Help to understand pre-hashed login
by Caderize Caderize
Hello everyone,
i am writing a small php application in order to manage D389 users.
Currently, in order to connect to it, i saved the admin password in clear text in a config.php file, just for test.
Now i would move these settings into mysql database and hash the password for secure reason, probably sha1 or sha256 with salt(will see).
The application should retrieve credentials from mysql db(which will be a salted hashed password "{SHA}xxxxxxxxxxxx") and try to connect to D389.
My question is: Does D389 can authenticate if i pass to it a pre-hashed password?
Is there any documentation or example to follow?
Hope this question will not be considered as stupid.
Many Thanks
1 year, 5 months
LDIF imports
by Joe Fletcher
Hi,
Is there something hard-coded into 389 v1.4 such that it can only import data from /var/lib/dirsrv/<instance>/ldif ?
I've been trying to initialize a new setup with an export we'd been using for 389 v1.3 but every time it failed with a "file not found" error until the ldif was copied to /var/lib/....etc.
Cheers
This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.
1 year, 5 months
Default browsing index generation
by Joe Fletcher
Hi,
We're looking at 389 DS v1.4. Is there an equivalent in the linux 8 cockpit to the feature that used to exist in the v 1.3 management console such that it can create default browsing indexes?
In the old GUI it was simply a case of right-click and go which did offer a certain level of convenience. So far I have not found an equivalent in cockpit.
Currently most of my potential LDAP clients are unable to browse the directory with the usual "Unwilling to perform: search is not indexed".
TIA
Joe
This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.
1 year, 5 months
db2ldif unfolded output?
by John Thurston
With 389 Directory 1.4.4.17, "dsctl db2ldif . ." gives me an ldif with
its long lines folded to 78 characters. The old db2ldif tool had the -U
option which was "Do not wrap long lines".
My question is:
Is there a way to get "dsctl db2ldif" to produce unfolded output?
I know I can unfold these ldif lines later. I'm just trying to minimize
the number of scripts I must modify.
--
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston(a)alaska.gov
Department of Administration
State of Alaska
1 year, 5 months
Permission to let a user be used in authentication for other applications
by Denis Morejon
Hi:
I have just installed a 389ds. I can use "cn=Directory Manager" in other
application's configuration when setting them up to authenticate with
ldap, but I can't use another ldap user created. How can I set
permission for user to do that? Or what kind of attribute should the
user has?
Thanks in advance
1 year, 5 months
Re: Log4j patch/update for 1.3.x
by William Brown
Only the 389 console would be affected, and I think RH are the only group supporting that. Generally they are very good about patching and updates, but I don't have details for this.
> On 21 Dec 2021, at 06:38, Paul Whitney <paul.whitney(a)chesapeake-it.com> wrote:
>
> Will there be a patch release for 1.3.x to address these Log4j vulnerabilities?
>
> Paul M. Whitney, RHCSA, CISSP
> Chesapeake IT Consulting, Inc.
> 2680 Tobacco Rd
> Chesapeake Beach, MD 20732
>
> Work: 443-492-2872
> Cell: 410.493.9448
> Email: paul.whitney(a)chesapeake-it.com
> CONFIDENTIALITY NOTICE
> The information contained in this facsimile or electronic message is confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this facsimile message to the intended recipient, you are hereby notified that any dissemination, or copying of this communication is strictly prohibited. If this message contains non-public personal information about any consumer or customer of the sender or intended recipient, you are further prohibited under penalty of law from using or disclosing the information to any third party by provisions of the federal Gramm-Leach-Bliley Act. If you have received this facsimile or electronic message in error, please immediately notify us by telephone and return or destroy the original message to assure that it is not read, copied, or distributed by others.
>
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
1 year, 5 months
Log4j patch/update for 1.3.x
by Paul Whitney
Will there be a patch release for 1.3.x to address these Log4j vulnerabilities?
Paul M. Whitney, RHCSA, CISSP
Chesapeake IT Consulting, Inc.
2680 Tobacco Rd
Chesapeake Beach, MD 20732
Work: 443-492-2872
Cell: 410.493.9448
Email: paul.whitney(a)chesapeake-it.com<mailto:paul.whitney@chesapeake-it.com>
CONFIDENTIALITY NOTICE
The information contained in this facsimile or electronic message is confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this facsimile message to the intended recipient, you are hereby notified that any dissemination, or copying of this communication is strictly prohibited. If this message contains non-public personal information about any consumer or customer of the sender or intended recipient, you are further prohibited under penalty of law from using or disclosing the information to any third party by provisions of the federal Gramm-Leach-Bliley Act. If you have received this facsimile or electronic message in error, please immediately notify us by telephone and return or destroy the original message to assure that it is not read, copied, or distributed by others.
1 year, 5 months
Help: Winsync - NHow to replicate also AD Extended Attributes
by Caderize Caderize
Hi,
i'm struggling with this request made by my customer.
He has some AD users that needs to be replicated with D389, stardard attributes is ok but there are also some extended attributes to replicate.
Searching in documentation i was not able to find anything related.
Is there any way to do it?
Many Thanks
1 year, 5 months