> On 22 Nov 2019, at 19:11, cool dharma06 <cooldharma06@gmail.com> wrote:
>
> hi,
>
>
> On Fri, Nov 22, 2019 at 4:41 AM William Brown <wbrown@suse.de> wrote:
>>
>>
>>
>>> On 21 Nov 2019, at 16:13, cool dharma06 <cooldharma06@gmail.com> wrote:
>>>
>>> Hi,
>>>
>>>
>>> On Thu, Nov 21, 2019 at 7:48 AM William Brown <wbrown@suse.de> wrote:
>>>>
>>>>
>>>>> On 21 Nov 2019, at 10:49, cool dharma06 <cooldharma06@gmail.com> wrote:
>>>>>
>>>>
>>>>> Hi William,
>>>>>
>>>>> Thanks for your reply.
>>>>>
>>>>> I want to enable 389ds to generate nsUniqueID, modifiedTimestamp, creators name for all enteries which is added/getting added to 389-ds. Any suggestions or reference link to enable this.
>>>>
>>>> They are all generated by default as part of the server - it may be the access controls preventing you from viewing them instead ....
>>>
>>> Sure, I will verify the access policy. And I used following commands to retrieve the user information.
>>>
>>> $ dsidm ceenext-sles account get-by-dn
>>> Enter dn to retrieve : cn=sudo,ou=Groups,dc=cee,dc=test,dc=com
>>> dn: cn=sudo,ou=Groups,dc=cee,dc=test,dc=com
>>> cn: sudo
>>> gidNumber: 1950
>>> objectClass: posixGroup
>>> objectClass: groupOfNames
>>> objectClass: top
>>
>> You already have dsidm as a command ?! Which suse version are you on.
> I am using SLES 15.1. I installed 389-ds-base from SUSE repo.
> Lib386-XXX.rpm i took from Tumbleweed.
There are some updates coming soon to this package I think which will make things better.
>
>> Anyway, trying looking at the entry as "cn=Directory Manager" instead of anonymous, as cn=dm bypasses aci's.
>
> Thanks for your suggestions, now i am able to view all the attributes.
Great!
>
>>>
>>>>>
>>>>>
>>>>> I have OpenLdap set up with replication enabled and I want to make one more 389-ds with replication in sles 15.1 machine . I am unable to find admin-console package.
>>>>> So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools to experiment and add users in my local 389ds setup.
>>>>
>>>> SUSE does not ship admin-console, and never will - we are in the process of actually bringing the new ds* tools into SLE 15.0 and 15.1 which will make it much easier to administer the server. You can see these on the wiki or on Red Hat's correspending 389 docs
>>>>
>>>> http://www.port389.org/docs/389ds/howto/quickstart.html
>>>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
>>>>
>>>> We are also in the progress of releasing 389-ds docs for SUSE as well,
>>>
>>> It will be very helpful if you share the ds* tools and 389-ds docs release dates.
>>
>> I don't have a release date yet I'm sorry - not because I can't share, but because there is some administration going on with the packages and I'm not sure of when it will be done (but it's necessary steps :) )
>
> No issue and thanks for the information. If official SUSE packages are
> there it will very useful.
Happy to help, and feel free to ask questions anytime!
>
>>>
>>>>>
>>>>> Once it's done I am planning to enable sync and replication in 389-ds.
>>>>>
>>>>> It will be very helpful if u have any guidelines on this.
>>>>
>>>> 389-ds can replicate with other 389-ds servers, but *not* openldap. So I think you need to do a datamigration ....
>>>
>>> Yes, with multiple 389-ds i am planning for replication. Any guidelines or reference link to configure replication.
>>
>> In the red_hat_directory_server/11 link from redhat, look at their replication section :)
>
> Thank you, I will verify the redhat Guide links.
As above, if you have any questions, please let us know.
In my OpenLdap we have ACL policies is there any script available to convert OpenLDAP acl policies to 389-ds policies.?
>
>>>
>>>>
>>>>>
>>>>> Thanks & Regards
>>>>> cooldharma06
>>>>>
>>>>>
>>>>> On Thu, Nov 21, 2019, 4:33 AM William Brown <wbrown@suse.de> wrote:
>>>>>
>>>>>
>>>>>> On 20 Nov 2019, at 15:41, cool dharma06 <cooldharma06@gmail.com> wrote:
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> i have OpenLDAP in my environment. And i am experimenting 389-ds and their functionalities. In my OpenLDAP, i have entries with following attributes:
>>>>>> entryCSN, contextCSN, entryUUID.
>>>>>>
>>>>>> 1. For entryCSN and contextCSN - any equivalent attribute available in 389-ds
>>>>>>
>>>>>> 2. When i check for the above attributes in 389-ds, i am unable to find those attributes. From the post link, its mentioned like we can use nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
>>>>>>
>>>>>> Is this issue got fixed.
>>>>>> https://pagure.io/389-ds-base/issue/137
>>>>>>
>>>>>> Any suggestions for the above queries.
>>>>>
>>>>> OpenLDAP and 389-ds use a really different replication model. That's probably why you can't find the same types and datapoints.
>>>>>
>>>>> My question is "what are you trying to achieve". You shouldn't need to look at our replication state, that's an internal detail.
>>>>>
>>>>> If you want a "did this entry change" look at the entryUSN plugin.
>>>>>
>>>>> If you need the entries unique id, look at nsUniqueID attribute - we have spoken about adding entryUUID too, but it's just never materialised.
>>>>>
>>>>> It's not recommended to set nsUniqueID manually, you should let 389-ds generate that itself.
>>>>>
>>>>> Does that help? Really happy to help as much as possible with your 389-ds experimenting :)
>>>>>
>>>>>>
>>>>>> Thanks & Regards
>>>>>> cooldharma06
>>>>>> _______________________________________________
>>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>>>>
>>>>> —
>>>>> Sincerely,
>>>>>
>>>>> William Brown
>>>>>
>>>>> Senior Software Engineer, 389 Directory Server
>>>>> SUSE Labs
>>>>> _______________________________________________
>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>>>> _______________________________________________
>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>>>
>>>> —
>>>> Sincerely,
>>>>
>>>> William Brown
>>>>
>>>> Senior Software Engineer, 389 Directory Server
>>>> SUSE Labs
>>>> _______________________________________________
>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>> _______________________________________________
>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>
>> —
>> Sincerely,
>>
>> William Brown
>>
>> Senior Software Engineer, 389 Directory Server
>> SUSE Labs
>> _______________________________________________
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org