On 10/13/06, <b class="gmail_sendername">Richard Megginson</b> <<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Sergio Diaz wrote:<br>> Hi all,<br>><br>> I successfully connect the AD Back End DB to FDS like Brian Smith, i<br>> disable the nsProxiedAuthorization (comment by Richard Meggison) in<br>> Plugins->Chaining Database->AD (is the name of my Sub Suffix), but i
<br>> cant Browse the Directory "Critical Extension unavailable".<br>I don't understand. You can't "Browse" the directory, but you can<br>search Users and Groups?</blockquote><div><br>Yes. Look the ScreenShots ->
SearchAD.png and BrowseCritical.png<br>In the Console i can Search Users from AD or FDS.<br>In the Directory Sever in TAB Directory i cant Browse the Settings of my Domain (Critical Extension Unavailable)<br><br>Map Attributes No.
<br></div><div>OK<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">><br>> Its possible to Link the Database of the AD only for Read ?
<br>You might be able to set the Chaining Database to be readonly in its<br>settings.</blockquote><div><br>In wich part i can do this ?<br><br><br>Regards,<br>Sergio <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> I like to write a Howto for this settings.<br>><br>> Regards,<br>> Sergio<br>><br>><br>><br>><br>><br>><br>> On 10/2/06, *Richard Megginson* <<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com
</a><br>> <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>>> wrote:<br>><br>> It may be that AD doesn't support proxied auth, in which case you<br>> should<br>> tell chaining to disable it. See
<br>> <a href="http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180">http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180</a><br>> <<a href="http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180">
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180</a>><br>> for more information - the pertinent attribute is<br>> nsProxiedAuthorization<br>><br>> Brian Smith wrote:<br>
> > All,<br>> > Here's what I've now done to enable the AD Back end DB for a sub<br>> tree:<br>> > 1. Click configuration and select the "dc=domain,dc=com" tree.<br>> > 2. Right click "dc=domain,dc=com" tree and select new sub suffix
<br>> > 3. In New Suffix box, typed "ou=subsuffix1" and unchecked create<br>> > associated database automatically and click OK.<br>> > 4. Open "dc=domain,dc=com" and right click
<br>> > "ou=subsuffix1,dc=domain,dc=com, and select "new database link.<br>> > 5. Here, I put Database link name "subsuffix1", put the bind<br>> dn and<br>> > password of a domain user account in my AD, and put the domain
<br>> > controller ip in the remote server box and clicked save. (I can<br>> > connect to my AD with the DN I provided here)<br>> > 6. Check enable this suffix under<br>> ou=subsuffix1,dc=worldpub,dc=corp
<br>> ><br>> > now subsuffix1 database appears under<br>> ou=subsuffix1,dc=domain,dc=com.<br>> > If I now go to the directory tab, and select the directory entry, i<br>> > get critical extension unavailable and if i use an ldap browser
<br>> i get<br>> > list failed on the main tree. Did i miss a step? If I disable the<br>> > ou=subsuffix1,dc=domain,dc=com suffix i can browse the tree no<br>> > problem. Thanks!<br>
> > Brian Smith<br>> ><br>> ><br>> ><br>> > Sergio Diaz wrote:<br>> >><br>> >> FDS, OpenLDAP and AD<br>> >><br>> >> One Directory FDS.....i want this directions to...
