From topping at codehaus.org Tue Nov 1 06:49:29 2005 From: topping at codehaus.org (Brian Topping) Date: Mon, 31 Oct 2005 22:49:29 -0800 Subject: [Fedora-directory-devel] Using Apache httpd Message-ID: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> Hi folks, I was talking to David Boreham on IRC a few hours ago and he mentioned that the future of FDS was on Apache httpd with Tomcat. I'm interested in this because the deeper I go into ns-httpd to try and solve my issues on x86_64, the more I realize I would be a lot more comfortable in Apache. Having said that and knowing it would be a lot cheaper to just go replace the motherboard in this machine with a decent P4 mobo, my interest is piqued on how far along the transition to httpd is and if it is gaining momentum, how I might help. I know my schedule wouldn't permit a massive investment of time right now, but if just having more people doing bug fixes on software that was operational but very rough, I could probably help. Any thoughts, pointers, notes or miscellaneous appreciated... Brian Topping topping at codehaus.org From chen_shaopeng at idsignet.com Tue Nov 1 09:04:40 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Tue, 01 Nov 2005 17:04:40 +0800 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> Message-ID: <43672FA8.20100@idsignet.com> Brian Topping wrote: > Hi folks, > > I was talking to David Boreham on IRC a few hours ago and he mentioned > that the future of FDS was on Apache httpd with Tomcat. I'm interested > in this because the deeper I go into ns-httpd to try and solve my > issues on x86_64, the more I realize I would be a lot more comfortable > in Apache. > > Having said that and knowing it would be a lot cheaper to just go > replace the motherboard in this machine with a decent P4 mobo, my > interest is piqued on how far along the transition to httpd is and if > it is gaining momentum, how I might help. I know my schedule wouldn't > permit a massive investment of time right now, but if just having more > people doing bug fixes on software that was operational but very rough, > I could probably help. > > Any thoughts, pointers, notes or miscellaneous appreciated... > That's what we would like to know and would like to work on too. I was looking into porting the current functionalities to apache httpd, when I heard that there is currently an apache module being developed already. My goal is to develop web admin console, based on apache, to replace the current combo of admin server and java admin console. Regardless of how early stage the mod is in, it would be cool if we can get some info about, especially, the roadmap, etc. rgds csp -- Chen Shaopeng http://www.idsignet.com From david_list at boreham.org Tue Nov 1 15:09:57 2005 From: david_list at boreham.org (David Boreham) Date: Tue, 01 Nov 2005 08:09:57 -0700 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> Message-ID: <43678545.9050304@boreham.org> > Having said that and knowing it would be a lot cheaper to just go > replace the motherboard in this machine with a decent P4 mobo, my > interest is piqued on how far along the transition to httpd is and if > it is gaining momentum, how I The Apache based admin server will be here soon, but I don't think you need to go to these extremes just to get a server working on a 64-bit box : it should just work if the IBM JVM is replaced with the 1.4 Sun JVM as detailed in the wiki page. From nkinder at redhat.com Tue Nov 1 16:16:58 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 01 Nov 2005 08:16:58 -0800 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> Message-ID: <436794FA.5000008@redhat.com> Brian Topping wrote: > Hi folks, > > I was talking to David Boreham on IRC a few hours ago and he > mentioned that the future of FDS was on Apache httpd with Tomcat. > I'm interested in this because the deeper I go into ns-httpd to try > and solve my issues on x86_64, the more I realize I would be a lot > more comfortable in Apache. What issues are you having with ns-httpd on x86_64? Are you simply having problems starting it? -NGK > > Having said that and knowing it would be a lot cheaper to just go > replace the motherboard in this machine with a decent P4 mobo, my > interest is piqued on how far along the transition to httpd is and if > it is gaining momentum, how I might help. I know my schedule > wouldn't permit a massive investment of time right now, but if just > having more people doing bug fixes on software that was operational > but very rough, I could probably help. > > Any thoughts, pointers, notes or miscellaneous appreciated... > > Brian Topping > topping at codehaus.org > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From topping at codehaus.org Tue Nov 1 16:19:45 2005 From: topping at codehaus.org (Brian Topping) Date: Tue, 1 Nov 2005 08:19:45 -0800 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: <43672FA8.20100@idsignet.com> References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> <43672FA8.20100@idsignet.com> Message-ID: On Nov 1, 2005, at 1:04 AM, Chen Shaopeng wrote: > My goal is to develop web admin console, based on apache, to > replace the current combo of admin server and java admin > console. Once things are ported over to Apache, there won't be any need for a JRE embedded in the distribution. I'm not sure of the details why Netscape needs this, but it has obvious implications for cross- platform compatibility. Java is a very accessible and robust platform for development, but the JRE needs are specialized per installation. Tomcat uses the systemwide JRE for functionality, so there is no technical need to replace Java in the system once things are running with a standard Tomcat install. If you are interested in replacing Java because you don't like Java programming, that's a different story :-) What if you were able to program the new interface you propose in your language of choice, integrated against the existing RPC interfaces? That way both front-ends could be supported. For my own part in it, one of the attractors to this project is the use of Java, and I look forward to expanding the UI with it. I would be discouraged if the Java console and all manners of supporting it were completely removed from the system. Brian From rmeggins at redhat.com Tue Nov 1 16:38:30 2005 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 01 Nov 2005 09:38:30 -0700 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> <43672FA8.20100@idsignet.com> Message-ID: <43679A06.9040204@redhat.com> In fact the code for the new admin server that uses httpd is already in CVS. Start here - http://directory.fedora.redhat.com/wiki/Building Then go to http://directory.fedora.redhat.com/wiki/AdminServer for information about the admin server. The "admin server" functionality that used to be supplied via an NES plug-in is now supplied by an Apache module called mod_admserv - http://directory.fedora.redhat.com/wiki/Mod_admserv Since we are required to use NSS instead of openssl for crypto, we wrote a new general purpose crypto module called mod_nss - http://directory.fedora.redhat.com/wiki/Mod_nss If you put all of these pieces together, you get the admin server/console/web app/cgi functionality using the Apache 2.0 built into the OS. We also got rid of Java. The console in CVS now builds and runs with the system Java, which should be the Sun or IBM JDK 1.4.2 or later. We also have a team that's working on making the console run with open source java projects like GNU Classpath. There are a couple of bugs in bugzilla related to that effort. We are also working on making the console more standalone, so that you will be able to administer the directory server without using the admin server (however, the CGIs won't work, but there are few of them). Brian Topping wrote: > > On Nov 1, 2005, at 1:04 AM, Chen Shaopeng wrote: > >> My goal is to develop web admin console, based on apache, to >> replace the current combo of admin server and java admin >> console. > > > Once things are ported over to Apache, there won't be any need for a > JRE embedded in the distribution. I'm not sure of the details why > Netscape needs this, but it has obvious implications for cross- > platform compatibility. Java is a very accessible and robust > platform for development, but the JRE needs are specialized per > installation. Tomcat uses the systemwide JRE for functionality, so > there is no technical need to replace Java in the system once things > are running with a standard Tomcat install. > > If you are interested in replacing Java because you don't like Java > programming, that's a different story :-) > > What if you were able to program the new interface you propose in > your language of choice, integrated against the existing RPC > interfaces? That way both front-ends could be supported. For my own > part in it, one of the attractors to this project is the use of Java, > and I look forward to expanding the UI with it. I would be > discouraged if the Java console and all manners of supporting it were > completely removed from the system. > > Brian > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Tue Nov 1 16:50:42 2005 From: david_list at boreham.org (David Boreham) Date: Tue, 01 Nov 2005 09:50:42 -0700 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: <436794FA.5000008@redhat.com> References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> <436794FA.5000008@redhat.com> Message-ID: <43679CE2.3000302@boreham.org> Nathan Kinder wrote: >> >> >> I was talking to David Boreham on IRC a few hours ago and he >> mentioned that the future of FDS was on Apache httpd with Tomcat. >> I'm interested in this because the deeper I go into ns-httpd to try >> and solve my issues on x86_64, the more I realize I would be a lot >> more comfortable in Apache. > > > What issues are you having with ns-httpd on x86_64? Are you simply > having problems starting it? The OP was seeing segfault on admin server startup, which he assumed was the problem mentioned here: http://directory.fedora.redhat.com/wiki/FAQ#Admin_Server_fails_to_start_on_MP_Linux_kernel_or_on_x86_64 He then tried the Sun JVM (1.5, not 1.4x), which didn't work either, for reasons unknown at this time. From topping at codehaus.org Tue Nov 1 17:16:53 2005 From: topping at codehaus.org (Brian Topping) Date: Tue, 1 Nov 2005 09:16:53 -0800 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: <43679CE2.3000302@boreham.org> References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> <436794FA.5000008@redhat.com> <43679CE2.3000302@boreham.org> Message-ID: <3D50BF03-5B76-49CB-AF54-3D70219A5571@codehaus.org> On Nov 1, 2005, at 8:50 AM, David Boreham wrote: > Nathan Kinder wrote: > >> What issues are you having with ns-httpd on x86_64? Are you >> simply having problems starting it? >> > > The OP was seeing segfault on admin server startup, which he > assumed was the > problem mentioned here: > http://directory.fedora.redhat.com/wiki/ > FAQ#Admin_Server_fails_to_start_on_MP_Linux_kernel_or_on_x86_64 > > He then tried the Sun JVM (1.5, not 1.4x), which didn't work either, > for reasons unknown at this time. Sorry for the delay to get back... David has the correct sequence here, but it was late and I realized this morning that I had reinstalled the rpm and didn't update the JRE path. I'll take a look at that stuff today to close it out and update what notes I can on the subject. Rich, thanks for the leads on httpd 2.0. I'll also give those a whirl. -b -------------- next part -------------- An HTML attachment was scrubbed... URL: From nkinder at redhat.com Tue Nov 1 17:29:57 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 01 Nov 2005 09:29:57 -0800 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: <3D50BF03-5B76-49CB-AF54-3D70219A5571@codehaus.org> References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> <436794FA.5000008@redhat.com> <43679CE2.3000302@boreham.org> <3D50BF03-5B76-49CB-AF54-3D70219A5571@codehaus.org> Message-ID: <4367A615.90407@redhat.com> Brian Topping wrote: > > On Nov 1, 2005, at 8:50 AM, David Boreham wrote: > >> Nathan Kinder wrote: >> >>> What issues are you having with ns-httpd on x86_64? Are you simply >>> having problems starting it? >>> >> >> The OP was seeing segfault on admin server startup, which he assumed >> was the >> problem mentioned here: >> http://directory.fedora.redhat.com/wiki/FAQ#Admin_Server_fails_to_start_on_MP_Linux_kernel_or_on_x86_64 >> >> He then tried the Sun JVM (1.5, not 1.4x), which didn't work either, >> for reasons unknown at this time. > > > Sorry for the delay to get back... > > David has the correct sequence here, but it was late and I realized > this morning that I had reinstalled the rpm and didn't update the JRE > path. I'll take a look at that stuff today to close it out and update > what notes I can on the subject. If this is the issue that David referenced above, then you don't need to use the Sun JVM to work around the problem. The problem is that the IBM JVM crashes when JIT compiling something during the Admin Server startup. You can disable JIT by adding "-Djava.compiler=NONE" to the jvm.option parameter in /admin-serv/config/jvm12.conf. This should not have any sort of performance impact since we only really use Java for running the console application. -NGK > > Rich, thanks for the leads on httpd 2.0. I'll also give those a whirl. > > -b > >------------------------------------------------------------------------ > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From topping at codehaus.org Tue Nov 1 17:44:12 2005 From: topping at codehaus.org (Brian Topping) Date: Tue, 1 Nov 2005 09:44:12 -0800 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: <4367A615.90407@redhat.com> References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> <436794FA.5000008@redhat.com> <43679CE2.3000302@boreham.org> <3D50BF03-5B76-49CB-AF54-3D70219A5571@codehaus.org> <4367A615.90407@redhat.com> Message-ID: <33E61534-D40E-407F-9B01-B6267C24A714@codehaus.org> On Nov 1, 2005, at 9:29 AM, Nathan Kinder wrote: > -Djava.compiler=NONE Worked like a champ! Nice looking console! :-) -b -------------- next part -------------- An HTML attachment was scrubbed... URL: From chen_shaopeng at idsignet.com Wed Nov 2 00:39:49 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Wed, 02 Nov 2005 08:39:49 +0800 Subject: [Fedora-directory-devel] Using Apache httpd In-Reply-To: References: <4C5589E3-E748-4FB6-B8B3-62781DF6AE05@codehaus.org> <43672FA8.20100@idsignet.com> Message-ID: <43680AD5.2030100@idsignet.com> Brian Topping wrote: > > On Nov 1, 2005, at 1:04 AM, Chen Shaopeng wrote: > >> My goal is to develop web admin console, based on apache, to >> replace the current combo of admin server and java admin >> console. > > > Once things are ported over to Apache, there won't be any need for a > JRE embedded in the distribution. I'm not sure of the details why > Netscape needs this, but it has obvious implications for cross- platform > compatibility. Java is a very accessible and robust platform for > development, but the JRE needs are specialized per installation. > Tomcat uses the systemwide JRE for functionality, so there is no > technical need to replace Java in the system once things are running > with a standard Tomcat install. > > If you are interested in replacing Java because you don't like Java > programming, that's a different story :-) > No, we don't want to replace the admin console just because it is developed in Java. We actually do a lot of Java programming, from Eclipse plugins to j2ee stuff, and we love it. Actually, we even consider using Tomcat as the admin server. The only thing we'd like to have is a clean separation of the directory server and the admin server (along with the console), and have the admin server and console run on other platforms such as Windows (yeah I know... :) ns-httpd is nice and all (which we used to develop on a few years ago), but the king of http server is apache. And it is much easier for us to find developers :) > What if you were able to program the new interface you propose in your > language of choice, integrated against the existing RPC interfaces? > That way both front-ends could be supported. For my own part in it, > one of the attractors to this project is the use of Java, and I look > forward to expanding the UI with it. I would be discouraged if the > Java console and all manners of supporting it were completely removed > from the system. > > Brian > rgds csp -- Chen Shaopeng http://www.idsignet.com From akb1975 at yahoo.com Wed Nov 2 09:16:01 2005 From: akb1975 at yahoo.com (ALI KATOUZIAN) Date: Wed, 2 Nov 2005 01:16:01 -0800 (PST) Subject: [Fedora-directory-devel] (no subject) Message-ID: <20051102091601.93295.qmail@web50208.mail.yahoo.com> Ali Katouzian MSc, BEng, Dipl.-Ing. __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From abartlet at samba.org Fri Nov 4 13:10:00 2005 From: abartlet at samba.org (Andrew Bartlett) Date: Sat, 05 Nov 2005 00:10:00 +1100 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 Message-ID: <1131109800.23311.45.camel@localhost.localdomain> As a member of the Samba development team working on Samba4, I'm interested to try and gain some more integration with directory vendors, as we work out how our projects might work together. I see Samba4 as a powerful addition to any directory or identity management solution, able to provide an AD Domain Controller-like front-end to Native windows clients. In particular, this is about deploying non-Microsoft directories on windows networks, without falling back to the 'MIT compatibility mode' or inter-realm trusts to handle the 'single sign on' and 'identity management part of it. Samba4 is at this time able to act as an AD domain controller, including providing LDAP, Kerberos (including the PAC) and RPC logon services. We are accepted as AD by Win2k, WinXP and Win2k3 clients. (I am working on Mac/Samba/similar clients). While Samba4 includes it's own LDAP server, we have made extensive provision to back our data onto something like Fedora Directory, but I want to work with fellow interested developers on the details: What would be reasonable for each end of the connection to do, particularly as we try and map behaviours/schemas/expectations. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From speedy_zinc at yahoo.com Fri Nov 4 16:57:00 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Fri, 4 Nov 2005 08:57:00 -0800 (PST) Subject: [Fedora-directory-devel] where can I get the entire server source package? Message-ID: <20051104165700.30015.qmail@web36307.mail.mud.yahoo.com> Where can I get the entire source package for the DS server, instead of using the dsbuild? That dsbuild thing builds and downloads the source package along the way, when it's needed. But man, we have good bandwidth at school, but lousy computer. I have nicer computer at home, but a crawling internet connection (too far from CO). I want to download the package at school, and build it at home. :( sz __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From peter.djalaliev at gmail.com Sat Nov 5 21:55:47 2005 From: peter.djalaliev at gmail.com (Peter Djalaliev) Date: Sat, 5 Nov 2005 16:55:47 -0500 Subject: [Fedora-directory-devel] running apache with mod_nss Message-ID: <3032cfcd0511051355x1af1963cm6c151e2cecbddc1b@mail.gmail.com> Hello, I believe this is the mailing list I should sent this question to. I got the address of the mailing list from the mod_nss wiki page. Please, correct me if I am wrong. I am trying to run the Apache 2.0.54 with the mod_nss package instead of mod_ssl. I followed the instructions I found on http://directory.fedora.redhat.com/docs/mod_nss.html and when I ran 'apachectl start' I got the following error: "Syntax error on line 232 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/libmodnss.so into server: /usr/lib/libssl3.so: version 'NSS_3.7.4' not found (required by /usr/local/apache2/modules/lbmodnss.so)" Where can I get libssl3.so version 'NSS_3.7.4'? Does such a shared object exist? I am using the Red Hat 8 distribution with kernel 2.4.18 Sincerely, Peter Djalaliev -------------- next part -------------- An HTML attachment was scrubbed... URL: From mj at sci.fi Sat Nov 5 22:17:46 2005 From: mj at sci.fi (Mike Jackson) Date: Sun, 06 Nov 2005 00:17:46 +0200 Subject: [Fedora-directory-devel] running apache with mod_nss In-Reply-To: <3032cfcd0511051355x1af1963cm6c151e2cecbddc1b@mail.gmail.com> References: <3032cfcd0511051355x1af1963cm6c151e2cecbddc1b@mail.gmail.com> Message-ID: <436D2F8A.4020305@sci.fi> Peter Djalaliev wrote: > Hello, > > I believe this is the mailing list I should sent this question to. I > got the address of the mailing list from the mod_nss wiki page. > Please, correct me if I am wrong. > > I am trying to run the Apache 2.0.54 with the mod_nss package instead of > mod_ssl. I followed the instructions I found on > http://directory.fedora.redhat.com/docs/mod_nss.html and when I ran > > 'apachectl start' > > I got the following error: > > "Syntax error on line 232 of /usr/local/apache2/conf/httpd.conf: > Cannot load /usr/local/apache2/modules/libmodnss.so into server: > /usr/lib/libssl3.so: version 'NSS_3.7.4' not found (required by > /usr/local/apache2/modules/lbmodnss.so)" > > Where can I get libssl3.so version 'NSS_3.7.4'? Does such a shared > object exist? Hi, You can find NSS releases here: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/ But it seems that the 3.7.4 version is win32 binaries only. You could probably just try the newest one and if that doesn't work, then try 3.7.8. -- mike From mj at sci.fi Mon Nov 7 13:12:19 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 07 Nov 2005 15:12:19 +0200 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <1131109800.23311.45.camel@localhost.localdomain> References: <1131109800.23311.45.camel@localhost.localdomain> Message-ID: <436F52B3.7020803@sci.fi> Andrew Bartlett wrote: > While Samba4 includes it's own LDAP server, we have made extensive > provision to back our data onto something like Fedora Directory, but I > want to work with fellow interested developers on the details: What > would be reasonable for each end of the connection to do, particularly > as we try and map behaviours/schemas/expectations. Hi Andrew! What on earth made you all decide to write your own LDAP server when there are others available for free, which are already well tested and feature filled, as well as having plugin architectures (both FDS and OpenLDAP)? Just curious. FDS has support for several types of plugins (pre-bind, post-bind, post-op, etc), and nearly all of the server's functionality is implemented with them. I am guessing that if Samba4 has special needs wrt behaviour from the LDAP server, then it's time to design and implement a "Samba 4 Plugin" for FDS (same things can be done for OpenLDAP, they are just called "overlays"). Plugin Programmers Guide: http://www.redhat.com/docs/manuals/dir-server/plugin/7.1/pluginTOC.html I wrote an OpenLDAP -> FDS schema conversion tool and published it on the FDS wiki. http://www.directory.fedora.redhat.com/download/ol-schema-migrate.pl Feel free to include it in the examples/LDAP directory of Samba if you like. BR, Mike From peter.djalaliev at gmail.com Mon Nov 7 23:09:36 2005 From: peter.djalaliev at gmail.com (Peter Djalaliev) Date: Mon, 7 Nov 2005 18:09:36 -0500 Subject: [Fedora-directory-devel] running apache with mod_nss Message-ID: <3032cfcd0511071509w36dad89aub76ab8fa3825e7c4@mail.gmail.com> Mike, thanks for the reaply. I downloaded the binaries of NSS 3.7.8 and put the shared libraries in /usr/lib, the directory where Apache was looking for libssl3.so. Now, when Apache attempts to load mod_nss, I get the following error: Cannot load /usr/local/apache2/modules/libmodnss.so into server: libsoftokn3.so: undefined symbol: stat. Can anybody help? -------------- next part -------------- An HTML attachment was scrubbed... URL: From discovery64 at gmail.com Tue Nov 8 00:54:35 2005 From: discovery64 at gmail.com (discover) Date: Mon, 07 Nov 2005 19:54:35 -0500 Subject: [Fedora-directory-devel] db2ldif -C Message-ID: <436FF74B.9090405@gmail.com> Team I see db2ldif.pl has an option (-C) . The docs say , it is for using only the main db [id2entry.db3] . I wonder what other db files are used when db2ldif .pl is used without -C option. Isn't that using -C [just using id2entry.db3] would take much lesser time assuming "other files" are not used!!? Thanks From abartlet at samba.org Tue Nov 8 01:24:37 2005 From: abartlet at samba.org (Andrew Bartlett) Date: Tue, 08 Nov 2005 12:24:37 +1100 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <436F52B3.7020803@sci.fi> References: <1131109800.23311.45.camel@localhost.localdomain> <436F52B3.7020803@sci.fi> Message-ID: <1131413077.23311.207.camel@localhost.localdomain> On Mon, 2005-11-07 at 15:12 +0200, Mike Jackson wrote: > Andrew Bartlett wrote: > > > While Samba4 includes it's own LDAP server, we have made extensive > > provision to back our data onto something like Fedora Directory, but I > > want to work with fellow interested developers on the details: What > > would be reasonable for each end of the connection to do, particularly > > as we try and map behaviours/schemas/expectations. > > Hi Andrew! > > What on earth made you all decide to write your own LDAP server when > there are others available for free, which are already well tested and > feature filled, as well as having plugin architectures (both FDS and > OpenLDAP)? Just curious. Samba has a long history of use of OpenLDAP as the standard backend behind Samba3 (of course any LDAP server would work, but OpenLDAP is what we documented, because it is free and included in most distributions). It caused us, and in particular our administrators a lot of pain, because of the separate configuration required. In building Samba4 we looked at OpenLDAP (Fedora Directory was not Free Software at the time we started Samba4), and determined that while clearly possible, it would be very difficult to integrate into a single cohesive whole. (We know it is possible, because PADL's XAD is Samba3 +OpenLDAP+Proprietary bits, and it manages much of what Samba4's goals are) We have some simple requirements on samba4: - Portable: Must, with a minimum of external libraries, build on a wide variety of unix and even non-unix platforms - Simple: Setup must be possible from the built-in web-based administration, as well as a single, simple config file. - Fast: Samba has always benefited from the speed of it's shared-memory databases. - Integrated: We needed consistent behaviour across the whole Samba4 suite of services. This included authentication in particular. As such, we are not dependent on the administrator correctly configuring a backend directory on their platform correctly before we can even start, and we can self-configure those services. More than all that however, we expected that we would have changes that we required that went beyond established plugin architectures, and as such could not afford to ship and maintain our own branch of OpenLDAP or indeed FDS. Tridge then wrote ldb, and things ran from there... > FDS has support for several types of plugins (pre-bind, post-bind, > post-op, etc), and nearly all of the server's functionality is > implemented with them. I am guessing that if Samba4 has special needs > wrt behaviour from the LDAP server, then it's time to design and > implement a "Samba 4 Plugin" for FDS (same things can be done for > OpenLDAP, they are just called "overlays"). So, the way I would like to have things work is to have Samba4 handle the details about authenticating users, perhaps much of the cn=configuration subtree, and suchlike. The backend LDAP server (such as FDS) might then handle the actual user and server entries, possibly not even in the same structure as Samba4 presents to windows clients. Somewhere in there we would probably need schema translation (I presume an administrator choosing to run Samba4 against a backend LDAP would not want to be using the AD schema), as well the implementation of operational attributes etc. (There are quite a few of these, which we are just starting on now). Another little detail that gets quite messy is NT ACLs on entries. We could evaluate these either in Samba4 (and act on the backend as a privileged user) or we might need to put that into another plugin. > Plugin Programmers Guide: > > http://www.redhat.com/docs/manuals/dir-server/plugin/7.1/pluginTOC.html > > > I wrote an OpenLDAP -> FDS schema conversion tool and published it on > the FDS wiki. > > http://www.directory.fedora.redhat.com/download/ol-schema-migrate.pl > > Feel free to include it in the examples/LDAP directory of Samba if you > like. I'll take a look. