December 2021 - 389-users - Fedora Mailing-Lists

by DUVERT Vincent

Hello, I have a question regarding the licensing of developed 389-ds plugins. The FAQ (https://directory.fedoraproject.org/docs/389ds/FAQ/licensing.html#directo...) indicates that the Directory Server core code is licensed under a GPL + Exception license that allows non-GPL 389-ds plugins to link to 389-ds and to use specific header files. However, the LICENSE file in the current 389-ds-base source does not contain this exception. It was apparently removed by the following commit, when the license was changed to GPLv3+: https://pagure.io/389-ds-base/c/88cae401aee39a19ac6b07c3c36ee8daa07192e7 Does that means that the license exception does not apply to the current version of 389-ds? Regards, Vincent Duvert

4 weeks

2
2
0 / 0

Help to understand pre-hashed login

by Caderize Caderize

Hello everyone, i am writing a small php application in order to manage D389 users. Currently, in order to connect to it, i saved the admin password in clear text in a config.php file, just for test. Now i would move these settings into mysql database and hash the password for secure reason, probably sha1 or sha256 with salt(will see). The application should retrieve credentials from mysql db(which will be a salted hashed password "{SHA}xxxxxxxxxxxx") and try to connect to D389. My question is: Does D389 can authenticate if i pass to it a pre-hashed password? Is there any documentation or example to follow? Hope this question will not be considered as stupid. Many Thanks

1 year, 5 months

3
2
0 / 0

LDIF imports

by Joe Fletcher

Hi, Is there something hard-coded into 389 v1.4 such that it can only import data from /var/lib/dirsrv/<instance>/ldif ? I've been trying to initialize a new setup with an export we'd been using for 389 v1.3 but every time it failed with a "file not found" error until the ldif was copied to /var/lib/....etc. Cheers This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.

1 year, 5 months

2
2
0 / 0

Default browsing index generation

by Joe Fletcher

Hi, We're looking at 389 DS v1.4. Is there an equivalent in the linux 8 cockpit to the feature that used to exist in the v 1.3 management console such that it can create default browsing indexes? In the old GUI it was simply a case of right-click and go which did offer a certain level of convenience. So far I have not found an equivalent in cockpit. Currently most of my potential LDAP clients are unable to browse the directory with the usual "Unwilling to perform: search is not indexed". TIA Joe This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.

1 year, 5 months

4
6
0 / 0

db2ldif unfolded output?

by John Thurston

With 389 Directory 1.4.4.17, "dsctl db2ldif . ." gives me an ldif with its long lines folded to 78 characters. The old db2ldif tool had the -U option which was "Do not wrap long lines". My question is: Is there a way to get "dsctl db2ldif" to produce unfolded output? I know I can unfold these ldif lines later. I'm just trying to minimize the number of scripts I must modify. -- -- Do things because you should, not just because you can. John Thurston 907-465-8591 John.Thurston(a)alaska.gov Department of Administration State of Alaska

1 year, 5 months

2
1
0 / 0

Permission to let a user be used in authentication for other applications

by Denis Morejon

Hi: I have just installed a 389ds. I can use "cn=Directory Manager" in other application's configuration when setting them up to authenticate with ldap, but I can't use another ldap user created. How can I set permission for user to do that? Or what kind of attribute should the user has? Thanks in advance

1 year, 5 months

3
2
0 / 0

Re: Log4j patch/update for 1.3.x

by William Brown

Only the 389 console would be affected, and I think RH are the only group supporting that. Generally they are very good about patching and updates, but I don't have details for this. > On 21 Dec 2021, at 06:38, Paul Whitney <paul.whitney(a)chesapeake-it.com> wrote: > > Will there be a patch release for 1.3.x to address these Log4j vulnerabilities? > > Paul M. Whitney, RHCSA, CISSP > Chesapeake IT Consulting, Inc. > 2680 Tobacco Rd > Chesapeake Beach, MD 20732 > > Work: 443-492-2872 > Cell: 410.493.9448 > Email: paul.whitney(a)chesapeake-it.com > CONFIDENTIALITY NOTICE > The information contained in this facsimile or electronic message is confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this facsimile message to the intended recipient, you are hereby notified that any dissemination, or copying of this communication is strictly prohibited. If this message contains non-public personal information about any consumer or customer of the sender or intended recipient, you are further prohibited under penalty of law from using or disclosing the information to any third party by provisions of the federal Gramm-Leach-Bliley Act. If you have received this facsimile or electronic message in error, please immediately notify us by telephone and return or destroy the original message to assure that it is not read, copied, or distributed by others. > > _______________________________________________ > 389-users mailing list -- 389-users(a)lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje... > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Sincerely, William Brown Senior Software Engineer, Identity and Access Management SUSE Labs, Australia

