search for: 389ds

Hi! We are setting up an environment with two 389DS configured as master-consumer. The DIT holds about 70.000 user records. A couple of other machines running SSSD will be using the 389DS setup for all user info lookups that would normally go to passwd/shadow. There are also other applications that will be querying the 389DS for various other use...

Hi, I'm having problems deleting something from 389DS. At one point I had a link to use an external LDAP server for authentication for a particular client. I now need to delete this but I am having trouble. Firstly I can't find this object in either the directory manager or ldapadmin. I can see the object using db2ldif: # entry-id: 1838...

...ross a few forums and went through you?re documentation pages but the information isn?t clear so thought to ask the question directly to the source. What we are looking to achieve: Our environment is mainly consistent of Linux/Unix operating systems. Our users are mainly researcher and we use 389ds for user authenticating. I am looking for a solution to maintain a relatively small setup of Windows machines (20 nodes) used by researchers to remote visualise their work. We are currently using pGina to authenticate our users Windows login against our 389-ds, though we would like to also manage...

On Fri, 15 Nov 2024 20:39:22 +0800 <ahmed.taleb at pawsey.org.au> wrote: > So not even if?you sync 389 to samba local ldap? > You can sync passwords between Samba AD and users in an external ldap, but why would you ? A Samba AD domain can totally replace your 389-ds and pgina setup. As for pgina, I thought it was dead, which the original is (okay, it hasn't had any updates for

...umentation > pages but the information isn?t clear so thought to ask the question > directly to the source. > > > > What we are looking to achieve: > > Our environment is mainly consistent of Linux/Unix operating systems. > Our users are mainly researcher and we use 389ds for user > authenticating. > > I am looking for a solution to maintain a relatively small setup of > Windows machines (20 nodes) used by researchers to remote visualise > their work. We are currently using pGina to authenticate our users > Windows login against our 389-ds, thoug...

LDAP Account Manager (LAM) 5.4.RC1 - May 31st, 2016 =================================================== LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- This release adds support for Samba 3 password history and 389 server DNA plugin. LAM Pro supports 389 server unlocking and can display captchas during user self registration. This is a test

LDAP Account Manager (LAM) 5.4 - June 21st, 2016 ================================================ LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- This release adds support for Samba 3 password history and 389 server DNA plugin. LAM Pro supports 389 server unlocking and can display captchas during user self registration. Full changelog:

Hi! How to get usermod working with SSSD/389DS ? We have SSSD set up on our server and it uses 389DS. SSSD was enabled with the following command: authconfig --enablesssd --enablesssdauth --ldapbasedn=dc=example,dc=com --enableshadow --enablemkhomedir --enablelocauthorize --update Running for example "usermod -L username" returns:...

...new domain and surely this is > the very time to upgrade. Thanks for your advice. But I can't upgrade. I am not setting up a new domain I am upgrading in one network segment. I can't move to AD right now (sigh) because of a VERY big LDAP in the backend. It is not even openLDAP. It is 389ds - which is working excellent even with Multiple Master live replications around the globe. Absolutely rock solid even when there are power outages or network cuts happening. EVERYTHING here is LDAP centric. I can't switch to sambas LDAP for this reason right now. This would be a HUGE proje...

Hello: I have a samba PDC with LDAP, samba 3.0.33 and 389DS 1.2.5. I am adding computer accounts with smbldap-useradd script configured in smb.conf like this: add machine script = /usr/bin/perl -w /opt/ldap/smbldap-tools/bin/smbldap-useradd -w -c '%a' -t 10 -J Equipos '%u' My problem is that I get a samba sid I don't unders...

I'm with a problem and need some help with this. So i'm using 389ds + samba 3.6.9, I have Ldap integrated with samba, it works. I get login successfully, attributes permissions with ACL, created Shared FOlders, all right. But when I insert a user in a Samba Group,it takes between 20 ~ 30 minutes to works. I already restart service, restart server, but only is in...

...>> LDAP is the de facto standard. > > Unfortunately, OpenLDAP as a server is deprecated in C8, and isn?t packaged anymore. Upstream they point customers to their directory service, which is based on 389 directory service. > Okay, I found https://directory.fedoraproject.org/docs/389ds/download.html. Thank you for the useful reply. It appears that they just pasted a new name on an old horse. It's still LDAP. I'll follow the directions there. At least the directions say they are for CentOS 8.1+ I'll let you know what happens. I hope I don't end up having t...

Hi I am testing the migration from our actual Samba domain, based on Samba 3.3.8 and LDAP (389DS) to Samba 4. I have followed the Samba4 Howto, and I have successfully compiled it. Now I am running the classicupgrade command, but I am getting some errors. First of them is that the script is ignoring the "ldap group suffix" parameter in smb.conf, and is always searching in the "...

...gt; > > > Unfortunately, OpenLDAP as a server is deprecated in C8, and isn?t > packaged anymore. Upstream they point customers to their directory > service, which is based on 389 directory service. > > > > Okay, I found > > https://directory.fedoraproject.org/docs/389ds/download.html. > > Thank you for the useful reply. > > It appears that they just pasted a new name on an old horse. It's still > LDAP. > > yes, its the standardized LDAP protocol... it is, however, a completely different implementation, so no, its not OpenLDAP, which is a...

Hello. I'm having a problem regarding locked users in ldap. We are using 389DS ldap server. We lock our users with nsAccountLock=true. If user successfully logs into dovecot, his credentials gets cached. When this user is locked its credentials still stay in cache. The problem I'm having is that our ldap server returns error code 53 ("Unwilling to perform - Account i...

...st the hased password > in the ldap user entry, the token is processed in an external app, if > both are a success, login is fine. This propably would require kerberos > tickets, as the password is constantly changing, but would introduce a > lot of flexibility, for those who dare. 389ds does something like that. > In terms of internal scripting, is there already anything in samba? Not in the LDB layer. The closest is the check password script hook, which is severely restricted due to running with the transaction lock held. Andrew Bartlett -- Andrew Bartlett...

That explains why there is so little information on ldb and sqlite. From my pov sqlite just seemed interesting, as it has a well known syntax and the ability to embedd a transparent logic layer. As there is no effort to use sqlite (or sql) in the future , I just burried that path. As for compability I would strongly suggest to stay where Microsoft left off, before killing the "UNIX

> Yes, let me validate Mr. Kovacs comment. I am aware of the shortcomings > of NIS in the area of security. Let me provide some information on the > topography of my network and my reasoning for choosing NIS/NFS. Perhaps > an alternative may be suggested to meet my needs without totally > confounding me when it comes to configuration. The good thing about YP/NIS is that

Hi, I plan to install one Samba4 DC on a virtual machine to provide services for less than 50 users: - centralized authentication on 2 or 3 Linux servers - LDAP authentication on an ownCloud server - I do not think that I will join Windows computers to the domain, but maybe one day. I know it is better to install more than one DC to have replication, but in a so small setup, would it be

Hello everybody, I'd like to have LPK (or something like that - getting public keys from LDAP) integrated into mainline OpenSSH. *** First of all, a summary. The project page at http://code.google.com/p/openssh-lpk/ mentions that a few distributions include LPK per default; but reading the various threads at Support for merging LPK and hpn-ssh into mainline openssh?