<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
All,<br>
Here's what I've now done to enable the AD Back end DB for a sub tree:<br>
1. Click configuration and select the "dc=domain,dc=com" tree.<br>
2. Right click "dc=domain,dc=com" tree and select new sub suffix<br>
3. In New Suffix box, typed "ou=subsuffix1" and unchecked create
associated database automatically and click OK.<br>
4. Open "dc=domain,dc=com" and right click
"ou=subsuffix1,dc=domain,dc=com, and select "new database link.<br>
5. Here, I put Database link name "subsuffix1", put the bind dn and
password of a domain user account in my AD, and put the domain
controller ip in the remote server box and clicked save. (I can connect
to my AD with the DN I provided here)<br>
6. Check enable this suffix under ou=subsuffix1,dc=worldpub,dc=corp<br>
<br>
now subsuffix1 database appears under ou=subsuffix1,dc=domain,dc=com.
If I now go to the directory tab, and select the directory entry, i get
critical extension unavailable and if i use an ldap browser i get list
failed on the main tree. Did i miss a step? If I disable the
ou=subsuffix1,dc=domain,dc=com suffix i can browse the tree no
problem. Thanks!<br>
Brian Smith<br>
<br>
<br>
<br>
Sergio Diaz wrote:
<blockquote cite="mid1159813037.2474.3.camel@oslec" type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="GENERATOR" content="GtkHTML/3.10.3">
<br>
FDS, OpenLDAP and AD<br>
<br>
One Directory FDS.....i want this directions to...<br>
Chaining Backend...<br>
<br>
Regards,<br>
Sergio<br>
<br>
On Mon, 2006-10-02 at 14:12 -0400, Brian Smith wrote:
<blockquote type="CITE">
<pre><font color="#000000">Hello all, I've been working on getting chaining working with an active</font>
<font color="#000000">directory back end for a week now. Has anyone successfully done this or</font>
<font color="#000000">have directions on setting this up?</font>
<font color="#000000"> Brian Smith</font>
<font color="#000000">Howard Chu wrote:</font>
<font color="#000000">></font>
<font color="#000000">>> Date: Mon, 02 Oct 2006 10:01:55 -0600</font>
<font color="#000000">>> From: Richard Megginson <<a
href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>></font>
<font color="#000000">></font>
<font color="#000000">>> Sergio Diaz wrote:</font>
<font color="#000000">>>> Hi Richard;</font>
<font color="#000000">>>></font>
<font color="#000000">>>> Openldap:</font>
<font color="#000000">>>></font>
<font color="#000000">>>> The *meta* backend to *slapd(8)</font>
<font color="#000000">>>> <<a
href="http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8">http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8</a>>*</font>
<font color="#000000">>>> performs basic LDAP proxying with respect</font>
<font color="#000000">>>> to a set of remote LDAP servers, called "targets". The </font>
<font color="#000000">>>> information</font>
<font color="#000000">>>> contained in these servers can be presented as belonging</font>
<font color="#000000">>>> to a single</font>
<font color="#000000">>>> Directory Information Tree (DIT).</font>
<font color="#000000">>>></font>
<font color="#000000">>>> Its possible with FDS ??</font>
<font color="#000000">>>> </font>
<font color="#000000">>> FDS has a chaining backend which allows you to use another LDAP</font>
<font color="#000000">>> server to store the data.</font>
<font color="#000000">></font>
<font color="#000000">> It sounds like the FDS chaining backend is similar to OpenLDAP</font>
<font color="#000000">> back-ldap and/or the chaining overlay. In OpenLDAP back-ldap forwards</font>
<font color="#000000">> a request to one other server (at a time; multiple servers can be</font>
<font color="#000000">> configured but the others will only be used if the first server cannot</font>
<font color="#000000">> be contacted). The back-meta backend is a superset of back-ldap, it</font>
<font color="#000000">> can fanout single requests to multiple servers in parallel and</font>
<font color="#000000">> aggregate the results. (There's also attribute mapping and DN</font>
<font color="#000000">> rewriting, but those capabilities are no longer unique to back-meta,</font>
<font color="#000000">> having been moved into the rewrite overlay.) With these modules you</font>
<font color="#000000">> can stitch together a variety of heterogeneous directories into a</font>
<font color="#000000">> coherent virtual directory.</font>
<font color="#000000">></font>
<font color="#000000">>>> Regards!!</font>
<font color="#000000">>>> Sergio</font>
<font color="#000000">>>></font>
<font color="#000000">>>> </font>
<font color="#000000">>>> On Mon, 2006-10-02 at 07:25 -0600, Richard Megginson wrote:</font>
<font color="#000000">>>>> Sergio Diaz wrote:</font>
<font color="#000000">>>>>> Hi People,</font>
<font color="#000000">>>>>></font>
<font color="#000000">>>>>> Its Possible Sync only in One Way ?</font>
<font color="#000000">>>>>> Users Windows AD -> FDS.</font>
<font color="#000000">>>>> No, not really.</font>
<font color="#000000">>>>>> Or the other scenario its like OpenLDAP have a Meta Backend (2</font>
<font color="#000000">>>>>> LDAPs, 1 AD), its possible with FDS ?</font>
<font color="#000000">>>>> It's possible. What does the meta backend do?</font>
<font color="#000000">>>>>></font>
<font color="#000000">>>>>> Regards,</font>
<font color="#000000">>>>>> Sergio</font>
<font color="#000000">></font>
<font color="#000000">></font>
<font color="#000000">--</font>
<font color="#000000">Fedora-directory-users mailing list</font>
<font color="#000000"><a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a></font>
<font color="#000000"><a
href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a></font>
</pre>
</blockquote>
</blockquote>
</body>
</html>