1 year, 5 months

2
1
0 / 0

Log4j patch/update for 1.3.x

by Paul Whitney

Will there be a patch release for 1.3.x to address these Log4j vulnerabilities? Paul M. Whitney, RHCSA, CISSP Chesapeake IT Consulting, Inc. 2680 Tobacco Rd Chesapeake Beach, MD 20732 Work: 443-492-2872 Cell: 410.493.9448 Email: paul.whitney(a)chesapeake-it.com<mailto:paul.whitney@chesapeake-it.com> CONFIDENTIALITY NOTICE The information contained in this facsimile or electronic message is confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this facsimile message to the intended recipient, you are hereby notified that any dissemination, or copying of this communication is strictly prohibited. If this message contains non-public personal information about any consumer or customer of the sender or intended recipient, you are further prohibited under penalty of law from using or disclosing the information to any third party by provisions of the federal Gramm-Leach-Bliley Act. If you have received this facsimile or electronic message in error, please immediately notify us by telephone and return or destroy the original message to assure that it is not read, copied, or distributed by others.

1 year, 5 months

1
0
0 / 0

Announcing 389 Directory Server 2.0.12

by Mark Reynolds

389 Directory Server 2.0.12 The 389 Directory Server team is proud to announce 389-ds-base version 2.0.12 Fedora packages are available on Fedora 34 and Rawhide Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=80099149 <https://koji.fedoraproject.org/koji/taskinfo?taskID=80099149> - Koji Fedora 35: https://koji.fedoraproject.org/koji/taskinfo?taskID=80099152 <https://koji.fedoraproject.org/koji/taskinfo?taskID=80099152> - Koji https://bodhi.fedoraproject.org/updates/FEDORA-2021-8589d08c94 <https://bodhi.fedoraproject.org/updates/FEDORA-2021-8589d08c94> - Bodhi Fedora 34: https://koji.fedoraproject.org/koji/taskinfo?taskID=80099303 <https://koji.fedoraproject.org/koji/taskinfo?taskID=80099303> - Koji https://bodhi.fedoraproject.org/updates/FEDORA-2021-71738c2354 <https://bodhi.fedoraproject.org/updates/FEDORA-2021-71738c2354> - Bodhi The new packages and versions are: * 389-ds-base-2.0.12-1 Source tarballs are available for download at Download 389-ds-base Source <https://github.com/389ds/389-ds-base/archive/389-ds-base-2.0.12.tar.gz> Highlights in 2.0.12 * Bug fixes * Cockpit UI - LDAP editor (database editor) has been started, finished “edit” and “rename”. ACI, COS, and Roles remaining to be finished. Installation and Upgrade See Download <https://www.port389.org/docs/389ds/download.html> for information about setting up your yum repositories. To install the server use *dnf install 389-ds-base* To install the Cockpit UI plugin use *dnf install cockpit-389-ds* After rpm install completes, run *dscreate interactive* For upgrades, simply install the package. There are no further steps required. There are no upgrade steps besides installing the new rpms See Install_Guide <https://www.port389.org/docs/389ds/howto/howto-install-389.html> for more information about the initial installation and setup See Source <https://www.port389.org/docs/389ds/development/source.html> for information about source tarballs and SCM (git) access. Feedback We are very interested in your feedback! Please provide feedback and comments to the 389-users mailing list: https://lists.fedoraproject.org/admin/lists/389-users.lists.fedoraproject... If you find a bug, or would like to see a new feature, file it in our GitHub project: https://github.com/389ds/389-ds-base * Bump version to 2.0.12 * Issue 4299 - UI LDAP editor - add “edit” and “rename” functionality * Issue 4962 - Fix various UI bugs - Database and Backups (#5044) * Issue 5046 - BUG - Rust - update concread (#5047) * Issue 5043 - BUG - Result must be used compiler warning (#5045) * Issue 4165 - Don’t apply RootDN access control restrictions to UNIX connections * Issue 4931 - RFE: dsidm - add creation of service accounts * Issue 5024 - BUG - windows ro replica sigsegv (#5027) * Issue 5020 - BUG - improve clarity of posix win sync logging (#5021) * Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeed (#5009) -- Directory Server Development Team

1 year, 5 months

1
0
0 / 0

Help: Winsync - NHow to replicate also AD Extended Attributes

by Caderize Caderize

Hi, i'm struggling with this request made by my customer. He has some AD users that needs to be replicated with D389, stardard attributes is ok but there are also some extended attributes to replicate. Searching in documentation i was not able to find anything related. Is there any way to do it? Many Thanks

1 year, 5 months

2
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users December 2021