Re: [389-users] passsync - ldap error in queryusername

Rich, access log on the 389 machine? what version of 389-ds-base? what platform? > > It doesn't look like the AD server has ever shown up in the access log so I imagine this is purely a passsync issue. We are running Windows Server 2008 R2. My hunch is that UAC is messing this up. When I we

Re: [389-users] Centos 6?

Thank you, I was able to install 1.2.9 from the testing repo. On Mon, Aug 8, 2011 at 9:49 AM, Rich Megginson wrote: > ** > On 08/05/2011 12:36 PM, Aaron Hagopian wrote: > > Rich, > > Trying to install 389-ds-base from your repo on SL 6.1 x86_64 and > getting: > >

Re: [389-users] sshd/pam_ldap not honoring passwordMustChange

I have not seen or used the passwordMustChange attribute before but I can tell you that if you set the passwordExpirationTime as following: passwordExpirationTime: 1970010100Z It should force the user to change their password on their next login. Keep in mind you will not get a prompt if us

Re: [389-users] Problems to access Directory Server from remote console with 389-console

Virtualbox networking can get a little goofy sometimes. You may want to try a bridged network adapter instead of the default NAT. On Sun, Mar 20, 2011 at 5:11 PM, Daniel Gonzalez wrote: > Hi Guys, > > My name is Daniel Gonzalez and I am new to this mailing list, I hope to > ayduar as I can while

Re: [389-users] RHEL6 support

> > > > 389-ds-base will be going into RHEL 6 at some point. We cannot put it in > EPEL6 because it would conflict. We are interested in suggestions about how > to provide binary packages on EL6. > > > pardon my ignorance, but what would it clash with ? > > 389-ds-base in RHEL6. > And I assume

Re: [389-users] Determine when a password is about to expire

Harry, This is the pattern I use to parse the date in java: "MMddHHmmss'Z'". You can probably deduce what the values represent by looking at the pattern. Also the times are stored in UTC so you'll probably want to convert that to the local timezone if you're going to display the date/time to

Re: [389-users] issues with 1.2.7.5

I think you're supposed to login to the 389-console with the admin user not your directory manager. On Tue, Dec 21, 2010 at 3:50 PM, Robert Viduya < robert+...@shangri-la.ts.gatech.edu >wrote: > I'm having problems trying to get a clean install of 1.2.7.5 working. > We're running RHEL5 and I hav

Re: [389-users] get base dn from ldapsearch

Oddly enough it looks like it comes out as part of the LDIF comment. If you skip the option to tell it to not output ldif comments you'll get your base: $ ldapsearch -d1 -x "(uid=example)" 2>&1 | grep base # base (default) with scope subtree On Wed, Nov 24, 2010 at 3:58 AM, Gerrard Geldenhui

Re: [389-users] how to get password expiration warnings and password policy

This only tells you if their password has expired but you will not know if there are grace logins and this also doesn't tell you give you password warnings without trying to lookup the policy. You can get all of the password information using ldap extended operations (part of LDAP v3 I think). I

Re: [389-users] Announcing 389 Directory Server 1.2.6

14, 2010 at 11:43 AM, Aaron Hagopian wrote: > Think I figured it out, a while back when I had to do the manual steps from > something like RC5->RC6, my netscapeRoot didn't load back properly leaving > with an empty o=netscapeRoot > > > On Tue, Sep 14, 2010 at 10:2

Re: [389-users] Announcing 389 Directory Server 1.2.6

Think I figured it out, a while back when I had to do the manual steps from something like RC5->RC6, my netscapeRoot didn't load back properly leaving with an empty o=netscapeRoot On Tue, Sep 14, 2010 at 10:20 AM, Rich Megginson wrote: > Aaron Hagopian wrote: > > After upgradi

[389-users] selinux error on update to RC6

I updated to the latest RC for 1.2.6 and now when I try to start dirsrv I get the attached error message. running 'restorecon -R /usr/lib64/dirsrv' did fix the problem for me, just letting you guys know. Thanks, Aaron Summary: SELinux is preventing /usr/sbin/ns-slapd "getattr" access to /usr/l

Re: [389-users] Announcing 389 Directory Server 1.2.6 Release Candidate 3

I filed a bug per Rich: https://bugzilla.redhat.com/show_bug.cgi?id=616206 > How did you create the ldif file in > "/var/lib/dirsrv/slapd-/ldif/"? Did you move the ldif file there > from elsewhere on your system? That could explain why your ldif file ha

Re: [389-users] Announcing 389 Directory Server 1.2.6 Release Candidate 3

I upgraded my fedora 13 x86_64 machine to the RC3 using the rpms in updates-testing and now I cannot start the admin server with selinux enabled. I am attaching the selinux message. It does start when I disable selinux. On Tue, Jul 6, 2010 at 2:38 PM, Rich Megginson wrote: > The 389 team is p

Re: [389-users] Problems with running Management and Directory Consoles on remote servers

I've had very good luck running java application over the NX protocol ( http://nomachine.com/). It actually runs over SSH so it doesn't take extra firewall ports to get going. I have used the 389 console over nx and it works great. I actually just use the built in freenx libraries that are in EP

[389-users] Windows sync stopped working

I had everything setup to sync to my domain controller and things were working fine. Recently I saw this message in the logs: [30/Apr/2010:11:59:10 -0500] NSMMReplicationPlugin - agmt="cn=toto.hra.local" (10:636): windows_replay_update: Cannot replay add operation. So I thought maybe I would try

Re: [389-users] Random failures on startTLS

d the startTLS. On Wed, Apr 14, 2010 at 5:57 PM, Rich Megginson wrote: > Aaron Hagopian wrote: > > > > > > It's JNDI itself. JNDI uses ABANDON requests. Are you using > > persistent > > search at all? Another 389 user reported similar problems

Re: [389-users] Random failures on startTLS

> > > It's JNDI itself. JNDI uses ABANDON requests. Are you using persistent > search at all? Another 389 user reported similar problems caused by > improper handling of JNDI persistent searches + ABANDON requests. > Although this looks different, both issues have JNDI and ABANDON in common. W

Re: [389-users] Random failures on startTLS

Do you need something to generate those ABANDON requests too or just a simple program that does the startTLS? I'm sure its something in our code that's creating the ABANDON requests but not sure exactly what. On Wed, Apr 14, 2010 at 12:41 PM, Rich Megginson wrote: > Aaron H

Re: [389-users] Random failures on startTLS

onn=3008 op=2 fd=66 closed - U1 [14/Apr/2010:08:27:55 -0500] conn=3008 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=manager,dc=hranet,dc=org" [14/Apr/2010:08:28:02 -0500] conn=3003 op=17 UNBIND [14/Apr/2010:08:28:02 -0500] conn=3003 op=17 fd=67 closed - U1 [14/Apr/2010:08:28:02 -0

[389-users] Random failures on startTLS

=3016 op=4 UNBIND [14/Apr/2010:08:31:05 -0500] conn=3016 op=4 fd=66 closed - U1 Is this just a bug with directory server? Any thoughts or ideas are welcomed. Thanks, Aaron Hagopian -- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] Password policy during grace login / expiration warning

ching and figuring it out on my own but hopefully my bug will get fixed at some point. Thanks, Aaron Hagopian -- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

[389-users] Password policy during grace login / expiration warning

s for actually coding the 389 directory server. Thanks, Aaron Hagopian -- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users