Announcing 389 Ds Console version 1.2.12
by Noriko Hosoi
389 Ds Console 1.2.12
The 389 Directory Server team is proud to announce 389-ds-console
version 1.2.12 and idm-console-framework version 1.1.14.
Fedora packages are available from the EPEL7, Fedora 21, Fedora 22 and
Rawhide repositories.
The new packages and versions are:
* 389-ds-console-1.2.12-1
* idm-console-framework-1.1.14-1
Source tarballs are available for download at Download 389 Ds Console
Source <http://www.port389.org/binaries/389-ds-console-1.2.12.tar.bz2>,
Download Idm Console Framework Source
<http://www.port389.org/binaries/idm-console-framework-1.1.14.tar.bz2>.
Highlights in 389-ds-console-1.2.12 and idm-console-framework-1.1.14-1
* Several bugs are fixed.
Installation and Upgrade
See Download <http://www.port389.org/docs/389ds/download.html> for
information about setting up your yum repositories.
To install, use *yum install 389-ds* yum install 389-ds After install
completes, run *setup-ds-admin.pl* to set up your directory
server. setup-ds-admin.pl
To upgrade, use *yum upgrade* yum upgrade After upgrade completes, run
*setup-ds-admin.pl -u* to update your directory server/admin
server/console information. setup-ds-admin.pl -u
See Install_Guide
<http://www.port389.org/docs/389ds/legacy/install-guide.html> for more
information about the initial installation, setup, and upgrade
See Source <http://www.port389.org/docs/389ds/development/source.html>
for information about source tarballs and SCM (git) access.
Feedback
We are very interested in your feedback!
Please provide feedback and comments to the 389-users mailing list:
https://admin.fedoraproject.org/mailman/listinfo/389-users and
following pages:
* https://admin.fedoraproject.org/updates/389-ds-console-1.2.12-1.el7
<https://admin.fedoraproject.org/updates/389-ds-console-1.2.12-1.el7>
* https://admin.fedoraproject.org/updates/389-ds-console-1.2.12-1.fc21
<https://admin.fedoraproject.org/updates/389-ds-console-1.2.12-1.fc21>
* https://admin.fedoraproject.org/updates/389-ds-console-1.2.12-1.fc22
<https://admin.fedoraproject.org/updates/389-ds-console-1.2.12-1.fc22>
* https://admin.fedoraproject.org/updates/idm-console-framework-1.1.14-1.el7
<https://admin.fedoraproject.org/updates/idm-console-framework-1.1.14-1.el7>
* https://admin.fedoraproject.org/updates/idm-console-framework-1.1.14-1.fc21
<https://admin.fedoraproject.org/updates/idm-console-framework-1.1.14-1.fc21>
* https://admin.fedoraproject.org/updates/idm-console-framework-1.1.14-2.fc22
<https://admin.fedoraproject.org/updates/idm-console-framework-1.1.14-2.fc22>
If you find a bug, or would like to see a new feature, file it in our
Trac instance: https://fedorahosted.org/389
Detailed Changelog since 389-ds-console-1.2.10
* Ticket 48139 - drop support for legacy replication
* Ticket 48130 - Add “+all” and “-TLS_RSA_WITH_AES_128_GCM_SHA256” to
Console Cipher Preference for TLS
Detailed Changelog since idm-console-framework-1.1.9
* Ticket 48187 - Adding an OU from console is throwing missing
attribute aliasedObjectName error
* Ticket 47946 - Fix regression with original patch
* Ticket 47946 - Need to revise console aci syntax checking
* Ticket 97 - 389-console should provide usage options, help, and
man pages
* Ticket 48134 - Directory Server Admin Console: plaintext password
logged in debug mode
* Ticket 48130 - Add “+all” and “-TLS_RSA_WITH_AES_128_GCM_SHA256” to
Console Cipher Preference for TLS
http://www.port389.org/docs/389ds/releases/release-ds-console-1-2-12.html
8 years, 11 months
Announcing 389 Directory Server version 1.3.3.12
by Noriko Hosoi
389 Directory Server 1.3.3.12
The 389 Directory Server team is proud to announce 389-ds-base version
1.3.3.12.
Fedora packages are available from the Fedora 21, 22 and
Rawhide repositories.