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Tue Nov 8 04:12:24 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 21:12:24 -0700 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <1131109800.23311.45.camel@localhost.localdomain> References: <1131109800.23311.45.camel@localhost.localdomain> Message-ID: <437025A8.9050202@redhat.com> Hello. Sorry I haven't replied earlier - we have a major release coming up. I think we chatted several months ago. FDS is also committed to working with Windows. We have our Windows Sync utility which uses DirSync to get the changes from Windows, and we use a replication changelog to push the changes from FDS to Windows using plain old ldap. For passwords, we have a password sync "plug-in" on windows that intercepts the plain text passwords and sends them to FDS. While the Windows Sync feature works ok, it's not perfect: 1) Relies on DirSync which up until recently was not a published spec (if you know where I can get the spec, I would be grateful) 2) Doesn't sync everything - some groups on AD are "virtual" e.g. the DomainUsers group - groups defined within the replicated suffix can have members outside of that sufffix - no support for schema changes (although we could just read the schema over LDAP as well, but that's a lot more work) 3) Is hard to set up - people seem to have a devil of a time figuring out things that the AD interface "hides" from you, like the DN of the domain administrator and things like that 4) No support for password policy and group policy - this will be hard to do You guys seem to have solved 1 and 2. 3 I'll withhold judgement on :-) So I think we still need to exchange data between Samba4 and FDS. We were trying to figure out how to solve 4 - we need to figure out a way to have a common consistent password policy across PAM, LDAP, Kerberos, and Windows. For Windows, we were going to try to figure out how to add that information to the sync protocol. For Kerberos, I don't know if you can get that information via gssapi, so we were going to try to use Heimdal and replace the backend (I think new versions of MIT Kerberos allow you to more easily plug-in another database backend). So I guess there are a few ways for Samba4 and FDS to work together: 1) Use WinSync between Samba4 and FDS 2) Use some other protocol (FDS multi master repl? LCUP? LDAPSync? others?) 3) Configure Samba4 to use FDS as it's database Other ways? I'm certainly open to suggestions. Andrew Bartlett wrote: >As a member of the Samba development team working on Samba4, I'm >interested to try and gain some more integration with directory vendors, >as we work out how our projects might work together. > >I see Samba4 as a powerful addition to any directory or identity >management solution, able to provide an AD Domain Controller-like >front-end to Native windows clients. In particular, this is about >deploying non-Microsoft directories on windows networks, without falling >back to the 'MIT compatibility mode' or inter-realm trusts to handle the >'single sign on' and 'identity management part of it. > >Samba4 is at this time able to act as an AD domain controller, including >providing LDAP, Kerberos (including the PAC) and RPC logon services. We >are accepted as AD by Win2k, WinXP and Win2k3 clients. (I am working on >Mac/Samba/similar clients). > >While Samba4 includes it's own LDAP server, we have made extensive >provision to back our data onto something like Fedora Directory, but I >want to work with fellow interested developers on the details: What >would be reasonable for each end of the connection to do, particularly >as we try and map behaviours/schemas/expectations. > >Andrew Bartlett > > > >------------------------------------------------------------------------ > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Tue Nov 8 10:34:36 2005 From: abartlet at samba.org (Andrew Bartlett) Date: Tue, 08 Nov 2005 21:34:36 +1100 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <437025A8.9050202@redhat.com> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> Message-ID: <1131446077.23311.249.camel@localhost.localdomain> On Mon, 2005-11-07 at 21:12 -0700, Richard Megginson wrote: > Hello. Sorry I haven't replied earlier - we have a major release coming > up. I think we chatted several months ago. > > FDS is also committed to working with Windows. We have our Windows Sync > utility which uses DirSync to get the changes from Windows, and we use a > replication changelog to push the changes from FDS to Windows using > plain old ldap. For passwords, we have a password sync "plug-in" on > windows that intercepts the plain text passwords and sends them to FDS. > While the Windows Sync feature works ok, it's not perfect: > 1) Relies on DirSync which up until recently was not a published spec > (if you know where I can get the spec, I would be grateful) > 2) Doesn't sync everything - some groups on AD are "virtual" e.g. the > DomainUsers group - groups defined within the replicated suffix can have > members outside of that sufffix - no support for schema changes > (although we could just read the schema over LDAP as well, but that's a > lot more work) We are making good progress on DRSUAPI synchronisation, but the best sync AD -> Samba4 at the moment is the old netlogon, where we get the NT password hashes. > 3) Is hard to set up - people seem to have a devil of a time figuring > out things that the AD interface "hides" from you, like the DN of the > domain administrator and things like that That really shouldn't be anything more than an ldapsearch or a DsCracknames call on an autoconfiguration tool. (Samba4 has a DsCrackNames client, which makes things easier :-) > 4) No support for password policy and group policy - this will be hard to do We don't have these either yet, but neither looks too hard... > You guys seem to have solved 1 and 2. 3 I'll withhold judgement on :-) > > So I think we still need to exchange data between Samba4 and FDS. We > were trying to figure out how to solve 4 - we need to figure out a way > to have a common consistent password policy across PAM, LDAP, Kerberos, > and Windows. For Windows, we were going to try to figure out how to add > that information to the sync protocol. For Kerberos, I don't know if > you can get that information via gssapi, so we were going to try to use > Heimdal and replace the backend (I think new versions of MIT Kerberos > allow you to more easily plug-in another database backend). Heimdal does have a good LDAP backend, and it is the hdb layer that I have extended to build us the Samba4 KDC. (This is shipped 'in' Samba4, and is linked into the main binary, reads the main database by default etc). > So I guess there are a few ways for Samba4 and FDS to work together: > 1) Use WinSync between Samba4 and FDS If it is a windows interface, then we should eventually support it, but it's not the way I want to crack this particular nut. > 2) Use some other protocol (FDS multi master repl? LCUP? LDAPSync? > others?) Messy, but possible. > 3) Configure Samba4 to use FDS as it's database This is where I want to go. I hate 'sync' systems with a passion, so I want Samba4 to use FDS as much as possible. We can then provide KDC and Windows Domain services on top of your database. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Wed Nov 9 02:33:58 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 Nov 2005 19:33:58 -0700 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <1131446077.23311.249.camel@localhost.localdomain> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> <1131446077.23311.249.camel@localhost.localdomain> Message-ID: <43716016.6060600@redhat.com> Andrew Bartlett wrote: >>3) Configure Samba4 to use FDS as it's database >> >> > >This is where I want to go. I hate 'sync' systems with a passion, so I >want Samba4 to use FDS as much as possible. We can then provide KDC and >Windows Domain services on top of your database. > > That would be our choice as well. So how would this work? Samba would not use its built-in database, but would use FDS? And use LDAP as the interface? I think you mentioned something about ldb - is that an "ldap backend"? One thing to keep in mind is that we do not yet have support for ldapi, but I don't think it would be hard to add. >Andrew Bartlett > > > >------------------------------------------------------------------------ > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Wed Nov 9 03:46:13 2005 From: abartlet at samba.org (Andrew Bartlett) Date: Wed, 09 Nov 2005 14:46:13 +1100 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <43716016.6060600@redhat.com> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> <1131446077.23311.249.camel@localhost.localdomain> <43716016.6060600@redhat.com> Message-ID: <1131507973.23311.282.camel@localhost.localdomain> On Tue, 2005-11-08 at 19:33 -0700, Richard Megginson wrote: > Andrew Bartlett wrote: > > >>3) Configure Samba4 to use FDS as it's database > >> > >> > > > >This is where I want to go. I hate 'sync' systems with a passion, so I > >want Samba4 to use FDS as much as possible. We can then provide KDC and > >Windows Domain services on top of your database. > > > > > That would be our choice as well. So how would this work? Samba would > not use its built-in database, but would use FDS? And use LDAP as the > interface? Yes. Indeed at a very conceptual level it would be much as Samba3 can use FDS now. > I think you mentioned something about ldb - is that an "ldap > backend"? ldb is two things: It is a tdb-based flat-file database with ldap properties, and it is a LDAP client implementation behind the same interface. As such, we can in theory direct any database to be backed either by LDAP (with some very large assumptions about the layout of the ldap server, and it's behaviour) or the flat file. The work to be done here is to define those assumptions, and determine which side of the LDAP socket should modify the queries to make the other side's job easier. > One thing to keep in mind is that we do not yet have support > for ldapi, but I don't think it would be hard to add. Actually, neither does Samba4 (we switched from openldap client libs to our own, so lost that as well). It would be very worthwhile adding to both. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From neil.lane at intelliform.co.za Wed Nov 9 09:48:42 2005 From: neil.lane at intelliform.co.za (Neil Lane) Date: Wed, 9 Nov 2005 11:48:42 +0200 Subject: [Fedora-directory-devel] Console Message-ID: <000001c5e512$ca61b460$3060fea9@NeilLaptop> Good day I am experiencing a "problem" with the Directory Server Console! In the docs it says that I need to run the startconsole command once I have started the admin service. I get the following: [root at appserver /]# /opt/fedora-ds/startconsole sh: -c: line 0: syntax error near unexpected token `(' sh: -c: line 0: `/opt/fedora-ds/bin/base/jre/bin/java -ms8m -mx64m -cp .:./mcc70.jar:./ldapjdk.jar:./base.jar:./nmclf70_en.jar:./nmclf70.jar:./jss3 .jar:./mcc70_en.jar -Djava.library.path=/opt/fedora-ds/lib/jss -Djava.util.prefs.systemRoot=/opt/fedora-ds/java/.java -Djava.util.prefs.userRoot=/opt/fedora-ds/java com.netscape.management.client.console.Console -A http://appserver.(none):43968 ' If I however replace the -A with http://localhost:43968 , I get: [root at appserver /]# /opt/fedora-ds/bin/base/jre/bin/java -ms8m -mx64m -cp .:./mcc70.jar:./ldapjdk.jar:./base.jar:./nmclf70_en.jar:./nmclf70.jar:./jss3 .jar:./mcc70_en.jar -Djava.library.path=/opt/fedora-ds/lib/jss -Djava.util.prefs.systemRoot=/opt/fedora-ds/java/.java -Djava.util.prefs.userRoot=/opt/fedora-ds/java com.netscape.management.client.console.Console -A http://localhost:43968 The java class is not found: com/netscape/management/client/console/Console If anyone has any ideas on how to fix this problem, I would appreciate it. Neil Lane -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Nov 9 15:00:31 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Nov 2005 08:00:31 -0700 Subject: [Fedora-directory-devel] Console In-Reply-To: <000001c5e512$ca61b460$3060fea9@NeilLaptop> References: <000001c5e512$ca61b460$3060fea9@NeilLaptop> Message-ID: <43720F0F.4030700@redhat.com> ./startconsole -a 'http://localhost:43968/' Neil Lane wrote: > Good day > > I am experiencing a ?problem? with the Directory Server Console! > > In the docs it says that I need to run the startconsole command once I > have started the admin service. > > I get the following: > > [root at appserver /]# /opt/fedora-ds/startconsole > > sh: -c: line 0: syntax error near unexpected token `(' > > sh: -c: line 0: `/opt/fedora-ds/bin/base/jre/bin/java -ms8m -mx64m -cp > .:./mcc70.jar:./ldapjdk.jar:./base.jar:./nmclf70_en.jar:./nmclf70.jar:./jss3.jar:./mcc70_en.jar > -Djava.library.path=/opt/fedora-ds/lib/jss > -Djava.util.prefs.systemRoot=/opt/fedora-ds/java/.java > -Djava.util.prefs.userRoot=/opt/fedora-ds/java > com.netscape.management.client.console.Console -A > http://appserver.(none):43968 ' > > If I however replace the ?A with http://localhost:43968 , I get: > > [root at appserver /]# /opt/fedora-ds/bin/base/jre/bin/java -ms8m -mx64m > -cp > .:./mcc70.jar:./ldapjdk.jar:./base.jar:./nmclf70_en.jar:./nmclf70.jar:./jss3.jar:./mcc70_en.jar > -Djava.library.path=/opt/fedora-ds/lib/jss > -Djava.util.prefs.systemRoot=/opt/fedora-ds/java/.java > -Djava.util.prefs.userRoot=/opt/fedora-ds/java > com.netscape.management.client.console.Console -A http://localhost:43968 > > *The java class is not found: > com/netscape/management/client/console/Console* > > * * > > If anyone has any ideas on how to fix this problem, I would appreciate it. > > Neil Lane > >------------------------------------------------------------------------ > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From ahasenack at terra.com.br Wed Nov 9 23:22:43 2005 From: ahasenack at terra.com.br (Andreas Hasenack) Date: Wed, 9 Nov 2005 21:22:43 -0200 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <1131446077.23311.249.camel@localhost.localdomain> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> <1131446077.23311.249.camel@localhost.localdomain> Message-ID: <200511092122.43909.ahasenack@terra.com.br> Em Ter?a 08 Novembro 2005 08:34, Andrew Bartlett escreveu: > > 3) Configure Samba4 to use FDS as it's database > > This is where I want to go. I hate 'sync' systems with a passion, so I You have lost me here. Why do you want FDS as your database and not, say, openldap? And what happened to the internal ldap server in samba4? From abartlet at samba.org Wed Nov 9 23:37:35 2005 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 10 Nov 2005 10:37:35 +1100 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <200511092122.43909.ahasenack@terra.com.br> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> <1131446077.23311.249.camel@localhost.localdomain> <200511092122.43909.ahasenack@terra.com.br> Message-ID: <1131579455.917.22.camel@localhost.localdomain> On Wed, 2005-11-09 at 21:22 -0200, Andreas Hasenack wrote: > Em Ter?a 08 Novembro 2005 08:34, Andrew Bartlett escreveu: > > > 3) Configure Samba4 to use FDS as it's database > > > > This is where I want to go. I hate 'sync' systems with a passion, so I > > You have lost me here. Why do you want FDS as your database and not, say, > openldap? And what happened to the internal ldap server in samba4? So, Samba4's LDAP server is what will need to be seen by windows clients, as they have very, very specific requirements, not met by any existing free solutions. However, Samba has the need for backend storage of it's data, and this can either be in a local flat file, or in *another* LDAP server. My hope is that this would allow Samba to be a front-end to a larger organisational directory, which is where I see FDS fitting in. (I've not discussed OpenLDAP in this context yet, but no doubt I will have similar discussions with interested people on that team at some point). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From chen_shaopeng at idsignet.com Thu Nov 10 00:22:01 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Thu, 10 Nov 2005 08:22:01 +0800 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <1131579455.917.22.camel@localhost.localdomain> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> <1131446077.23311.249.camel@localhost.localdomain> <200511092122.43909.ahasenack@terra.com.br> <1131579455.917.22.camel@localhost.localdomain> Message-ID: <437292A9.6010603@idsignet.com> Andrew Bartlett wrote: > On Wed, 2005-11-09 at 21:22 -0200, Andreas Hasenack wrote: > >>Em Ter?a 08 Novembro 2005 08:34, Andrew Bartlett escreveu: >> >>>>3) Configure Samba4 to use FDS as it's database >>> >>>This is where I want to go. I hate 'sync' systems with a passion, so I >> >>You have lost me here. Why do you want FDS as your database and not, say, >>openldap? And what happened to the internal ldap server in samba4? > > > So, Samba4's LDAP server is what will need to be seen by windows > clients, as they have very, very specific requirements, not met by any > existing free solutions. > > However, Samba has the need for backend storage of it's data, and this > can either be in a local flat file, or in *another* LDAP server. My > hope is that this would allow Samba to be a front-end to a larger > organisational directory, which is where I see FDS fitting in. > > (I've not discussed OpenLDAP in this context yet, but no doubt I will > have similar discussions with interested people on that team at some > point). > So, if I understand this well, for a fully integrated solution, you are going to have 2 LDAP servers, one is the internal built-in LDAP server for storing Windows client stuff, and a second LDAP server (FDS in this case), for everything. If that's the case, why can't you come up with a schema (that can be added into any standard LDAP server) that will satisfy all Windows client needs, and put everything into FDS? I'm lost too. rgds csp -- Chen Shaopeng http://www.idsignet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From pete at openrowley.com Thu Nov 10 01:07:16 2005 From: pete at openrowley.com (Pete Rowley) Date: Wed, 9 Nov 2005 17:07:16 -0800 