I would like to know how can I confiige my console to see the stats for
"Connection Status "windows there 4-5 columns :TIme Opened,Started but
can't see any fields entries in my 389-admin GUI for thist particular
we are trying to cfg the DNA pluging the, ldap host has two dc's :
dc =top1,dc=net and dc=top2,dc=net I have added the extra
ldapmodify add using :
Now I would like to extend this attribute to next dc =top2 but running
ldapmodify with new entry for dnascope fails, see bellow the last lines:
adding new entry "cn=Numeric ID,cn=Distributed Numeric Assignment
ldap_add: Already exists (68)
Please advise how can you add mutiple dc's values
In short: Can I use Class of Service together with Host Based Attributes? It doesn't work for me.
The directory server uses Host Based Attributes to give different loginshell on servers and desktops. The idea is that on a desktop machine a user can use /bin/bash as the shell. But on a server the users get /bin/bash4, which is a patched bash with audit logging. (And is not installed on desktops).
So a user entry looks like this:
And then on a server there is this line in sssd.conf:
ldap_user_shell = loginShell;bash4
And everybody is happy.
The problem is I have to remember to add the `loginShell` and `loginShell;bash4` attributes to all new users, otherwise the user cannot log in and not everybody is happy.
To achieve this I've added Class of Service to have defaults for both of those loginshell attributes like this:
dn: cn=user defaults cos,ou=people,dc=example,dc=com
costemplatedn: cn=cos template,cn=user defaults cos,ou=people,dc=example,dc=com
cosattribute: loginshell;bash4 override
And the matching template:
dn: cn=cos template,cn=user defaults cos,ou=people,dc=example,dc=com
After this I deleted both `loginShell` and `loginShell;bash4` attributes from the user entries. And this works well for the `loginshell` attribute, ldapsearch returns `loginShell: /bin/bash`, even if the user doesn't have `loginShell` at all, this is exactly what I want. But it doesn't work for the `loginshell;bash4` attribute, ldapsearch doesn't return `loginShell;bash4`, even if I try to query it directly. Is this a limitation of the implementation or am I doing something wrong?
Have a nice day,
Has anyone authored code to parse a 389 Directory Server's access.log
file(s) with an aim of generating audit events based around the LDAP
request type. Basically, take the log sequence
[21/Apr/2007:11:39:51 -0700] conn=11 fd=608 slot=608 connection from
22.214.171.124 to 126.96.36.199
[21/Apr/2007:11:39:51 -0700] conn=11 op=0 BIND dn="cn=Directory
Manager" method=128 version=3
[21/Apr/2007:11:39:51 -0700] conn=11 op=0 RESULT err=0 tag=97
[21/Apr/2007:11:39:51 -0700] conn=11 op=1 SRCH
base="dc=example,dc=com" scope=2 filter="(uid=bjensen)"
[21/Apr/2007:11:39:51 -0700] conn=11 op=1 RESULT err=0 tag=101
nentries=1 etime=1000 notes=U
[21/Apr/2007:11:39:51 -0700] conn=11 op=2 UNBIND
[21/Apr/2007:11:39:51 -0700] conn=11 op=2 fd=608 closed - U1
And turn this into an audit event with
a date/time (21/Apr/2007:11:39:51 -0700), a client location
(188.8.131.52), server location (184.108.40.206), a user (cn=Directory
Manager), an event (SRCH) and event metadata of (query -
base="dc=example,dc=com" scope=2 filter="(uid=bjensen)", result set size
- 1, timetaken = 1000 sec, etc)
The logconv.pl script seems to do all sorts of analysis, but no event
Thanks in advance
I am running into an issue with adding temporary trusted certs to 389 directory server running on redhat 6.6.
I have been following this guide step by step to install self-signed certs: https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/...
After generating the certs using certutil, and adding them as trusted certs in 389, I check the enable ssl checkbox in the 389 directory console.
I continue to follow the next steps until I reset the dirsrv service. The dirsrv service will not restart. Error message (notice I changed the secure port to 1636 this time but get same results leaving it as 636):
[10/Jul/2015:08:35:23 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[10/Jul/2015:08:38:58 -0600] - The change of nsslapd-secureport will not take effect until the server is restarted
[10/Jul/2015:08:39:49 -0600] - slapd shutting down - signaling operation threads
[10/Jul/2015:08:39:49 -0600] - slapd shutting down - waiting for 27 threads to terminate
[10/Jul/2015:08:39:49 -0600] - slapd shutting down - closing down internal subsystems and plugins
[10/Jul/2015:08:39:49 -0600] - Waiting for 4 database threads to stop
[10/Jul/2015:08:39:49 -0600] - All database threads now stopped
[10/Jul/2015:08:39:49 -0600] - slapd stopped.
[10/Jul/2015:08:39:52 -0600] createprlistensockets - PR_Bind() on All Interfaces port 1636 failed: Netscape Portable Runtime error -5966 (Access Denied.)
Do any of you have any ideas of what is causing this issue or what I may be doing wrong? If you need more information please do not hesitate to ask.