Re: OneWaySync AD to 389ds issue.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You only needed to send that one entry from dse.ldif! You just sent us the whole dse.ldif with your nsslapd-rootpw hash, and your replication manager password.

You now need to assume these are all compromised, and you need to reset them all, on all your directory servers.  I'm sorry to tell you this .... 

You also still haven't sent the nsslapd-errorlog-level in the config. You seem to be really struggling here ... 

> On 29 Nov 2021, at 13:22, Dhivagar A <ssdhivagar@xxxxxxxxx> wrote:
> 
> Hi Team,
> 
> Thanks for the clarification. 
> 
> I have removed the entry from the dse.ldif file and attached it to this email. 
> 
> On Mon, Nov 29, 2021 at 8:10 AM William Brown <william.brown@xxxxxxxx> wrote:
> I'm sorry if what I said wasn't clear. You need to *send us* that entry from dse.ldif so that we can look at it, but when you send that to us you need to remove that line.
> 
> By removing this from dse.ldif you just broken your replication agreement, so you'll need to re-add the credentials. 
> 
> 
> To set the log level you need to use the dsconf command to change nsslapd-errorlog-level. 
> 
> > On 29 Nov 2021, at 12:18, Dhivagar A <ssdhivagar@xxxxxxxxx> wrote:
> > 
> > Hi,
> > 
> > I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After restart the service.
> > 
> > Error log:
> > 
> > [29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/1.3.10.2 B2021.287.1227 starting up
> > [29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the maximum file descriptor limit to: 16384
> > [29/Nov/2021:07:19:58.015480108 +051800] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > [29/Nov/2021:07:19:58.021871694 +051800] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > [29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start - found 3880196k physical memory
> > [29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start - found 3253888k available
> > [29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start - cache autosizing: db cache: 97004k
> > [29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (2 total): 131072k
> > [29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (2 total): 65536k
> > [29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start - cache autosizing: NetscapeRoot entry cache (2 total): 131072k
> > [29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start - cache autosizing: NetscapeRoot dn cache (2 total): 65536k
> > [29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start - total cache size: 482119597 B; 
> > [29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin - agmt_is_valid - Replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" is malformed: a bind DN and password must be supplied for authentication method "SIMPLE"
> > [29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin - agmt_new_from_entry - Failed to parse agreement, skipping.
> > [29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd started.  Listening on All Interfaces port 389 for LDAP requests
> > [29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
> > [29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
> > [29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
> > [29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
> > [29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
> > 
> > 
> > Access log:
> > 
> > [29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL
> > [29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0 tag=101 nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687
> > [29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH base="cn=mapping tree,cn=config" scope=2 filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))" attrs=ALL
> > [29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0 tag=101 nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855
> > [29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
> > [29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0 tag=101 nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737
> > [29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> > [29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0 tag=101 nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265
> > [29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="description"
> > [29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0 tag=101 nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100
> > [29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> > [29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0 tag=101 nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
> > 
> > how to change the
> > value 8192 of logs.
> > _______________________________________________
> > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
> 
> --
> Sincerely,
> 
> William Brown
> 
> Senior Software Engineer, Identity and Access Management
> SUSE Labs, Australia
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
> <dse.zip>_______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

--
Sincerely,

William Brown

Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux