
base="dc=example,dc=com" scope=2 filter="(uid=bjensen)", result set size
- 1, timetaken = 1000 sec, etc)
The logconv.pl script seems to do all sorts of analysis, but no event
Thanks in advance
I am running into an issue with adding temporary trusted certs to 389 directory server running on redhat 6.6.
I have been following this guide step by step to install self-signed certs: https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/...
After generating the certs using certutil, and adding them as trusted certs in 389, I check the enable ssl checkbox in the 389 directory console.
I continue to follow the next steps until I reset the dirsrv service. The dirsrv service will not restart. Error message (notice I changed the secure port to 1636 this time but get same results leaving it as 636):
[10/Jul/2015:08:35:23 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[10/Jul/2015:08:38:58 -0600] - The change of nsslapd-secureport will not take effect until the server is restarted
[10/Jul/2015:08:39:49 -0600] - slapd shutting down - signaling operation threads
[10/Jul/2015:08:39:49 -0600] - slapd shutting down - waiting for 27 threads to terminate
[10/Jul/2015:08:39:49 -0600] - slapd shutting down - closing down internal subsystems and plugins
[10/Jul/2015:08:39:49 -0600] - Waiting for 4 database threads to stop
[10/Jul/2015:08:39:49 -0600] - All database threads now stopped
[10/Jul/2015:08:39:49 -0600] - slapd stopped.
[10/Jul/2015:08:39:52 -0600] createprlistensockets - PR_Bind() on All Interfaces port 1636 failed: Netscape Portable Runtime error -5966 (Access Denied.)
Do any of you have any ideas of what is causing this issue or what I may be doing wrong? If you need more information please do not hesitate to ask.