The new packages and versions are:
* 389-ds-base-1.3.3.12-1
A source tarball is available for download at Download Source
<http://www.port389.org/binaries/389-ds-base-1.3.3.12.tar.bz2>
Highlights in 1.3.3.12
* Several critical bugs including a security bug were fixed.
Installation and Upgrade
See Download <http://www.port389.org/docs/389ds/download.html> for
information about setting up your yum repositories.
To install, use *yum install 389-ds* yum install 389-ds After install
completes, run *setup-ds-admin.pl* to set up your directory
server. setup-ds-admin.pl
To upgrade, use *yum upgrade* yum upgrade After upgrade completes, run
*setup-ds-admin.pl -u* to update your directory server/admin
server/console information. setup-ds-admin.pl -u
See Install_Guide
<http://www.port389.org/docs/389ds/legacy/install-guide.html> for more
information about the initial installation, setup, and upgrade
See Source <http://www.port389.org/docs/389ds/development/source.html>
for information about source tarballs and SCM (git) access.
Feedback
We are very interested in your feedback!
Please provide feedback and comments to the 389-users mailing list:
https://admin.fedoraproject.org/mailman/listinfo/389-users as well as
https://admin.fedoraproject.org/updates/389-ds-base-1.3.3.12-1.fc21
<https://admin.fedoraproject.org/updates/389-ds-base-1.3.3.12-1.fc21>
and https://admin.fedoraproject.org/updates/389-ds-base-1.3.3.12-1.fc22
<https://admin.fedoraproject.org/updates/389-ds-base-1.3.3.12-1.fc22>.
If you find a bug, or would like to see a new feature, file it in our
Trac instance: https://fedorahosted.org/389
Detailed Changelog since 1.3.3.10
* Bug 1232896 - CVE-2015-3230 389-ds-base: nsSSL3Ciphers preference
not enforced server side (Ticket 48194)
* Ticket 48192 - Individual abandoned simple paged results request has
no chance to be cleaned up
* Ticket 48190 - idm/ipa 389-ds-base entry cache converges to 500 KB
in dblayer_is_cachesize_sane
* Ticket 48183 - bind on db chained to AD returns err=32
* Ticket 47753 - Fix testecase
* Ticket 47828 - fix testcase “import” issue
* Ticket 48158 - cleanAllRUV task limit not being enforced correctly
* Ticket 48158 - Remove cleanAllRUV task limit of 4
* Ticket 48146 - async simple paged results issue; need to close a
small window for a pr index competed among multiple threads.
* Ticket 48146 - async simple paged results issue; log pr index
* Ticket 48146 - async simple paged results issue
* Ticket 48109 - substring index with nssubstrbegin: 1 is not being
used with filters like (attr=x*)
* Ticket 48177 - dynamic plugins should not return an error when
modifying a critical plugin
* Ticket 48151 - fix coverity issues
* Ticket 48151 - Improve CleanAllRUV logging
* Ticket 48136 - v2v2 accept auxilliary objectclasse in
replication agreements
* Ticket 48132 - modrdn crashes server (invalid read/writes)
* Ticket 48133 - Non tombstone entry which dn starting with
“nsuniqueid=…,” cannot be deleted
http://www.port389.org/docs/389ds/releases/release-1-3-3-12.html
8 years, 11 months
Passsync error initializing SSL" err=-8015
by Daniel Franciscus
Hello,
I am having an issue getting passsync to work on a Windows Server 2012 R2 server. After installing passsync, importing the cert I am getting this error when the service attempts to start and fails:
error initializing SSL" err=-8015
Does anyone have an idea what this error is referring to?
Other info:
I am using a third party certificate, and I have passsync working on an identifical server.
Dan Franciscus
Systems Administrator
Information Technology Group
Institute for Advanced Study
609-734-8138
8 years, 11 months
Not able to enable audit logs
by Prashant Bapat
Hi,
I have a setup of master-master replicated 389 DS installations as part of
FreeIPA.
This is the version of the 389-ds : 389-ds-base-1.3.3.8-1.fc21.x86_64
On 1st server, I was able to enable the audit logs using the following
LDIF.
dn: cn=config
changetype: modify
replace: nsslapd-auditlog-logging-enabled
nsslapd-auditlog-logging-enabled: on
However, the same LDIF when I run on the second server (which is the
replicated master) the audit logs never get enabled. I'm not able to find
the* nsslapd-auditlog-logging-enabled* entry under the* dse.ldif*. I have
tried restarting etc but no luck.
Is this normal ?
Thanks.
--Prashant
8 years, 11 months
Delete a domain with Kolab
by Timotheus Pokorra
Hello Christian,
I read your thread from March 2015, about the problems deleting the domain.
https://lists.fedoraproject.org/pipermail/389-users/2015-March/017880.html
I had the same problem, and finally I found a solution.
Somehow, this leaf object is not deleted when you remove the domain:
cn=kolab-admin,dc=dertest2,dc=de:
{"cn":"kolab-admin","objectclass":["top","ldapsubentry","nsroledefinition","nssimpleroledefinition","nsmanagedroledefinition"]}
The object class ldapsubentry is something special, I guess.
When I specifically delete this leaf first, then I can delete the
domain without any problems.
See more details and the fix here:
https://issues.kolab.org/show_bug.cgi?id=5100
Hope this helps,
Timotheus
8 years, 11 months
389-admin-1.1.36
by Derek Belcher
Where can I go to see the difference between:
389-admin-1.1.36 and 389-admin-1.1.35-1.el6.x86_64
8 years, 11 months
How can I reconfigure my existing 389 Consoles
by Wudadin
I would like to point them all to the one server so that I can open one pane of glass and see all of the Directories in one screen.
Currently, they are all pointing to there localhost.
register-ds-admin.pl --update ?
Thanks!
8 years, 11 months
Proper upgrade steps?
by Wudadin
Good Afternoon,
I was trying to upgrade one of my 389ds consumers and it does not seem to have worked.Started with the following:
[server-03]# cat /etc/issueCentOS release 6.3 (Final)Kernel \r on an \m
[server-03]# rpm -qa 389*389-adminutil-1.1.15-1.el6.x86_64389-admin-console-1.1.8-1.el6.noarch389-dsgw-1.1.9-1.el6.x86_64389-console-1.1.7-1.el6.noarch389-ds-base-libs-1.2.10.2-20.el6_3.x86_64389-admin-1.1.29-1.el6.x86_64389-ds-console-1.2.6-1.el6.noarch389-admin-console-doc-1.1.8-1.el6.noarch389-ds-1.2.2-1.el6.noarch389-ds-base-1.2.10.2-20.el6_3.x86_64389-ds-console-doc-1.2.6-1.el6.noarch
Ran the following commands:
[server-03]# yum update[server-03]# yum upgrade 389-ds-base
[server-03]# rpm -qa 389*389-admin-console-doc-1.1.8-1.el6.noarch389-admin-console-1.1.8-1.el6.noarch389-dsgw-1.1.9-1.el6.x86_64389-ds-console-1.2.6-1.el6.noarch389-ds-1.2.2-1.el6.noarch389-ds-base-1.2.11.15-48.el6_6.x86_64389-adminutil-1.1.15-1.el6.x86_64389-ds-console-doc-1.2.6-1.el6.noarch389-console-1.1.7-1.el6.noarch389-admin-1.1.29-1.el6.x86_64389-ds-base-libs-1.2.11.15-48.el6_6.x86_64
[server-03]# setup-ds-admin.pl -u==============================================================================The update option will allow you to re-register your servers with theconfiguration directory server and update the information about yourservers that the console and admin server uses. You will need yourconfiguration directory server admin ID and password to continue.Continue? [yes]:==============================================================================Please specify the information about your configuration directoryserver. The following information is required:- host (fully qualified), port (non-secure or secure), suffix, protocol (ldap or ldaps) - this information should be provided in the form of an LDAP url e.g. for non-secureldap://host.example.com:389/o=NetscapeRoot or for secureldaps://host.example.com:636/o=NetscapeRoot- admin ID and password- admin domain- a CA certificate file may be required if you choose to use ldaps and security has not yet been configured - the file must be in PEM/ASCII format - specify the absolute path and filenameConfiguration directory server URL [ldap://server-01.my.company.net:389/o=NetscapeRoot]:Configuration directory server admin ID [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:Configuration directory server admin password:Configuration directory server admin domain [my.company.net]:
==============================================================================
The interactive phase is complete. The script will now set up yourservers. Enter No or go Back if you want to change something.Are you ready to set up your servers? [yes]:Could not open TLS connection to server-03.my.company.net:389 - trying regular connectionCould not open a connection to server-03.my.company.net:389Could not open a connection to the server at server-03.my.company.net port 389 as 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot'.Please make sure the server is up and running before using online mode,or use offline mode.Could not reconfigure the admin server.Exiting . . .Log file is '/tmp/setup4jz4q9.log'
[server-03]# cat /tmp/setup4jz4q9.log[15/06/09:16:18:14] - [Setup] Info The update option will allow you to re-register your servers with theconfiguration directory server and update the information about yourservers that the console and admin server uses. You will need yourconfiguration directory server admin ID and password to continue.[15/06/09:16:18:14] - [Setup] Info Continue?[15/06/09:16:18:16] - [Setup] Info yes[15/06/09:16:18:16] - [Setup] Info Please specify the information about your configuration directoryserver. The following information is required:- host (fully qualified), port (non-secure or secure), suffix, protocol (ldap or ldaps) - this information should be provided in the form of an LDAP url e.g. for non-secureldap://host.example.com:389/o=NetscapeRoot or for secureldaps://host.example.com:636/o=NetscapeRoot- admin ID and password- admin domain- a CA certificate file may be required if you choose to use ldaps and security has not yet been configured - the file must be in PEM/ASCII format - specify the absolute path and filename[15/06/09:16:20:38] - [Setup] Info Configuration directory server URL[15/06/09:16:20:42] - [Setup] Info ldap://server-01.my.company.net:389/o=NetscapeRoot[15/06/09:16:20:42] - [Setup] Info Configuration directory server admin ID[15/06/09:16:20:43] - [Setup] Info uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot[15/06/09:16:20:43] - [Setup] Info Configuration directory server admin password[15/06/09:16:20:50] - [Setup] Info Configuration directory server admin domain[15/06/09:16:20:50] - [Setup] Info my.company.net[15/06/09:16:20:50] - [Setup] Info The interactive phase is complete. The script will now set up yourservers. Enter No or go Back if you want to change something.[15/06/09:16:20:50] - [Setup] Info Are you ready to set up your servers?[15/06/09:16:20:54] - [Setup] Info yesCould not open TLS connection to server-03.my.company.net:389 - trying regular connectionCould not open a connection to server-03.my.company.net:389[15/06/09:16:20:54] - [Setup] Info Could not open a connection to the server at server-03.my.company.net port 389 as 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot'.Please make sure the server is up and running before using online mode,or use offline mode.[15/06/09:16:20:54] - [Setup] Fatal Could not reconfigure the admin server.[15/06/09:16:20:54] - [Setup] Fatal Exiting . . .Log file is '/tmp/setup4jz4q9.log'
[server-03]# ps -ef | grep slapldapuser 15748 1 2 Jun06 ? 01:53:42 ./ns-slapd -D /etc/dirsrv/slapd-server-03 -i /var/run/dirsrv/slapd-server-03.pid -w /var/run/dirsrv/slapd-server-03.startpidroot 19243 18984 0 16:21 pts/0 00:00:00 grep slap
[server-03]# netstat -tap | grep LIST | grep -E "httpd|ldaps|ldap"
tcp 0 0 *:9830 *:* LISTEN 15635/httpd.workertcp 0 0 *:ldap *:* LISTEN 15748/./ns-slapdtcp 0 0 *:ldaps *:* LISTEN 15748/./ns-slapd
Not sure why I can not connect back to the localhost when running ./setup-ds-admin.pl -u EVEN when trying to connect on just 389 and not use TLS
Any ideas? Not sure what I am doing wrong here.
8 years, 11 months
New Password on First Login
by John Hosie
This was working before but doesn't seem to work right any more.
When a password is reset or a new user is created, I need to force the user to enter a new password on the first login. It was working, but no longer is, and I'm not sure why. How do I make this happen?
I'm using the 389-console.
Sincerely,
John W. Hosie III301 509 1089 (M)301 869 6327 (H)
jwh3
8 years, 11 months
dirsrv startup issue
by John Hosie
I have a 389-ds server in place in prod. I'm trying to set up turnkey operation, but when the system starts, and /etc/init.d/dirsrv kicks off, it asks for a password. How do I get past this?
Running RHEL6.5 with 389-ds-base.x86_64 1.2.11.15-34.el6_5
Sincerely,
John W. Hosie III301 509 1089 (M)301 869 6327 (H)
jwh3
8 years, 11 months