389-users June 2019

389-users@lists.fedoraproject.org

17 participants
13 discussions

Server listening only on tcp6
by wodel youchi 12 Jun '19

12 Jun '19

Hi, I am using a new installation on Cento 7 updated. I am using these packages for 389DS 389-adminutil-1.1.21-2.el7.x86_64 389-ds-base-1.3.8.4-15.el7.x86_64 389-admin-console-doc-1.1.12-1.el7.noarch 389-ds-base-libs-1.3.8.4-15.el7.x86_64 389-console-1.1.19-4.el7.noarch 389-admin-1.1.46-1.el7.x86_64 389-admin-console-1.1.12-1.el7.noarch 389-ds-console-doc-1.2.16-1.el7.noarch 389-ds-1.2.2-6.el7.noarch 389-ds-console-1.2.16-1.el7.noarch 389-dsgw-1.1.11-5.el7.x86_64 The netstat on both ports 389 and 636 show that the daemon is listening on tcp6 only. as a workaround i modified nsslapd-listenhost and nsslapd-securelistenhost to 0.0.0.0 it's the first time I ma getting this behavior. Regards. <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai…> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai…> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

3 2

Proper upgrade procedure using Redhat repo and yum
by Patrick Landry 07 Jun '19

07 Jun '19

I have two servers running with multi master replication. The servers are running RHEL 7.4 with 389-ds installed via yum using the rhel-7-server-rpms repository. The hosts are behind a load balancer and all client access is through the load balancer. I would like to upgrade to the latest release available in rhel-7-server-rpms. I have the following packages installed related to 389ds: 389-admin-1.1.46-1.el7.x86_64 389-admin-console-1.1.12-1.el7.noarch 389-admin-console-doc-1.1.12-1.el7.noarch 389-adminutil-1.1.21-2.el7.x86_64 389-console-1.1.18-1.el7.noarch 389-ds-1.2.2-6.el7.noarch 389-ds-base-1.3.7.5-21.el7_5.x86_64 389-ds-base-libs-1.3.7.5-21.el7_5.x86_64 389-ds-console-1.2.16-1.el7.noarch 389-ds-console-doc-1.2.16-1.el7.noarch 389-dsgw-1.1.11-5.el7.x86_64 Only two of those packages appear to have updates available; 389-ds-base and 389-ds-base-libs. Is this the correct procedure? 1. remove server1 from the load balancer config to halt client requests 2. stop the dirsrv and dirsrv-admin services on server1 3. run "yum upgrade 389-ds-base 389-ds-base-libs" on server1 4. run "setup-ds-admin.pl -u" on server1 5. restart dirsrv and dirsrv-admin on server1 6. verify replication is still working 7. add server1 back to load balancer config 8. repeat steps 1-7 on server2 I presume that replication will continue to work after upgrading server1 but before upgrading server2. I believe that at step 4, I don't *also* have to run "setup-ds.pl". Is that correct? Thanks. -- Patrick Landry Director, UCSS University of Louisiana at Lafayette patrick.landry(a)louisiana.edu

3 5

directory manager bypassing password policies, alternatives?
by Eric Freeman 07 Jun '19

07 Jun '19

After upgrading from 389 version 1.2.11.15-33.el6_5.x86_64 to 1.2.11.15-97.el6_10.x86_64, we're finding that the Directory Manager account can bypass configured password policies and set user passwords to anything. I believe this is now by design, but is there a configuration file flag to revert to the previous behavior where Directory Manager needed to conform to the password policy? If not, how do we create a user account in 389 ldap server with rights to check and update user password hashes, and still enforce configured password policies? Please advise

3 4

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users June 2019