Migrating From 389-ds Version 1.3 to 1.4

The default LDAP schema used in 389-ds versions up until 1.3 had been RFC 2307. As a reluctant—and only once every few years—LDAP admin I was mostly ignorant of this fact until a recent upgrade made me pay closer attention. As of version 1.4 it seems the 389-ds project has switched to the RFC 2307bis […]

Resolving Faux TLS Encryption Errors in SSSD

After wasting several hours over each of the last several days troubleshooting this seemingly obscure TLS encryption issue in SSSD I feel compelled to write down some notes. It all started with a switch upgrade in our rack. Two new servers I had just provisioned were failing to find users in our 389 directory server. […]

Backing Up 389 LDAP

We use 389 LDAP + sssd to handle logins on our research computing cluster at ILRI; users and groups live in 389 and the computing and storage nodes authenticate and do uid/gid lookups using sssd. It’s a really nice setup and Red Hat has done a great job making sure the whole stack works well […]

Useradd bash script for 389 LDAP

We started using 389 LDAP (aka Fedora Directory Server) for user and group management in our research computing environment. Instead of managing users, groups and passwords on each and every machine, we just put them in LDAP and have all the machines authenticate users centrally; it’s not rocket science (people have been doing centralized LDAP […]

Reset LDAP server in Redmine sqlite database

Our Redmine instance authenticates users against our institute’s LDAP server. The other day they moved the LDAP service to a new machine and the IP changed, which locked us out of Redmine. If this happens to you, you can easily change the LDAP server in the Redmine database. We’re using sqlite, but the concept should […]