Change of /etc/selinux/config's SELINUX causes port389 fail to start
by Lutz Berger
Hi,
IHAC who wants to use ( under RHEL 7.2 ):
/etc/selinux/config with
SELINUX=enforcing
Changing the SELINUX setting from "permissive" to "enforcing" and
rebooting afterwards causes port389 DS fail to start due to
a permission problem of /var/run/dirsrv
Interestingly, the ownership of /var/run/dirsrv changed from
port389:port389 to dirsrv:dirsrv
after reboot.
But, changing the ownership and permissions on the /var/run/dirsrv (
which is actually nsslapd-rundir )
back to its original value, doesn't help, i.e. port389 DS doesn't start
anymore.
A fresh install with setup-ds-admin.pl "solves" my issues.
Question:
What side effects does a change of SELINUX cause with regards to port389?
The issue can be reproduced with changing the setting from
"enforcing" to "permissive" as well.
Any ideas?
Thanks and best regards,
Lutz
7 years, 11 months
Subscribing for notification when there is change(add/delete/modify) of entry/attribute
by anteneh assen
I need applications, which uses the directory server for storage, to be able to subscribe for notification when a specific kind entry/attribute/sub-tree is changed by another application(the application could be same kind of application or not). SOAP (Simple Object Access Protocol), not LDAP, is used to send subscription request for notification and receive the response. After the application has successfully subscribed for notification the DS should send a notification to the app using SOAP. Is it possible to write code to implement this feature and if yes how hard would it be? thank you
7 years, 11 months
ldap-ping with 389-ds version
by ghiureai
Hello Gurus,
I was searching the web for some scripts to monitor DS performance , and
found the Open Ldap: ldap-ping.pl script,
I wonder if there is a version for 389-DS or if are other similar
performance measure scripts available for 389-ds?
Thank you
7 years, 11 months
Configure the behavior of the creation of some attributes
by wodel youchi
Hi,
When using the 389DS console to create a new user, can we configure the
behavior of the creation of some attributes?
for example, for our mailing service the user's uid is of the form :
*lastname.firstname* and the email address is of the form :
*lastname.firstname(a)example.com <lastname.firstname(a)example.com>*
When using the 389DS console, the uid is generated from the first letter of
the first name + the last name, and the email is not generated.
can this behavior be configured, to tell the console to combine the last
name + first name to generate the uid and add the domain to generate the
email address?
Regards.
7 years, 11 months
admin and Directory Manager accounts cannot log into 389-console
by warron.french
Please help.
I know that I am running on CentOS-6.6,
I know that the software is at version-level *1.1.8-1*.
I know that it was working over 1 year ago.
I know that the 389-ds my workstations authenticated against were working
and with LDAPS (port 636/tcp).
I also know that I tried to secure the admin server through web access also
with an LDAPS.
I had the password for the admin, and the cn=Directory Manager account
entries documented, and they no longer work anymore.
I attempted to execute:
pwdhash <newPassword> and copied the new {SSHA} hash into the appropriate
field in the /etc/dirsrv/slapd-*E2WAN/dse.ldif *file *after shutting down
both services*.
I don't know how to troubleshoot this application? What log file where and
when.
Please help.
--------------------------
Warron French
7 years, 11 months
SSL/TLS server side debugging howto?
by Graham Leggett
Hi all,
I have a 389ds v1.3.4 server as deployed by CentOS7 configured with SSL/TLS to require client certificates.
Attempts to connect to this server using “openssl s_client” fail, and the failure is triggered by the 389ds server side as follows:
4 4 0.0079 (0.0009) S>CV3.3(2) Alert
level fatal
value bad_certificate
4 0.0080 (0.0000) S>C TCP FIN
Unfortunately the error log on the 389ds server is dead silent on this issue, and without a sensible error message it is making debugging this very difficult.
What mechanism must I use to enable any kind of logging inside 389ds that will indicate why a particular SSL/TLS connection is being rejected?
Regards,
Graham
—
7 years, 11 months
389 DS documentation
by anteneh assen
389 DS documentation link refers to the commercial Redhat DS, does all the features mentioned in the Redhat DS available in 389 DS?
7 years, 11 months
Default values for attributes when creating new users
by wodel youchi
Hi,
is it possible to configure 389DS to give some attributes default values?
We're migrating from openLDAP to 389DS, which will be used to authenticate
mail users, we want to give for example *mailQuota* a default value for new
accounts.
is this possible?
Regards.
7 years, 11 months
nsslapd-pagedlookthroughlimit default valus
by ghiureai
Hello Guris,
I'm not able to find the doc for this release I need to know the default
values for this 2 param and the menaing of (-1), I belive in older
verion used to be (0) ?
nsslapd-pagedlookthroughlimit: -1
nsslapd-pagedidlistscanlimit: -1 |
if rpm -qa | grep 389-ds
389-ds-base-1.3.4.4-000.x86_64
7 years, 11 months