Saturday, September 24, 2022

[Test-Announce] Fedora 37 Branched 20220924.n.0 nightly compose nominated for testing

Announcing the creation of a new nightly release validation test event
for Fedora 37 Branched 20220924.n.0. Please help run some tests for this
nightly compose if you have time. For more information on nightly
release validation testing, see:
https://fedoraproject.org/wiki/QA:Release_validation_test_plan

Notable package version changes:
anaconda - 20220913.n.0: anaconda-37.12.2-2.fc37.src, 20220924.n.0: anaconda-37.12.5-1.fc37.src

Test coverage information for the current release can be seen at:
https://openqa.fedoraproject.org/testcase_stats/37

You can see all results, find testing instructions and image download
locations, and enter results on the Summary page:

https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220924.n.0_Summary

The individual test result pages are:

https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220924.n.0_Installation
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220924.n.0_Base
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220924.n.0_Server
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220924.n.0_Cloud
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220924.n.0_Desktop
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220924.n.0_Security_Lab

Thank you for testing!
--
Mail generated by relvalconsumer: https://pagure.io/fedora-qa/relvalconsumer
_______________________________________________
test-announce mailing list -- test-announce@lists.fedoraproject.org
To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Thursday, September 22, 2022

[Test-Announce] Fwd: Fedora IoT Test Week Occurring Now!

Forwarding a test day announcement from Geoff:

Hello testers!

Just a heads up: the IoT Test Week is occurring now! [0]

Please add your results to the test week page [1] and feel free to chat in #fedora-test-day on libera.chat.

Note, in case you tried to test earlier in the week and were faced with bad linked test images, the links have been fixed and you should be able to download and install now!


Monday, September 19, 2022

[389-users] Re: 389 DS sync issue with Active Directory

Hi Darshen, 

Indeed, the agmt parameters indeed look wrong:
     --port 389 and --conn-protocol LDAPS should not be used together. 
It should either be: 
   --port 389 --conn-protocol StartTLS 
or --port 636 --conn-protocol LDAPS 

Regards,
   Pierre

On Mon, Sep 19, 2022 at 1:41 PM Mark Reynolds <mareynol@redhat.com> wrote:

On 9/19/22 3:05 AM, Darshan B wrote:
> Hello Team
>
> I have a question on sync between  389 DS  and windows active Directoty.
> I have followed this link to https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-ldap.html for Synchronizing with Microsoft Active Directory(6.11) with 389 DS , I'm able to create the repl-winsync-agmt  but while checking its status using sudo dsconf ldap1 repl-winsync-agmt init-status i'm getting below error .
>
> Error:
> [16/Sep/2022:16:25:45.129760205 +051800] - ERR - slapi_ldap_bind - Could not send bind request for id [CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5950 (File not found.), network error 107 (Transport endpoint is not connected, host "192.168.56.106:389")

This means the replication agreement can not connect to the AD server.  
Perhaps your winsync agreement is not configured correctly.  Please
provide the agreement entry from 389 DS.

Thanks,
Mark

>
> I'm able to do ldapsearch on Active directory but repl-winsync-agmt init-status command is giving the network error.
>
> ldapseach command:
> ldapsearch -x -h 192.168.56.106 -p 389 -b "CN=Users,dc=training,dc=itadmin,dc=com" -D "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" -w "Test@123" dn
>
> repl-winsync-agmt create  command used:
>
> sudo dsconf -D "cn=ldap1-infra1" -w "#CEEadmin123" ldap1 repl-winsync-agmt create --suffix "dc=openstack,dc=org"  --host 192.168.56.106 --port 389 --conn-protocol LDAPS   --bind-dn "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com"   --bind-passwd "Test@123" --win-subtree "CN=Users,DC=training,DC=itadmin,DC=com"   --ds-subtree "dc=openstack,dc=org" --one-way-sync fromWindows   --sync-users=on --sync-groups=on --move-action delete   --win-domain "trainingitadmin.com" adsync_agreement
>
> Let me know what should be done to resolve this network error
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


--
--

389 Directory Server Development Team

[389-users] Re: 389 DS sync issue with Active Directory

On 9/19/22 3:05 AM, Darshan B wrote:
> Hello Team
>
> I have a question on sync between 389 DS and windows active Directoty.
> I have followed this link to https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-ldap.html for Synchronizing with Microsoft Active Directory(6.11) with 389 DS , I'm able to create the repl-winsync-agmt but while checking its status using sudo dsconf ldap1 repl-winsync-agmt init-status i'm getting below error .
>
> Error:
> [16/Sep/2022:16:25:45.129760205 +051800] - ERR - slapi_ldap_bind - Could not send bind request for id [CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5950 (File not found.), network error 107 (Transport endpoint is not connected, host "192.168.56.106:389")

This means the replication agreement can not connect to the AD server.  
Perhaps your winsync agreement is not configured correctly.  Please
provide the agreement entry from 389 DS.

Thanks,
Mark

>
> I'm able to do ldapsearch on Active directory but repl-winsync-agmt init-status command is giving the network error.
>
> ldapseach command:
> ldapsearch -x -h 192.168.56.106 -p 389 -b "CN=Users,dc=training,dc=itadmin,dc=com" -D "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" -w "Test@123" dn
>
> repl-winsync-agmt create command used:
>
> sudo dsconf -D "cn=ldap1-infra1" -w "#CEEadmin123" ldap1 repl-winsync-agmt create --suffix "dc=openstack,dc=org" --host 192.168.56.106 --port 389 --conn-protocol LDAPS --bind-dn "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" --bind-passwd "Test@123" --win-subtree "CN=Users,DC=training,DC=itadmin,DC=com" --ds-subtree "dc=openstack,dc=org" --one-way-sync fromWindows --sync-users=on --sync-groups=on --move-action delete --win-domain "trainingitadmin.com" adsync_agreement
>
> Let me know what should be done to resolve this network error
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[389-users] 389 DS sync issue with Active Directory

Hello Team

I have a question on sync between 389 DS and windows active Directoty.
I have followed this link to https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-ldap.html for Synchronizing with Microsoft Active Directory(6.11) with 389 DS , I'm able to create the repl-winsync-agmt but while checking its status using sudo dsconf ldap1 repl-winsync-agmt init-status i'm getting below error .

Error:
[16/Sep/2022:16:25:45.129760205 +051800] - ERR - slapi_ldap_bind - Could not send bind request for id [CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5950 (File not found.), network error 107 (Transport endpoint is not connected, host "192.168.56.106:389")

I'm able to do ldapsearch on Active directory but repl-winsync-agmt init-status command is giving the network error.

ldapseach command:
ldapsearch -x -h 192.168.56.106 -p 389 -b "CN=Users,dc=training,dc=itadmin,dc=com" -D "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" -w "Test@123" dn

repl-winsync-agmt create command used:

sudo dsconf -D "cn=ldap1-infra1" -w "#CEEadmin123" ldap1 repl-winsync-agmt create --suffix "dc=openstack,dc=org" --host 192.168.56.106 --port 389 --conn-protocol LDAPS --bind-dn "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" --bind-passwd "Test@123" --win-subtree "CN=Users,DC=training,DC=itadmin,DC=com" --ds-subtree "dc=openstack,dc=org" --one-way-sync fromWindows --sync-users=on --sync-groups=on --move-action delete --win-domain "trainingitadmin.com" adsync_agreement

Let me know what should be done to resolve this network error
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Sunday, September 18, 2022

[fedora-arm] [Fedocal] Reminder meeting : Fedora ARM & AArch64 status meeting

Dear all,

You are kindly invited to the meeting:
Fedora ARM & AArch64 status meeting on 2022-09-20 from 15:00:00 to 16:00:00 UTC
At fedora-meeting-2@irc.libera.chat

The meeting will be about:
Fedora ARM & AArch64 weekly status meeting.

More information available at:
[https://fedoraproject.org/wiki/Architectures/ARM](https://fedoraproject.org/wiki/Architectures/ARM)


Source: https://calendar.fedoraproject.org//meeting/9910/

_______________________________________________
arm mailing list -- arm@lists.fedoraproject.org
To unsubscribe send an email to arm-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/arm@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Saturday, September 17, 2022

[389-users] Re: Procedure to change the AD used to sync users


On 9/17/22 2:59 AM, Ludwig Krispenz wrote:

Hi Mark,

I was late in the thread and missed that it is about winsync where things are different, sorry.

No worries, your comments and input are always welcome!!

Regards,

Ludwig

On 16.09.22 22:11, Ludwig Krispenz wrote:


On 16.09.22 20:12, Mark Reynolds wrote:


On 9/16/22 1:40 PM, Ludwig Krispenz wrote:


On 16.09.22 19:16, Mark Reynolds wrote:


On 9/12/22 3:38 PM, Mihai Carabas wrote:


On Mon, Sep 12, 2022 at 6:35 PM Mark Reynolds <mareynol@redhat.com> wrote:


On 9/12/22 10:58 AM, Mihai Carabas wrote:


On Fri, Sep 9, 2022 at 10:31 PM Mihai Carabas <mihai.carabas@gmail.com> wrote:


On Wed, Aug 31, 2022 at 8:25 PM Mark Reynolds <mareynol@redhat.com> wrote:
Mihai,

Start with the docs:

https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/setting_up_windows_synchronization_between_active_directory_and_directory_server#configuring_the_database_for_synchronization_and_creating_the_synchronization_agreement_using_the_command_line

# dsconf slapd-INSTANCE repl-winsync-agmt list

# dsconf slapd-INSTANCE repl-winsync-agmt set --help

# dsconf slapd-INSTANCE repl-winsync-agmt set --host=<NEW HOSTNAME>
<AGREEMENT NAME>

# dsconf slapd-INSTANCE repl-winsync-agmt init <AGREEMENT NAME>

I did this:

[root@ldap ~]# dsconf slapd-ldap repl-winsync-agmt list --suffix "dc=curs,dc=xxx,dc=yy" | grep Host
nsDS5ReplicaHost: ad-tttt-01.curs.xxx.yy
 
But in the logs:

[09/Sep/2022:22:23:43.366356845 +0300] - INFO - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=ad.curs.xxx.yy" (ad:636)".

And it connects to the old server (ad:636) [the old was ad.curs.xxx.yy]. From where is getting that ad?

Any input here? A reboot is needed? Dropping changelog?

Try a server restart "dsctl slapd-ldap restart".  If it still pulling in that old host then maybe you have an extra/conflicting agreement?  "cn=ad.curs.xxx.yy" refers the DN of the replication agreement.  So check if that is the same DN of the agreement you have been modifying.


restart worked like a charm.

Is there a way to find out what config changes needs restart? (for future reasons)

Well in this case a replication agreement is processed at server startup or when it is first created.  The server will spawn a separate thread for each replication agreement.  Changes to things like port and hostname are not picked up in this agreement thread.  So all changes to a replication agreement's configuration will require a server restart.

Are you sure ?

No :-)

Well changing the host name is only picked up on new replication connections.  So if the connection is long lived it will not pick up on the change.  Maybe that's what was happening here? 

but there is agmt_set_host_from_entry() which calls prot_notify_agmt_changed(), so it should be picked up

We have/had a function "prot_notify_agmt_changed" which sets the state to EVENT_AGMT_CHANGED and the state machin will capture this and restart the incremantal protocol.

Ludwig

Mark

--   Directory Server Development Team

_______________________________________________  389-users mailing list -- 389-users@lists.fedoraproject.org  To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org  Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/  List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines  List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org  Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue  

_______________________________________________  389-users mailing list -- 389-users@lists.fedoraproject.org  To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org  Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/  List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines  List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org  Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue  
--   Directory Server Development Team

_______________________________________________  389-users mailing list -- 389-users@lists.fedoraproject.org  To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org  Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/  List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines  List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org  Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue  

_______________________________________________  389-users mailing list -- 389-users@lists.fedoraproject.org  To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org  Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/  List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines  List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org  Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue  
--   Directory Server Development Team