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <437292A9.6010603@idsignet.com> Message-ID: <200511100106.jAA16ZC8017306@mx1.redhat.com> > -----Original Message----- > From: fedora-directory-devel-bounces at redhat.com > [mailto:fedora-directory-devel-bounces at redhat.com] On Behalf > Of Chen Shaopeng > Sent: Wednesday, November 09, 2005 4:22 PM > To: Fedora Directory server developer discussion. > Subject: Re: [Fedora-directory-devel] Fedora Directory and Samba4 > > So, if I understand this well, for a fully integrated > solution, you are going to have 2 LDAP servers, one is the > internal built-in LDAP server for storing Windows client > stuff, and a second LDAP server (FDS in this case), for everything. Actually I read that to mean they have a simple ldap db implementation which can also act as a proxy onto another ldap server _instead_ of storing things locally. Much like FDS can be made to proxy onto another ldap server. > > If that's the case, why can't you come up with a schema (that > can be added into any standard LDAP server) that will satisfy > all Windows client needs, and put everything into FDS? That would work perfectly if Active Directory acted like a perfect LDAP server. Unfortunately there are so many quirks and oddities* that I imagine the Samba team feel they need to support because AD clients will expect them to. I am not privvy to how closely the Samba team want to mimic AD, but even for some of the simpler things the question is: is it better to put it in the LDAP server where certain efficiencies can be obtained but limit your ability to server hop, or do you try to make any LDAP server look like AD from the proxy client side and pay the additional performance costs. Or perhaps there is middle ground. I suspect it is this that Andrew wishes to explore. *a simple example: most LDAP servers will index the objectclass attribute by default to enable fast searching, AD however does not index objectclass, and further supplies a proprietary attribute (objectcategory) that performs exactly the same function as objectclass (in its entry class distinguishing capacity**), but works slightly differently (i.e. has weird matching rules) and _is_ indexed by default. If you are targetting AD for your client application which would you choose to use? Which do you think MS clients use? Syntax and Matching rules plugins could be written for FDS, but they don't exist now and they represent a deployment obstacle. **the entry class distinguishing capacity of the objectclass attribute is further diminished in AD because according to it, computers are people too. From abartlet at samba.org Thu Nov 10 01:14:08 2005 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 10 Nov 2005 12:14:08 +1100 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <437292A9.6010603@idsignet.com> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> <1131446077.23311.249.camel@localhost.localdomain> <200511092122.43909.ahasenack@terra.com.br> <1131579455.917.22.camel@localhost.localdomain> <437292A9.6010603@idsignet.com> Message-ID: <1131585249.917.41.camel@localhost.localdomain> On Thu, 2005-11-10 at 08:22 +0800, Chen Shaopeng wrote: > Andrew Bartlett wrote: > > On Wed, 2005-11-09 at 21:22 -0200, Andreas Hasenack wrote: > > > >>Em Ter?a 08 Novembro 2005 08:34, Andrew Bartlett escreveu: > >> > >>>>3) Configure Samba4 to use FDS as it's database > >>> > >>>This is where I want to go. I hate 'sync' systems with a passion, so I > >> > >>You have lost me here. Why do you want FDS as your database and not, say, > >>openldap? And what happened to the internal ldap server in samba4? > > > > > > So, Samba4's LDAP server is what will need to be seen by windows > > clients, as they have very, very specific requirements, not met by any > > existing free solutions. > > > > However, Samba has the need for backend storage of it's data, and this > > can either be in a local flat file, or in *another* LDAP server. My > > hope is that this would allow Samba to be a front-end to a larger > > organisational directory, which is where I see FDS fitting in. > > > > (I've not discussed OpenLDAP in this context yet, but no doubt I will > > have similar discussions with interested people on that team at some > > point). > > > > So, if I understand this well, for a fully integrated solution, you are > going to have 2 LDAP servers, one is the internal built-in LDAP server > for storing Windows client stuff, and a second LDAP server (FDS in this > case), for everything. I'm not really talking about storage (but no doubt some data will be stored in samba-specific databases). A better expression would be 'filter for windows client stuff'. In an all-windows environment, only Samba would receive LDAP traffic, and pass it on to FDS in some form. In a mixed environment, both would listen (on different IPs naturally) and would give differently formatted answers to similar questions, to suit each respective client. > If that's the case, why can't you come up with a schema (that can be > added into any standard LDAP server) that will satisfy all Windows > client needs, and put everything into FDS? Sure, and we know it is possible to build such a schema, and all the plugins (XAD has done so on OpenLDAP). But I wonder what would be the point. Why not just run windows, or Samba4 without a backend? Or the current messy sync scripts with real AD? Unfortunately, I understand the schema windows uses is directly incompatible with IETF standards (they modified top) and the required plugins are fairly extensive. I expect that those who have chosen FDS (or indeed any other backend) would have done so because they like to control their directories. I want Samba4 to enable that. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Thu Nov 10 01:21:29 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Nov 2005 18:21:29 -0700 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <1131507973.23311.282.camel@localhost.localdomain> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> <1131446077.23311.249.camel@localhost.localdomain> <43716016.6060600@redhat.com> <1131507973.23311.282.camel@localhost.localdomain> Message-ID: <4372A099.5020008@redhat.com> Andrew Bartlett wrote: >On Tue, 2005-11-08 at 19:33 -0700, Richard Megginson wrote: > > >>Andrew Bartlett wrote: >> >> >> >>>>3) Configure Samba4 to use FDS as it's database >>>> >>>> >>>> >>>> >>>This is where I want to go. I hate 'sync' systems with a passion, so I >>>want Samba4 to use FDS as much as possible. We can then provide KDC and >>>Windows Domain services on top of your database. >>> >>> >>> >>> >>That would be our choice as well. So how would this work? Samba would >>not use its built-in database, but would use FDS? And use LDAP as the >>interface? >> >> > >Yes. Indeed at a very conceptual level it would be much as Samba3 can >use FDS now. > > > >>I think you mentioned something about ldb - is that an "ldap >>backend"? >> >> > >ldb is two things: It is a tdb-based flat-file database with ldap >properties, and it is a LDAP client implementation behind the same >interface. As such, we can in theory direct any database to be backed >either by LDAP (with some very large assumptions about the layout of the >ldap server, and it's behaviour) or the flat file. > >The work to be done here is to define those assumptions, and determine >which side of the LDAP socket should modify the queries to make the >other side's job easier. > > Based upon your and Pete's recent emails, it seems that the schema/DIT translation would have to be done on the Samba side. That is, it doesn't sound like an LDAPv3 compliant server would be able to handle the "raw" LDAP from a Windows client. Perhaps as an ldb "plug-in"? That is, Samba would have to map the outgoing (to FDS or other ldap server) attributes/objectclasses to the more standard LDAP IETF ones. Is this something you guys already have, or does ldb already do this? Is this some code you would like some assistance with? > > >>One thing to keep in mind is that we do not yet have support >>for ldapi, but I don't think it would be hard to add. >> >> > >Actually, neither does Samba4 (we switched from openldap client libs to >our own, so lost that as well). It would be very worthwhile adding to >both. > >Andrew Bartlett > > > >------------------------------------------------------------------------ > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From chen_shaopeng at idsignet.com Thu Nov 10 01:37:46 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Thu, 10 Nov 2005 09:37:46 +0800 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <200511100106.jAA16ZC8017306@mx1.redhat.com> References: <200511100106.jAA16ZC8017306@mx1.redhat.com> Message-ID: <4372A46A.7000102@idsignet.com> Pete Rowley wrote: > > > Actually I read that to mean they have a simple ldap db implementation which > can also act as a proxy onto another ldap server _instead_ of storing things > locally. Much like FDS can be made to proxy onto another ldap server. > Ok, my bad. > >>If that's the case, why can't you come up with a schema (that >>can be added into any standard LDAP server) that will satisfy >>all Windows client needs, and put everything into FDS? > > > That would work perfectly if Active Directory acted like a perfect LDAP > server. Unfortunately there are so many quirks and oddities* that I imagine > the Samba team feel they need to support because AD clients will expect