On 22 Nov 2019, at 19:11, cool dharma06
<cooldharma06(a)gmail.com> wrote:
hi,
On Fri, Nov 22, 2019 at 4:41 AM William Brown <wbrown(a)suse.de> wrote:
>
>
>
>> On 21 Nov 2019, at 16:13, cool dharma06 <cooldharma06(a)gmail.com> wrote:
>>
>> Hi,
>>
>>
>> On Thu, Nov 21, 2019 at 7:48 AM William Brown <wbrown(a)suse.de> wrote:
>>>
>>>
>>>> On 21 Nov 2019, at 10:49, cool dharma06 <cooldharma06(a)gmail.com>
wrote:
>>>>
>>>
>>>> Hi William,
>>>>
>>>> Thanks for your reply.
>>>>
>>>> I want to enable 389ds to generate nsUniqueID, modifiedTimestamp,
creators name for all enteries which is added/getting added to 389-ds. Any suggestions or
reference link to enable this.
>>>
>>> They are all generated by default as part of the server - it may be the
access controls preventing you from viewing them instead ....
>>
>> Sure, I will verify the access policy. And I used following commands to retrieve
the user information.
>>
>> $ dsidm ceenext-sles account get-by-dn
>> Enter dn to retrieve : cn=sudo,ou=Groups,dc=cee,dc=test,dc=com
>> dn: cn=sudo,ou=Groups,dc=cee,dc=test,dc=com
>> cn: sudo
>> gidNumber: 1950
>> objectClass: posixGroup
>> objectClass: groupOfNames
>> objectClass: top
>
> You already have dsidm as a command ?! Which suse version are you on.
I am using SLES 15.1. I installed 389-ds-base from SUSE repo.
Lib386-XXX.rpm i took from Tumbleweed.
There are some updates coming soon to this package I think which will make things better.
> Anyway, trying looking at the entry as "cn=Directory Manager" instead of
anonymous, as cn=dm bypasses aci's.
Thanks for your suggestions, now i am able to view all the attributes.
Great!
>>
>>>>
>>>>
>>>> I have OpenLdap set up with replication enabled and I want to make one
more 389-ds with replication in sles 15.1 machine . I am unable to find admin-console
package.
>>>> So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools to
experiment and add users in my local 389ds setup.
>>>
>>> SUSE does not ship admin-console, and never will - we are in the process of
actually bringing the new ds* tools into SLE 15.0 and 15.1 which will make it much easier
to administer the server. You can see these on the wiki or on Red Hat's correspending
389 docs
>>>
>>>
http://www.port389.org/docs/389ds/howto/quickstart.html
>>>
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
>>>
>>> We are also in the progress of releasing 389-ds docs for SUSE as well,
>>
>> It will be very helpful if you share the ds* tools and 389-ds docs release
dates.
>
> I don't have a release date yet I'm sorry - not because I can't share,
but because there is some administration going on with the packages and I'm not sure
of when it will be done (but it's necessary steps :) )
No issue and thanks for the information. If official SUSE packages are
there it will very useful.
Happy to help, and feel free to ask questions anytime!
>>
>>>>
>>>> Once it's done I am planning to enable sync and replication in
389-ds.
>>>>
>>>> It will be very helpful if u have any guidelines on this.
>>>
>>> 389-ds can replicate with other 389-ds servers, but *not* openldap. So I
think you need to do a datamigration ....
>>
>> Yes, with multiple 389-ds i am planning for replication. Any guidelines or
reference link to configure replication.
>
> In the red_hat_directory_server/11 link from redhat, look at their replication
section :)
Thank you, I will verify the redhat Guide links.
As above, if you have any questions, please let us know.
>>
>>>
>>>>
>>>> Thanks & Regards
>>>> cooldharma06
>>>>
>>>>
>>>> On Thu, Nov 21, 2019, 4:33 AM William Brown <wbrown(a)suse.de>
wrote:
>>>>
>>>>
>>>>> On 20 Nov 2019, at 15:41, cool dharma06
<cooldharma06(a)gmail.com> wrote:
>>>>>
>>>>> Hi all,
>>>>>
>>>>> i have OpenLDAP in my environment. And i am experimenting 389-ds and
their functionalities. In my OpenLDAP, i have entries with following attributes:
>>>>> entryCSN, contextCSN, entryUUID.
>>>>>
>>>>> 1. For entryCSN and contextCSN - any equivalent attribute available
in 389-ds
>>>>>
>>>>> 2. When i check for the above attributes in 389-ds, i am unable to
find those attributes. From the post link, its mentioned like we can use nsUniqueID in
place of entryUUID. but we might face issue during Sync/repl.
>>>>>
>>>>> Is this issue got fixed.
>>>>>
https://pagure.io/389-ds-base/issue/137
>>>>>
>>>>> Any suggestions for the above queries.
>>>>
>>>> OpenLDAP and 389-ds use a really different replication model. That's
probably why you can't find the same types and datapoints.
>>>>
>>>> My question is "what are you trying to achieve". You
shouldn't need to look at our replication state, that's an internal detail.
>>>>
>>>> If you want a "did this entry change" look at the entryUSN
plugin.
>>>>
>>>> If you need the entries unique id, look at nsUniqueID attribute - we have
spoken about adding entryUUID too, but it's just never materialised.
>>>>
>>>> It's not recommended to set nsUniqueID manually, you should let
389-ds generate that itself.
>>>>
>>>> Does that help? Really happy to help as much as possible with your 389-ds
experimenting :)
>>>>
>>>>>
>>>>> Thanks & Regards
>>>>> cooldharma06
>>>>> _______________________________________________
>>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>>> To unsubscribe send an email to
389-users-leave(a)lists.fedoraproject.org
>>>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>>
>>>> —
>>>> Sincerely,
>>>>
>>>> William Brown
>>>>
>>>> Senior Software Engineer, 389 Directory Server
>>>> SUSE Labs
>>>> _______________________________________________
>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>> _______________________________________________
>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>
>>> —
>>> Sincerely,
>>>
>>> William Brown
>>>
>>> Senior Software Engineer, 389 Directory Server
>>> SUSE Labs
>>> _______________________________________________
>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>> _______________________________________________
>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>
> —
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, 389 Directory Server
> SUSE Labs
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs