On 21 Nov 2019, at 16:13, cool dharma06
<cooldharma06(a)gmail.com> wrote:
Hi,
On Thu, Nov 21, 2019 at 7:48 AM William Brown <wbrown(a)suse.de> wrote:
>
>
> > On 21 Nov 2019, at 10:49, cool dharma06 <cooldharma06(a)gmail.com> wrote:
> >
>
> > Hi William,
> >
> > Thanks for your reply.
> >
> > I want to enable 389ds to generate nsUniqueID, modifiedTimestamp, creators name
for all enteries which is added/getting added to 389-ds. Any suggestions or reference link
to enable this.
>
> They are all generated by default as part of the server - it may be the access
controls preventing you from viewing them instead ....
Sure, I will verify the access policy. And I used following commands to retrieve the user
information.
$ dsidm ceenext-sles account get-by-dn
Enter dn to retrieve : cn=sudo,ou=Groups,dc=cee,dc=test,dc=com
dn: cn=sudo,ou=Groups,dc=cee,dc=test,dc=com
cn: sudo
gidNumber: 1950
objectClass: posixGroup
objectClass: groupOfNames
objectClass: top
You already have dsidm as a command ?! Which suse version are you on.
Anyway, trying looking at the entry as "cn=Directory Manager" instead of
anonymous, as cn=dm bypasses aci's.
> >
> >
> > I have OpenLdap set up with replication enabled and I want to make one more
389-ds with replication in sles 15.1 machine . I am unable to find admin-console package.
> > So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools to
experiment and add users in my local 389ds setup.
>
> SUSE does not ship admin-console, and never will - we are in the process of actually
bringing the new ds* tools into SLE 15.0 and 15.1 which will make it much easier to
administer the server. You can see these on the wiki or on Red Hat's correspending 389
docs
>
>
http://www.port389.org/docs/389ds/howto/quickstart.html
>
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
>
> We are also in the progress of releasing 389-ds docs for SUSE as well,
It will be very helpful if you share the ds* tools and 389-ds docs release dates.
I don't have a release date yet I'm sorry - not because I can't share, but
because there is some administration going on with the packages and I'm not sure of
when it will be done (but it's necessary steps :) )
> >
> > Once it's done I am planning to enable sync and replication in 389-ds.
> >
> > It will be very helpful if u have any guidelines on this.
>
> 389-ds can replicate with other 389-ds servers, but *not* openldap. So I think you
need to do a datamigration ....
Yes, with multiple 389-ds i am planning for replication. Any guidelines or reference link
to configure replication.
In the red_hat_directory_server/11 link from redhat, look at their replication section :)
>
> >
> > Thanks & Regards
> > cooldharma06
> >
> >
> > On Thu, Nov 21, 2019, 4:33 AM William Brown <wbrown(a)suse.de> wrote:
> >
> >
> > > On 20 Nov 2019, at 15:41, cool dharma06 <cooldharma06(a)gmail.com>
wrote:
> > >
> > > Hi all,
> > >
> > > i have OpenLDAP in my environment. And i am experimenting 389-ds and their
functionalities. In my OpenLDAP, i have entries with following attributes:
> > > entryCSN, contextCSN, entryUUID.
> > >
> > > 1. For entryCSN and contextCSN - any equivalent attribute available in
389-ds
> > >
> > > 2. When i check for the above attributes in 389-ds, i am unable to find
those attributes. From the post link, its mentioned like we can use nsUniqueID in place
of entryUUID. but we might face issue during Sync/repl.
> > >
> > > Is this issue got fixed.
> > >
https://pagure.io/389-ds-base/issue/137
> > >
> > > Any suggestions for the above queries.
> >
> > OpenLDAP and 389-ds use a really different replication model. That's
probably why you can't find the same types and datapoints.
> >
> > My question is "what are you trying to achieve". You shouldn't
need to look at our replication state, that's an internal detail.
> >
> > If you want a "did this entry change" look at the entryUSN plugin.
> >
> > If you need the entries unique id, look at nsUniqueID attribute - we have
spoken about adding entryUUID too, but it's just never materialised.
> >
> > It's not recommended to set nsUniqueID manually, you should let 389-ds
generate that itself.
> >
> > Does that help? Really happy to help as much as possible with your 389-ds
experimenting :)
> >
> > >
> > > Thanks & Regards
> > > cooldharma06
> > > _______________________________________________
> > > 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> > > To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> > > Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> >
> > —
> > Sincerely,
> >
> > William Brown
> >
> > Senior Software Engineer, 389 Directory Server
> > SUSE Labs
> > _______________________________________________
> > 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> > To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> > Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> > _______________________________________________
> > 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> > To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> > Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>
> —
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, 389 Directory Server
> SUSE Labs
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs