From kevin_myer at iu13.org Thu Dec 1 00:53:59 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Wed, 30 Nov 2005 19:53:59 -0500 Subject: [Fedora-directory-users] LDAP subagent questions In-Reply-To: <438E275D.5060404@redhat.com> References: <20051130172131.d3iuzs2je9wk0wgw@webapps.iu13.org> <438E275D.5060404@redhat.com> Message-ID: <20051130195359.3t7caw07n8w04ggc@webapps.iu13.org> Nathan, I'm not sure if it matters what directory the agent is invoked from but the results are the same, if invoked with a full path, or if already in the bin/slapd/server directory: # cat /opt/fedora-ds/slapd-instance/config/ldap-agent.conf server /opt/fedora-ds/slapd-instance/logs # ./ldap-agent /opt/fedora-ds/slapd-instance/config/ldap-agent.conf ldap-agent: Error opening server config file: /opt/fedora-ds/slapd-instance/logs/config/dse.ldif # cat /opt/fedora-ds/slapd-instance/config/ldap-agent.conf server /opt/fedora-ds/slapd-instance # ./ldap-agent /opt/fedora-ds/slapd-instance/config/ldap-agent.conf ldap-agent: Started as pid 25012 And a minor nit, the documentation talks about ldapagent and the binary is actually ldap-agent. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From nkinder at redhat.com Thu Dec 1 03:04:00 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 30 Nov 2005 19:04:00 -0800 Subject: [Fedora-directory-users] LDAP subagent questions In-Reply-To: <20051130195359.3t7caw07n8w04ggc@webapps.iu13.org> References: <20051130172131.d3iuzs2je9wk0wgw@webapps.iu13.org> <438E275D.5060404@redhat.com> <20051130195359.3t7caw07n8w04ggc@webapps.iu13.org> Message-ID: <438E6820.9050607@redhat.com> Kevin M. Myer wrote: > Nathan, > > I'm not sure if it matters what directory the agent is invoked from > but the results are the same, if invoked with a full path, or if > already in the bin/slapd/server directory: > > # cat /opt/fedora-ds/slapd-instance/config/ldap-agent.conf > server /opt/fedora-ds/slapd-instance/logs > # ./ldap-agent /opt/fedora-ds/slapd-instance/config/ldap-agent.conf > ldap-agent: Error opening server config file: > /opt/fedora-ds/slapd-instance/logs/config/dse.ldif Doh! I didn't notice this before, but the docs are incorrect. The "server" parameter should point to the instance directory, not the logs directory. In your case, it should be set to "/opt/fedora-ds/slapd-instance". > > # cat /opt/fedora-ds/slapd-instance/config/ldap-agent.conf > server /opt/fedora-ds/slapd-instance > # ./ldap-agent /opt/fedora-ds/slapd-instance/config/ldap-agent.conf > ldap-agent: Started as pid 25012 > > And a minor nit, the documentation talks about ldapagent and the > binary is actually ldap-agent. I'll get documentation bugs filed for these issues. -NGK > > > Kevin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From del at babel.com.au Thu Dec 1 08:43:02 2005 From: del at babel.com.au (Del) Date: Thu, 01 Dec 2005 19:43:02 +1100 Subject: [Fedora-directory-users] Creating Replication Agreements at the Command Line (again) Message-ID: <438EB796.4050602@babel.com.au> I am trying to set up a two-master replica using this script: http://directory.fedora.redhat.com/wiki/Howto:MultiMasterReplication It creates the necessary replication objects, and then continually reports the following error message in the log files: [01/Dec/2005:18:55:04 +1100] NSMMReplicationPlugin - agmt="cn="Replication to fc3-dbw-2.babel.office"" (fc3-dbw-2:389): Replication bind to cn=repman,cn=config on consumer failed: 32 () (on both servers). I assumed that this was a password problem so I tried changing the password to cn=repman,cn=config on the server and in the replication agreement, and now I get the error message: [01/Dec/2005:18:41:14 +1100] NSMMReplicationPlugin - agmt="cn="Replication to fc3-dbw-1.babel.office"" (fc3-dbw-1:389): Replica has a different generation ID than the local data. I tried manually forcing the replica to happen via the console and I still get the above error message. Any ideas? I've tried rebuilding the DS from scratch a few times and I still get the same thing. -- Del From del at babel.com.au Thu Dec 1 10:33:51 2005 From: del at babel.com.au (Del) Date: Thu, 01 Dec 2005 21:33:51 +1100 Subject: [Fedora-directory-users] Creating Replication Agreements at the Command Line (again) In-Reply-To: <438EB796.4050602@babel.com.au> References: <438EB796.4050602@babel.com.au> Message-ID: <438ED18F.7070106@babel.com.au> Del wrote: > > I am trying to set up a two-master replica using this script: > > http://directory.fedora.redhat.com/wiki/Howto:MultiMasterReplication > > It creates the necessary replication objects, and then continually > reports the following error message in the log files: > > [01/Dec/2005:18:55:04 +1100] NSMMReplicationPlugin - > agmt="cn="Replication to fc3-dbw-2.babel.office"" (fc3-dbw-2:389): > Replication bind to cn=repman,cn=config on consumer failed: 32 () The bug in the script can be fixed by applying this patch: -- --- mmr.pl.old 2005-11-20 10:32:33.000000000 +1100 +++ mmr.pl 2005-12-01 21:20:19.000000000 +1100 @@ -52,8 +52,8 @@ config_supplier($host2, $host2_id, $repmanpw); # add replication agreements -add_rep_agreement($host1, $host2); -add_rep_agreement($host2, $host1); +add_rep_agreement($host1, $host2, $repmanpw); +add_rep_agreement($host2, $host1, $repmanpw); # initialize host2 from host1 initialize($host1, $host2); @@ -133,7 +133,7 @@ sub add_rep_agreement { - my ($from, $to) = @_; + my ($from, $to, $repmanpw) = @_; my $ldap = Net::LDAP->new($from) or die "$@"; $ldap->bind($binddn, password => $bindpw, version => 3); @@ -149,7 +149,7 @@ nsDS5ReplicaPort => 389, nsDS5ReplicaBindDN => "cn=repman,cn=config", nsDS5ReplicaBindMethod => "simple", - nsDS5ReplicaCredentials => "repman", + nsDS5ReplicaCredentials => $repmanpw, nsDS5ReplicaUpdateSchedule => "0000-2359 0123456", nsDS5ReplicaTimeOut => 120, ] -- Del From thierry.lanfranchi at wanadoo.fr Thu Dec 1 10:55:56 2005 From: thierry.lanfranchi at wanadoo.fr (Thierry Lanfranchi) Date: Thu, 01 Dec 2005 11:55:56 +0100 Subject: [Fedora-directory-users] Server Side Sorting limitations/configuration Message-ID: <438ED6BC.6070407@wanadoo.fr> Hello, I've noticed a strange behavior when I do a substring search based on only one letter, my results are not sorted. When I search for (&(objectClass=inetOrgPerson)(sn=FA*)), I get immediate sorted results, but when I search for (&(objectClass=inetOrgPerson)(sn=Y*)), I get immediate results, unsorted, despite results being less numerous than previous requests' results. Is that "not sorting on single letter search" feature wanted (maybe even RFC stuff that I haven't read yet), and if so, can I enable sorting even in that case, or is it to be considered a strange behavior and I need to look for more informations in order to solve it ? Just in case, my user class is not inetOrgPerson, but a class I defined inheriting from inetOrgPerson with added attributes. Mentionning it just in case... Thanks in advance for your answers, Thierry From chen_shaopeng at idsignet.com Thu Dec 1 11:30:04 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Thu, 01 Dec 2005 19:30:04 +0800 Subject: [Fedora-directory-users] Server Side Sorting limitations/configuration In-Reply-To: <438ED6BC.6070407@wanadoo.fr> References: <438ED6BC.6070407@wanadoo.fr> Message-ID: <438EDEBC.60903@idsignet.com> Thierry Lanfranchi wrote: > Hello, > > I've noticed a strange behavior when I do a substring search based on > only one letter, my results are not sorted. > When I search for (&(objectClass=inetOrgPerson)(sn=FA*)), I get > immediate sorted results, > but when I search for (&(objectClass=inetOrgPerson)(sn=Y*)), I get > immediate results, unsorted, despite results being less numerous than > previous requests' results. > Heh, that's a funny thing. How can the result of the second query "less numerous" than the result of the first query? Just wondering. csp -- Chen Shaopeng http://www.idsignet.com From thierry.lanfranchi at wanadoo.fr Thu Dec 1 12:30:33 2005 From: thierry.lanfranchi at wanadoo.fr (Thierry Lanfranchi) Date: Thu, 01 Dec 2005 13:30:33 +0100 Subject: [Fedora-directory-users] Server Side Sorting limitations/configuration In-Reply-To: <438EDEBC.60903@idsignet.com> References: <438ED6BC.6070407@wanadoo.fr> <438EDEBC.60903@idsignet.com> Message-ID: <438EECE9.8050607@wanadoo.fr> Chen Shaopeng a ?crit : >Thierry Lanfranchi wrote: > > >>Hello, >> >>I've noticed a strange behavior when I do a substring search based on >>only one letter, my results are not sorted. >>When I search for (&(objectClass=inetOrgPerson)(sn=FA*)), I get >>immediate sorted results, >>but when I search for (&(objectClass=inetOrgPerson)(sn=Y*)), I get >>immediate results, unsorted, despite results being less numerous than >>previous requests' results. >> >> >> > >Heh, that's a funny thing. How can the result of the second query "less >numerous" than the result of the first query? > >Just wondering. > >csp > > it's because my directory contains way more people with names starting with FA* than people with names starting with Y* :) (maybe you didn't notice both search filters were not using the same first letter ?) Thierry -------------- next part -------------- An HTML attachment was scrubbed... URL: From chen_shaopeng at idsignet.com Thu Dec 1 12:51:30 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Thu, 01 Dec 2005 20:51:30 +0800 Subject: [Fedora-directory-users] Server Side Sorting limitations/configuration In-Reply-To: <438EECE9.8050607@wanadoo.fr> References: <438ED6BC.6070407@wanadoo.fr> <438EDEBC.60903@idsignet.com> <438EECE9.8050607@wanadoo.fr> Message-ID: <438EF1D2.4010607@idsignet.com> Thierry Lanfranchi wrote: > (maybe you didn't notice both search filters were not using the same > first letter ?) > Sorry, didn't pay attention to that, it means I need to go home and get some sleep now :) csp -- Chen Shaopeng http://www.idsignet.com From rmeggins at redhat.com Thu Dec 1 13:37:55 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 06:37:55 -0700 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0 Message-ID: <438EFCB3.70606@redhat.com> We are proud to announce the release of Fedora Directory Server 1.0. This release marks a significant milestone for the open source community, who now have access to the code for the console and administration engine as well as the previously open sourced LDAP engine. This release uses the Apache httpd engine as its administration server, and includes mod_nss - a rewrite of mod_ssl which uses the Mozilla NSS crypto engine. The 1.0 release, in addition to its many other features such as LDAPv3, Multi-Master Replication, and Windows Synchronization, includes support for MD5, SHA-256, SHA-384, and SHA-512 password hashing, as well as many bug fixes. Fedora Directory Server 1.0 furthers the evolution and democratization of open source software in making this powerful, enterprise proven technology available to all. It is a boon for developers who are now able to port the full package - LDAP engine, console, and admin engine - to many different platforms. If you have used the previous version of Fedora Directory Server, we invite you to try our new version. If you are using another LDAP server, we invite you to try ours and let us know how it compares - we're always looking for ways to improve. Our community is already active and growing, and you are welcome and encouraged to join. There are many ways: joining the mailing lists, reporting bugs, editing documentation, writing scripts/patches/plug-ins, and many more. Try it out! - http://directory.fedora.redhat.com/wiki/Download Our home page - http://directory.fedora.redhat.com/ Join our community! - http://directory.fedora.redhat.com/wiki/Ways_to_contribute mod_nss - http://directory.fedora.redhat.com/wiki/Mod_nss Drop us a line! - fedora-directory-users at redhat.com and http://directory.fedora.redhat.com/wiki/Mailing_Lists -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From kevin_myer at iu13.org Thu Dec 1 14:07:21 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Thu, 1 Dec 2005 09:07:21 -0500 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0 In-Reply-To: <438EFCB3.70606@redhat.com> References: <438EFCB3.70606@redhat.com> Message-ID: <20051201090721.7n9y9m0yjjb404sg@webapps.iu13.org> Are there any notes available for "upgrading" from 7.1 to 1.0 (my feelings about using lower version numbers for newer releases, aside)? I just did a 'rpm -uvh fedora-ds-1.0-2.RHEL3.i386.opt.rpm --force' to upgrade a test installation and upon trying to start slapd, I get: # ./start-slapd [01/Dec/2005:08:59:17 -0500] SSL Initialization - Warning: certificate DB file /opt/fedora-ds/alias/slapd-tremolite-cert8.db does not exist - SSL initialization will likely fail [01/Dec/2005:08:59:17 -0500] SSL Initialization - Warning: key DB file /opt/fedora-ds/alias/slapd-tremolite-key3.db does not exist - SSL initialization will likely fail [01/Dec/2005:08:59:17 -0500] - SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.): path: /opt/fedora-ds/alias/, certdb prefix: slapd-tremolite-, keydb prefix: slapd-tremolite-. [01/Dec/2005:08:59:17 -0500] - ERROR: NSS Initialization Failed. Both DB files do exist: # pwd /opt/fedora-ds/alias # ls -al slap* -rw------- 1 root nobody 65536 Jun 3 17:14 slapd-tremolite-cert8.db -rw------- 1 root nobody 16384 Jun 3 17:14 slapd-tremolite-key3.db Do I still need to run the setup script, even if its an upgrade, not a fresh install? Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From rmeggins at redhat.com Thu Dec 1 14:20:05 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 07:20:05 -0700 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0 In-Reply-To: <20051201090721.7n9y9m0yjjb404sg@webapps.iu13.org> References: <438EFCB3.70606@redhat.com> <20051201090721.7n9y9m0yjjb404sg@webapps.iu13.org> Message-ID: <438F0695.9050208@redhat.com> Kevin M. Myer wrote: > Are there any notes available for "upgrading" from 7.1 to 1.0 (my > feelings about using lower version numbers for newer releases, aside)? > > I just did a 'rpm -uvh fedora-ds-1.0-2.RHEL3.i386.opt.rpm --force' to > upgrade a test installation and upon trying to start slapd, I get: > > # ./start-slapd > [01/Dec/2005:08:59:17 -0500] SSL Initialization - Warning: certificate > DB file /opt/fedora-ds/alias/slapd-tremolite-cert8.db does not exist - > SSL initialization will likely fail > [01/Dec/2005:08:59:17 -0500] SSL Initialization - Warning: key DB file > /opt/fedora-ds/alias/slapd-tremolite-key3.db does not exist - SSL > initialization will likely fail > [01/Dec/2005:08:59:17 -0500] - SSL alert: Security Initialization: NSS > initialization failed (Netscape Portable Runtime error -8192 - An I/O > error occurred during security authorization.): path: > /opt/fedora-ds/alias/, certdb prefix: slapd-tremolite-, keydb prefix: > slapd-tremolite-. > [01/Dec/2005:08:59:17 -0500] - ERROR: NSS Initialization Failed. > > Both DB files do exist: > > # pwd > /opt/fedora-ds/alias > # ls -al slap* > -rw------- 1 root nobody 65536 Jun 3 17:14 > slapd-tremolite-cert8.db > -rw------- 1 root nobody 16384 Jun 3 17:14 > slapd-tremolite-key3.db > > Do I still need to run the setup script, even if its an upgrade, not a > fresh install? Yes, and that probably won't work in an upgrade installation situation. For upgrade, it's best to backup your data and security db files, and do a completely new installation. You should be able to save your data, database configuration, security configuration, replication configuration, etc., remove the old software, install the new software, and reapply your old data and config. There was a bug in the server - those files should be owned by "nobody" (or whatever your ns-slapd uid is). We have not tested upgrade install - there may be some problems with the console or other admin server functions because the admin server is radically different. > > Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Thu Dec 1 15:36:32 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 01 Dec 2005 08:36:32 -0700 Subject: [Fedora-directory-users] Server Side Sorting limitations/configuration In-Reply-To: <438ED6BC.6070407@wanadoo.fr> References: <438ED6BC.6070407@wanadoo.fr> Message-ID: <438F1880.9060502@boreham.org> Thierry Lanfranchi wrote: > Is that "not sorting on single letter search" feature wanted (maybe > even RFC stuff that I haven't read yet), and if so, can I enable > sorting even in that case, or is it to be considered a strange > behavior and I need to look for more informations in order to solve it ? Yes. One clue might be that a single letter substring search filter will not be indexed (while a leading two-letter substring search filter will). An unindexed search may not be sortable : it's been a long time since I messed with this part of the code and without reading it again I'm not sure. Anyway, if you made the sort control mandatory in your search, the server should respond with an error in the case that it's unable to sort. Did you see any response control with information like that in it ? From aly.dharshi at telus.net Thu Dec 1 15:54:03 2005 From: aly.dharshi at telus.net (Aly Dharshi) Date: Thu, 01 Dec 2005 08:54:03 -0700 Subject: [Fedora-directory-users] FDS 1.0 and Friends Message-ID: <438F1C9B.2060708@telus.net> Hello All, I hope that you are well. Please forgive me if this is an out there question, with some of the changes that I read below in Richard's annoucement, how well will FDS 1.0 play with Sun's DS 5.x ? Anybody with any thoughts on this ? I am referring to replication to and from for instance. Cheers, Aly. Richard Megginson wrote: > We are proud to announce the release of Fedora Directory Server 1.0. > > This release marks a significant milestone for the open source community, who now have access to the code for the console and administration engine as well as the previously open sourced LDAP engine. This release uses the Apache httpd engine as its administration server, and includes mod_nss - a rewrite of mod_ssl which uses the Mozilla NSS crypto engine. The 1.0 release, in addition to its many other features such as LDAPv3, Multi-Master Replication, and Windows Synchronization, includes support for MD5, SHA-256, SHA-384, and SHA-512 password hashing, as well as many bug fixes. Fedora Directory Server 1.0 furthers the evolution and democratization of open source software in making this powerful, enterprise proven technology available to all. It is a boon for developers who are now able to port the full package - LDAP engine, console, and admin engine - to many different platforms. > > If you have used the previous version of Fedora Directory Server, we invite you to try our new version. If you are using another LDAP server, we invite you to try ours and let us know how it compares - we're always looking for ways to improve. Our community is already active and growing, and you are welcome and encouraged to join. There are many ways: joining the mailing lists, reporting bugs, editing documentation, writing scripts/patches/plug-ins, and many more. > > Try it out! - http://directory.fedora.redhat.com/wiki/Download > Our home page - http://directory.fedora.redhat.com/ > Join our community! - http://directory.fedora.redhat.com/wiki/Ways_to_contribute > mod_nss - http://directory.fedora.redhat.com/wiki/Mod_nss > Drop us a line! - fedora-directory-users at redhat.com and http://directory.fedora.redhat.com/wiki/Mailing_Lists > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-announce mailing list > Fedora-directory-announce at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-announce -- Aly S.P Dharshi aly.dharshi at telus.net "A good speech is like a good dress that's short enough to be interesting and long enough to cover the subject" From nkinder at redhat.com Thu Dec 1 16:12:53 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 01 Dec 2005 08:12:53 -0800 Subject: [Fedora-directory-users] FDS 1.0 and Friends In-Reply-To: <438F1C9B.2060708@telus.net> References: <438F1C9B.2060708@telus.net> Message-ID: <438F2105.1070507@redhat.com> Aly Dharshi wrote: > Hello All, > > I hope that you are well. Please forgive me if this is an out > there question, with some of the changes that I read below in > Richard's annoucement, how well will FDS 1.0 play with Sun's DS 5.x ? > Anybody with any thoughts on this ? I am referring to replication to > and from for instance. The replication code has not had any significant changes in FDS 1.0, so replication to Sun's DS 5.x should still work. The main architectural changes to FDS 1.0 are in the Administration Server, which does not affect replication. -NGK > > Cheers, > > Aly. > > Richard Megginson wrote: > > > We are proud to announce the release of Fedora Directory Server 1.0. > > > > This release marks a significant milestone for the open source > community, who now have access to the code for the console and > administration engine as well as the previously open sourced LDAP > engine. This release uses the Apache httpd engine as its > administration server, and includes mod_nss - a rewrite of mod_ssl > which uses the Mozilla NSS crypto engine. The 1.0 release, in addition > to its many other features such as LDAPv3, Multi-Master Replication, > and Windows Synchronization, includes support for MD5, SHA-256, > SHA-384, and SHA-512 password hashing, as well as many bug fixes. > Fedora Directory Server 1.0 furthers the evolution and democratization > of open source software in making this powerful, enterprise proven > technology available to all. It is a boon for developers who are now > able to port the full package - LDAP engine, console, and admin engine > - to many different platforms. > > > > If you have used the previous version of Fedora Directory Server, we > invite you to try our new version. If you are using another LDAP > server, we invite you to try ours and let us know how it compares - > we're always looking for ways to improve. Our community is already > active and growing, and you are welcome and encouraged to join. There > are many ways: joining the mailing lists, reporting bugs, editing > documentation, writing scripts/patches/plug-ins, and many more. > > > > Try it out! - http://directory.fedora.redhat.com/wiki/Download > > Our home page - http://directory.fedora.redhat.com/ > > Join our community! - > http://directory.fedora.redhat.com/wiki/Ways_to_contribute > > mod_nss - http://directory.fedora.redhat.com/wiki/Mod_nss > > Drop us a line! - fedora-directory-users at redhat.com and > http://directory.fedora.redhat.com/wiki/Mailing_Lists > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-announce mailing list > > Fedora-directory-announce at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-announce > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From hartmut.woehrle at mail.pcom.de Thu Dec 1 16:26:02 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?iso-8859-1?q?W=F6hrle?=) Date: Thu, 1 Dec 2005 17:26:02 +0100 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <438CB996.4020509@bozemanpass.com> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <200511250956.00492.hartmut.woehrle@mail.pcom.de> <438CB996.4020509@bozemanpass.com> Message-ID: <200512011726.03093.hartmut.woehrle@mail.pcom.de> Hell Elliot, Am Dienstag, 29. November 2005 21:27 schrieb Elliot Schlegelmilch: > I'm a bit confused now. Which password, or which actual? You can > ldapsearch using the uid=admin,ou=system account and correct password. "correct password" thats exactly my problem. I think when setting up the system I did something wrong, because the answer is "Invalid Credentials (49)" which means wrong password. Therefore I can not connect, not search, and not modify anything.... so what to do? Uninstall and start from scratch? > > ldapsearch works, but (as you can see below) my bind password is wrong > > (or I can't remember.... :) ) > > I would suggest opening up your c:\program files\fedora directory > synchronization\conf\usersync.conf in your favorite editor, and see what > password is in it. Try binding as that user. While looking inside that > file look for the 'server.db.partition.suffix.usersync field. > While trying to install I changed this password and now it doesn't fit - or maybe I am too stupid because I can not remember. > Then, with this password and base, try another search. > > ldapsearch -v -h 192.168.1.218 -D "uid=admin,ou=system" -w pw -b > "dc=home,dc=org" "(objectclass=*) > > I'm just guessing the base, but I assume it's something very similar. > > You should see something similar to this: > # Guest, users, example.com > dn: sAMAccountName=Guest,cn=users,dc=example,dc=com > memberOf: sAMAccountName=Domain Guests,cn=users,dc=example,dc=com > lastLogon: 0 > objectGUID: 0105000000000005150000003D725165EB1AB15BC9504D49F5010000 > countryCode: 0 > Ok, so now I know what should com out - good. > Once you can access your PDC from LDAP, there's a lot better chance that > your Fedora Directory Server will be able to for replication. > Exactly thats why I switched to the ldapsearch, because it tells me much more at the output as the logfile from Replication Log. > > Btw... It would be nice to find a schema (written or drawn) which tells > > me (or everyone) how winsync and passwordsync works. The Pictures in the > > manuals tell me the way which way the servers exchange informations, but > > within the PDC (or AD) I don't know anything - it is a black box. > > And .... I didn't find the sources to check by myself - is it closed > > source? > > It's not closed source. > http://directory.fedora.redhat.com/wiki/Building#Pulling_the_Directory_Serv >er_Source The Directory Server yes. But I don't see (maybe I'm blind) the sources for the ApacheDS at the PDC (Java based) and the sources for winsync software, which comes as a .msi (Microsoft Installer) File. So is this opensource? And where to find it? And I think the manual is a little bit too small for the NT Winsync. With AD it is OK, because you use the LDAP Funktion of the AD and synchronise like a replica - more or less. But what exactly happens at the NT PDC??? I learned from this forum that winsync installs an ApacheDS as LDAP Server to connect with. OK what next. How does the ApacheDS connect to the PDC. Which user is used for the login - if any? Does it work like this: FDS --> ApacheDS (uid=admin,ou=system) --> NT PDC (user=?) or FDS --> ApacheDS (uid=admin,ou=system) --> NT PDC (user=admin) And you need the replication manager (with the acl's to add, modify and delete a user) at the FDS side for the synchronization? So this works like this (push) NT PDC (user=?) --> ApacheDS (uid=admin,ou=system) --> FDS (uid=replmanager,out=users) And how does he know which user at hte FDS to use Or like this (Pull) FDS --> ApacheDS (uid=admin,ou=system) --> NT PDC (user=?) And how does it work, when I use the Password sync? Is there a layer inbetween windows admintool and PDC that reads the input and sends it to the FDS before handing it to the PDC Directory - but for this it needs an account with administrative rights, which one? You see there are many questions with this challenging tool. See U Hartmut -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de From hartmut.woehrle at mail.pcom.de Thu Dec 1 16:28:21 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?iso-8859-1?q?W=F6hrle?=) Date: Thu, 1 Dec 2005 17:28:21 +0100 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <200512011726.03093.hartmut.woehrle@mail.pcom.de> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <438CB996.4020509@bozemanpass.com> <200512011726.03093.hartmut.woehrle@mail.pcom.de> Message-ID: <200512011728.21538.hartmut.woehrle@mail.pcom.de> Am Donnerstag, 1. Dezember 2005 17:26 schrieb Hartmut W?hrle: > Hell Elliot, Sorry, should be "Hello", but the "send"- button was faster :) > See U > Hartmut -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de From david_list at boreham.org Thu Dec 1 16:34:06 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 01 Dec 2005 09:34:06 -0700 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <438CB996.4020509@bozemanpass.com> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <4384916E.5070202@boreham.org> <200511250956.00492.hartmut.woehrle@mail.pcom.de> <438CB996.4020509@bozemanpass.com> Message-ID: <438F25FE.5000801@boreham.org> > It's not closed source. > http://directory.fedora.redhat.com/wiki/Building#Pulling_the_Directory_Server_Source > Specifically, the NTDS source is here: http://cvs.fedora.redhat.com/lxr/dirsec/source/ldapserver/ldap/servers/ntds/ But it uses ApacheDS too, which is here: http://directory.apache.org/ From nkinder at redhat.com Thu Dec 1 16:38:44 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 01 Dec 2005 08:38:44 -0800 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <200512011726.03093.hartmut.woehrle@mail.pcom.de> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <200511250956.00492.hartmut.woehrle@mail.pcom.de> <438CB996.4020509@bozemanpass.com> <200512011726.03093.hartmut.woehrle@mail.pcom.de> Message-ID: <438F2714.2070302@redhat.com> Hartmut W?hrle wrote: >Hell Elliot, > >Am Dienstag, 29. November 2005 21:27 schrieb Elliot Schlegelmilch: > > >>I'm a bit confused now. Which password, or which actual? You can >>ldapsearch using the uid=admin,ou=system account and correct password. >> >> >"correct password" thats exactly my problem. I think when setting up the >system I did something wrong, because the answer is "Invalid Credentials >(49)" which means wrong password. Therefore I can not connect, not search, >and not modify anything.... so what to do? Uninstall and start from scratch? > > > >>>ldapsearch works, but (as you can see below) my bind password is wrong >>>(or I can't remember.... :) ) >>> >>> >>I would suggest opening up your c:\program files\fedora directory >>synchronization\conf\usersync.conf in your favorite editor, and see what >>password is in it. Try binding as that user. While looking inside that >>file look for the 'server.db.partition.suffix.usersync field. >> >> >> >While trying to install I changed this password and now it doesn't fit - or >maybe I am too stupid because I can not remember. > > > >>Then, with this password and base, try another search. >> >>ldapsearch -v -h 192.168.1.218 -D "uid=admin,ou=system" -w pw -b >>"dc=home,dc=org" "(objectclass=*) >> >>I'm just guessing the base, but I assume it's something very similar. >> >>You should see something similar to this: >># Guest, users, example.com >>dn: sAMAccountName=Guest,cn=users,dc=example,dc=com >>memberOf: sAMAccountName=Domain Guests,cn=users,dc=example,dc=com >>lastLogon: 0 >>objectGUID: 0105000000000005150000003D725165EB1AB15BC9504D49F5010000 >>countryCode: 0 >> >> >> >Ok, so now I know what should com out - good. > > > >>Once you can access your PDC from LDAP, there's a lot better chance that >>your Fedora Directory Server will be able to for replication. >> >> >> >Exactly thats why I switched to the ldapsearch, because it tells me much more >at the output as the logfile from Replication Log. > > > >>>Btw... It would be nice to find a schema (written or drawn) which tells >>>me (or everyone) how winsync and passwordsync works. The Pictures in the >>>manuals tell me the way which way the servers exchange informations, but >>>within the PDC (or AD) I don't know anything - it is a black box. >>>And .... I didn't find the sources to check by myself - is it closed >>>source? >>> >>> >>It's not closed source. >>http://directory.fedora.redhat.com/wiki/Building#Pulling_the_Directory_Serv >>er_Source >> >> >The Directory Server yes. >But I don't see (maybe I'm blind) the sources for the ApacheDS at the PDC >(Java based) and the sources for winsync software, which comes as a .msi >(Microsoft Installer) File. >So is this opensource? And where to find it? > > The ApacheDS source is available at http://directory.apache.org/ The source for the winsync software is in the same source tree as the Directory Server. The PassSync.msi source is in the ldapserver/ldap/synctools directory. The ntds.msi source is in the ldapserver/ldap/servers/ntds directory. >And I think the manual is a little bit too small for the NT Winsync. >With AD it is OK, because you use the LDAP Funktion of the AD and synchronise >like a replica - more or less. >But what exactly happens at the NT PDC??? >I learned from this forum that winsync installs an ApacheDS as LDAP Server to >connect with. OK what next. How does the ApacheDS connect to the PDC. Which >user is used for the login - if any? >Does it work like this: >FDS --> ApacheDS (uid=admin,ou=system) --> NT PDC (user=?) >or >FDS --> ApacheDS (uid=admin,ou=system) --> NT PDC (user=admin) > > My understanding is that the ApacheDS just serves up an LDAP representation of NTs SAM database. It can access this since it is running as Administrator. >And you need the replication manager (with the acl's to add, modify and delete >a user) at the FDS side for the synchronization? >So this works like this (push) > NT PDC (user=?) --> ApacheDS (uid=admin,ou=system) --> FDS >(uid=replmanager,out=users) >And how does he know which user at hte FDS to use >Or like this (Pull) >FDS --> ApacheDS (uid=admin,ou=system) --> NT PDC (user=?) > > FDS pulls the data from ApacheDS. >And how does it work, when I use the Password sync? Is there a layer inbetween >windows admintool and PDC that reads the input and sends it to the FDS before >handing it to the PDC Directory - but for this it needs an account with >administrative rights, which one? > > The Windows LSA (local security authority) hands password changes off to PassSync. The PassSync service then attempts to push this password change to FDS. You need to setup a user on the FDS side that has permission to update the userPassword attribute for your user entries. It doesn't matter which user as long as they have the proper rights. -NGK >You see there are many questions with this challenging tool. > > See U > Hartmut > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Dec 1 16:46:44 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 09:46:44 -0700 Subject: [Fedora-directory-users] FDS 1.0 and Friends In-Reply-To: <438F1C9B.2060708@telus.net> References: <438F1C9B.2060708@telus.net> Message-ID: <438F28F4.90509@redhat.com> http://directory.fedora.redhat.com/wiki/FAQ#Does_replication_interoperate_with_Netscape.2FiPlanet.2FSun_Directory_Server.3F Aly Dharshi wrote: > Hello All, > > I hope that you are well. Please forgive me if this is an out > there question, with some of the changes that I read below in > Richard's annoucement, how well will FDS 1.0 play with Sun's DS 5.x ? > Anybody with any thoughts on this ? I am referring to replication to > and from for instance. > > Cheers, > > Aly. > > Richard Megginson wrote: > > > We are proud to announce the release of Fedora Directory Server 1.0. > > > > This release marks a significant milestone for the open source > community, who now have access to the code for the console and > administration engine as well as the previously open sourced LDAP > engine. This release uses the Apache httpd engine as its > administration server, and includes mod_nss - a rewrite of mod_ssl > which uses the Mozilla NSS crypto engine. The 1.0 release, in addition > to its many other features such as LDAPv3, Multi-Master Replication, > and Windows Synchronization, includes support for MD5, SHA-256, > SHA-384, and SHA-512 password hashing, as well as many bug fixes. > Fedora Directory Server 1.0 furthers the evolution and democratization > of open source software in making this powerful, enterprise proven > technology available to all. It is a boon for developers who are now > able to port the full package - LDAP engine, console, and admin engine > - to many different platforms. > > > > If you have used the previous version of Fedora Directory Server, we > invite you to try our new version. If you are using another LDAP > server, we invite you to try ours and let us know how it compares - > we're always looking for ways to improve. Our community is already > active and growing, and you are welcome and encouraged to join. There > are many ways: joining the mailing lists, reporting bugs, editing > documentation, writing scripts/patches/plug-ins, and many more. > > > > Try it out! - http://directory.fedora.redhat.com/wiki/Download > > Our home page - http://directory.fedora.redhat.com/ > > Join our community! - > http://directory.fedora.redhat.com/wiki/Ways_to_contribute > > mod_nss - http://directory.fedora.redhat.com/wiki/Mod_nss > > Drop us a line! - fedora-directory-users at redhat.com and > http://directory.fedora.redhat.com/wiki/Mailing_Lists > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-announce mailing list > > Fedora-directory-announce at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-announce > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Thu Dec 1 16:53:49 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 01 Dec 2005 09:53:49 -0700 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <200512011726.03093.hartmut.woehrle@mail.pcom.de> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <200511250956.00492.hartmut.woehrle@mail.pcom.de> <438CB996.4020509@bozemanpass.com> <200512011726.03093.hartmut.woehrle@mail.pcom.de> Message-ID: <438F2A9D.9080307@boreham.org> >But what exactly happens at the NT PDC??? > > This is documented a little in the admin guide: http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2859334 quoting: NT4 LDAP Service. This is a special LDAP server application that must be installed on the primary domain controller for NT4 sync. It is only used for NT4 and is not needed for Active Directory deployments. The purpose of the NT4 LDAP Service is to provide a similar view of users and groups as is available via LDAP from Active Directory. This allows almost all of the Directory Server Windows Sync code to be the same for both Active Directory and NT4. How it works may give you some better insight: NT4, unlike AD, does not support LDAP. It does however have an API that allows an application running on the PDC to read and write the NTLM user database. This is called the 'NetXXX api' because many of the functions have names like 'NetUserEnum()'. What the NTDS does is to 'reflect' that API as an LDAP server. It does this using ApacheDS (chosen because it gives us a working LDAP server that can be quickly customized, and because it will run without huge testing effort on an old platform like NT4), and a custom ApacheDS back-end. The back-end provides a shim between the ApacheDS internal database interface and the NetXXX api. It does this using a combination of C++ to talk directly to the API, and then a swig-generated shim to JNI which in turn is driven by a simple Java class in the custom back end. The top level goal for the NTDS is to 'emulate' AD on NT4. The idea was to code the winsync part of FDS to speak to AD alone, and do all the NT4 weirdness on the NT side. It turns out to be hard/impossible to do that 100% (some schema is quite different for example). So you will see some 'if (nt4) ... ' code in FDS winsync, but not a whole lot. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hartmut.woehrle at mail.pcom.de Thu Dec 1 17:51:49 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?utf-8?q?W=C3=B6hrle?=) Date: Thu, 1 Dec 2005 18:51:49 +0100 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <438F2A9D.9080307@boreham.org> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <200512011726.03093.hartmut.woehrle@mail.pcom.de> <438F2A9D.9080307@boreham.org> Message-ID: <200512011851.49955.hartmut.woehrle@mail.pcom.de> Am Donnerstag, 1. Dezember 2005 17:53 schrieb David Boreham: > >But what exactly happens at the NT PDC??? > > This is documented a little in the admin guide: ^^^^^ exactly ;) > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2859334 > Yes I know it and it doesn't tell me much about how it works. So I'm messed up a little when dealing with problems. :( > How it works may give you some better insight: > > NT4, unlike AD, does not support LDAP. It does however have an API > that allows an application running on the PDC to read and write the NTLM > user database. This is called the 'NetXXX api' because many of the > functions have names like 'NetUserEnum()'. > What the NTDS does is to 'reflect' that API as an LDAP > server. It does this using ApacheDS (chosen because it gives us a working > LDAP server that can be quickly customized, and because it will run without > huge testing effort on an old platform like NT4), and a custom ApacheDS > back-end. > The back-end provides a shim between the ApacheDS internal database > interface > and the NetXXX api. It does this using a combination of C++ to talk > directly to the API, and then a swig-generated shim to JNI which in turn is > driven by a simple Java class in the custom back end. So it is not a login, but a service-to-service-talk. Then the ApacheDS doesn't have to know the account (uid and pw), because it is running as a privileged service - is this right? > > The top level goal for the NTDS is to 'emulate' AD on NT4. > The idea was to code the winsync part of FDS to speak to > AD alone, and do all the NT4 weirdness on the NT side. > It turns out to be hard/impossible to do that 100% (some schema > is quite different for example). So you will see some 'if (nt4) ... ' > code in FDS winsync, but not a whole lot. Ok thats quite elegant. I see. So the only uid/pw combination I need to know and to have (create) at the PDC side is in fact the ApacheDS Directory Manager (uid=admin,ou=system) ? And it has nothing to do with any existing account in the windows domain (user or admin)... did I get this right? Wau, great explanation, thank you... please put something similar to the manual - I think a lot of people will need it, or at least want to know how it works. See U Hartmut -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de From kevin_myer at iu13.org Thu Dec 1 17:53:10 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Thu, 1 Dec 2005 12:53:10 -0500 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0 In-Reply-To: <438F0695.9050208@redhat.com> References: <438EFCB3.70606@redhat.com> <20051201090721.7n9y9m0yjjb404sg@webapps.iu13.org> <438F0695.9050208@redhat.com> Message-ID: <20051201125310.lt8c1glofg28844k@webapps.iu13.org> Quoting Richard Megginson : > Yes, and that probably won't work in an upgrade installation > situation. For upgrade, it's best to backup your data and security > db files, and do a completely new installation. You should be able > to save your data, database configuration, security configuration, > replication configuration, etc., remove the old software, install the > new software, and reapply your old data and config. > > There was a bug in the server - those files should be owned by > "nobody" (or whatever your ns-slapd uid is). We have not tested > upgrade install - there may be some problems with the console or > other admin server functions because the admin server is radically > different. Well, after spending a little time with it, I think a forced RPM upgrade can still be made to work, without doing a complete backup, uninstall, and new install. There are a few caveats, namely that the setup script (at least on my forced upgrade test server) failed to properly configure the admin server, which meant none of the Apache config files were generated. But I installed a fresh install on my workstation, and copied config files, made a few changes to them on my test installation and am up and running. Only issues I've seen so far are organizational charts throw an Apache server error (undefined symbol: PL_sv_undef at /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line 229.), and from the Java console, my Administration Domain has disappeared. Haven't put a finger on that one yet. And the speed boost going to Apache is amazing. I believe I saw a post in the dev archives about that (or maybe it was here) but seeing is definitely believing :) Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From rmeggins at redhat.com Thu Dec 1 18:07:18 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 11:07:18 -0700 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0 In-Reply-To: <20051201125310.lt8c1glofg28844k@webapps.iu13.org> References: <438EFCB3.70606@redhat.com> <20051201090721.7n9y9m0yjjb404sg@webapps.iu13.org> <438F0695.9050208@redhat.com> <20051201125310.lt8c1glofg28844k@webapps.iu13.org> Message-ID: <438F3BD6.2040607@redhat.com> Kevin M. Myer wrote: > Quoting Richard Megginson : > >> Yes, and that probably won't work in an upgrade installation >> situation. For upgrade, it's best to backup your data and security >> db files, and do a completely new installation. You should be able >> to save your data, database configuration, security configuration, >> replication configuration, etc., remove the old software, install the >> new software, and reapply your old data and config. >> >> There was a bug in the server - those files should be owned by >> "nobody" (or whatever your ns-slapd uid is). We have not tested >> upgrade install - there may be some problems with the console or >> other admin server functions because the admin server is radically >> different. > > > Well, after spending a little time with it, I think a forced RPM > upgrade can still be made to work, without doing a complete backup, > uninstall, and new install. There are a few caveats, namely that the > setup script (at least on my forced upgrade test server) failed to > properly configure the admin server, which meant none of the Apache > config files were generated. Right. That's my main concern, along with some other file/directory configuration that setup does for admin server/console. > But I installed a fresh install on my workstation, and copied config > files, made a few changes to them on my test installation and am up > and running. Ok. > > Only issues I've seen so far are organizational charts throw an Apache > server error (undefined symbol: PL_sv_undef at > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line 229.), What OS and version is this? > and from the Java console, my Administration Domain has disappeared. > Haven't put a finger on that one yet. I think that has to do with some info under o=netscaperoot that's using 4.0 or 7.0 or 7.1 or 71 instead of 1.0 or 10 e.g. the jar file names should be ds10.jar instead of ds71.jar. Try a search like this: ldapsearch -T -b o=netscaperoot -D "cn=directory manager" -w password "objectclass=*" | grep 71 or grep 7.1 or grep 4.0 All of those will have to be replaced with 10 or 1.0. > > And the speed boost going to Apache is amazing. I believe I saw a > post in the dev archives about that (or maybe it was here) but seeing > is definitely believing :) > > Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From jclowser at unitedmessaging.com Thu Dec 1 18:14:46 2005 From: jclowser at unitedmessaging.com (Jeff Clowser) Date: Thu, 01 Dec 2005 13:14:46 -0500 Subject: [Fedora-directory-users] Calendar server Message-ID: <438F3D96.9040802@unitedmessaging.com> I know this is somewhat off topic, though it has come up a couple times since Red Hat bought the whole suite from Netscape... http://www.sun.com/smi/Press/sunflash/2005-11/sunflash.20051130.1.html Looks like Sun is open sourcing JES (which includes the mail and calendar server as well as the directory server). My hope is that someone picks this up and adds caldav support to the calendar server, spuring the caldav efforts on clients like Mozilla Sunbird, Evolution, etc. Between FDS (which seems to be improving more steadily than Sun's DS), the JES Calendar + caldav, and JES or other ldap aware mail server software, I see potential for a real Exchange killer :) - Jeff From mj at sci.fi Thu Dec 1 18:25:57 2005 From: mj at sci.fi (Mike Jackson) Date: Thu, 01 Dec 2005 20:25:57 +0200 Subject: [Fedora-directory-users] Calendar server In-Reply-To: <438F3D96.9040802@unitedmessaging.com> References: <438F3D96.9040802@unitedmessaging.com> Message-ID: <438F4035.3020902@sci.fi> Jeff Clowser wrote: > I know this is somewhat off topic, though it has come up a couple times > since Red Hat bought the whole suite from Netscape... > > http://www.sun.com/smi/Press/sunflash/2005-11/sunflash.20051130.1.html > > Looks like Sun is open sourcing JES (which includes the mail and > calendar server as well as the directory server). My hope is that > someone picks this up and adds caldav support to the calendar server, > spuring the caldav efforts on clients like Mozilla Sunbird, Evolution, etc. I searched all over their site trying to find the source code, but no cigar. Binary downloads were downloadable for free. > Between FDS (which seems to be improving more steadily than Sun's DS), When it comes to first impressions, the sun ds has fedora beat hands down. What I'm talking about is the very slick GUI installer. Of course, old pros will still want to use the silent install, which is found in sun and fedora ds, but for newbies, I think they will definitely choose the sun ds for it's installer. That is, unless we do something about it. Competition is _always_ a good thing. Look how many long requested features suddenly started popping up in OpenLDAP during the past year :-) -- mike From jdennis at redhat.com Thu Dec 1 18:29:07 2005 From: jdennis at redhat.com (John Dennis) Date: Thu, 01 Dec 2005 13:29:07 -0500 Subject: [Fedora-directory-users] Calendar server In-Reply-To: <438F3D96.9040802@unitedmessaging.com> References: <438F3D96.9040802@unitedmessaging.com> Message-ID: <1133461747.26868.62.camel@finch.boston.redhat.com> On Thu, 2005-12-01 at 13:14 -0500, Jeff Clowser wrote: > I know this is somewhat off topic, though it has come up a couple times > since Red Hat bought the whole suite from Netscape... > > http://www.sun.com/smi/Press/sunflash/2005-11/sunflash.20051130.1.html > > Looks like Sun is open sourcing JES (which includes the mail and > calendar server as well as the directory server). My hope is that > someone picks this up and adds caldav support to the calendar server, > spuring the caldav efforts on clients like Mozilla Sunbird, Evolution, etc. > > Between FDS (which seems to be improving more steadily than Sun's DS), > the JES Calendar + caldav, and JES or other ldap aware mail server > software, I see potential for a real Exchange killer :) We are also keenly interested in a calendar server but I'll confess I'm confused as to the relationship you envision between FDS and calendar server based on caldav, could you explain? -- John Dennis From ndbecker2 at gmail.com Thu Dec 1 18:30:02 2005 From: ndbecker2 at gmail.com (Neal Becker) Date: Thu, 1 Dec 2005 13:30:02 -0500 Subject: [Fedora-directory-users] fedora-ds-1.0-2.FC4.i386.opt.rpm failure In-Reply-To: <438EFCB3.70606@redhat.com> References: <438EFCB3.70606@redhat.com> Message-ID: <200512011330.03449.ndbecker2@gmail.com> Just tried a test install on FC4/x86_64. Selected all default answers to /opt/fedora-ds/setup/setup. Here's what I got: cat /tmp/fileauZe9w ERROR: ld.so: object '/opt/fedora-ds/bin/admin/lib/libssl3.so' from LD_PRELOAD cannot be preloaded: ignored. ERROR: ld.so: object '/opt/fedora-ds/bin/admin/lib/libldap50.so' from LD_PRELOAD cannot be preloaded: ignored. Syntax error on line 150 of /opt/fedora-ds/admin-serv/config/httpd.conf: Cannot load /opt/fedora-ds/bin/admin/lib/libmodrestartd.so into server: /opt/fedora-ds/bin/admin/lib/libmodrestartd.so: cannot open shared object file: No such file or directory From rmeggins at redhat.com Thu Dec 1 18:38:17 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 11:38:17 -0700 Subject: [Fedora-directory-users] fedora-ds-1.0-2.FC4.i386.opt.rpm failure In-Reply-To: <200512011330.03449.ndbecker2@gmail.com> References: <438EFCB3.70606@redhat.com> <200512011330.03449.ndbecker2@gmail.com> Message-ID: <438F4319.1060303@redhat.com> We do not yet have binaries for x86_64. Neal Becker wrote: >Just tried a test install on FC4/x86_64. Selected all default answers >to /opt/fedora-ds/setup/setup. Here's what I got: > >cat /tmp/fileauZe9w >ERROR: ld.so: object '/opt/fedora-ds/bin/admin/lib/libssl3.so' from LD_PRELOAD >cannot be preloaded: ignored. >ERROR: ld.so: object '/opt/fedora-ds/bin/admin/lib/libldap50.so' from >LD_PRELOAD cannot be preloaded: ignored. >Syntax error on line 150 of /opt/fedora-ds/admin-serv/config/httpd.conf: >Cannot load /opt/fedora-ds/bin/admin/lib/libmodrestartd.so into >server: /opt/fedora-ds/bin/admin/lib/libmodrestartd.so: cannot open shared >object file: No such file or directory > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From jclowser at unitedmessaging.com Thu Dec 1 18:38:11 2005 From: jclowser at unitedmessaging.com (Jeff Clowser) Date: Thu, 01 Dec 2005 13:38:11 -0500 Subject: [Fedora-directory-users] Calendar server In-Reply-To: <438F4035.3020902@sci.fi> References: <438F3D96.9040802@unitedmessaging.com> <438F4035.3020902@sci.fi> Message-ID: <438F4313.30607@unitedmessaging.com> Mike Jackson wrote: > I searched all over their site trying to find the source code, but no > cigar. Binary downloads were downloadable for free. I imagine this was just the announcement, and the release will come sometime later. > Between FDS (which seems to be improving more steadily than Sun's DS), ... > > When it comes to first impressions, the sun ds has fedora beat hands > down. What I'm talking about is the very slick GUI installer. Of > course, old pros will still want to use the silent install, which is > found in sun and fedora ds, but for newbies, I think they will > definitely choose the sun ds for it's installer. That is, unless we do > something about it. Competition is _always_ a good thing. Look how > many long requested features suddenly started popping up in OpenLDAP > during the past year :-) I've always used the command line installer for both (I'm generally not sitting at or near the server I'm installing it on) so can't speak to the gui, and I'm more worried about how it works after the install :) The Sun DS replication in 5.2 seems a little more stable and easy to set up than 5.1 and below (which is what FDS is based on), but the improved Console via apache, as well as increased number of password encryption schemes and just the fact that the community is working to improve/bug fix FDS is really nice (Sun DS hasn't changed in quite a while). - Jeff From rmeggins at redhat.com Thu Dec 1 18:41:36 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 11:41:36 -0700 Subject: [Fedora-directory-users] Calendar server In-Reply-To: <438F4313.30607@unitedmessaging.com> References: <438F3D96.9040802@unitedmessaging.com> <438F4035.3020902@sci.fi> <438F4313.30607@unitedmessaging.com> Message-ID: <438F43E0.3060507@redhat.com> Jeff Clowser wrote: > Mike Jackson wrote: > >> I searched all over their site trying to find the source code, but no >> cigar. Binary downloads were downloadable for free. > > > I imagine this was just the announcement, and the release will come > sometime later. > >> Between FDS (which seems to be improving more steadily than Sun's >> DS), ... >> >> When it comes to first impressions, the sun ds has fedora beat hands >> down. What I'm talking about is the very slick GUI installer. Of >> course, old pros will still want to use the silent install, which is >> found in sun and fedora ds, but for newbies, I think they will >> definitely choose the sun ds for it's installer. That is, unless we >> do something about it. Competition is _always_ a good thing. Look how >> many long requested features suddenly started popping up in OpenLDAP >> during the past year :-) > > > I've always used the command line installer for both (I'm generally > not sitting at or near the server I'm installing it on) so can't speak > to the gui, and I'm more worried about how it works after the install > :) The Sun DS replication in 5.2 seems a little more stable and easy > to set up than 5.1 and below (which is what FDS is based on), FDS 1.0 replication is based on Sun DS 5.1. We have also improved the speed and stability independently of Sun since then. > but the improved Console via apache, as well as increased number of > password encryption schemes and just the fact that the community is > working to improve/bug fix FDS is really nice (Sun DS hasn't changed > in quite a while). > > - Jeff > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From kevin_myer at iu13.org Thu Dec 1 18:52:46 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Thu, 1 Dec 2005 13:52:46 -0500 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0 In-Reply-To: <438F3BD6.2040607@redhat.com> References: <438EFCB3.70606@redhat.com> <20051201090721.7n9y9m0yjjb404sg@webapps.iu13.org> <438F0695.9050208@redhat.com> <20051201125310.lt8c1glofg28844k@webapps.iu13.org> <438F3BD6.2040607@redhat.com> Message-ID: <20051201135246.p1ii6d0fxc84ok4k@webapps.iu13.org> Quoting Richard Megginson : >> >> Only issues I've seen so far are organizational charts throw an >> Apache server error (undefined symbol: PL_sv_undef at >> /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line >> 229.), > > What OS and version is this? That error is with RHEL 3, update 5, with most errata applied. Slightly different issue with FC4: Can't load '/opt/fedora-ds/lib/perl/arch/auto/Mozilla/LDAP/API/API.so' for module Mozilla::LDAP::API: libldap50.so: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.6/i386-linux-thread-multi/DynaLoader.pm line 230. > >> and from the Java console, my Administration Domain has disappeared. >> Haven't put a finger on that one yet. > > I think that has to do with some info under o=netscaperoot that's > using 4.0 or 7.0 or 7.1 or 71 instead of 1.0 or 10 e.g. the jar file > names should be ds10.jar instead of ds71.jar. > Try a search like this: > ldapsearch -T -b o=netscaperoot -D "cn=directory manager" -w password > "objectclass=*" | grep 71 > or grep 7.1 or grep 4.0 > All of those will have to be replaced with 10 or 1.0. Aha - I thought it was something like that, but had only changed nsProductVersion and nsBuildNumber values. But I see the admserv70jar references now. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From rmeggins at redhat.com Thu Dec 1 19:01:55 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 12:01:55 -0700 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0 In-Reply-To: <20051201135246.p1ii6d0fxc84ok4k@webapps.iu13.org> References: <438EFCB3.70606@redhat.com> <20051201090721.7n9y9m0yjjb404sg@webapps.iu13.org> <438F0695.9050208@redhat.com> <20051201125310.lt8c1glofg28844k@webapps.iu13.org> <438F3BD6.2040607@redhat.com> <20051201135246.p1ii6d0fxc84ok4k@webapps.iu13.org> Message-ID: <438F48A3.8010702@redhat.com> Kevin M. Myer wrote: > Quoting Richard Megginson : > >>> >>> Only issues I've seen so far are organizational charts throw an >>> Apache server error (undefined symbol: PL_sv_undef at >>> /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line 229.), >> >> >> What OS and version is this? > > > That error is with RHEL 3, update 5, with most errata applied. > > Slightly different issue with FC4: > > Can't load '/opt/fedora-ds/lib/perl/arch/auto/Mozilla/LDAP/API/API.so' > for module Mozilla::LDAP::API: libldap50.so: cannot open shared object > file: No such file or directory at > /usr/lib/perl5/5.8.6/i386-linux-thread-multi/DynaLoader.pm line 230. Ah, because it probably didn't replace the old orgchart .pl scripts and config with the new ones. > >> >>> and from the Java console, my Administration Domain has disappeared. >>> Haven't put a finger on that one yet. >> >> >> I think that has to do with some info under o=netscaperoot that's >> using 4.0 or 7.0 or 7.1 or 71 instead of 1.0 or 10 e.g. the jar file >> names should be ds10.jar instead of ds71.jar. >> Try a search like this: >> ldapsearch -T -b o=netscaperoot -D "cn=directory manager" -w password >> "objectclass=*" | grep 71 >> or grep 7.1 or grep 4.0 >> All of those will have to be replaced with 10 or 1.0. > > > Aha - I thought it was something like that, but had only changed > nsProductVersion and nsBuildNumber values. But I see the admserv70jar > references now. > > Kevin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From brzurom at tycho.ncsc.mil Thu Dec 1 19:18:46 2005 From: brzurom at tycho.ncsc.mil (Brian Zuromski) Date: Thu, 01 Dec 2005 14:18:46 -0500 Subject: [Fedora-directory-users] JAVA_HOME problems after upgrade Message-ID: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> After upgrading I keep getting this when starting the console... ./startconsole -u admin -a http://hostname.domain:10204/ ./startconsole: Unable to find libjava and libjvm in JAVA_HOME. Please ensure that JAVA_HOME is set correctly. It worked in the previous version (7.1) just fine. Are there any dependencies I should be installing? From dshackel at arbor.edu Thu Dec 1 19:30:15 2005 From: dshackel at arbor.edu (Daniel Shackelford) Date: Thu, 01 Dec 2005 14:30:15 -0500 Subject: [Fedora-directory-users] JAVA_HOME Message-ID: <438F4F47.6030108@arbor.edu> I just went and installed FDS 1.0 and it seems to be running fine, but when I try to start the console it is asking about JAVA_HOME. I cannot seem to set it to anything that will satisfy it's need for libjava and libjvm. Any help? -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45 From kevin_myer at iu13.org Thu Dec 1 19:45:25 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Thu, 1 Dec 2005 14:45:25 -0500 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0 In-Reply-To: <438F48A3.8010702@redhat.com> References: <438EFCB3.70606@redhat.com> <20051201090721.7n9y9m0yjjb404sg@webapps.iu13.org> <438F0695.9050208@redhat.com> <20051201125310.lt8c1glofg28844k@webapps.iu13.org> <438F3BD6.2040607@redhat.com> <20051201135246.p1ii6d0fxc84ok4k@webapps.iu13.org> <438F48A3.8010702@redhat.com> Message-ID: <20051201144525.5lknc1iep3404cwk@webapps.iu13.org> Quoting Richard Megginson : > Kevin M. Myer wrote: > >> Quoting Richard Megginson : >> >>>> >>>> Only issues I've seen so far are organizational charts throw an >>>> Apache server error (undefined symbol: PL_sv_undef at >>>> /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line >>>> 229.), >>> >>> >>> What OS and version is this? >> >> >> That error is with RHEL 3, update 5, with most errata applied. >> >> Slightly different issue with FC4: >> >> Can't load >> '/opt/fedora-ds/lib/perl/arch/auto/Mozilla/LDAP/API/API.so' for >> module Mozilla::LDAP::API: libldap50.so: cannot open shared object >> file: No such file or directory at >> /usr/lib/perl5/5.8.6/i386-linux-thread-multi/DynaLoader.pm line 230. > > Ah, because it probably didn't replace the old orgchart .pl scripts > and config with the new ones. I should have been more specific. The EL 3 undefined symbol was the forced upgrade. The FC 4 install is my workstation, which was a brand new install. I resolved the FC 4 issue by adding /opt/fedora-ds/shared/lib to my /etc/ld.so.conf (which I had incidentally already done on my test installation, but forgotten about). So its just the undefined symbol: PL_sv_undef with RHEL 3 that I'm currently seeing. If you think this is of more interest to developers only, I can take the conversation there, off the users list. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From jclowser at unitedmessaging.com Thu Dec 1 19:50:35 2005 From: jclowser at unitedmessaging.com (Jeff Clowser) Date: Thu, 01 Dec 2005 14:50:35 -0500 Subject: [Fedora-directory-users] Calendar server In-Reply-To: <1133461747.26868.62.camel@finch.boston.redhat.com> References: <438F3D96.9040802@unitedmessaging.com> <1133461747.26868.62.camel@finch.boston.redhat.com> Message-ID: <438F540B.4000404@unitedmessaging.com> John Dennis wrote: >We are also keenly interested in a calendar server but I'll confess I'm >confused as to the relationship you envision between FDS and calendar >server based on caldav, could you explain? > > Well, I originally said it was somewhat off topic, and I think I'm going even further off with this message :) It's not that I see caldav creating any kind of relationship between FDS and Calendar. It's more along the lines that I want to deploy a FOSS messaging solution around FDS, based on open standards - something feature wise comparable to Exchange, but using non-proprietary protocols so that I can pick and choose clients (and everyone seems to want integrated mail and calendar groupware). That requires at least a directory server, email server, and calendar server, implementing SMTP, POP, IMAP, LDAP, and something for calendar (caldav). The one piece that is missing in the FOSS world is a true enterprise Calendar server (other than web cals...). The Sun/Netscape calendar server is actually a pretty decent calendar server, but it doesn't support any protocols that there are native clients for. There are some that support webdav, and caldav is close enough to webdav that there seems to be interest extending that support to caldav, which is why the Sun/Netscape cal server with caldav would probably be the best option. (I know Red Hat got the Netscape Calendar server along with the Directory server, but the focus is on building a community around Directory, while Sun is supposedly opening the calendar (and the rest of JES) "very soon now", which is something Red Hat hasn't done to this point). A lot of why calendar is missing from this puzzle is a lack of standards for talking to a calendar server (i.e. it's more than just calendar events - it's finding free busy times, discovery of resources/other cal users, etc). Caldav is the closest thing to a "standard" for this (though I think even caldav is still evolving at this point). Plus, there actually seems to be interest in developing clients to the caldav protocol (Mozilla Sunbird, Evolution, etc) - this is about as close as I've seen in the calendar world to the equivalent of POP or IMAP in the email world. So, it's important that an enterprise calendar solution support caldav or something like it, with native clients that support it (the Sun Outlook plugin is not the right direction - it's still using a proprietary protocol, limiting you wrt native clients - not to mention that it's frustratingly buggy). That said, it would be nice to see: - FDS as the directory server (I could go with Sun DS, but FDS seems to have a much better community and is improving more/faster than Sun DS). - Mail server (take your pick - there are a bunch that can integrate against LDAP). - (Some offshoot of?) Sun Calendar server + caldav, hopefully resulting in lots of Cal clients, like we have lots of POP/IMAP clients to choose from. - (Jabber/XMPP, if you want to add IM) My (somewhat tenuous) linking of this to the topic of FDS is that hopefully we can break out Calendar, that someone will add caldav, and we can talk about integrating that against FDS :) - Jeff From nkinder at redhat.com Thu Dec 1 20:19:21 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 01 Dec 2005 12:19:21 -0800 Subject: [Fedora-directory-users] JAVA_HOME problems after upgrade In-Reply-To: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> References: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> Message-ID: <438F5AC9.8070103@redhat.com> FDS 7.1 included the IBM JVM. FDS 1.0 does not include a JVM. To use Console you need either the 14.2 Sun or IBM JVM on your system with JAVA_HOME set appropriately. -NGK Brian Zuromski wrote: >After upgrading I keep getting this when starting the console... > >./startconsole -u admin -a http://hostname.domain:10204/ > >./startconsole: Unable to find libjava and libjvm in JAVA_HOME. Please >ensure that JAVA_HOME is set correctly. > >It worked in the previous version (7.1) just fine. Are there any >dependencies I should be installing? > > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From jdennis at redhat.com Thu Dec 1 20:27:31 2005 From: jdennis at redhat.com (John Dennis) Date: Thu, 01 Dec 2005 15:27:31 -0500 Subject: [Fedora-directory-users] Calendar server In-Reply-To: <438F540B.4000404@unitedmessaging.com> References: <438F3D96.9040802@unitedmessaging.com> <1133461747.26868.62.camel@finch.boston.redhat.com> <438F540B.4000404@unitedmessaging.com> Message-ID: <1133468851.1283.20.camel@finch.boston.redhat.com> On Thu, 2005-12-01 at 14:50 -0500, Jeff Clowser wrote: > My (somewhat tenuous) linking of this to the topic of FDS is that > hopefully we can break out Calendar, that someone will add caldav, and > we can talk about integrating that against FDS :) O.K. got it. Just wanted to make sure one of us hadn't missed something :-) We very much want to ship an integrated server product aimed at small businesses that has many of the components you mentioned and there is an effort underway internally to make that happen. You are correct that a calendar server is the single largest missing component. Having said that, we did look long and hard at what is available and what is coming along in terms of CalDAV support. You might be surprised to learn a large proportion of simple (i.e. personal or small group) calendaring needs can already be supported with existing clients and servers (e.g. publish/query free/busy, publish/query calendar) typically only requiring a server capable of HTTP 1.1, not a very hard requirement to fulfill. CalDAV adds a some niceties, but not so much its impractical to get along without it. The most complex needs of corporate scheduling do require a complex calendar server, but CalDAV in and of itself offers little in this area. There is additional draft for CalDAV scheduling that is designed to sit on top of CalDAV and provide the more complex scheduling interactions needed for corporate or large group scheduling. But this effort is still immature and it does not seem likely to bear fruit in the near term. The good news is that a large class of users with simple needs can be supported with the existing standards (e.g. iTip, iMip) without a dedicated special purpose server. Is this the best solution? No. Is it viable in the near term? Probably yes. We are going to continue to track calendaring efforts and deploy some solutions in this area. We also may be looking for community involvement in a small business server project. If you have continuing interest in this area and/or think you might like to be involved please let me know. -- John Dennis From dshackel at arbor.edu Thu Dec 1 20:37:29 2005 From: dshackel at arbor.edu (Daniel Shackelford) Date: Thu, 01 Dec 2005 15:37:29 -0500 Subject: [Fedora-directory-users] Re: JAVA_HOME Message-ID: <438F5F09.8090605@arbor.edu> I installed the latest JRE from sun, and pointed to that. Console starts, but hangs at authentication: Exception in thread "main" java.lang.UnsatisfiedLinkError: /opt/fedora-ds/lib/libjss3.so: libnss3.so: cannot op en shared object file: No such file or directory at java.lang.ClassLoader$NativeLibrary.load(Native Method) at java.lang.ClassLoader.loadLibrary0(Unknown Source) at java.lang.ClassLoader.loadLibrary(Unknown Source) at java.lang.Runtime.loadLibrary0(Unknown Source) at java.lang.System.loadLibrary(Unknown Source) at org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1330) at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) at com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown Source) at com.netscape.management.client.comm.HttpsChannel.(Unknown Source) at com.netscape.management.client.comm.HttpManager.createChannel(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.HttpManager.get(Unknown Source) at com.netscape.management.client.console.Console.invoke_task(Unknown Source) at com.netscape.management.client.console.Console.authenticate_user(Unknown Source) at com.netscape.management.client.console.Console.(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) I looked at the libjss3.so and it was not executable. Once I used chmod on it, there does not seem to be an issue. I switched back to the original 7.1 install, so when I started up the console it did not see what it shoudl have due to diffeing versions. -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45 From rmeggins at redhat.com Thu Dec 1 20:39:25 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 13:39:25 -0700 Subject: [Fedora-directory-users] JAVA_HOME problems after upgrade In-Reply-To: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> References: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> Message-ID: <438F5F7D.8030305@redhat.com> Yes. Please see installation prerequisites here - http://directory.fedora.redhat.com/wiki/Install_Guide Brian Zuromski wrote: >After upgrading I keep getting this when starting the console... > >./startconsole -u admin -a http://hostname.domain:10204/ > >./startconsole: Unable to find libjava and libjvm in JAVA_HOME. Please >ensure that JAVA_HOME is set correctly. > >It worked in the previous version (7.1) just fine. Are there any >dependencies I should be installing? > > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Dec 1 20:39:49 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 13:39:49 -0700 Subject: [Fedora-directory-users] JAVA_HOME In-Reply-To: <438F4F47.6030108@arbor.edu> References: <438F4F47.6030108@arbor.edu> Message-ID: <438F5F95.7040400@redhat.com> See here - http://directory.fedora.redhat.com/wiki/Install_Guide Daniel Shackelford wrote: > I just went and installed FDS 1.0 and it seems to be running fine, but > when I try to start the console it is asking about JAVA_HOME. I > cannot seem to set it to anything that will satisfy it's need for > libjava and libjvm. Any help? > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Dec 1 20:45:56 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 13:45:56 -0700 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0 In-Reply-To: <20051201144525.5lknc1iep3404cwk@webapps.iu13.org> References: <438EFCB3.70606@redhat.com> <20051201090721.7n9y9m0yjjb404sg@webapps.iu13.org> <438F0695.9050208@redhat.com> <20051201125310.lt8c1glofg28844k@webapps.iu13.org> <438F3BD6.2040607@redhat.com> <20051201135246.p1ii6d0fxc84ok4k@webapps.iu13.org> <438F48A3.8010702@redhat.com> <20051201144525.5lknc1iep3404cwk@webapps.iu13.org> Message-ID: <438F6104.7010206@redhat.com> Kevin M. Myer wrote: > Quoting Richard Megginson : > >> Kevin M. Myer wrote: >> >>> Quoting Richard Megginson : >>> >>>>> >>>>> Only issues I've seen so far are organizational charts throw an >>>>> Apache server error (undefined symbol: PL_sv_undef at >>>>> /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line >>>>> 229.), >>>> >>>> >>>> >>>> What OS and version is this? >>> >>> >>> >>> That error is with RHEL 3, update 5, with most errata applied. >>> >>> Slightly different issue with FC4: >>> >>> Can't load >>> '/opt/fedora-ds/lib/perl/arch/auto/Mozilla/LDAP/API/API.so' for >>> module Mozilla::LDAP::API: libldap50.so: cannot open shared object >>> file: No such file or directory at >>> /usr/lib/perl5/5.8.6/i386-linux-thread-multi/DynaLoader.pm line 230. >> >> >> Ah, because it probably didn't replace the old orgchart .pl scripts >> and config with the new ones. > > > I should have been more specific. The EL 3 undefined symbol was the > forced upgrade. Take a look at clients/orgchart/bin/org - does it have the bit about setting the LD_LIBRARY_PATH? > The FC 4 install is my workstation, which was a brand new install. I > resolved the FC 4 issue by adding /opt/fedora-ds/shared/lib to my > /etc/ld.so.conf (which I had incidentally already done on my test > installation, but forgotten about). That shouldn't be necessary. See clients/orgchart/bin/org for more details. > > So its just the undefined symbol: PL_sv_undef with RHEL 3 that I'm > currently seeing. If you think this is of more interest to developers > only, I can take the conversation there, off the users list. > > Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From kevin_myer at iu13.org Thu Dec 1 20:51:44 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Thu, 1 Dec 2005 15:51:44 -0500 Subject: [Fedora-directory-users] JAVA_HOME problems after upgrade In-Reply-To: <438F5AC9.8070103@redhat.com> References: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> <438F5AC9.8070103@redhat.com> Message-ID: <20051201155144.fteoj5wlnocg00o8@webapps.iu13.org> Quoting Nathan Kinder : > FDS 7.1 included the IBM JVM. FDS 1.0 does not include a JVM. To > use Console you need either the 14.2 Sun or IBM JVM on your system > with JAVA_HOME set appropriately. > > -NGK A suggestion - since Red Hat packages and distributes RHEL with Java RPMs from IBM, and since jpackage-utils puts some nice reasonable defaults in /etc/java/java.conf for Java variables, and since Red Hat now has a directory server that uses Java for management, how about modifying startconsole to check /etc/java/java.conf first? :) The following should hold true: LIBJAVA_DIR=JAVA_LIBDIR LIBJVM_DIR=JAVA_JVMDIR The startconsole script didn't work for me to automatically detect LIB{JAVA,JVM}_DIR, based on the output of find/sed, so I just hardcoded to the above, which is what they would have ended up as anyway. But after just digging a little bit, the reason appears to be that "find /usr/lib/jvm/java -name 'libjvm.s[ol]'" returns nothing. But: cd $JAVA_HOME (or /usr/lib/jvm/java) find . -name 'libjvm.s[ol]' returns ./bin/classic/libjvm.so or probably better, find $JAVA_HOME/ -name libjava\.s[ol] works too, so I think the trailing slash after JAVA_HOME is needed. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From rmeggins at redhat.com Thu Dec 1 21:18:47 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Dec 2005 14:18:47 -0700 Subject: [Fedora-directory-users] JAVA_HOME problems after upgrade In-Reply-To: <20051201155144.fteoj5wlnocg00o8@webapps.iu13.org> References: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> <438F5AC9.8070103@redhat.com> <20051201155144.fteoj5wlnocg00o8@webapps.iu13.org> Message-ID: <438F68B7.40705@redhat.com> Sounds good. Will this work on Fedora Core or other linux distros? Kevin M. Myer wrote: > Quoting Nathan Kinder : > >> FDS 7.1 included the IBM JVM. FDS 1.0 does not include a JVM. To >> use Console you need either the 14.2 Sun or IBM JVM on your system >> with JAVA_HOME set appropriately. >> >> -NGK > > > A suggestion - since Red Hat packages and distributes RHEL with Java > RPMs from IBM, and since jpackage-utils puts some nice reasonable > defaults in /etc/java/java.conf for Java variables, and since Red Hat > now has a directory server that uses Java for management, how about > modifying startconsole to check /etc/java/java.conf first? :) > > The following should hold true: > LIBJAVA_DIR=JAVA_LIBDIR > LIBJVM_DIR=JAVA_JVMDIR > > The startconsole script didn't work for me to automatically detect > LIB{JAVA,JVM}_DIR, based on the output of find/sed, so I just > hardcoded to the above, which is what they would have ended up as > anyway. But after just digging a little bit, the reason appears to be > that "find /usr/lib/jvm/java -name 'libjvm.s[ol]'" returns nothing. > > But: > cd $JAVA_HOME (or /usr/lib/jvm/java) > find . -name 'libjvm.s[ol]' returns ./bin/classic/libjvm.so > > or probably better, > > find $JAVA_HOME/ -name libjava\.s[ol] > > works too, so I think the trailing slash after JAVA_HOME is needed. > > Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From kevin_myer at iu13.org Thu Dec 1 21:40:36 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Thu, 1 Dec 2005 16:40:36 -0500 Subject: [Fedora-directory-users] Calendar server In-Reply-To: <438F540B.4000404@unitedmessaging.com> References: <438F3D96.9040802@unitedmessaging.com> <1133461747.26868.62.camel@finch.boston.redhat.com> <438F540B.4000404@unitedmessaging.com> Message-ID: <20051201164036.sh77jjs8wdq04oo0@webapps.iu13.org> Quoting Jeff Clowser : > It's not that I see caldav creating any kind of relationship between > FDS and Calendar. It's more along the lines that I want to deploy a > FOSS messaging solution around FDS, based on open standards - > something feature wise comparable to Exchange, but using > non-proprietary protocols so that I can pick and choose clients (and > everyone seems to want integrated mail and calendar groupware). That > requires at least a directory server, email server, and calendar > server, implementing SMTP, POP, IMAP, LDAP, and something for > calendar (caldav). The one piece that is missing in the FOSS world > is a true enterprise Calendar server (other than web cals...). I'll put a plug in for a piece of software that might do the trick, depending on your needs. The Horde Project (http://www.horde.org) is an overall framework for web applications. For the most part, the modules developed for it are essentially web-based clients for existing services (for instance IMP is a mature webmail module). It has a calendar module (Kronolith), which moves beyond simply being a web-based calendar client and essentially has elements of being a full-fledged calendar server, at least in development versions. This bug tracks WebDav integration: http://bugs.horde.org/ticket/?id=3032 and there has been thoughts/discussion about CalDAV and GroupDAV. I agree that a FOSS "groupware" solution is much needed, to break the hegemony of the current state of affairs. A calendar server has definitely been the missing link for some time, probably due to a lack of standards. But being able to couple an email server, LDAP server, and calendar server together, to provide non-propietary, open-protocol access to data from any client (fat, web-based, handheld, whatever) opens up a whole new market for FOSS, one that Red Hat has already identified, judging from John's post about a small-business product (the K-12 education market would probably be pretty happy too). Have a preference for one mail server over another? Plug in your preference. Like OpenLDAP over FDS? Use that instead. The point being that control goes back to the user of the software. You have a bunch of blanks that you can fill with the modules of your choice, both server and client side. Want a monolithic fat client? Well, as long as it supports standards well, you could use that. Or a pure web-based client. Or mix and match.. With a calendaring server, I see almost a generic groupware infastructure emerging, for creating groupware solutions, using FOSS, in much the same manner as LAMP/WAMP did as a stack for creating web applications. Maybe its just one of the next layers in the LAMP/WAMP stack - MAC (Mail, Addressbook, Calendar) - not catchy enough though. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From kevin_myer at iu13.org Thu Dec 1 22:21:23 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Thu, 1 Dec 2005 17:21:23 -0500 Subject: [Fedora-directory-users] JAVA_HOME problems after upgrade In-Reply-To: <438F68B7.40705@redhat.com> References: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> <438F5AC9.8070103@redhat.com> <20051201155144.fteoj5wlnocg00o8@webapps.iu13.org> <438F68B7.40705@redhat.com> Message-ID: <20051201172123.e6opmqmvinsw000o@webapps.iu13.org> Quoting Richard Megginson : > Sounds good. Will this work on Fedora Core or other linux distros? I'm not sure how portable it would be with other distros (it should definitely work on FC), but here was what I was thinking: Check /etc/java/java.conf and if it exists try using the values there. Maybe tickle to see if /etc/{redhat,fedora}-release exists first. I'd vote for a "assume nothing but the known distributions/environments where this works approach" (which is to say that if say a /etc/java/java.conf file exists on a Solaris install, don't blindly assume that the values in it are anywhere near or even related to what exists in a Red Hat java.conf file). For binary packages, this probably means including a RPM dependency for jpackage-utils (which in and of itself could still lead to problems, since you could have that installed but have no JRE installed..). The more ways there are to find where the JRE might be (which may amount to figuring out what the clues are on each distro/OS), the lower the bar to entry becomes and Things Just Work. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From del at babel.com.au Fri Dec 2 00:13:58 2005 From: del at babel.com.au (Del) Date: Fri, 02 Dec 2005 11:13:58 +1100 Subject: [Fedora-directory-users] JAVA_HOME problems after upgrade In-Reply-To: <438F5F7D.8030305@redhat.com> References: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> <438F5F7D.8030305@redhat.com> Message-ID: <438F91C6.5020806@babel.com.au> Richard Megginson wrote: > Yes. Please see installation prerequisites here - > http://directory.fedora.redhat.com/wiki/Install_Guide Even with the IBM J2SDK installed and JAVA_HOME set correctly, the lines: if [ ! -f java -a ! -x java ] then echo "$0: The java program is not in your path, or is not executable." exit 1 fi ... in startconsole are always going to fail. What is probably required are: if [ ! -f $JAVA_HOME/bin/java -a ! -x $JAVA_HOME/bin/java ] then echo "$0: The java program is not in your path, or is not executable." exit 1 fi (see line 69 where it runs the correct java binary -- the test for "-f java" is only going to work if the java binary is in the current directory, not in JAVA_HOME/bin where it should be). -- Del From hartmut.woehrle at mail.pcom.de Fri Dec 2 09:36:15 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?utf-8?q?W=C3=B6hrle?=) Date: Fri, 2 Dec 2005 10:36:15 +0100 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <438F2A9D.9080307@boreham.org> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <200512011726.03093.hartmut.woehrle@mail.pcom.de> <438F2A9D.9080307@boreham.org> Message-ID: <200512021036.16127.hartmut.woehrle@mail.pcom.de> Hello dear programmers, one last question to close this question. > This is documented a little in the admin guide: > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2859334 When I read through all these explanations, I realize, that I use the (default) user uid=admin,ou=system from the ApacheDS at the PDC side and connect to this ApacheDS with LDAP connection from the FDS. The ApacheDS itself is a priviliged system service and connects to the PDC without need to login and knowledge of any account. I can ask for information via windows replication or via command line ldaptools. With the command line tools I connect to the ApacheDS and therfore I have to login as uid=admin,ou=system. But when I look at the documentation I realize that the bind ID in the example is uid=sync manager,cn=config and therefore one would asume, that this is the user to connect to at the remote (AD, NT PDC) server. When looking at the way above this makes sense, but there are some remarks missing in the docu and I think it is the main cause for my problem: This user has to exist in the remote server! And that fact isn't mentioned in the docu! So I initialized a password for the uid=admin in the usersync.conf and created the replication agreement with another bind ID I like more (for example uid=winsync,ou=admins). Of course I got errormessages and no connection. In the AD it is no problem, because you can see the problem in the log tool at the AD and create that sync manager. But(!!!) in the NT PDC case it is difficult, because it isn't mentioned anywhere that there exists a LDAP server at the PDC (now I know - thanks to you) and I have to connect to a user at this LDAP server. In addition the log at the PDC is a little poor and doesn't give me any hints about the problem. OK...so I guess (correct me please if I'm wrong).... Solution 1) Use only the uid=admin,ou=system user in the replication tool (in the NT PDC case) with the password initialized from the usersync.con file..... but explain it in the manuals as well (including Picture, please ;) Solution 2) create via ldapcreate the user I want to use (uid=sync manager,ou=system for example) and use this one for the replication agreement...... but explain it in the manuals as well (including Picture, please ;) Maybe I'm completely wrong, but this is what I think I learned from this discussion (correct me please if I'm wrong). And in this case these facts should be added to the manuals, because one of the main arguments for me to introduce the FDS in a Windows - based company at the moment, is to replace the old NT4 PDC or switch from the AD to a more powerfull LDAP server. And the documentation for this service is a little poor - up till now. Thanks Hartmut > > quoting: > > NT4 LDAP Service. This is a special LDAP server application that must be > installed on the primary domain controller for NT4 sync. It is only used > for NT4 and is not needed for Active Directory deployments. The purpose > of the NT4 LDAP Service is to provide a similar view of users and groups > as is available via LDAP from Active Directory. This allows almost all > of the Directory Server Windows Sync code to be the same for both Active > Directory and NT4. > > How it works may give you some better insight: > > NT4, unlike AD, does not support LDAP. It does however have an API > that allows an application running on the PDC to read and write the NTLM > user database. This is called the 'NetXXX api' because many of the > functions have names like 'NetUserEnum()'. > What the NTDS does is to 'reflect' that API as an LDAP > server. It does this using ApacheDS (chosen because it gives us a working > LDAP server that can be quickly customized, and because it will run without > huge testing effort on an old platform like NT4), and a custom ApacheDS > back-end. > The back-end provides a shim between the ApacheDS internal database > interface > and the NetXXX api. It does this using a combination of C++ to talk > directly to the API, and then a swig-generated shim to JNI which in turn is > driven by a simple Java class in the custom back end. > > The top level goal for the NTDS is to 'emulate' AD on NT4. > The idea was to code the winsync part of FDS to speak to > AD alone, and do all the NT4 weirdness on the NT side. > It turns out to be hard/impossible to do that 100% (some schema > is quite different for example). So you will see some 'if (nt4) ... ' > code in FDS winsync, but not a whole lot. -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de From moliveira at rhla.com Fri Dec 2 12:20:44 2005 From: moliveira at rhla.com (=?ISO-8859-1?Q?M=E1rcio_Oliveira?=) Date: Fri, 02 Dec 2005 10:20:44 -0200 Subject: [Fedora-directory-users] Printer Objects Message-ID: <43903C1C.1020604@rhla.com> Hi there! How can I add a printer object in the directory server? I was looking for this type of object in RHDS / FDS schemas but didn't found it... Thanks. MO From hyc at symas.com Fri Dec 2 14:02:33 2005 From: hyc at symas.com (Howard Chu) Date: Fri, 02 Dec 2005 06:02:33 -0800 Subject: [Fedora-directory-users] Advantages of using FDS vs OpenLDAP? Message-ID: <439053F9.6080600@symas.com> Sorry to poke at a moldy old thread, but I think some misconceptions need to be cleared up. > * From: Mike Jackson > * Date: Fri, 08 Jul 2005 23:37:41 +0300 > Fedora Directory Server was called Netscape Directory Server until > just recently. It was the first LDAPv3 server in the world, afaik. > The code was commercially developed and tested for ~8 years and has > been in use in large scale deployments all over the world for a long > time. It has contained features for many years which OpenLDAP project > is just now considering, e.g. multi-master replication, ability to > alter the configuration of the running server via LDAP, in-tree > access control, etc. This "just now considering" is wrong. The OpenLDAP code has supported multi-master replication and in-tree access control since 1999, very shortly after the Project began. The design for dynamic reconfiguration started in-house at Symas in 2002. The point wrt MMR and in-tree access control is that the Project actively discourages their use, not that the features don't exist in OpenLDAP. The debates on the mailing lists going back all those years clearly show that none of this is a new consideration. We simply don't believe that the claimed benefits justify the risk. The point about load-balancing writes is totally specious, and anybody who pushes that factor is just deluded. High availability / SPOF arguments at least have some theoretical basis, but as easily as you can say "we've never had a data conflict problem with MMR" I can say "we've never had an SPOF issue with standby master" and moreover, we can state with 100% certainty no conflicts are in our data. The use of in-tree access controls violates some basic principals of good security design. I.e., good security comes from a top-down policy design. Once you have the design, you need to be able to verify that the deployed rules actually implement that design. With the centralized ACL rules, you can mathematically prove that your deployment matches your policy. With distributed controls that are subject to arbitrary modification, you cannot make any definitive statements about the security state. The key point that people miss in building distributed systems is that you need *centralized* control, while providing *distributed access* to those controls, otherwise manageability goes out the window. > Fedora is not what I would call a "specialized" LDAP server, it's > just a full-featured, standards based, general purpose, high quality > LDAP server. OpenLDAP is, in contrast, very specialized, having a lot > of different types of backends in the recent versions. You can do > some really tricky stuff with OpenLDAP that you can't do with Fedora, > if you need that sort of tricky stuff in your architecture. That's a very interesting way to spin things. OpenLDAP is a full-featured, standards based, general purpose, high quality LDAP server, that happens to include a number of powerful extras. You make it sound like the enhancements in OpenLDAP make it unsuitable for general use, which is untrue, since those enhancements are all modularized features that can be ignored if unneeded. > And the main difference for a new person like yourself is the amount > of available documentation. Fedora is professionally and extensively > documented, whereas OpenLDAP documentation is very scarce and terse. Yes, the OpenLDAP documentation is sparse, and this is a fatal flaw. Yes, what documentation exists is terse, and this is a vital strength. Nobody likes to spend time wading thru docs, and there's nothing gained from saying in 5 sentences what can be stated in only one. Certainly we need to work on expanding the scope of the documentation to cover the numerous holes. But good documentation is concise and to the point, and the docs I've written are precise. There may be a problem with imprecise readers, who skim and skip over things when every single word is crucial, but that's not our fault. I'm not here to attack FDS. I have nothing but respect for the team working on it today. But the fact that OpenLDAP developed under different conditions, with a different philosophy, is just that - philosophical difference. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ From david_list at boreham.org Fri Dec 2 14:13:23 2005 From: david_list at boreham.org (David Boreham) Date: Fri, 02 Dec 2005 07:13:23 -0700 Subject: [Fedora-directory-users] Advantages of using FDS vs OpenLDAP? In-Reply-To: <439053F9.6080600@symas.com> References: <439053F9.6080600@symas.com> Message-ID: <43905683.50109@boreham.org> > This "just now considering" is wrong. The OpenLDAP code has supported > multi-master replication and in-tree access control since 1999, very > shortly after the Project began. Howard, this sounds interesting. I wonder if you would mind pointing me at the MMR code in the source tree ? I've looked for it a few times without success. Thanks. From david_list at boreham.org Fri Dec 2 14:22:21 2005 From: david_list at boreham.org (David Boreham) Date: Fri, 02 Dec 2005 07:22:21 -0700 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <200512021036.16127.hartmut.woehrle@mail.pcom.de> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <200512011726.03093.hartmut.woehrle@mail.pcom.de> <438F2A9D.9080307@boreham.org> <200512021036.16127.hartmut.woehrle@mail.pcom.de> Message-ID: <4390589D.60902@boreham.org> >OK...so I guess (correct me please if I'm wrong).... >Solution 1) >Use only the uid=admin,ou=system user in the replication tool (in the NT PDC >case) with the password initialized from the usersync.con file..... but >explain it in the manuals as well (including Picture, please ;) > > This is what you're supposed to do. And I think you are correct: it's missing from the documentation. That would certainly make it challenging to configure correctly ! On reading the doc on the web site, I also noticed that there are a few missing images there too. From arshad.noor at strongauth.com Fri Dec 2 16:32:32 2005 From: arshad.noor at strongauth.com (Arshad Noor) Date: Fri, 02 Dec 2005 08:32:32 -0800 Subject: [Fedora-directory-users] Advantages of using FDS vs OpenLDAP? In-Reply-To: <439053F9.6080600@symas.com> References: <439053F9.6080600@symas.com> Message-ID: <43907720.7040807@strongauth.com> For what its worth, while I have not worked with OpenLDAP at all, I vigorously support Howard's argument for concise, precise & clear documentation. The state of technical documentation today is pathetic - designed more for people to navigate GUI's than to impart information about how things work. Its reminiscent of cotton candy - a lot more air than content. Another artifact of the Microsoft age.... Arshad Noor StrongAuth, Inc. Howard Chu wrote: > Yes, the OpenLDAP documentation is sparse, and this is a fatal flaw. > Yes, what documentation exists is terse, and this is a vital strength. > Nobody likes to spend time wading thru docs, and there's nothing gained > from saying in 5 sentences what can be stated in only one. Certainly we > need to work on expanding the scope of the documentation to cover the > numerous holes. But good documentation is concise and to the point, and > the docs I've written are precise. There may be a problem with imprecise > readers, who skim and skip over things when every single word is > crucial, but that's not our fault. > From rmeggins at redhat.com Fri Dec 2 17:55:35 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 02 Dec 2005 10:55:35 -0700 Subject: [Fedora-directory-users] Printer Objects In-Reply-To: <43903C1C.1020604@rhla.com> References: <43903C1C.1020604@rhla.com> Message-ID: <43908A97.3030003@redhat.com> M?rcio Oliveira wrote: > Hi there! > > How can I add a printer object in the directory server? I was > looking for this type of object in RHDS / FDS schemas but didn't found > it... We don't have any printer schema included with the server. I suggest a google search for LDAP printer schema or something like that. > > Thanks. > > MO > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Dec 2 18:09:36 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 02 Dec 2005 11:09:36 -0700 Subject: [Fedora-directory-users] JAVA_HOME problems after upgrade In-Reply-To: <438F91C6.5020806@babel.com.au> References: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> <438F5F7D.8030305@redhat.com> <438F91C6.5020806@babel.com.au> Message-ID: <43908DE0.2050505@redhat.com> Thanks Del - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174843 Del wrote: > Richard Megginson wrote: > >> Yes. Please see installation prerequisites here - >> http://directory.fedora.redhat.com/wiki/Install_Guide > > > Even with the IBM J2SDK installed and JAVA_HOME set correctly, > the lines: > > if [ ! -f java -a ! -x java ] > then > echo "$0: The java program is not in your path, or is not executable." > exit 1 > fi > > ... in startconsole are always going to fail. What is probably required > are: > > if [ ! -f $JAVA_HOME/bin/java -a ! -x $JAVA_HOME/bin/java ] > then > echo "$0: The java program is not in your path, or is not executable." > exit 1 > fi > > (see line 69 where it runs the correct java binary -- the test for "-f > java" > is only going to work if the java binary is in the current directory, not > in JAVA_HOME/bin where it should be). > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Dec 2 18:11:31 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 02 Dec 2005 11:11:31 -0700 Subject: [Fedora-directory-users] JAVA_HOME problems after upgrade In-Reply-To: <20051201172123.e6opmqmvinsw000o@webapps.iu13.org> References: <1133464726.5660.3.camel@MOSS-TAUTOG.tycho.ncsc.mil> <438F5AC9.8070103@redhat.com> <20051201155144.fteoj5wlnocg00o8@webapps.iu13.org> <438F68B7.40705@redhat.com> <20051201172123.e6opmqmvinsw000o@webapps.iu13.org> Message-ID: <43908E53.8000607@redhat.com> Thanks Kevin - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174844 Kevin M. Myer wrote: > Quoting Richard Megginson : > >> Sounds good. Will this work on Fedora Core or other linux distros? > > > I'm not sure how portable it would be with other distros (it should > definitely work on FC), but here was what I was thinking: > > Check /etc/java/java.conf and if it exists try using the values > there. Maybe tickle to see if /etc/{redhat,fedora}-release exists > first. I'd vote for a "assume nothing but the known > distributions/environments where this works approach" (which is to say > that if say a /etc/java/java.conf file exists on a Solaris install, > don't blindly assume that the values in it are anywhere near or even > related to what exists in a Red Hat java.conf file). For binary > packages, this probably means including a RPM dependency for > jpackage-utils (which in and of itself could still lead to problems, > since you could have that installed but have no JRE installed..). > > The more ways there are to find where the JRE might be (which may > amount to figuring out what the clues are on each distro/OS), the > lower the bar to entry becomes and Things Just Work. > > Kevin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From hyc at symas.com Fri Dec 2 18:39:25 2005 From: hyc at symas.com (Howard Chu) Date: Fri, 02 Dec 2005 10:39:25 -0800 Subject: [Fedora-directory-users] Re: Fedora-directory-users Digest, Vol 7, Issue 6 In-Reply-To: <20051202170004.AA4867369A@hormel.redhat.com> References: <20051202170004.AA4867369A@hormel.redhat.com> Message-ID: <439094DD.20007@symas.com> > > From: David Boreham >> > This "just now considering" is wrong. The OpenLDAP code has supported >> > multi-master replication and in-tree access control since 1999, very >> > shortly after the Project began. >> > > Howard, this sounds interesting. I wonder if you would mind pointing me > at the MMR code > in the source tree ? I've looked for it a few times without success. > It's easy to miss - check for SLAPD_MULTIMASTER in the code. The configure switch to enable it was removed a long time ago, so you need to manually #define it. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ From rmeggins at redhat.com Fri Dec 2 18:50:24 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 02 Dec 2005 11:50:24 -0700 Subject: [Fedora-directory-users] Creating Replication Agreements at the Command Line (again) In-Reply-To: <438ED18F.7070106@babel.com.au> References: <438EB796.4050602@babel.com.au> <438ED18F.7070106@babel.com.au> Message-ID: <43909770.3090006@redhat.com> Thanks Del - http://directory.fedora.redhat.com/wiki/Howto:MultiMasterReplication#Requirements Hopefully Mike can update his script soon, but the patch should work in the meantime. Del wrote: > Del wrote: > >> >> I am trying to set up a two-master replica using this script: >> >> http://directory.fedora.redhat.com/wiki/Howto:MultiMasterReplication >> >> It creates the necessary replication objects, and then continually >> reports the following error message in the log files: >> >> [01/Dec/2005:18:55:04 +1100] NSMMReplicationPlugin - >> agmt="cn="Replication to fc3-dbw-2.babel.office"" (fc3-dbw-2:389): >> Replication bind to cn=repman,cn=config on consumer failed: 32 () > > > The bug in the script can be fixed by applying this patch: > > -- > > --- mmr.pl.old 2005-11-20 10:32:33.000000000 +1100 > +++ mmr.pl 2005-12-01 21:20:19.000000000 +1100 > @@ -52,8 +52,8 @@ > config_supplier($host2, $host2_id, $repmanpw); > > # add replication agreements > -add_rep_agreement($host1, $host2); > -add_rep_agreement($host2, $host1); > +add_rep_agreement($host1, $host2, $repmanpw); > +add_rep_agreement($host2, $host1, $repmanpw); > > # initialize host2 from host1 > initialize($host1, $host2); > @@ -133,7 +133,7 @@ > > sub add_rep_agreement > { > - my ($from, $to) = @_; > + my ($from, $to, $repmanpw) = @_; > > my $ldap = Net::LDAP->new($from) or die "$@"; > $ldap->bind($binddn, password => $bindpw, version => 3); > @@ -149,7 +149,7 @@ > nsDS5ReplicaPort => 389, > nsDS5ReplicaBindDN => "cn=repman,cn=config", > nsDS5ReplicaBindMethod => "simple", > - nsDS5ReplicaCredentials => "repman", > + nsDS5ReplicaCredentials => $repmanpw, > nsDS5ReplicaUpdateSchedule => "0000-2359 0123456", > nsDS5ReplicaTimeOut => 120, > ] > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Fri Dec 2 20:39:20 2005 From: craigwhite at azapple.com (Craig White) Date: Fri, 02 Dec 2005 13:39:20 -0700 Subject: [Fedora-directory-users] samba & openldap Message-ID: <1133555960.30372.60.camel@lin-workstation.azapple.com> Newbie alert !!! Are there any docs regarding... 1 - samba integration with Fedora-DS or even NsDS? 2 - documents that discuss converting openldap ldif with specific attributes/objectclasses for openldap to fedora-ds? Utilities? as those in the know would already know, an import of my slapcat from openldap met with a rousing thud and it didn't take me long to figure out why. Craig From rmeggins at redhat.com Fri Dec 2 20:59:46 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 02 Dec 2005 13:59:46 -0700 Subject: [Fedora-directory-users] samba & openldap In-Reply-To: <1133555960.30372.60.camel@lin-workstation.azapple.com> References: <1133555960.30372.60.camel@lin-workstation.azapple.com> Message-ID: <4390B5C2.9070809@redhat.com> Craig White wrote: >Newbie alert !!! > >Are there any docs regarding... > >1 - samba integration with Fedora-DS or even NsDS? > > http://directory.fedora.redhat.com/wiki/Howto:Samba >2 - documents that discuss converting openldap ldif with specific >attributes/objectclasses for openldap to fedora-ds? Utilities? > > http://directory.fedora.redhat.com/wiki/Howto:OpenLDAPMigration >as those in the know would already know, an import of my slapcat from >openldap met with a rousing thud and it didn't take me long to figure >out why. > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Fri Dec 2 21:48:40 2005 From: craigwhite at azapple.com (Craig White) Date: Fri, 02 Dec 2005 14:48:40 -0700 Subject: [Fedora-directory-users] samba & openldap In-Reply-To: <4390B5C2.9070809@redhat.com> References: <1133555960.30372.60.camel@lin-workstation.azapple.com> <4390B5C2.9070809@redhat.com> Message-ID: <1133560120.30372.75.camel@lin-workstation.azapple.com> On Fri, 2005-12-02 at 13:59 -0700, Richard Megginson wrote: > Craig White wrote: > > >Newbie alert !!! > > > >Are there any docs regarding... > > > >1 - samba integration with Fedora-DS or even NsDS? > > > > > http://directory.fedora.redhat.com/wiki/Howto:Samba > > >2 - documents that discuss converting openldap ldif with specific > >attributes/objectclasses for openldap to fedora-ds? Utilities? > > > > > http://directory.fedora.redhat.com/wiki/Howto:OpenLDAPMigration > > >as those in the know would already know, an import of my slapcat from > >openldap met with a rousing thud and it didn't take me long to figure > >out why. > > ---- thanks - I was still stuck on the documentation pages and hadn't gotten over to the wiki yet. The wiki pages you cited seem to be most everything I needed. Craig From blizzard at redhat.com Sat Dec 3 15:55:42 2005 From: blizzard at redhat.com (Christopher Blizzard) Date: Sat, 03 Dec 2005 10:55:42 -0500 Subject: [Fedora-directory-users] Advantages of using FDS vs OpenLDAP? In-Reply-To: <43907720.7040807@strongauth.com> References: <439053F9.6080600@symas.com> <43907720.7040807@strongauth.com> Message-ID: <1133625342.7534.5.camel@mobile2> The documentation that we have available covers both "how to navigate [with the] GUI" and "how things work." All the way from an overview of how to build your LDAP tree down to a reference of the internal config settings that drive the directory server. I suspect that you're saying that you prefer documents that are low level descriptions of how the system works, and we do have those. But you're not the only market. There's a fair number of ways that people tend to directory servers. --Chris On Fri, 2005-12-02 at 08:32 -0800, Arshad Noor wrote: > For what its worth, while I have not worked with OpenLDAP at all, I > vigorously support Howard's argument for concise, precise & clear > documentation. The state of technical documentation today is > pathetic - designed more for people to navigate GUI's than to impart > information about how things work. Its reminiscent of cotton candy > - a lot more air than content. Another artifact of the Microsoft > age.... > > Arshad Noor > StrongAuth, Inc. > > > Howard Chu wrote: > > > Yes, the OpenLDAP documentation is sparse, and this is a fatal flaw. > > Yes, what documentation exists is terse, and this is a vital strength. > > Nobody likes to spend time wading thru docs, and there's nothing gained > > from saying in 5 sentences what can be stated in only one. Certainly we > > need to work on expanding the scope of the documentation to cover the > > numerous holes. But good documentation is concise and to the point, and > > the docs I've written are precise. There may be a problem with imprecise > > readers, who skim and skip over things when every single word is > > crucial, but that's not our fault. > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From jon.jahren at gmail.com Sat Dec 3 15:37:12 2005 From: jon.jahren at gmail.com (Jon Jahren) Date: Sat, 03 Dec 2005 16:37:12 +0100 Subject: [Fedora-directory-users] jre1.5 and other "bugs" In-Reply-To: References: Message-ID: <1133624232.3574.0.camel@localhost.localdomain> Hi I've been trying to get the directory server v1.0 working all day. First my problem was that jre1.5 wasn't working right, it would just hang with the splash screen telling me to log in, and no window to enter username and password. I'd like to help troubleshoot it, but I do not know what logs to look at and whatnot. This is on a system running a SMP kernel, however, it didn't work in a regular kernel either. That's my first question, where are the logs, or what debugging tools could I use for this job? Then there's this: I replaced jre1.5 with j2re1.4 and it started "normally", which means that I at least got to the login screen, but it gave me an error that claimed the server hadn't started. And I had indeed ran ./setup/setup and chosen what I thought to be correct values. However, I had used the hostname that I regularly use, Embla, as a hostname, and I had gotten this message when the script finished: "Fatal Slapd The required field AdminDomain is not present in the install info file. ERROR: missing data from answer cache" I reran the script, and this time I didn't use Embla for a hostname. That got me a bit further, because I was given these messages, that I didn't get before: "[slapd-localhost]: [03/Dec/2005:15:05:21 +0100] - slapd started. Listening on All Interfaces port 389 for LDAP requests NMC_Status: 0 NMC_Description: Success! The server has been started. Can't open /opt/fedora-ds/bin/slapd/admin/scripts/template-migrateTo4: No such file or directory Start Slapd Starting Slapd server reconfiguration. Info Slapd No old nsperl references found" After I got that message, I was still getting no server running, after running start-admin. So I stopped it, using stop-admin and then stopped slapd with stop-slapd, I started slapd and then start-admin, and now it works! I can log in and everything. Now to my question: Are these bugs that should be reported, or are they merely user errors? And how can I set it to use my hostname Embla? Thanks in advance Jon From nkinder at redhat.com Sat Dec 3 16:56:45 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Sat, 03 Dec 2005 08:56:45 -0800 Subject: [Fedora-directory-users] jre1.5 and other "bugs" In-Reply-To: <1133624232.3574.0.camel@localhost.localdomain> References: <1133624232.3574.0.camel@localhost.localdomain> Message-ID: <4391CE4D.1030609@redhat.com> Jon Jahren wrote: >Hi >I've been trying to get the directory server v1.0 working all day. >First my problem was that jre1.5 wasn't working right, it would just >hang with the splash screen telling me to log in, and no window to enter >username and password. I'd like to help troubleshoot it, but I do not >know what logs to look at and whatnot. This is on a system running a SMP >kernel, however, it didn't work in a regular kernel either. >That's my first question, where are the logs, or what debugging tools >could I use for this job? > > This is a window focus issue. Run startconsole with the "-xnologo" option. This will not display the splash screen, and you will see the login dialog that was hidden behind it. For troubleshooting Console, you can run it with the "-D" option. This will output debug messages to stdout. >Then there's this: >I replaced jre1.5 with j2re1.4 and it started "normally", which means >that I at least got to the login screen, but it gave me an error that >claimed the server hadn't started. And I had indeed ran ./setup/setup >and chosen what I thought to be correct values. >However, I had used the hostname that I regularly use, Embla, as a >hostname, and I had gotten this message when the script finished: >"Fatal Slapd The required field AdminDomain is not present in the >install info file. >ERROR: missing data from answer cache" > >I reran the script, and this time I didn't use Embla for a hostname. >That got me a bit further, because I was given these messages, that I >didn't get before: >"[slapd-localhost]: [03/Dec/2005:15:05:21 +0100] - slapd started. >Listening on All Interfaces port 389 for LDAP requests > >NMC_Status: 0 >NMC_Description: Success! The server has been started. > >Can't open /opt/fedora-ds/bin/slapd/admin/scripts/template-migrateTo4: >No such file or directory >Start Slapd Starting Slapd server reconfiguration. >Info Slapd No old nsperl references found" > >After I got that message, I was still getting no server running, after >running start-admin. >So I stopped it, using stop-admin and then stopped slapd with >stop-slapd, I started slapd and then start-admin, and now it works! I >can log in and everything. >Now to my question: Are these bugs that should be reported, or are they >merely user errors? And how can I set it to use my hostname Embla? > > You should make sure that both forward and reverse lookup work for this hostname. Also ensure that domainname returns the correcct domain name of your box. -NGK >Thanks in advance >Jon > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From hartmut.woehrle at mail.pcom.de Sat Dec 3 18:59:17 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?iso-8859-1?q?W=F6hrle?=) Date: Sat, 3 Dec 2005 19:59:17 +0100 Subject: [Fedora-directory-users] Call for a replication project Message-ID: <200512031959.17568.hartmut.woehrle@mail.pcom.de> Hello everybody. I'd like to start a discussion about extending the replication possibilities of FDS, because from my problem with NT synchronization, I got some ideas.... ;) What I learned from the Winsync tool is the following: FDS connects via LDAP to the JAVA based ApacheDS on the Windows PDC. So in fact it is a connection between two LDAP directories. Next it connects to the NT database via an API service-to-service connect and gets the needed data to synchronize users to the FDS. So why not extending this way of getting data from a non-LDAP system to the FDS, for example a database. The technique I have in mind would go the following way (same as Winsync): FDS --> ApacheDS --> connector to the service and the data back. So the connection FDS to ApacheDS is standart ldap/ldaps. What's needed is a plug for the connector. Then the connector could be programmed in any way: - script to read out a perl script and change values to LDAP schemas - call a programm with parameters (database SELECT, or cyrusadm with params) - something like an API or socket connect In my case I'm thinking about a connection with a SAP HR database, which exports the data in an IDOC format (flat file). So first I had in mind to scp this file to the FDS server, rewrite it in a LDIF format and read it in by ldapmodify. But using the way above would look the following way: A connector rewrites the IDOC format to LDIF and hands it over to the ApacheDS, which sends it (like the Winsync) to the FDS. The advantage from this method is the ldaps connection that I can use for transmit, instead of scp or sftp. The other advantage is, that the ApacheDS is based on JAVA, so could easier be ported to other systems. Then the only OS-dependent part is the connector. And this one could be programmed for every needed case. What do you think about this - or is there any need for something like this? CU Hartmut -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de From arshad.noor at strongauth.com Sat Dec 3 19:24:08 2005 From: arshad.noor at strongauth.com (Arshad Noor) Date: Sat, 03 Dec 2005 11:24:08 -0800 Subject: [Fedora-directory-users] Advantages of using FDS vs OpenLDAP? In-Reply-To: <1133625342.7534.5.camel@mobile2> References: <439053F9.6080600@symas.com> <43907720.7040807@strongauth.com> <1133625342.7534.5.camel@mobile2> Message-ID: <4391F0D8.2020005@strongauth.com> Chris, I don't deny that people need to know how to navigate through tasks. What I neglected to add to my e-mail, is that "navigation knowledge" is better learned from "flash" type clips, rather than through dozens of pages of text and still-graphics. Perhaps what is needed is a standard for how documentation is produced to make it easier for users to learn from - something along the lines of: - A concepts and architecture document - An installation clip - Tutorial clips - Task oriented clips I'm just bemoaning the fact that as technology becomes increasingly complex, the level of documentation has correspondingly risen. The quality of such documentation, however, has declined; there isn't a single reason one can blame, but interspersion of concepts & tasks in documents is one factor. By separating them & using appropriate media, perhaps we might address some of these shortcomings as an industry. Arshad Noor StrongAuth, Inc. Christopher Blizzard wrote: > The documentation that we have available covers both "how to navigate > [with the] GUI" and "how things work." All the way from an overview of > how to build your LDAP tree down to a reference of the internal config > settings that drive the directory server. > > I suspect that you're saying that you prefer documents that are low > level descriptions of how the system works, and we do have those. But > you're not the only market. There's a fair number of ways that people > tend to directory servers. > > --Chris > > On Fri, 2005-12-02 at 08:32 -0800, Arshad Noor wrote: > >>For what its worth, while I have not worked with OpenLDAP at all, I >>vigorously support Howard's argument for concise, precise & clear >>documentation. The state of technical documentation today is >>pathetic - designed more for people to navigate GUI's than to impart >>information about how things work. Its reminiscent of cotton candy >>- a lot more air than content. Another artifact of the Microsoft >>age.... >> >>Arshad Noor >>StrongAuth, Inc. >> >> >>Howard Chu wrote: >> >> >>>Yes, the OpenLDAP documentation is sparse, and this is a fatal flaw. >>>Yes, what documentation exists is terse, and this is a vital strength. >>>Nobody likes to spend time wading thru docs, and there's nothing gained >>>from saying in 5 sentences what can be stated in only one. Certainly we >>>need to work on expanding the scope of the documentation to cover the >>>numerous holes. But good documentation is concise and to the point, and >>>the docs I've written are precise. There may be a problem with imprecise >>>readers, who skim and skip over things when every single word is >>>crucial, but that's not our fault. >>> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From craigwhite at azapple.com Sat Dec 3 19:29:16 2005 From: craigwhite at azapple.com (Craig White) Date: Sat, 03 Dec 2005 12:29:16 -0700 Subject: [Fedora-directory-users] a little bit of samba confusion Message-ID: <1133638156.2430.8.camel@lin-workstation.azapple.com> First, imported nearly my entire openldap structure...but couldn't import this record dn: sambaDomainName=AZAPPLE,dc=azapple,dc=com objectClass: sambaDomain sambaDomainName: AZAPPLE sambaSID: S-1-5-21-1423820788-2381578139-3444021595 sambaAlgorithmicRidBase: 1000 Easy enough to recreate in console but didn't understand the error... [03/Dec/2005:11:24:28 -0700] - Entry "sambaDomainName=AZAPPLE,dc=azapple,dc=com" -- attribute "objectClass" not allowed when I added it to the console, it added top & organizationUnit objectclasses...are these required? Second, console application - when you go to the properties of a 'user', there seems to be templates for 'user-languages-ntuser-posixuser- account' but nothing for samba. Is there a samba template? Craig From craigwhite at azapple.com Sat Dec 3 20:35:02 2005 From: craigwhite at azapple.com (Craig White) Date: Sat, 03 Dec 2005 13:35:02 -0700 Subject: [Fedora-directory-users] command line client usage and simple bind Message-ID: <1133642102.2430.23.camel@lin-workstation.azapple.com> If this is too newbie - please ignore (I'm used to openldap and I'm struggling) commands like ldapsearch only seem to work if my cwd is /opt/fedora-ds/shared/bin # cd ~ [root at lin-workstation ~]# ldapsearch ldapsearch: error while loading shared libraries: libldap50.so: cannot open shared object file: No such file or directory anyway, I can cd /opt/fedora-ds/shared/bin but it's a PITA the bigger problem, I wanted to simple bind and cannot do that... # ldapsearch -v -b "ou=people,dc=azapple,dc=com" "(objectclass=*)" gives me everyone in the container (I am obviously going to have to set up ACL's) # ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ -D "cn=Directory Manager,dc=azapple,dc=com" -w - \ "(objectclass=*)" and # ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ -D "cn=admin,dc=azapple,dc=com" -w - \ "(objectclass=*)" both fail with ldapsearch: started Sat Dec 3 13:32:13 2005 ldap_init( localhost, 389 ) ldap_simple_bind: No such object ldap_simple_bind: matched: dc=azapple,dc=com I know it must be something obvious that I am missing but I have tried and tried with no success - is simple bind not permitted by default? Craig From rmeggins at redhat.com Sat Dec 3 21:00:52 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Sat, 03 Dec 2005 14:00:52 -0700 Subject: [Fedora-directory-users] command line client usage and simple bind In-Reply-To: <1133642102.2430.23.camel@lin-workstation.azapple.com> References: <1133642102.2430.23.camel@lin-workstation.azapple.com> Message-ID: <43920784.50004@redhat.com> Craig White wrote: >If this is too newbie - please ignore (I'm used to openldap and I'm >struggling) > >commands like ldapsearch only seem to work if my cwd is >/opt/fedora-ds/shared/bin ># cd ~ >[root at lin-workstation ~]# ldapsearch >ldapsearch: error while loading shared libraries: libldap50.so: cannot >open shared object file: No such file or directory > > Yep. You can either set your PATH to have /opt/fedora-ds/shared/bin before /usr/bin and set LD_LIBRARY_PATH to contain /opt/fedora-ds/shared/lib, or just use the ldapsearch in your PATH (/usr/bin) which is the OpenLDAP version. >anyway, I can cd /opt/fedora-ds/shared/bin but it's a PITA > >the bigger problem, I wanted to simple bind and cannot do that... > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" "(objectclass=*)" > >gives me everyone in the container (I am obviously going to have to set >up ACL's) > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ >-D "cn=Directory Manager,dc=azapple,dc=com" -w - \ >"(objectclass=*)" > >and > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ >-D "cn=admin,dc=azapple,dc=com" -w - \ >"(objectclass=*)" > >both fail with > >ldapsearch: started Sat Dec 3 13:32:13 2005 > >ldap_init( localhost, 389 ) >ldap_simple_bind: No such object >ldap_simple_bind: matched: dc=azapple,dc=com > >I know it must be something obvious that I am missing but I have tried >and tried with no success - is simple bind not permitted by default? > > That's not it. In Fedora DS, the directory manager is not a 'real' entry - it's just a DN and a password. So yours is probably just "cn=directory manager" not "cn=directory manager,dc=azapple,dc=com". I think in OpenLDAP they have a per-database or per-naming context directory manager - not so in Fedora DS. Also, the console admin user is usually somewhere under o=netscaperoot, like uid=admin,cn=administrators,cn=topology management,o=netscaperoot. >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Sat Dec 3 21:38:15 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Sat, 03 Dec 2005 14:38:15 -0700 Subject: [Fedora-directory-users] a little bit of samba confusion In-Reply-To: <1133638156.2430.8.camel@lin-workstation.azapple.com> References: <1133638156.2430.8.camel@lin-workstation.azapple.com> Message-ID: <43921047.7080203@redhat.com> Craig White wrote: >First, imported nearly my entire openldap structure...but couldn't >import this record > >dn: sambaDomainName=AZAPPLE,dc=azapple,dc=com >objectClass: sambaDomain >sambaDomainName: AZAPPLE >sambaSID: S-1-5-21-1423820788-2381578139-3444021595 >sambaAlgorithmicRidBase: 1000 > >Easy enough to recreate in console but didn't understand the error... >[03/Dec/2005:11:24:28 -0700] - Entry >"sambaDomainName=AZAPPLE,dc=azapple,dc=com" -- attribute "objectClass" >not allowed > >when I added it to the console, it added top & organizationUnit >objectclasses...are these required? > > I guess if you add the entry over LDAP, it automatically adds the missing superior objectclasses, but not with import. > >Second, console application - when you go to the properties of a 'user', >there seems to be templates for 'user-languages-ntuser-posixuser- >account' but nothing for samba. Is there a samba template? > > No, but we'll probably have one in an upcoming release. >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Sat Dec 3 22:08:29 2005 From: craigwhite at azapple.com (Craig White) Date: Sat, 03 Dec 2005 15:08:29 -0700 Subject: [Fedora-directory-users] command line client usage and simple bind In-Reply-To: <43920784.50004@redhat.com> References: <1133642102.2430.23.camel@lin-workstation.azapple.com> <43920784.50004@redhat.com> Message-ID: <1133647709.2430.41.camel@lin-workstation.azapple.com> On Sat, 2005-12-03 at 14:00 -0700, Richard Megginson wrote: > Craig White wrote: > > >If this is too newbie - please ignore (I'm used to openldap and I'm > >struggling) > > > >commands like ldapsearch only seem to work if my cwd is > >/opt/fedora-ds/shared/bin > ># cd ~ > >[root at lin-workstation ~]# ldapsearch > >ldapsearch: error while loading shared libraries: libldap50.so: cannot > >open shared object file: No such file or directory > > > > > Yep. You can either set your PATH to have /opt/fedora-ds/shared/bin > before /usr/bin and set LD_LIBRARY_PATH to contain > /opt/fedora-ds/shared/lib, or just use the ldapsearch in your PATH > (/usr/bin) which is the OpenLDAP version. ---- I did PATH /opt/fedora-ds/shared/bin but I didn't set LD_LIBRARY_PATH which was my problem. Also, I had removed the openldap-clients package previous to install fedora-ds and just reinstalled it since I pretty much am comfortable with the syntax of that client (subtle differences) ---- > >anyway, I can cd /opt/fedora-ds/shared/bin but it's a PITA > > > >the bigger problem, I wanted to simple bind and cannot do that... > > > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" "(objectclass=*)" > > > >gives me everyone in the container (I am obviously going to have to set > >up ACL's) > > > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ > >-D "cn=Directory Manager,dc=azapple,dc=com" -w - \ > >"(objectclass=*)" > > > >and > > > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ > >-D "cn=admin,dc=azapple,dc=com" -w - \ > >"(objectclass=*)" > > > >both fail with > > > >ldapsearch: started Sat Dec 3 13:32:13 2005 > > > >ldap_init( localhost, 389 ) > >ldap_simple_bind: No such object > >ldap_simple_bind: matched: dc=azapple,dc=com > > > >I know it must be something obvious that I am missing but I have tried > >and tried with no success - is simple bind not permitted by default? > > > > > That's not it. In Fedora DS, the directory manager is not a 'real' > entry - it's just a DN and a password. So yours is probably just > "cn=directory manager" not "cn=directory manager,dc=azapple,dc=com". I > think in OpenLDAP they have a per-database or per-naming context > directory manager - not so in Fedora DS. > > Also, the console admin user is usually somewhere under o=netscaperoot, > like uid=admin,cn=administrators,cn=topology management,o=netscaperoot. ---- great explanation - got it - it works as you said. I've made a bunch of progress with your help - thanks Craig From craigwhite at azapple.com Sun Dec 4 05:28:13 2005 From: craigwhite at azapple.com (Craig White) Date: Sat, 03 Dec 2005 22:28:13 -0700 Subject: [Fedora-directory-users] a little bit of samba confusion In-Reply-To: <43921047.7080203@redhat.com> References: <1133638156.2430.8.camel@lin-workstation.azapple.com> <43921047.7080203@redhat.com> Message-ID: <1133674093.2430.61.camel@lin-workstation.azapple.com> On Sat, 2005-12-03 at 14:38 -0700, Richard Megginson wrote: > Craig White wrote: > > >First, imported nearly my entire openldap structure...but couldn't > >import this record > > > >dn: sambaDomainName=AZAPPLE,dc=azapple,dc=com > >objectClass: sambaDomain > >sambaDomainName: AZAPPLE > >sambaSID: S-1-5-21-1423820788-2381578139-3444021595 > >sambaAlgorithmicRidBase: 1000 > > > >Easy enough to recreate in console but didn't understand the error... > >[03/Dec/2005:11:24:28 -0700] - Entry > >"sambaDomainName=AZAPPLE,dc=azapple,dc=com" -- attribute "objectClass" > >not allowed > > > >when I added it to the console, it added top & organizationUnit > >objectclasses...are these required? > > > > > I guess if you add the entry over LDAP, it automatically adds the > missing superior objectclasses, but not with import. ---- It would appear so. I think the console is spoiling me - making me lazy. On openldap, I would inspect the schema because I could easily locate it. ---- > > > > >Second, console application - when you go to the properties of a 'user', > >there seems to be templates for 'user-languages-ntuser-posixuser- > >account' but nothing for samba. Is there a samba template? > > > > > No, but we'll probably have one in an upcoming release. ---- This seems important to me but I am not the most knowledgeable about these things. I would love to have a number of 'default values' automatically inserted - perhaps that is just a matter of editing the relevant html pages that govern these things (I called them templates - perhaps that is an incorrect term). But I would routinely set default values such as... sambaProfilePath: \\Server\Profiles\${USER} sambaHomePath: \\SERVER\HOMES\${USER} sambaHomeDrive: H sambaLogonScript: \\SERVER\netlogon\logon.bat sambaDomain: DOMAIN_NAME sambaPrimaryGroupSID: S-1-5-21-XXXXXXXXXXX-XXXXXXXXXXX-XXXXXXXXXXX-513 perhaps this is beyond the present capabilities of the console application and I would need to use a different client for purposes of creating new user accounts. Thanks Craig From craigwhite at azapple.com Sun Dec 4 05:53:45 2005 From: craigwhite at azapple.com (Craig White) Date: Sat, 03 Dec 2005 22:53:45 -0700 Subject: [Fedora-directory-users] ACI Message-ID: <1133675625.2430.76.camel@lin-workstation.azapple.com> I suppose being the newbie - I have to ask the obligatory ACI questions... ;-) I have personal address books...each user would have one - i.e. ou=AddressBook,uid=craig,ou=People,dc=azapple,dc=com ou=AddressBook,uid=jennifer,ou=People,dc=azapple,dc=com and my thinking is that each person can read/write/delete/etc. their own address book, authenticated users can read and anonymous is denied. Thus I created 3 rules and they aren't working because an unauthenticated/anonymous bind still can view them... These are the 3 rules (which are applied to ou=People with the expectation that each address book would inherit)... (targetattr = "*") (target = "ldap:///ou=AddressBook,uid=*,ou=People,dc=azapple,dc=com") (version 3.0;acl "Personal Address Books Owner";allow (all)(userdn = "ldap:///self");) (targetattr = "*") (target = "ldap:///ou=AddressBook,uid=*,ou=People,dc=azapple,dc=com") (version 3.0;acl "Personal Address Books Non Owner";allow (read,compare,search)(userdn = "ldap:///all");) (targetattr = "") (target = "ldap:///ou=AddressBook,uid=*,ou=People, dc=azapple,dc=com") (version 3.0;acl "Personal Address Books";deny (all)(userdn = "ldap:///anyone");) are these supposed to be separate rules or combined into 1 rule? and lastly...despite the documentation, I can't get ldapsearch to return the list of ACI's... ./ldapsearch -h localhost -D 'cn=Directory Manager' -w - '(aci=*)' whether I use the ldapsearch client from fedora-ds or the one from openldap-clients Craig From mj at sci.fi Sun Dec 4 21:14:08 2005 From: mj at sci.fi (Mike Jackson) Date: Sun, 04 Dec 2005 23:14:08 +0200 Subject: [Fedora-directory-users] Creating Replication Agreements at the Command Line (again) In-Reply-To: <438ED18F.7070106@babel.com.au> References: <438EB796.4050602@babel.com.au> <438ED18F.7070106@babel.com.au> Message-ID: <43935C20.5070707@sci.fi> Del wrote: > Del wrote: > >> >> I am trying to set up a two-master replica using this script: >> >> http://directory.fedora.redhat.com/wiki/Howto:MultiMasterReplication >> >> It creates the necessary replication objects, and then continually >> reports the following error message in the log files: >> >> [01/Dec/2005:18:55:04 +1100] NSMMReplicationPlugin - >> agmt="cn="Replication to fc3-dbw-2.babel.office"" (fc3-dbw-2:389): >> Replication bind to cn=repman,cn=config on consumer failed: 32 () > > > The bug in the script can be fixed by applying this patch: Hi, I fixed the script. Thanks for testing and reporting! -- mike From jclowser at unitedmessaging.com Sun Dec 4 22:44:40 2005 From: jclowser at unitedmessaging.com (Jeff Clowser) Date: Sun, 04 Dec 2005 17:44:40 -0500 Subject: [Fedora-directory-users] ACI In-Reply-To: <1133675625.2430.76.camel@lin-workstation.azapple.com> References: <1133675625.2430.76.camel@lin-workstation.azapple.com> Message-ID: <43937158.7080507@unitedmessaging.com> Craig White wrote: >I have personal address books...each user would have one - i.e. > >ou=AddressBook,uid=craig,ou=People,dc=azapple,dc=com >ou=AddressBook,uid=jennifer,ou=People,dc=azapple,dc=com > >and my thinking is that each person can read/write/delete/etc. their own >address book, authenticated users can read and anonymous is denied. > > First, a comment on this: Does user craig really want user jennifer to see his "personal" addressbooks? Typically, "personal" addressbooks are only visible by the person that owns them. I know I'm questioning your requirements rather than telling you how to implement what you want, but thought I'd ask :) >Thus I created 3 rules and they aren't working because an >unauthenticated/anonymous bind still can view them... > > My guess is that at the top of your tree, you have an aci that allows anonymous to see stuff (probably something like anonymous can read/search all but userpassword, etc). Aci's at the top are inherited "down the tree", so they are visible because of that, not because of your new aci's. It's usually hard to create a deny aci for a lower branch of the tree that works without breaking something else, and I always try to avoid deny aci's (because they always take precedence and can never be overridden by any allow aci's, causing some potentially unexpected results). >These are the 3 rules (which are applied to ou=People with the >expectation that each address book would inherit)... > >(targetattr = "*") (target = >"ldap:///ou=AddressBook,uid=*,ou=People,dc=azapple,dc=com") (version >3.0;acl "Personal Address Books Owner";allow (all)(userdn = >"ldap:///self");) > > Keep in mind that self applies to the entry that is binding (i.e. the users entry), not entries under it - i.e. you are defining what the user can do to their own records, not the entries under the ou=addressbook,... What I believe this is saying is that if the users entry is, say uid=craig,ou=addressbook,uid=something,ou=people,dc=azapple,dc=com, they can edit any part of their own entry, which is clearly not what you want. (you want uid=craig,ou=people,dc=azapple,dc=com to edit anything under ou=addressbook,uid=craig,...). So, since you are never binding as the addressbook entries themselves, the self rule doesn't let you edit those entries. >(targetattr = "*") (target = >"ldap:///ou=AddressBook,uid=*,ou=People,dc=azapple,dc=com") (version >3.0;acl "Personal Address Books Non Owner";allow >(read,compare,search)(userdn = "ldap:///all");) > >(targetattr = "") (target = "ldap:///ou=AddressBook,uid=*,ou=People, >dc=azapple,dc=com") (version 3.0;acl "Personal Address Books";deny >(all)(userdn = "ldap:///anyone");) > > OK - you have the deny rule, but you're targetattribute is "", which means no target attributes are defined. The default rule (probably in dc=azapple,dc=com) probably allows to all but userpassword or such - anything it allows that this does not deny is allowed, so this effectively does nothing - you can make targetattr=*, but... hmm - I never use deny, so I'm not sure if this will deny everyone (i.e. not just anonymous users, but _all_ users, irregardless how or if they are bound - like I said, deny can do unexpected things if you don't understand it really well). >are these supposed to be separate rules or combined into 1 rule? > > Separate rules - to apply different things to different people (self, all, anyone) you have to have differnet rules. >and lastly...despite the documentation, I can't get ldapsearch to return >the list of ACI's... > >./ldapsearch -h localhost -D 'cn=Directory Manager' -w - '(aci=*)' > > aci's are operational attributes, which means you have to specifically ask for it - i.e.: ./ldapsearch -h localhost -D 'cn=Directory Manager' -w - '(aci=*)' aci (note the aci added to the end.) A couple ways to do what you want: First, instead of putting the aci on the ou=people, put it on each ou=addressbook entry - i.e. something like: dn: ou=addressbook,uid=craig,ou=people,dc=azapple,dc=com ou: addressbook objectclass: top objectclass: organizationunit aci: (targetattr = "*") (version 3.0;acl "Personal Address Books Owner";allow (all)(userdn = "ldap:///uid=craig,ou=people,dc=azapple,dc=com");) aci: (targetattr = "*") (version 3.0;acl "Personal Address Books Non Owner"; allow(read,compare,search)(userdn = "ldap:///all");) aci: (targetattr = "*") (version 3.0;acl "Personal Address Books";deny (all)(userdn = "ldap:///anyone");) You don't need the target, because it defaults to the entry it's on, which is what you want. I'm still not sure that the deny is gonna work right, but give it a try. Note that you have to define the allow (all) to be the dn of the user you want. You might be able to use ldap:///parent, but I think you would then have to bind as ou=addressbook,uid=craig... to create entries directly under ou=addressbook,uid=craig..., which you can't do. Another way to do this is to create ou=addressbooks,dc=azapple,dc=com, or even a separate tree to hold personal address books (i.e. o=pab), then create something like ou=craig,ou=addressbook,dc=azapple,dc=com (or ou=craig,o=pab) to hold things in a separate place - in that way, you can remove default anonymous access from dc=azapple,dc=com, and set anonymous access as appropriate on ou=people..., ou=groups..., ou=addressbooks..., etc as you want them. It makes cleanup of everything associated with a user a little more disjointed maybe, but it's a lot easier to manage/organize your aci's this way. Might be able to use roles to make creating appropriate aci's easier also. - Jeff From brendan0powers at gmail.com Sun Dec 4 23:32:44 2005 From: brendan0powers at gmail.com (brendan powers) Date: Sun, 4 Dec 2005 18:32:44 -0500 Subject: [Fedora-directory-users] Fedora-ds on ubuntu Message-ID: Hello, i have compiled fedora-ds on ubuntu, and almost installed it. The installer does not correctly find apache. It asks for the path where apache is installed. I am running ubuntu 5.10 with apache 2 installed. I have created links from /usr/sbin/apache2>httpd /etc/apache2>httpd and /usr/lib/apache2>httpd Here is the error i get from the installer Unable to locate Apache modules in /modules . Press any key to continue. Does anyone know what the installer is looking for? Has anyone compiled this in ubuntu before. Once i get this working i plan to create packages for ubuntu 5.10 and debian sarge. Thanks for your time. From rmeggins at redhat.com Mon Dec 5 03:44:01 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Sun, 04 Dec 2005 20:44:01 -0700 Subject: [Fedora-directory-users] Fedora-ds on ubuntu In-Reply-To: References: Message-ID: <4393B781.6060607@redhat.com> brendan powers wrote: >Hello, i have compiled fedora-ds on ubuntu, and almost installed it. >The installer does not correctly find apache. It asks for the path >where apache is installed. I am running ubuntu 5.10 with apache 2 >installed. I have created links from /usr/sbin/apache2>httpd >/etc/apache2>httpd and /usr/lib/apache2>httpd > >Here is the error i get from the installer >Unable to locate Apache modules in >/modules >. >Press any key to continue. > >Does anyone know what the installer is looking for? Has anyone >compiled this in ubuntu before. > > It's looking for the directory containing the Apache modules, which on RH and FC is /etc/httpd/modules. It uses the httpd binary itself - it does an httpd.worker -V and parses the output, looking for -D HTTPD_ROOT="/etc/httpd" If this doesn't work with the ubuntu apache, you can override what setup uses. First, run setup with the -k option to save the install.inf file. Next, edit this file, and make sure you have the setting ApacheRoot= /etc/httpd in your [admin] section (or whatever the parent of your Apache module directory is). Then, rerun setup using the edited file like ./setup -s -f /path/to/install.inf >Once i get this working i plan to create packages for ubuntu 5.10 and >debian sarge. > >Thanks for your time. > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Dec 5 03:51:03 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Sun, 04 Dec 2005 20:51:03 -0700 Subject: [Fedora-directory-users] a little bit of samba confusion In-Reply-To: <1133674093.2430.61.camel@lin-workstation.azapple.com> References: <1133638156.2430.8.camel@lin-workstation.azapple.com> <43921047.7080203@redhat.com> <1133674093.2430.61.camel@lin-workstation.azapple.com> Message-ID: <4393B927.5020301@redhat.com> Craig White wrote: >On Sat, 2005-12-03 at 14:38 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> >> >>>First, imported nearly my entire openldap structure...but couldn't >>>import this record >>> >>>dn: sambaDomainName=AZAPPLE,dc=azapple,dc=com >>>objectClass: sambaDomain >>>sambaDomainName: AZAPPLE >>>sambaSID: S-1-5-21-1423820788-2381578139-3444021595 >>>sambaAlgorithmicRidBase: 1000 >>> >>>Easy enough to recreate in console but didn't understand the error... >>>[03/Dec/2005:11:24:28 -0700] - Entry >>>"sambaDomainName=AZAPPLE,dc=azapple,dc=com" -- attribute "objectClass" >>>not allowed >>> >>>when I added it to the console, it added top & organizationUnit >>>objectclasses...are these required? >>> >>> >>> >>> >>I guess if you add the entry over LDAP, it automatically adds the >>missing superior objectclasses, but not with import. >> >> >---- >It would appear so. I think the console is spoiling me - making me lazy. >On openldap, I would inspect the schema because I could easily locate >it. >---- > > >>>Second, console application - when you go to the properties of a 'user', >>>there seems to be templates for 'user-languages-ntuser-posixuser- >>>account' but nothing for samba. Is there a samba template? >>> >>> >>> >>> >>No, but we'll probably have one in an upcoming release. >> >> >---- >This seems important to me but I am not the most knowledgeable about >these things. I would love to have a number of 'default values' >automatically inserted - perhaps that is just a matter of editing the >relevant html pages that govern these things (I called them templates - >perhaps that is an incorrect term). > >But I would routinely set default values such as... > >sambaProfilePath: \\Server\Profiles\${USER} >sambaHomePath: \\SERVER\HOMES\${USER} >sambaHomeDrive: H >sambaLogonScript: \\SERVER\netlogon\logon.bat >sambaDomain: DOMAIN_NAME >sambaPrimaryGroupSID: S-1-5-21-XXXXXXXXXXX-XXXXXXXXXXX-XXXXXXXXXXX-513 > >perhaps this is beyond the present capabilities of the console >application and I would need to use a different client for purposes of >creating new user accounts. > > I think it is beyond the current console. But that's a great idea. Instead of user, we would probably use the name of the attribute e.g. uid or sambaUid. >Thanks > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Dec 5 04:05:00 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Sun, 04 Dec 2005 21:05:00 -0700 Subject: [Fedora-directory-users] Call for a replication project In-Reply-To: <200512031959.17568.hartmut.woehrle@mail.pcom.de> References: <200512031959.17568.hartmut.woehrle@mail.pcom.de> Message-ID: <4393BC6C.7030604@redhat.com> Hartmut W?hrle wrote: >Hello everybody. > >I'd like to start a discussion about extending the replication possibilities >of FDS, because from my problem with NT synchronization, I got some >ideas.... ;) > >What I learned from the Winsync tool is the following: >FDS connects via LDAP to the JAVA based ApacheDS on the Windows PDC. So in >fact it is a connection between two LDAP directories. Next it connects to the >NT database via an API service-to-service connect and gets the needed data to >synchronize users to the FDS. > >So why not extending this way of getting data from a non-LDAP system to the >FDS, for example a database. The technique I have in mind would go the >following way (same as Winsync): >FDS --> ApacheDS --> connector to the service >and the data back. >So the connection FDS to ApacheDS is standart ldap/ldaps. What's needed is a >plug for the connector. Then the connector could be programmed in any way: >- script to read out a perl script and change values to LDAP schemas >- call a programm with parameters (database SELECT, or cyrusadm with params) >- something like an API or socket connect > >In my case I'm thinking about a connection with a SAP HR database, which >exports the data in an IDOC format (flat file). So first I had in mind to scp >this file to the FDS server, rewrite it in a LDIF format and read it in by >ldapmodify. But using the way above would look the following way: > >A connector rewrites the IDOC format to LDIF and hands it over to the >ApacheDS, which sends it (like the Winsync) to the FDS. >The advantage from this method is the ldaps connection that I can use for >transmit, instead of scp or sftp. >The other advantage is, that the ApacheDS is based on JAVA, so could easier be >ported to other systems. Then the only OS-dependent part is the connector. >And this one could be programmed for every needed case. > >What do you think about this - or is there any need for something like this? > > I think Apache DS may make a great meta-directory engine, as you have described. It's probably much easier to extend it to talk to different types of data stores (think JDBC) than to extend Fedora DS using C plug-ins. For the specific case you described though, we did this at Netscape several years ago with our Peoplesoft HR database, using PerLDAP. We would take a dump of the database, parse it with perl, and use perldap to send the LDAP operations to the DS. No need for an intermediate LDIF file. You may be able to do the same with an Apache DS solution, if it can connect directly to SAP using JDBC or something like that. >CU >Hartmut > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Mon Dec 5 06:07:27 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 05 Dec 2005 08:07:27 +0200 Subject: [Fedora-directory-users] Advantages of using FDS vs OpenLDAP? In-Reply-To: <439053F9.6080600@symas.com> References: <439053F9.6080600@symas.com> Message-ID: <4393D91F.7060502@sci.fi> Howard Chu wrote: > Sorry to poke at a moldy old thread, but I think some misconceptions > need to be cleared up. Hi Howard, That certainly was a moldy old thread. I'm surprised it took this long to catch your attention :-) > I'm not here to attack FDS. I have nothing but respect for the team > working on it today. But the fact that OpenLDAP developed under > different conditions, with a different philosophy, is just that - > philosophical difference. This is one problem which I have with using OL in commercial systems: developers pushing their philosophy. The preaching of philosophies is a fundamental difference between open-source and commercial projects/products, and fortunately not all open-source projects do it. With a commercial product, the customer is always right and new features (like MMR) will appear and be enabled by default with sufficient customer demand. With an open-source project, the developers sometimes call the "customers" crazy, stupid, uninformed, etc, and tell them to be quiet or go away if they don't like it. Since this project's software has commercial roots, and still has commercial funding, thankfully you don't see much pushing of philosophy here. The biggest problem I have with OL is that the -users mailing list is censored, which is sometimes used to ensure that philosophy can be pushed without being questioned. I have had numerous postings to openldap-users blocked, which either questioned (even indirectly) the philosophy of OL or mentioned the name of another directory server. I'm happy that we have freedom of speech on this list and can have this discussion; it would be prohibited on openldap-users. I really despise being censored, and I'm sure that many other people feel the same way. Considering those two problems, I would have a difficult time saying that I have nothing but respect for the *entire* OL team. However, I do have a lot of respect for you because you listen to opposing views with an open mind and are willing to debate them in a friendly manner. BR, Mike From taymour.elerian at tedata.net Mon Dec 5 09:36:46 2005 From: taymour.elerian at tedata.net (Taymour A. El Erian) Date: Mon, 05 Dec 2005 11:36:46 +0200 Subject: [Fedora-directory-users] FDS 1.0 console problem Message-ID: <43940A2E.5040305@tedata.net> Hi, I have just downloaded FDS 1.0 to my FC2 box for testing (thinking of moving from OpenLDAP). I started the setup (tried the 3 modes) and finished the installation but unfortunately I am unable to login to the console and I have the following errors in the log [Mon Dec 05 11:20:02 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :148841712 [Mon Dec 05 11:20:02 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:20:10 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :145712368 [Mon Dec 05 11:20:10 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:20:11 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :156321008 [Mon Dec 05 11:20:11 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:20:12 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :141018352 [Mon Dec 05 11:20:12 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:20:13 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :144086256 [Mon Dec 05 11:20:13 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:20:14 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :163882224 [Mon Dec 05 11:20:14 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:20:16 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :161109232 [Mon Dec 05 11:20:16 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:20:45 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :144094448 [Mon Dec 05 11:20:45 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:20:47 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :152855792 [Mon Dec 05 11:20:47 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:20:49 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :163517680 [Mon Dec 05 11:20:49 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:21:37 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :145147120 [Mon Dec 05 11:21:37 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:21:55 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :152823024 [Mon Dec 05 11:21:55 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:21:56 2005] [crit] openLDAPConnection(): ldap_set_option failed to disable cache for :152845528 [Mon Dec 05 11:21:56 2005] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Dec 05 11:21:56 2005] [notice] Apache/2.0 configured -- resuming normal operations [Mon Dec 05 11:22:39 2005] [notice] [client 212.103.165.84] admserv_host_ip_check: Unauthorized host ip=xxx.xxx.xxx.xxx connection rejected xxx.xxx.xxx.xxx is my ip address (both the server and console run on it) Any help ? -- Taymour A El Erian System Division Manager RHCE, LPIC, CCNA, MCSE, CNA TE Data E-mail: taymour.elerian at tedata.net Web: www.tedata.net Tel: +(202)-4166600 Fax: +(202)-4166700 Ext: 1101 From thierry.lanfranchi at wanadoo.fr Mon Dec 5 10:55:20 2005 From: thierry.lanfranchi at wanadoo.fr (Thierry Lanfranchi) Date: Mon, 05 Dec 2005 11:55:20 +0100 Subject: [Fedora-directory-users] Server Side Sorting limitations/configuration In-Reply-To: <438F1880.9060502@boreham.org> References: <438ED6BC.6070407@wanadoo.fr> <438F1880.9060502@boreham.org> Message-ID: <43941C98.2050109@wanadoo.fr> Sorry for the slow answer, I've been busy reinstalling my dev platform :) I don't get any error message while using FDS's version of ldapsearch with "-x" option to enable server side sorting, and can't enable debugging as I'd have to recompile the ldapsearch utility with LDAP_DEBUG defined. As I don't have access to all necessary librairies for now, it's not an option. There's no error message in any of the three logs (access, error and audit). I can confirm though that when I do a one-letter substring search, the search seems as slow as an unindexed search, so I guess you're right about oneletter searches being non-indexed. Do you think there is anything I can do to enable oneletter indexes ? Thanks in advance, Thierry Lanfranchi (PS: Sorry if my english's not that good, trying to do my best as it's not my mother tongue) David Boreham a ?crit : > Thierry Lanfranchi wrote: > >> Is that "not sorting on single letter search" feature wanted (maybe >> even RFC stuff that I haven't read yet), and if so, can I enable >> sorting even in that case, or is it to be considered a strange >> behavior and I need to look for more informations in order to solve it ? > > > Yes. One clue might be that a single letter substring search filter > will not be indexed (while a leading two-letter substring > search filter will). An unindexed search may not be sortable : it's > been a long time since I messed with this part of the > code and without reading it again I'm not sure. Anyway, if you made > the sort control mandatory in your search, > the server should respond with an error in the case that it's unable > to sort. Did you see any response control with > information like that in it ? > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From pierig56 at yahoo.com Mon Dec 5 12:31:25 2005 From: pierig56 at yahoo.com (Pierig Le Saux) Date: Mon, 05 Dec 2005 13:31:25 +0100 Subject: [Fedora-directory-users] FDS-7.1-2 and PAM Message-ID: <1133785885.8824.7.camel@euclide> Hello, I have a quick question about FDS & PAM: It seems to me the lines added to /etc/pam.d/system-auth on the pam wiki http://directory.fedora.redhat.com/wiki/Howto:PAM don't behave as they should. i.e. if fds is not started system users but the root can't logon; if fds is started all is fine. Any clues on this? Regards From rmeggins at redhat.com Mon Dec 5 14:51:09 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Dec 2005 07:51:09 -0700 Subject: [Fedora-directory-users] Server Side Sorting limitations/configuration In-Reply-To: <43941C98.2050109@wanadoo.fr> References: <438ED6BC.6070407@wanadoo.fr> <438F1880.9060502@boreham.org> <43941C98.2050109@wanadoo.fr> Message-ID: <439453DD.4080507@redhat.com> Thierry Lanfranchi wrote: > Sorry for the slow answer, I've been busy reinstalling my dev platform :) > > I don't get any error message while using FDS's version of ldapsearch > with "-x" option to enable server side sorting, and can't enable > debugging as I'd have to recompile the ldapsearch utility with > LDAP_DEBUG defined. As I don't have access to all necessary librairies > for now, it's not an option. > > There's no error message in any of the three logs (access, error and > audit). > > I can confirm though that when I do a one-letter substring search, the > search seems as slow as an unindexed search, so I guess you're right > about oneletter searches being non-indexed. > > Do you think there is anything I can do to enable oneletter indexes ? No, the minimum for substring searches is 3 characters, or 2 at the beginning or end of a word. > > Thanks in advance, > Thierry Lanfranchi > (PS: Sorry if my english's not that good, trying to do my best as it's > not my mother tongue) Pas de probleme. > > David Boreham a ?crit : > >> Thierry Lanfranchi wrote: >> >>> Is that "not sorting on single letter search" feature wanted (maybe >>> even RFC stuff that I haven't read yet), and if so, can I enable >>> sorting even in that case, or is it to be considered a strange >>> behavior and I need to look for more informations in order to solve >>> it ? >> >> >> >> Yes. One clue might be that a single letter substring search filter >> will not be indexed (while a leading two-letter substring >> search filter will). An unindexed search may not be sortable : it's >> been a long time since I messed with this part of the >> code and without reading it again I'm not sure. Anyway, if you made >> the sort control mandatory in your search, >> the server should respond with an error in the case that it's unable >> to sort. Did you see any response control with >> information like that in it ? >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From hartmut.woehrle at mail.pcom.de Mon Dec 5 15:14:14 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?utf-8?q?W=C3=B6hrle?=) Date: Mon, 5 Dec 2005 16:14:14 +0100 Subject: [Fedora-directory-users] Call for a replication project In-Reply-To: <4393BC6C.7030604@redhat.com> References: <200512031959.17568.hartmut.woehrle@mail.pcom.de> <4393BC6C.7030604@redhat.com> Message-ID: <200512051614.14462.hartmut.woehrle@mail.pcom.de> Am Montag, 5. Dezember 2005 05:05 schrieb Richard Megginson: > > I think Apache DS may make a great meta-directory engine, as you have > described. It's probably much easier to extend it to talk to different > types of data stores (think JDBC) than to extend Fedora DS using C > plug-ins. > > For the specific case you described though, we did this at Netscape > several years ago with our Peoplesoft HR database, using PerLDAP. We > would take a dump of the database, parse it with perl, and use perldap > to send the LDAP operations to the DS. No need for an intermediate LDIF > file. You may be able to do the same with an Apache DS solution, if it > can connect directly to SAP using JDBC or something like that. > Oh interesting. Is this perldap available? Could also be a starting point for a replication. Just connect to localhost ApacheDS and hand it over as in the replication. CU Hartmut -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de From dshackel at arbor.edu Mon Dec 5 15:38:01 2005 From: dshackel at arbor.edu (Daniel Shackelford) Date: Mon, 05 Dec 2005 10:38:01 -0500 Subject: [Fedora-directory-users] Change port after setup Message-ID: <43945ED9.50002@arbor.edu> Hello all, I was wondering if there was a way to change the ldap port once the server has been setup. Here is the situation: I have a version of 7.1 that is running, but the sync is pretty messed up, and only some OUs are syncing with AD. I installed version 1.0 and it seems to run just dandy-fine, but the portal that needs to use the directory is having trouble using 1.0 to authenticate. So I would like to have both running, on different ports. 7.1 is running now, and I can change the ports through the console, but it works for the portal, so I would rather not touch it. 1.0 is not running, but I would like to start it up on a different port (say 388, or 390), but it is a bit messy it seems to do it through direct edits of config files in the slapd directory. Is there another way? -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45 From kovach at gmail.com Mon Dec 5 16:06:26 2005 From: kovach at gmail.com (Kevin Kovach) Date: Mon, 5 Dec 2005 11:06:26 -0500 Subject: [Fedora-directory-users] "This beta software has expired"? Message-ID: Hello, I'm a bit confused this morning. I woke up and realized that my directory was down, and when I tried to restart it I got the following message ... # ./start-slapd [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has expired ** Does this look familiar to anyone? I'm continuing to look into it, but if it's something simple issue that I'm unaware of I'd appreciate any hints as to what the problem is? Some background information ... I've been running Fedora Directory Server for about 5 months without any issues. It's been running great. I recently added a root suffix to the directory that went smoothly. I was able to use the new root without any problems after I added it. I didn't seem to have any issues with that change. This the only thing I've done in the past couple months. I've just tired to save my config and back up the db with ./saveconfig, ./db2bak, ./db2ldif, and ./db2dsml and all attempts result in the same error message. Also, the only thing printed to the error log is the same message. # cat errors Fedora-Directory/7.1 B2005.201.2115 ldap.hostname.com:636 (/opt/fedora-ds/slapd-instname) [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta software has expired ** [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta software has expired ** [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta software has expired ** [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has expired ** [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta software has expired ** [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta software has expired ** [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta software has expired ** I'm really at a loss as to what has expired. Does the directory have some kind of license that has expired? Can this be a message for an expired cert? It doesn't really sound like it, but that's the only thing I can think of off the top of my head. Thanks for any help and/or information. - Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Dec 5 17:00:42 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Dec 2005 10:00:42 -0700 Subject: [Fedora-directory-users] Call for a replication project In-Reply-To: <200512051614.14462.hartmut.woehrle@mail.pcom.de> References: <200512031959.17568.hartmut.woehrle@mail.pcom.de> <4393BC6C.7030604@redhat.com> <200512051614.14462.hartmut.woehrle@mail.pcom.de> Message-ID: <4394723A.4020502@redhat.com> Hartmut W?hrle wrote: >Am Montag, 5. Dezember 2005 05:05 schrieb Richard Megginson: > > >>I think Apache DS may make a great meta-directory engine, as you have >>described. It's probably much easier to extend it to talk to different >>types of data stores (think JDBC) than to extend Fedora DS using C >>plug-ins. >> >>For the specific case you described though, we did this at Netscape >>several years ago with our Peoplesoft HR database, using PerLDAP. We >>would take a dump of the database, parse it with perl, and use perldap >>to send the LDAP operations to the DS. No need for an intermediate LDIF >>file. You may be able to do the same with an Apache DS solution, if it >>can connect directly to SAP using JDBC or something like that. >> >> >> >Oh interesting. Is this perldap available? > > Yes. It is included with Fedora DS. See clients/orgchart/bin/org and slapd-hostname/ns-newpwpolicy.pl for some usage. Also, ftp://ftp.mozilla.org/pub/mozilla.org/directory/tools/ has some scripts we used to use at Netscape for pushing the peoplesoft data into the DS. >Could also be a starting point for a replication. Just connect to localhost >ApacheDS and hand it over as in the replication. > >CU >Hartmut > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Dec 5 17:03:52 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Dec 2005 10:03:52 -0700 Subject: [Fedora-directory-users] FDS 1.0 console problem In-Reply-To: <43940A2E.5040305@tedata.net> References: <43940A2E.5040305@tedata.net> Message-ID: <439472F8.40901@redhat.com> Where is your Apache binary? Is it /usr/sbin/httpd.worker? If you do ldd /usr/bin/httpd.worker, do you see a link to libldap? Taymour A. El Erian wrote: >Hi, > > I have just downloaded FDS 1.0 to my FC2 box for testing (thinking >of moving from OpenLDAP). I started the setup (tried the 3 modes) and >finished the installation but unfortunately I am unable to login to the >console and I have the following errors in the log > >[Mon Dec 05 11:20:02 