Articles by Deepak Prasad
Migrate 389 Directory Server from Berkeley DB to LMDB
Migrate 389 Directory Server from Berkeley DB to LMDB with backend detection, dsctl dblib bdb2mdb, disk planning, validation, replicated rolling conversion, manual LDIF fallback, and recovery.
Update and Upgrade 389 Directory Server Safely
Update 389 Directory Server safely with dnf, pre-upgrade health checks, verified backups, standalone and rolling replica updates, post-upgrade validation, and recovery when a package update fails.
Migrate 389 Directory Server to a New Server
Migrate 389 Directory Server to a new host with replication or LDIF, including schema, TLS, validation, client cutover, and safe source removal.
Back Up and Restore 389 Directory Server
Back up and restore 389 Directory Server with dsconf backup create, dsctl db2bak, checksum verification, off-host copies, systemd automation, and isolated restore testing.
Migrate OpenLDAP to 389 Directory Server
Migrate OpenLDAP to 389 Directory Server with openldap_to_ds, LDIF preprocessing, schema and ACI mapping, validation, and cutover.
389 Directory Server Tutorial: Complete Administration Guide
Learn 389 Directory Server administration from installation and instance creation to ACIs, TLS, plugins, password policies, LMDB tuning, backup, replication, monitoring, migration, and troubleshooting.
Create and Manage Suffixes and Backends in 389 Directory Server
Create root suffixes and sub-suffixes with dsconf backend create, inspect backends, set read-only or disabled state, and delete a backend safely in 389 Directory Server.
Benchmark 389 Directory Server Performance with ldclt and logconv
Benchmark 389 Directory Server searches, binds, and writes with reproducible LDIF data, ldclt workloads, dsconf metrics, and logconv access-log analysis.
Configure SASL GSSAPI and Kerberos Authentication in 389 Directory Server
Configure Kerberos service principals, keytabs, SASL identity mapping, and GSSAPI authentication in 389 Directory Server with kinit and ldapwhoami.
Configure TLS Versions and Cipher Suites in 389 Directory Server
Inspect and restrict TLS protocol versions and cipher suites in 389 Directory Server, test LDAPS and STARTTLS compatibility, and roll back safely.
Create a Custom Schema in 389 Directory Server
Create custom 389 Directory Server attributes and auxiliary object classes with dsconf, schema LDIF files, reload tasks, validation, and replication-safe deployment.
Configure Database Chaining in 389 Directory Server
Configure 389 Directory Server database links with dsconf chaining, proxy bind accounts, remote ACIs, LDAPS and StartTLS, failover settings, controls, monitoring, and troubleshooting.
Configure LDAP Threads and Connections in 389 Directory Server
Tune 389 Directory Server worker threads, listener threads, per-connection limits, idle timeouts, and file descriptors with dsconf and monitor output.
Configure LDAP Search Limits in 389 Directory Server
Configure 389 Directory Server size, time, look-through, paged, range, and ID-list limits with global and per-user overrides.
Configure Self-service Password and Profile ACIs in 389 Directory Server
Configure 389 Directory Server self-service ACIs with userdn ldap:///self for profile read and write, TLS-protected userPassword changes, selfwrite for opt-in group membership, and verification as the real bind user.
Tune LMDB, Entry Cache and DN Cache in 389 Directory Server
Tune 389 Directory Server LMDB map size, entry cache, DN cache, and normalized DN cache using dsconf backend config, monitor dbmon, and memory budgeting on MDB backends.
Configure Account Lockout in 389 Directory Server
Enable password-based account lockout in 389 Directory Server, set failure thresholds and unlock behaviour, inspect lockout attributes, test automatic unlock, recover locked accounts, and replicate lockout state.
Configure Global, Subtree and User Password Policies in 389 Directory Server
Configure global, subtree, and user password policies in 389 Directory Server with dsconf pwpolicy and localpwp, enforce complexity and expiration, test precedence, and manage temporary passwords.
Test ACI Permissions with Get Effective Rights in 389 Directory Server
Use Get Effective Rights in 389 Directory Server to test ACI permissions with ldapsearch, interpret entryLevelRights and attributeLevelRights, and verify results with real LDAP operations.
Restrict Anonymous Access in 389 Directory Server
Restrict 389 Directory Server anonymous LDAP access with nsslapd-allow-anonymous-access, narrow ldap:///anyone ACIs, disable unauthenticated empty-password binds, and verify root DSE, suffix, and public-attribute …
Configure Macro ACIs in 389 Directory Server
Configure 389 Directory Server macro ACIs with ($dn), [$dn], and ($attr.attributeName) to reduce duplicate rules and enforce tenant isolation.
Configure Virtual List View Indexes in 389 Directory Server
Configure 389 Directory Server Virtual List View indexes with dsconf backend vlv-index, test server-side sorting and VLV controls with ldapsearch, and verify vlvUses and access-log usage.
Configure TLS, STARTTLS and LDAPS in 389 Directory Server
Enable LDAPS and STARTTLS in 389 Directory Server, import server and CA certificates, configure client trust, and verify TLS with ldapsearch and openssl.
Create Virtual Directory Views in 389 Directory Server
Create virtual directory tree views in 389 Directory Server with nsView and nsViewFilter, nested filters, LDAP search verification, indexing, limitations, and troubleshooting.
Generate LDAP Test Data with dsctl ldifgen
Generate synthetic LDAP test data with dsctl ldifgen in 389 Directory Server—users, groups, CoS, roles, modification workloads, and nested trees—then review and load LDIF safely.
Manage Users and Groups in 389 Directory Server
Prepare ou=People and ou=Groups, create POSIX users and static groups with dsidm, set passwords, lock accounts, manage membership, verify LDAP attributes, and delete entries safely in 389 Directory Server.
Create a 389 Directory Server Instance with dscreate and an INF File
Generate a dscreate INF template, configure instance and backend settings, protect credentials, run dscreate from-file, and verify the new 389 Directory Server suffix.
Install and Configure 389 Directory Server
Install 389 Directory Server, create an LDAP instance with dscreate, configure a directory suffix, verify the service, and test LDAP access.
Restore a Replicated 389 Directory Server Safely
Recover a failed 389 Directory Server supplier, hub, or consumer with safe restore, replica reinitialization, RUV checks, and replication validation.
Export and Import 389 Directory Server Data with LDIF
Export and import 389 Directory Server backend data with dsconf and dsctl LDIF tools, validate migration files, prepare the destination suffix, and verify users and groups after import.