them > to. I am not privvy to how closely the Samba team want to mimic AD, but > even for some of the simpler things the question is: is it better to put it > in the LDAP server where certain efficiencies can be obtained but limit your > ability to server hop, or do you try to make any LDAP server look like AD > from the proxy client side and pay the additional performance costs. Or > perhaps there is middle ground. I suspect it is this that Andrew wishes to > explore. > > *a simple example: most LDAP servers will index the objectclass attribute by > default to enable fast searching, AD however does not index objectclass, and > further supplies a proprietary attribute (objectcategory) that performs > exactly the same function as objectclass (in its entry class distinguishing > capacity**), but works slightly differently (i.e. has weird matching rules) > and _is_ indexed by default. If you are targetting AD for your client > application which would you choose to use? Which do you think MS clients > use? Syntax and Matching rules plugins could be written for FDS, but they > don't exist now and they represent a deployment obstacle. > > **the entry class distinguishing capacity of the objectclass attribute is > further diminished in AD because according to it, computers are people too. > Ok, not too familiar with the internals of AD, so I may speak thru my behind here. Since we already have a posixAccount, an ntUser, etc, isn't it possible to add something similar, with all the quirks and oddities for an AD user account, and with all the weird matching rules? And maybe with the help of a few plugins? Or is the Windows client requirements so convoluted that it is near darn impossible to achieve with the current FDS or OpenLDAP? I just downloaded Andrew's thesis yesterday, didn't have time to read yet (will do over the weekend). I'd really love to see Samba4 act as an AD, and be transparent to all clients. *note to self: need to learn more about this issue* rgds csp -- Chen Shaopeng http://www.idsignet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From abartlet at samba.org Thu Nov 10 01:59:30 2005 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 10 Nov 2005 12:59:30 +1100 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <4372A099.5020008@redhat.com> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> <1131446077.23311.249.camel@localhost.localdomain> <43716016.6060600@redhat.com> <1131507973.23311.282.camel@localhost.localdomain> <4372A099.5020008@redhat.com> Message-ID: <1131587970.917.65.camel@localhost.localdomain> On Wed, 2005-11-09 at 18:21 -0700, Richard Megginson wrote: > Andrew Bartlett wrote: > > >On Tue, 2005-11-08 at 19:33 -0700, Richard Megginson wrote: > > > > > >>I think you mentioned something about ldb - is that an "ldap > >>backend"? > >> > >> > > > >ldb is two things: It is a tdb-based flat-file database with ldap > >properties, and it is a LDAP client implementation behind the same > >interface. As such, we can in theory direct any database to be backed > >either by LDAP (with some very large assumptions about the layout of the > >ldap server, and it's behaviour) or the flat file. > > > >The work to be done here is to define those assumptions, and determine > >which side of the LDAP socket should modify the queries to make the > >other side's job easier. > > > > > Based upon your and Pete's recent emails, it seems that the schema/DIT > translation would have to be done on the Samba side. Most of it, certainly. I expect that the eventual solution will be a bit of both, because some things will need to be in the data store, and other things will just be too expensive to handle on Samba's side. But basically, that is correct. The main issue is in transactions for the write operations: Do you have transactions? A number of the operations we do imply changes across multiple records, so if Samba was to handle it, it would need to have a transaction. If FDS was to handle it, we would need to write a module there. > That is, it > doesn't sound like an LDAPv3 compliant server would be able to handle > the "raw" LDAP from a Windows client. Perhaps as an ldb "plug-in"? > That is, Samba would have to map the outgoing (to FDS or other ldap > server) attributes/objectclasses to the more standard LDAP IETF ones. Exactly. > Is this something you guys already have, or does ldb already do this? > Is this some code you would like some assistance with? ldb has a good modules layer, for doing exactly this. We of course need help in the implementation of modules, and in everything else (we are a very small team on Samba4, and could certainly do with assistance from those with more of an LDAP background). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From david_list at boreham.org Thu Nov 10 02:02:53 2005 From: david_list at boreham.org (David Boreham) Date: Wed, 09 Nov 2005 19:02:53 -0700 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <1131587970.917.65.camel@localhost.localdomain> References: <1131109800.23311.45.camel@localhost.localdomain> <437025A8.9050202@redhat.com> <1131446077.23311.249.camel@localhost.localdomain> <43716016.6060600@redhat.com> <1131507973.23311.282.camel@localhost.localdomain> <4372A099.5020008@redhat.com> <1131587970.917.65.camel@localhost.localdomain> Message-ID: <4372AA4D.5010806@boreham.org> >The main issue is in transactions for the write operations: Do you have >transactions? > Yes, inside the server. They are not exposed over-the-wire at present. From pete at openrowley.com Thu Nov 10 02:08:24 2005 From: pete at openrowley.com (Pete Rowley) Date: Wed, 9 Nov 2005 18:08:24 -0800 Subject: [Fedora-directory-devel] Fedora Directory and Samba4 In-Reply-To: <4372A46A.7000102@idsignet.com> Message-ID: <200511100207.jAA27kpQ031558@mx1.redhat.com> > -----Original Message----- > From: fedora-directory-devel-bounces at redhat.com > [mailto:fedora-directory-devel-bounces at redhat.com] On Behalf > Of Chen Shaopeng > Sent: Wednesday, November 09, 2005 5:38 PM > To: Fedora Directory server developer discussion. > Subject: Re: [Fedora-directory-devel] Fedora Directory and Samba4 > > Since we already have a posixAccount, an ntUser, etc, isn't > it possible to add something similar, with all the quirks and > oddities for an AD user account, and with all the weird > matching rules? And maybe with the help of a few plugins? Or > is the Windows client requirements so convoluted that it is > near darn impossible to achieve with the current FDS or OpenLDAP? I wouldn't say it were impossible, and FDS is remarkably suited as a starting point given it's plugin architecture and virtual attribute capability, but it is certainly not trivial. I suspect also that it is undesireable to spend too much time making one ldap server look like AD, when samba could make all ldap servers look like ad, and use additional ldap server support for the task where it is available i.e. concentrate on the things that kill performance as a result of being a proxy. > > I just downloaded Andrew's thesis yesterday, didn't have time > to read yet (will do over the weekend). > > I'd really love to see Samba4 act as an AD, and be > transparent to all clients. > > *note to self: need to learn more about this issue* > > rgds > > csp > -- > Chen Shaopeng > http://www.idsignet.com > From neil.lane at intelliform.co.za Thu Nov 10 10:10:17 2005 From: neil.lane at intelliform.co.za (Neil Lane) Date: Thu, 10 Nov 2005 12:10:17 +0200 Subject: [Fedora-directory-devel] Role entries Message-ID: <002f01c5e5de$f43dd300$3060fea9@NeilLaptop> Hi I have created a new DS for evaluation, and completed the following: I have a domain I have added an organization I have added multiple organizational units for the organisation I have added multiple users that belong to one or more of the ou's I now want to add a filtered role that will add the role to the users if they are associated to one (1) of the ou's I have tried to add the role from the fedora console, by exporting the DB to ldif, modifying it and importing the ldif. I have phpLdapAdmin, and LDAPBrowser as well as the console, and none of the tools seem to be able to display the roles for a user if I do a search. Is there a command I can run to display all the attributes associated to a user (ei ldapsearch) Please can someone steer me in the right direction. Neil Lane -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Nov 10 14:18:24 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 10 Nov 2005 07:18:24 -0700 Subject: [Fedora-directory-devel] Role entries In-Reply-To: <002f01c5e5de$f43dd300$3060fea9@NeilLaptop> References: <002f01c5e5de$f43dd300$3060fea9@NeilLaptop> Message-ID: <437356B0.2010904@redhat.com> The nsRole attribute is operational, so you have to explicitly ask for it in the list of attributes to return from the server. To do this with the command line ldapsearch, you just specify the attributes by name on the end of the command line, after the filter. I don't know how to do this in PHP. Neil Lane wrote: > Hi > > I have created a new DS for evaluation, and completed the following: > > I have a domain > > I have added an organization > > I have added multiple organizational units for the organisation > > I have added multiple users that belong to one or more of the ou?s > > I now want to add a filtered role that will add the role to the users > if they are associated to one (1) of the ou?s > > I have tried to add the role from the fedora console, by exporting the > DB to ldif, modifying it and importing the ldif. > > I have phpLdapAdmin, and LDAPBrowser as well as the console, and none > of the tools seem to be able to display the roles > > for a user if I do a search. > > Is there a command I can run to display all the attributes associated > to a user (ei ldapsearch) > > Please can someone steer me in the right direction. > > Neil Lane > >------------------------------------------------------------------------ > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From neil.lane at intelliform.co.za Fri Nov 11 09:50:26 2005 From: neil.lane at intelliform.co.za (Neil Lane) Date: Fri, 11 Nov 2005 11:50:26 +0200 Subject: [Fedora-directory-devel] FDS Console Message-ID: <000501c5e6a5$58f57200$3060fea9@NeilLaptop> Hi I am going through all the documentation on roles and groups, and it says that I should click on the Directory tab to be able to manage Roles. The problem is that I only have the following tabs in the console: Servers and Applications Users and Groups Please can someone let me know how I can have access to these other tabs in the console? Thanks Neil Lane -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Nov 11 13:36:15 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 11 Nov 2005 06:36:15 -0700 Subject: [Fedora-directory-devel] FDS Console In-Reply-To: <000501c5e6a5$58f57200$3060fea9@NeilLaptop> References: <000501c5e6a5$58f57200$3060fea9@NeilLaptop> Message-ID: <43749E4F.90302@redhat.com> In the left hand pane of the main console window under the Servers and Applications tab, expand the tree until you find the entry for your directory (slapd-xxxx). Double click it or select it and click on the Open button in the upper right hand corner. This opens a new window for your directory server. Then you should have access to the other mentioned tabs. Neil Lane wrote: > Hi > > > > I am going through all the documentation on roles and groups, and it > says that I should click on the Directory tab to be able to manage Roles. > > > > The problem is that I only have the following tabs in the console: > > > > Servers and Applications > > Users and Groups > > > > Please can someone let me know how I can have access to these other > tabs in the console? > > > > Thanks > > > > Neil Lane > >------------------------------------------------------------------------ > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From langel at redhat.com Mon Nov 14 21:33:24 2005 From: langel at redhat.com (Lillian Angel) Date: Mon, 14 Nov 2005 16:33:24 -0500 Subject: [Fedora-directory-devel] Fedora Directory Server Message-ID: <1132004005.3420.31.camel@tow.toronto.redhat.com> Hello! I have just finished fixing all the bugs I found in Classpath to get the directory server running really well. There are still some things that are being worked on, such as some text, combo box and layout bugs. Attached is the patch needed to run the server against Classpath. After applying the patch and re-building, the jars that were built need to be replaced with the console jars. The console jar files are in the directory /opt/fedora-ds/java and /opt/fedora-ds/java/jars. Enjoy! Lillian -------------- next part -------------- A non-text attachment was scrubbed... Name: NPatch.diff Type: text/x-patch Size: 7533 bytes Desc: not available URL: From msmedeus at csc.com Fri Nov 18 14:38:54 2005 From: msmedeus at csc.com (Michael Smedeus) Date: Fri, 18 Nov 2005 15:38:54 +0100 Subject: [Fedora-directory-devel] Download links broken for FDS 1.0 Fedora Message-ID: Hi, I'm for two days now trying to download FDS 1.0.* binaries for Fedora/RHEL without success. All links are broken. Am i missing something or has the binaries been withdrawn? If so for what reason? Regards M Smed?us ---------------------------------------------------------------------------------------- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ---------------------------------------------------------------------------------------- From rmeggins at redhat.com Fri Nov 18 14:43:45 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 18 Nov 2005 07:43:45 -0700 Subject: [Fedora-directory-devel] Download links broken for FDS 1.0 Fedora In-Reply-To: References: Message-ID: <437DE8A1.8080308@redhat.com> Sorry about that, mea culpa. If you go here - http://directory.fedora.redhat.com/wiki/Download - and scroll down to the bottom of the page, under Legacy releases, you can download the current version. We're working on the links and hope to have them fixed very shortly. Michael Smedeus wrote: > > >Hi, > >I'm for two days now trying to download FDS 1.0.* binaries for Fedora/RHEL >without success. All links are broken. Am i missing something or has the >binaries been withdrawn? If so for what reason? > > > >Regards >M Smed?us > > > >---------------------------------------------------------------------------------------- > >This is a PRIVATE message. If you are not the intended recipient, please >delete without copying and kindly advise us by e-mail of the mistake in >delivery. NOTE: Regardless of content, this e-mail shall not operate to >bind CSC to any order or other contract unless pursuant to explicit written >agreement or government initiative expressly permitting the use of e-mail >for such purpose. >---------------------------------------------------------------------------------------- > > > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Fri Nov 18 14:43:58 2005 From: david_list at boreham.org (David Boreham) Date: Fri, 18 Nov 2005 07:43:58 -0700 Subject: [Fedora-directory-devel] Download links broken for FDS 1.0 Fedora In-Reply-To: References: Message-ID: <437DE8AE.9000902@boreham.org> Michael Smedeus wrote: >I'm for two days now trying to download FDS 1.0.* binaries for Fedora/RHEL >without success. All links are broken. Am i missing something or has the >binaries been withdrawn? If so for what reason? > > FDS isn't quite released yet. The wiki page has the links but the files haven't been pushed to the ftp server. You can still download the previous release under 'legacy releases' lower down on the page. From msmedeus at csc.com Mon Nov 21 07:23:45 2005 From: msmedeus at csc.com (Michael Smedeus) Date: Mon, 21 Nov 2005 08:23:45 +0100 Subject: [Fedora-directory-devel] Download links broken for FDS 1.0 Fedora In-Reply-To: <437DE8AE.9000902@boreham.org> Message-ID: |---------+------------------------------> | | David Boreham | | | | | | Sent by: | | | fedora-directory-de| | | vel-bounces | | | | | | | | | 2005-11-18 15:43 | | | Please respond to | | | "Fedora Directory | | | server developer | | | discussion." | |---------+------------------------------> >---------------------------------------------------------------------------------------------------------------| | | | To: "Fedora Directory server developer discussion." | | cc: | | Subject: Re: [Fedora-directory-devel] Download links broken for FDS 1.0 Fedora | >---------------------------------------------------------------------------------------------------------------| Thanks David and Richard for quick answer, much appricated. Do You know if there is a releaseplan for FDS 1.0.x in the near future eg. is it worth waiting a couple of days or so? >>Michael Smedeus wrote: >>Hi, >> >>I'm for two days now trying to download FDS 1.0.* binaries for Fedora/RHEL >>without success. All links are broken. Am i missing something or has the >>binaries been withdrawn? If so for what reason? >> >Richard Megginsson wrote: > >Sorry about that, mea culpa. >If you go here - http://directory.fedora.redhat.com/wiki/Download - and >scroll down to the bottom of the page, under Legacy releases, you can >download the current version. We're working on the links and hope to >have them fixed very shortly. >David Boreham wrote: > >FDS isn't quite released yet. The wiki page has the links but the files >haven't been pushed to the ftp server. > >You can still download the previous release under 'legacy releases' >lower down on the page. Regards M Smed?us -- Fedora-directory-devel mailing list Fedora-directory-devel at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel From msmedeus at csc.com Mon Nov 21 09:48:05 2005 From: msmedeus at csc.com (Michael Smedeus) Date: Mon, 21 Nov 2005 10:48:05 +0100 Subject: [Fedora-directory-devel] Download links broken for FDS 1.0 Fedora (new try) Message-ID: Sorry for my previous mail, me and Notes are not best friends. Thanks David and Richard for quick answer, much appriciated. Can You give a hint on the releaseplan for FDS 1.0.x, is it worth waiting for a couple of days? Regards M Smed?us From rmeggins at redhat.com Mon Nov 21 14:50:55 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Nov 2005 07:50:55 -0700 Subject: [Fedora-directory-devel] Download links broken for FDS 1.0 Fedora (new try) In-Reply-To: References: Message-ID: <4381DECF.50307@redhat.com> Michael Smedeus wrote: > > >Sorry for my previous mail, me and Notes are not best friends. > >Thanks David and Richard for quick answer, much appriciated. >Can You give a hint on the releaseplan for FDS 1.0.x, is it worth waiting >for a couple of days? > > I would suggest using the current version for now, unless you are planning to go into production with it in the next week or two. > >Regards >M Smed?us > > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: