389-users December 2021

389-users@lists.fedoraproject.org

17 participants
21 discussions

ERR - slapi_ldap_bind - Could not send bind request for id [(anon)] authentication mechanism [EXTERNAL]: error -1 (Can't contact LDAP server), system error 0 (no error), network error 0
by Graham Leggett 11 Dec '23

11 Dec '23

Hi all, We have a long standing 389ds master LDAP server that was found to be unable to contact it’s slaves. Most specifically, the slaves show nothing in their logs about any kind of connection, while the master is logging this: [12/Nov/2019:21:39:47.212715697 +0000] - ERR - slapi_ldap_bind - Could not send bind request for id [(anon)] authentication mechanism [EXTERNAL]: error -1 (Can't contact LDAP server), system error 0 (no error), network error 0 (Unknown error, host “ldap01:636”) Key is "system error 0 (no error)”, which leaves us stumped. The error is obviously “success”. Has anyone seen this kind of thing before? This is 389ds running on CentOS7 as follows: 389-ds-base-1.3.9.1-10.el7.x86_64 Regards, Graham —

3 9

Plugin development licensing
by DUVERT Vincent 09 May '23

09 May '23

Hello, I have a question regarding the licensing of developed 389-ds plugins. The FAQ (https://directory.fedoraproject.org/docs/389ds/FAQ/licensing.html#directory…) indicates that the Directory Server core code is licensed under a GPL + Exception license that allows non-GPL 389-ds plugins to link to 389-ds and to use specific header files. However, the LICENSE file in the current 389-ds-base source does not contain this exception. It was apparently removed by the following commit, when the license was changed to GPLv3+: https://pagure.io/389-ds-base/c/88cae401aee39a19ac6b07c3c36ee8daa07192e7 Does that means that the license exception does not apply to the current version of 389-ds? Regards, Vincent Duvert

2 2

Help to understand pre-hashed login
by Caderize Caderize 04 Jan '22

04 Jan '22

Hello everyone, i am writing a small php application in order to manage D389 users. Currently, in order to connect to it, i saved the admin password in clear text in a config.php file, just for test. Now i would move these settings into mysql database and hash the password for secure reason, probably sha1 or sha256 with salt(will see). The application should retrieve credentials from mysql db(which will be a salted hashed password "{SHA}xxxxxxxxxxxx") and try to connect to D389. My question is: Does D389 can authenticate if i pass to it a pre-hashed password? Is there any documentation or example to follow? Hope this question will not be considered as stupid. Many Thanks

3 2

LDIF imports
by Joe Fletcher 03 Jan '22

03 Jan '22

Hi, Is there something hard-coded into 389 v1.4 such that it can only import data from /var/lib/dirsrv/<instance>/ldif ? I've been trying to initialize a new setup with an export we'd been using for 389 v1.3 but every time it failed with a "file not found" error until the ldif was copied to /var/lib/....etc. Cheers This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.

2 2

Default browsing index generation
by Joe Fletcher 01 Jan '22

01 Jan '22

Hi, We're looking at 389 DS v1.4. Is there an equivalent in the linux 8 cockpit to the feature that used to exist in the v 1.3 management console such that it can create default browsing indexes? In the old GUI it was simply a case of right-click and go which did offer a certain level of convenience. So far I have not found an equivalent in cockpit. Currently most of my potential LDAP clients are unable to browse the directory with the usual "Unwilling to perform: search is not indexed". TIA Joe This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.

4 6

db2ldif unfolded output?
by John Thurston 23 Dec '21

23 Dec '21

With 389 Directory 1.4.4.17, "dsctl db2ldif . ." gives me an ldif with its long lines folded to 78 characters. The old db2ldif tool had the -U option which was "Do not wrap long lines". My question is: Is there a way to get "dsctl db2ldif" to produce unfolded output? I know I can unfold these ldif lines later. I'm just trying to minimize the number of scripts I must modify. -- -- Do things because you should, not just because you can. John Thurston 907-465-8591 John.Thurston(a)alaska.gov Department of Administration State of Alaska

2 1

Permission to let a user be used in authentication for other applications
by Denis Morejon 21 Dec '21

21 Dec '21

Hi: I have just installed a 389ds. I can use "cn=Directory Manager" in other application's configuration when setting them up to authenticate with ldap, but I can't use another ldap user created. How can I set permission for user to do that? Or what kind of attribute should the user has? Thanks in advance

3 2

Re: Log4j patch/update for 1.3.x
by William Brown 21 Dec '21

21 Dec '21

Only the 389 console would be affected, and I think RH are the only group supporting that. Generally they are very good about patching and updates, but I don't have details for this. > On 21 Dec 2021, at 06:38, Paul Whitney <paul.whitney(a)chesapeake-it.com> wrote: > > Will there be a patch release for 1.3.x to address these Log4j vulnerabilities? > > Paul M. Whitney, RHCSA, CISSP > Chesapeake IT Consulting, Inc. > 2680 Tobacco Rd > Chesapeake Beach, MD 20732 > > Work: 443-492-2872 > Cell: 410.493.9448 > Email: paul.whitney(a)chesapeake-it.com > CONFIDENTIALITY NOTICE > The information contained in this facsimile or electronic message is confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this facsimile message to the intended recipient, you are hereby notified that any dissemination, or copying of this communication is strictly prohibited. If this message contains non-public personal information about any consumer or customer of the sender or intended recipient, you are further prohibited under penalty of law from using or disclosing the information to any third party by provisions of the federal Gramm-Leach-Bliley Act. If you have received this facsimile or electronic message in error, please immediately notify us by telephone and return or destroy the original message to assure that it is not read, copied, or distributed by others. > > _______________________________________________ > 389-users mailing list -- 389-users(a)lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject… > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Sincerely, William Brown Senior Software Engineer, Identity and Access Management SUSE Labs, Australia

2 1

Log4j patch/update for 1.3.x
by Paul Whitney 20 Dec '21

20 Dec '21

Will there be a patch release for 1.3.x to address these Log4j vulnerabilities? Paul M. Whitney, RHCSA, CISSP Chesapeake IT Consulting, Inc. 2680 Tobacco Rd Chesapeake Beach, MD 20732 Work: 443-492-2872 Cell: 410.493.9448 Email: paul.whitney(a)chesapeake-it.com<mailto:paul.whitney@chesapeake-it.com> CONFIDENTIALITY NOTICE The information contained in this facsimile or electronic message is confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this facsimile message to the intended recipient, you are hereby notified that any dissemination, or copying of this communication is strictly prohibited. If this message contains non-public personal information about any consumer or customer of the sender or intended recipient, you are further prohibited under penalty of law from using or disclosing the information to any third party by provisions of the federal Gramm-Leach-Bliley Act. If you have received this facsimile or electronic message in error, please immediately notify us by telephone and return or destroy the original message to assure that it is not read, copied, or distributed by others.

1 0

Announcing 389 Directory Server 2.0.12
by Mark Reynolds 16 Dec '21

16 Dec '21

389 Directory Server 2.0.12 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.12 Fedora packages are available on Fedora 34 and Rawhide Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=80099149 <https://koji.fedoraproject.org/koji/taskinfo?taskID=80099149> - Koji Fedora 35: https://koji.fedoraproject.org/koji/taskinfo?taskID=80099152 <https://koji.fedoraproject.org/koji/taskinfo?taskID=80099152> - Koji https://bodhi.fedoraproject.org/updates/FEDORA-2021-8589d08c94 <https://bodhi.fedoraproject.org/updates/FEDORA-2021-8589d08c94> - Bodhi Fedora 34: https://koji.fedoraproject.org/koji/taskinfo?taskID=80099303 <https://koji.fedoraproject.org/koji/taskinfo?taskID=80099303> - Koji https://bodhi.fedoraproject.org/updates/FEDORA-2021-71738c2354 <https://bodhi.fedoraproject.org/updates/FEDORA-2021-71738c2354> - Bodhi The new packages and versions are: * 389-ds-base-2.0.12-1 Source tarballs are available for download at Download 389-ds-base Source <https://github.com/389ds/389-ds-base/archive/389-ds-base-2.0.12.tar.gz> Highlights in 2.0.12 * Bug fixes * Cockpit UI - LDAP editor (database editor) has been started, finished “edit” and “rename”. ACI, COS, and Roles remaining to be finished. Installation and Upgrade See Download <https://www.port389.org/docs/389ds/download.html> for information about setting up your yum repositories. To install the server use *dnf install 389-ds-base* To install the Cockpit UI plugin use *dnf install cockpit-389-ds* After rpm install completes, run *dscreate interactive* For upgrades, simply install the package. There are no further steps required. There are no upgrade steps besides installing the new rpms See Install_Guide <https://www.port389.org/docs/389ds/howto/howto-install-389.html> for more information about the initial installation and setup See Source <https://www.port389.org/docs/389ds/development/source.html> for information about source tarballs and SCM (git) access. Feedback We are very interested in your feedback! Please provide feedback and comments to the 389-users mailing list: https://lists.fedoraproject.org/admin/lists/389-users.lists.fedoraproject.o… If you find a bug, or would like to see a new feature, file it in our GitHub project: https://github.com/389ds/389-ds-base * Bump version to 2.0.12 * Issue 4299 - UI LDAP editor - add “edit” and “rename” functionality * Issue 4962 - Fix various UI bugs - Database and Backups (#5044) * Issue 5046 - BUG - Rust - update concread (#5047) * Issue 5043 - BUG - Result must be used compiler warning (#5045) * Issue 4165 - Don’t apply RootDN access control restrictions to UNIX connections * Issue 4931 - RFE: dsidm - add creation of service accounts * Issue 5024 - BUG - windows ro replica sigsegv (#5027) * Issue 5020 - BUG - improve clarity of posix win sync logging (#5021) * Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeed (#5009) -- Directory Server Development Team

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users December 2021