<br>> >> Chaining Backend...<br>> >><br>> >> Regards,<br>> >> Sergio<br>> >><br>> >> On Mon, 2006-10-02 at 14:12 -0400, Brian Smith wrote:<br>> >>> Hello all, I've been working on getting chaining working with
<br>> an active<br>> >>> directory back end for a week now. Has anyone successfully<br>> done this or<br>> >>> have directions on setting this up?<br>> >>><br>
> >>> Brian Smith<br>> >>><br>> >>> Howard Chu wrote:<br>> >>> ><br>> >>> >> Date: Mon, 02 Oct 2006 10:01:55 -0600<br>> >>> >> From: Richard Megginson <
<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a><br>> <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>> <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a><br>
> <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>>>><br>> >>> ><br>> >>> >> Sergio Diaz wrote:<br>> >>> >>> Hi Richard;
<br>> >>> >>><br>> >>> >>> Openldap:<br>> >>> >>><br>> >>> >>> The *meta* backend to *slapd(8)<br>> >>> >>> <
<br>> <a href="http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8">http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8</a><br>> <<a href="http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8">
http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8</a>><br>> <<br>> <a href="http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8">http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
</a><br>> <<a href="http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8">http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8</a>>>>*<br>> >>> >>> performs basic LDAP proxying with respect
<br>> >>> >>> to a set of remote LDAP<br>> servers, called "targets". The<br>> >>> >>> information<br>> >>> >>> contained in these servers can be presented as
<br>> belonging<br>> >>> >>> to a single<br>> >>> >>> Directory Information Tree (DIT).<br>> >>> >>><br>> >>> >>> Its possible with FDS ??
<br>> >>> >>><br>> >>> >> FDS has a chaining backend which allows you to use another LDAP<br>> >>> >> server to store the data.<br>> >>> >
<br>> >>> > It sounds like the FDS chaining backend is similar to OpenLDAP<br>> >>> > back-ldap and/or the chaining overlay. In OpenLDAP back-ldap<br>> forwards<br>> >>> > a request to one other server (at a time; multiple servers
<br>> can be<br>> >>> > configured but the others will only be used if the first<br>> server cannot<br>> >>> > be contacted). The back-meta backend is a superset of<br>> back-ldap, it
<br>> >>> > can fanout single requests to multiple servers in parallel and<br>> >>> > aggregate the results. (There's also attribute mapping and DN<br>> >>> > rewriting, but those capabilities are no longer unique to
<br>> back-meta,<br>> >>> > having been moved into the rewrite overlay.) With these<br>> modules you<br>> >>> > can stitch together a variety of heterogeneous directories
<br>> into a<br>> >>> > coherent virtual directory.<br>> >>> ><br>> >>> >>> Regards!!<br>> >>> >>> Sergio<br>> >>> >>>
<br>> >>> >>><br>> >>> >>> On Mon, 2006-10-02 at 07:25 -0600, Richard Megginson wrote:<br>> >>> >>>> Sergio Diaz wrote:<br>> >>> >>>>> Hi People,
<br>> >>> >>>>><br>> >>> >>>>> Its Possible Sync only in One Way ?<br>> >>> >>>>> Users Windows AD -> FDS.<br>> >>> >>>> No, not really.
<br>> >>> >>>>> Or the other scenario its like OpenLDAP have a Meta<br>> Backend (2<br>> >>> >>>>> LDAPs, 1 AD), its possible with FDS ?<br>> >>> >>>> It's possible. What does the meta backend do?
<br>> >>> >>>>><br>> >>> >>>>> Regards,<br>> >>> >>>>> Sergio<br>> >>> ><br>> >>> ><br>> >>>
<br>> >>> --<br>> >>> Fedora-directory-users mailing list<br>> >>> <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:
<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a>><br>> <mailto:<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:
<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a>>><br>> >>> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users
</a><br>> >>><br>> ><br>> ------------------------------------------------------------------------<br>><br>> ><br>> > --<br>> > Fedora-directory-users mailing list
<br>> > <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a>>
<br>> > <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>> ><br>><br>><br>> --<br>> Fedora-directory-users mailing list
<br>> <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a>><br>
> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>><br>><br>><br>><br>> ------------------------------------------------------------------------
<br>><br>> --<br>> Fedora-directory-users mailing list<br>> <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">
https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>><br><br><br>--<br>Fedora-directory-users mailing list<br><a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br><br><br><br></blockquote></div><br>