389-ds-base/cockpit-389-ds on EL9
by Daniel Bird
Hello all,
I thought I'd test a build of 389-ds on Alma/Rocky Linux 9, as we're looking to start the upgrade process from our CentOS 7 hosts soon.
Instructions for CentOS8.1+ do not work; not that I expected them to, but I thought I would try anyway.
https://directory.fedoraproject.org/docs/389ds/download.html
While 389-ds-base exists in the appstream repo, there doesn't seem to be a cockpit-389-ds package on from appstream or EPEL.
Is EPEL 9 where I should expect EL9 builds for 389-ds and other components to be?
Or am I too early to be looking for EL9 builds?
All the best
Dan
1 year, 8 months
in docker-compose.yaml use "dsconf localhost***" error
by Hu, Xudong
Hello
I want to ask a question with using 389ds/dirsrv 389 Directory Server Container in dockerhub
When I create 389ds database ,I use dsconf localhost backend create *** command,it is OK
Now , I want to use docker-compose.yaml to start container,I set parameter like this :
command: /bin/bash -c "sleep 20 && dsconf localhost backend create ****",but the error is as follows:
Error: Could not find configuration for instance: localhost
Thank you for reply
1 year, 8 months
I have some problem with 389 Directory Server container project
by Hu, Xudong
Hi ,I want to ask a question
When I use docker pull 389ds/dirsrv to install 389ds,then I use docker run 389ds/dirsrv:latest command
I meet some problems like this:
ERROR: Unable to find pid (/data/run/slapd-localhost.pid) of ns-slapd process Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/lib389/instance/setup.py", line 696, in create_from_args
self._install_ds(general, slapd, backends)
File "/usr/lib/python3.10/site-packages/lib389/instance/setup.py", line 962, in _install_ds
ds_instance.start(timeout=60)
File "/usr/lib/python3.10/site-packages/lib389/__init__.py", line 1157, in start
raise ValueError('Failed to start DS')
ValueError: Failed to start DS
My operateSystem: This is on the Linux version 5.4.0-107-generic (buildd@lcy02-amd64-070) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #121~18.04.1-Ubuntu SMP Thu Mar 24 17:21:33 UTC 2022
Thank you for reply
1 year, 8 months
I have some problem with 389 Directory Server container project
by Hu, Xudong
Hello
I want to ask a question with using 389ds/dirsrv 389 Directory Server Container in dockerhub
When I create 389ds database ,I use dsconf localhost backend create *** command,it is OK
Now , I want to use docker-compose.yaml to start container,I set parameter like this :
command: /bin/bash -c "sleep 20 && dsconf localhost backend create ****",but the error is as follows:
Error: Could not find configuration for instance: localhost
Thank you for reply
1 year, 8 months
Forward LDAP Auth SASL or SSSD
by Axel Tischer
Hi
We try to migrate from slapd to 389-dirserver.
Authentication is only used by our application login, not for system logon.
We forward our ldap authentication to a central ldap server
saslauthd:
ldap_servers
ldap_bind_dn: cn=binduser,ou=emea,o=services
ldap_bind_pw: secret
ldap_search_base: o=auth
ldap_timeout: 3
ldap_time_limit: 10
ldap_filter: (&(objectClass=inetOrgPerson)(uid=%u))
sasl2/slapd:
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /run/sasl2/mux
and sysconfig/saslauthd
SASLAUTHD_AUTHMECH=ldap
And a simple user attribute: userpassword: {SASL}johndoe
It would be great it saslauthd is supported in 389-DS, but I fear it isn't.
I wonder how to configure 389-ds to use this simple LDAP auth
forwarding. I could not find anything about this in the docs (or I'm too
dumb..). I tried sssd but no luck yet, reconfiguration of PAM is not
allowed....
It would be grateful to get a working example ( like the one above)
Thanx
1 year, 8 months
Login problems.
by Phill Harvey-Smith
Hi all,
I've been following the quickstart guide at :
https://www.port389.org/docs/389ds/howto/quickstart.html
My environment is Rocky Linux 9, on 3 KVM virtual machines.
The machines are :
192.168.122.1 host machine
192.168.122.2 frontend
192.168.122.3 exec1
192.168.122.4 exec2
I have DNS running on frontend so that all the machines can resolve each
other in the DNS domain .cluster, so frontend.cluster etc.
The two exec nodes have firewalls enabled, but frontend currently has it
disabled (to aid in debugging).
Following the quickstart I have got to the point where I can ssh to
frontend as alice, but not as eve. However trying to replicate the setup
on exec1, but pointing at the ldap on frontend leads to an odd situation
where I can't login as alice, but su to alice from root works, and id
alice returns the correct uid.
I copied over /etc/openldap/ldap.conf and /etc/sssd/sssd.conf from
frontend to exec1.
I have however only installed the 389-ds packages on frontend, as I
assumed that you would only need them on the server machine.
Any clues as to what might be wrong here?
Cheers.
Phill.
1 year, 8 months