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :148841712 >[Mon Dec 05 11:20:02 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:20:10 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :145712368 >[Mon Dec 05 11:20:10 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:20:11 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :156321008 >[Mon Dec 05 11:20:11 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:20:12 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :141018352 >[Mon Dec 05 11:20:12 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:20:13 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :144086256 >[Mon Dec 05 11:20:13 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:20:14 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :163882224 >[Mon Dec 05 11:20:14 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:20:16 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :161109232 >[Mon Dec 05 11:20:16 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:20:45 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :144094448 >[Mon Dec 05 11:20:45 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:20:47 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :152855792 >[Mon Dec 05 11:20:47 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:20:49 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :163517680 >[Mon Dec 05 11:20:49 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:21:37 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :145147120 >[Mon Dec 05 11:21:37 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:21:55 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :152823024 >[Mon Dec 05 11:21:55 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:21:56 2005] [crit] openLDAPConnection(): ldap_set_option >failed to disable cache for :152845528 >[Mon Dec 05 11:21:56 2005] [warn] Unable to open initial LDAPConnection >to populate LocalAdmin tasks into cache. >[Mon Dec 05 11:21:56 2005] [notice] Apache/2.0 configured -- resuming >normal operations >[Mon Dec 05 11:22:39 2005] [notice] [client 212.103.165.84] >admserv_host_ip_check: Unauthorized host ip=xxx.xxx.xxx.xxx connection >rejected > >xxx.xxx.xxx.xxx is my ip address (both the server and console run on it) > >Any help ? > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Dec 5 17:18:35 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Dec 2005 10:18:35 -0700 Subject: [Fedora-directory-users] Advantages of using FDS vs OpenLDAP? In-Reply-To: <4393D91F.7060502@sci.fi> References: <439053F9.6080600@symas.com> <4393D91F.7060502@sci.fi> Message-ID: <4394766B.9030406@redhat.com> Mike Jackson wrote: > Howard Chu wrote: > >> Sorry to poke at a moldy old thread, but I think some misconceptions >> need to be cleared up. > > > Hi Howard, > That certainly was a moldy old thread. I'm surprised it took this > long to catch your attention :-) > > >> I'm not here to attack FDS. I have nothing but respect for the team >> working on it today. But the fact that OpenLDAP developed under >> different conditions, with a different philosophy, is just that - >> philosophical difference. > > > This is one problem which I have with using OL in commercial systems: > developers pushing their philosophy. The preaching of philosophies is > a fundamental difference between open-source and commercial > projects/products, and fortunately not all open-source projects do it. > With a commercial product, the customer is always right and new > features (like MMR) will appear and be enabled by default with > sufficient customer demand. I don't believe the customer is always right. A good marketing organization will give the customer what they ask for. A great one will give the customer what he/she really needs/wants, which is not always what the customer asks for. We were fortunate at Netscape and Red Hat to have a couple of great PMs, and a few good ones. What you will find is that the people who have invested enough time and money into OpenLDAP are quite satisfied with it and don't really need any other solution. Since OpenLDAP has been open source for so long, there is a community around it who have developed other backends, overlays, and other assorted code for doing things like a perl backend, the PADL stuff, heimdal integration, etc. Those developers may also be quite satisfied with OpenLDAP. > With an open-source project, the developers sometimes call the > "customers" crazy, stupid, uninformed, etc, and tell them to be quiet > or go away if they don't like it. That happens with proprietary software just as much or more, it's just not as public :-) c.f. Microsoft, Oracle That being said, I have been bothered by the tone of discussion on the openldap lists at times, and I don't want to have that sort of negativity on the fedora ds lists. Perhaps it is just a difference of philosophy. > Since this project's software has commercial roots, and still has > commercial funding, thankfully you don't see much pushing of > philosophy here. You see a different philosophy. Besides, OpenLDAP does have a commercial entity behind it (Symas), and they do have customers, and they do want to provide features and services for them. > > The biggest problem I have with OL is that the -users mailing list is > censored, which is sometimes used to ensure that philosophy can be > pushed without being questioned. I have had numerous postings to > openldap-users blocked, which either questioned (even indirectly) the > philosophy of OL or mentioned the name of another directory server. > I'm happy that we have freedom of speech on this list and can have > this discussion; it would be prohibited on openldap-users. I really > despise being censored, and I'm sure that many other people feel the > same way. There are other lists that can be used to talk about other directory servers and how they compare to OpenLDAP e.g. the umich list, and to some extend the ldap-interop list. I don't fault Kurt for keeping the discussions germane - perhaps we will have to do the same with the Fedora DS lists if we become victims of our own popularity, which is a good problem to have :-) > > Considering those two problems, I would have a difficult time saying > that I have nothing but respect for the *entire* OL team. However, I > do have a lot of respect for you because you listen to opposing views > with an open mind and are willing to debate them in a friendly manner. > > BR, > Mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Mon Dec 5 18:03:54 2005 From: craigwhite at azapple.com (Craig White) Date: Mon, 05 Dec 2005 11:03:54 -0700 Subject: [Fedora-directory-users] ACI In-Reply-To: <43937158.7080507@unitedmessaging.com> References: <1133675625.2430.76.camel@lin-workstation.azapple.com> <43937158.7080507@unitedmessaging.com> Message-ID: <1133805834.20705.76.camel@lin-workstation.azapple.com> On Sun, 2005-12-04 at 17:44 -0500, Jeff Clowser wrote: > Craig White wrote: > > >and lastly...despite the documentation, I can't get ldapsearch to return > >the list of ACI's... > > > >./ldapsearch -h localhost -D 'cn=Directory Manager' -w - '(aci=*)' > > > > > aci's are operational attributes, which means you have to specifically > ask for it - i.e.: > > ./ldapsearch -h localhost -D 'cn=Directory Manager' -w - '(aci=*)' aci > > (note the aci added to the end.) ---- ok, I didn't understand that in the documentation as the word aci was apparently wrapped to another line. Your example didn't work but this did... ./ldapsearch -h localhost -b "dc=azapple,dc=com" \ -D 'cn=Directory Manager' -w - '(aci=*)' aci I did have to have a base for the search. now I'm working through the answers that I got concerning the specific ACI's and my Address Books - thanks Craig From kovach at gmail.com Mon Dec 5 18:37:54 2005 From: kovach at gmail.com (Kevin Kovach) Date: Mon, 5 Dec 2005 13:37:54 -0500 Subject: [Fedora-directory-users] Re: "This beta software has expired"? In-Reply-To: References: Message-ID: Hello again, I'm suspecting more and more that it was a certificate issue, since the error log references port 636. However, I've gone over the SSL HOWTO on the FDS wiki and I don't understand what the problem is. When I installed FDS about 5 months ago I used the information provided here, http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 on setting up a self signed certificate. This link was posted on the SSL HOWTO on help with using certutil. I was able to get FDS up and running with SSL after a couple emails to the list and a couple changes to the FDS wiki regarding SSL. As I said, it's been running well for the past 5 months or so. My understanding was that the example there created a cert that would be valid for 123 months (-v 120) plus the default 3 months? I would not expect this cert to have expired already. That said, I went through the same steps to try and recreate the CA and Server certs for the directory again now. After doing so without any error messages, I tried to start the directory server again and I'm getting the same message. Thanks. - Kevin On 12/5/05, Kevin Kovach wrote: > > Hello, > > I'm a bit confused this morning. I woke up and realized that my directory > was down, and when I tried to restart it I got the following message ... > > # ./start-slapd > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has expired ** > > > Does this look familiar to anyone? I'm continuing to look into it, but if > it's something simple issue that I'm unaware of I'd appreciate any hints as > to what the problem is? > > Some background information ... > > I've been running Fedora Directory Server for about 5 months without any > issues. It's been running great. I recently added a root suffix to the > directory that went smoothly. I was able to use the new root without any > problems after I added it. I didn't seem to have any issues with that > change. This the only thing I've done in the past couple months. > > I've just tired to save my config and back up the db with ./saveconfig, > ./db2bak, ./db2ldif, and ./db2dsml and all attempts result in the same error > message. > > Also, the only thing printed to the error log is the same message. > > # cat errors > Fedora-Directory/7.1 B2005.201.2115 > ldap.hostname.com:636 (/opt/fedora-ds/slapd-instname) > > [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta software has expired ** > > [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta software has expired ** > [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta software has expired ** > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has expired ** > > [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta software has expired ** > [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta software has expired ** > [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta software has expired ** > > > I'm really at a loss as to what has expired. Does the directory have some > kind of license that has expired? Can this be a message for an expired > cert? It doesn't really sound like it, but that's the only thing I can > think of off the top of my head. > > Thanks for any help and/or information. > > - Kevin > -- Take back the web, http://www.switch2firefox.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Dec 5 18:46:29 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Dec 2005 11:46:29 -0700 Subject: [Fedora-directory-users] Re: "This beta software has expired"? In-Reply-To: References: Message-ID: <43948B05.5020101@redhat.com> No, it's not a cert issue. It's a problem with the core server, and we're working on a fix right now. Kevin Kovach wrote: > Hello again, > > I'm suspecting more and more that it was a certificate issue, since > the error log references port 636. > > However, I've gone over the SSL HOWTO on the FDS wiki and I don't > understand what the problem is. When I installed FDS about 5 months > ago I used the information provided here, > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > on setting up a self signed certificate. This link was posted on the > SSL HOWTO on help with using certutil. > > I was able to get FDS up and running with SSL after a couple emails to > the list and a couple changes to the FDS wiki regarding SSL. As I > said, it's been running well for the past 5 months or so. > > My understanding was that the example there created a cert that would > be valid for 123 months (-v 120) plus the default 3 months? I would > not expect this cert to have expired already. > > That said, I went through the same steps to try and recreate the CA > and Server certs for the directory again now. After doing so without > any error messages, I tried to start the directory server again and > I'm getting the same message. > > Thanks. > > - Kevin > > On 12/5/05, *Kevin Kovach* > wrote: > > Hello, > > I'm a bit confused this morning. I woke up and realized that my > directory was down, and when I tried to restart it I got the > following message ... > > # ./start-slapd > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has > expired ** > > Does this look familiar to anyone? I'm continuing to look into > it, but if it's something simple issue that I'm unaware of I'd > appreciate any hints as to what the problem is? > > Some background information ... > > I've been running Fedora Directory Server for about 5 months > without any issues. It's been running great. I recently added a > root suffix to the directory that went smoothly. I was able to > use the new root without any problems after I added it. I didn't > seem to have any issues with that change. This the only thing > I've done in the past couple months. > > I've just tired to save my config and back up the db with > ./saveconfig, ./db2bak, ./db2ldif, and ./db2dsml and all attempts > result in the same error message. > > Also, the only thing printed to the error log is the same message. > > # cat errors > Fedora-Directory/7.1 B2005.201.2115 > ldap.hostname.com:636 > (/opt/fedora-ds/slapd-instname) > > [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta software has > expired ** > [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta software has > expired ** > [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta software has > expired ** > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has > expired ** > [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta software has > expired ** > [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta software has > expired ** > [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta software has > expired ** > > I'm really at a loss as to what has expired. Does the directory > have some kind of license that has expired? Can this be a message > for an expired cert? It doesn't really sound like it, but that's > the only thing I can think of off the top of my head. > > Thanks for any help and/or information. > > - Kevin > > > > > -- > Take back the web, http://www.switch2firefox.com/ > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From kovach at gmail.com Mon Dec 5 19:07:37 2005 From: kovach at gmail.com (Kevin Kovach) Date: Mon, 5 Dec 2005 14:07:37 -0500 Subject: [Fedora-directory-users] Re: "This beta software has expired"? In-Reply-To: <43948B05.5020101@redhat.com> References: <43948B05.5020101@redhat.com> Message-ID: Thanks for the reply Richard. Are you able to supply any details on the issue? Is this a known problem that was already being worked on, or is this a brand new issue? If this has been around for a while, do you have a timetable on a fix? I've checked the list and have not seen anything regarding this error message. If there's anything I can do to help please let me know. Thanks. - Kevin On 12/5/05, Richard Megginson wrote: > > No, it's not a cert issue. It's a problem with the core server, and > we're working on a fix right now. > > Kevin Kovach wrote: > > > Hello again, > > > > I'm suspecting more and more that it was a certificate issue, since > > the error log references port 636. > > > > However, I've gone over the SSL HOWTO on the FDS wiki and I don't > > understand what the problem is. When I installed FDS about 5 months > > ago I used the information provided here, > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > > on setting up a self signed certificate. This link was posted on the > > SSL HOWTO on help with using certutil. > > > > I was able to get FDS up and running with SSL after a couple emails to > > the list and a couple changes to the FDS wiki regarding SSL. As I > > said, it's been running well for the past 5 months or so. > > > > My understanding was that the example there created a cert that would > > be valid for 123 months (-v 120) plus the default 3 months? I would > > not expect this cert to have expired already. > > > > That said, I went through the same steps to try and recreate the CA > > and Server certs for the directory again now. After doing so without > > any error messages, I tried to start the directory server again and > > I'm getting the same message. > > > > Thanks. > > > > - Kevin > > > > On 12/5/05, *Kevin Kovach* > > wrote: > > > > Hello, > > > > I'm a bit confused this morning. I woke up and realized that my > > directory was down, and when I tried to restart it I got the > > following message ... > > > > # ./start-slapd > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has > > expired ** > > > > Does this look familiar to anyone? I'm continuing to look into > > it, but if it's something simple issue that I'm unaware of I'd > > appreciate any hints as to what the problem is? > > > > Some background information ... > > > > I've been running Fedora Directory Server for about 5 months > > without any issues. It's been running great. I recently added a > > root suffix to the directory that went smoothly. I was able to > > use the new root without any problems after I added it. I didn't > > seem to have any issues with that change. This the only thing > > I've done in the past couple months. > > > > I've just tired to save my config and back up the db with > > ./saveconfig, ./db2bak, ./db2ldif, and ./db2dsml and all attempts > > result in the same error message. > > > > Also, the only thing printed to the error log is the same message. > > > > # cat errors > > Fedora-Directory/7.1 B2005.201.2115 > > ldap.hostname.com:636 > > (/opt/fedora-ds/slapd-instname) > > > > [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta software has > > expired ** > > > > I'm really at a loss as to what has expired. Does the directory > > have some kind of license that has expired? Can this be a message > > for an expired cert? It doesn't really sound like it, but that's > > the only thing I can think of off the top of my head. > > > > Thanks for any help and/or information. > > > > - Kevin > > > > > > > > > > -- > > Take back the web, http://www.switch2firefox.com/ > > > >------------------------------------------------------------------------ > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- Take back the web, http://www.switch2firefox.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Dec 5 19:56:18 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Dec 2005 12:56:18 -0700 Subject: [Fedora-directory-users] Re: "This beta software has expired"? In-Reply-To: References: <43948B05.5020101@redhat.com> Message-ID: <43949B62.7030309@redhat.com> Kevin Kovach wrote: > Thanks for the reply Richard. > > Are you able to supply any details on the issue? Is this a known > problem that was already being worked on, or is this a brand new > issue? If this has been around for a while, do you have a timetable > on a fix? Actually, is your problem in the released FDS 7.1 you downloaded from the download site, or did you build it yourself? > > I've checked the list and have not seen anything regarding this error > message. If there's anything I can do to help please let me know. > > Thanks. > > - Kevin > > On 12/5/05, *Richard Megginson* > wrote: > > No, it's not a cert issue. It's a problem with the core server, and > we're working on a fix right now. > > Kevin Kovach wrote: > > > Hello again, > > > > I'm suspecting more and more that it was a certificate issue, since > > the error log references port 636. > > > > However, I've gone over the SSL HOWTO on the FDS wiki and I don't > > understand what the problem is. When I installed FDS about 5 months > > ago I used the information provided here, > > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > > on setting up a self signed certificate. This link was posted > on the > > SSL HOWTO on help with using certutil. > > > > I was able to get FDS up and running with SSL after a couple > emails to > > the list and a couple changes to the FDS wiki regarding SSL. As I > > said, it's been running well for the past 5 months or so. > > > > My understanding was that the example there created a cert that > would > > be valid for 123 months (-v 120) plus the default 3 months? I would > > not expect this cert to have expired already. > > > > That said, I went through the same steps to try and recreate the CA > > and Server certs for the directory again now. After doing so > without > > any error messages, I tried to start the directory server again and > > I'm getting the same message. > > > > Thanks. > > > > - Kevin > > > > On 12/5/05, *Kevin Kovach* > > >> wrote: > > > > Hello, > > > > I'm a bit confused this morning. I woke up and realized that my > > directory was down, and when I tried to restart it I got the > > following message ... > > > > # ./start-slapd > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has > > expired ** > > > > Does this look familiar to anyone? I'm continuing to look into > > it, but if it's something simple issue that I'm unaware of I'd > > appreciate any hints as to what the problem is? > > > > Some background information ... > > > > I've been running Fedora Directory Server for about 5 months > > without any issues. It's been running great. I recently > added a > > root suffix to the directory that went smoothly. I was able to > > use the new root without any problems after I added it. I > didn't > > seem to have any issues with that change. This the only thing > > I've done in the past couple months. > > > > I've just tired to save my config and back up the db with > > ./saveconfig, ./db2bak, ./db2ldif, and ./db2dsml and all > attempts > > result in the same error message. > > > > Also, the only thing printed to the error log is the same > message. > > > > # cat errors > > Fedora-Directory/7.1 B2005.201.2115 > > ldap.hostname.com:636 > > > (/opt/fedora-ds/slapd-instname) > > > > [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta software has > > expired ** > > [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta software has > > expired ** > > > > I'm really at a loss as to what has expired. Does the > directory > > have some kind of license that has expired? Can this be a > message > > for an expired cert? It doesn't really sound like it, but > that's > > the only thing I can think of off the top of my head. > > > > Thanks for any help and/or information. > > > > - Kevin > > > > > > > > > > -- > > Take back the web, http://www.switch2firefox.com/ > > > > >------------------------------------------------------------------------ > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > -- > Take back the web, http://www.switch2firefox.com/ > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From kovach at gmail.com Mon Dec 5 20:11:41 2005 From: kovach at gmail.com (Kevin Kovach) Date: Mon, 5 Dec 2005 15:11:41 -0500 Subject: [Fedora-directory-users] Re: "This beta software has expired"? In-Reply-To: <43949B62.7030309@redhat.com> References: <43948B05.5020101@redhat.com> <43949B62.7030309@redhat.com> Message-ID: Built this myself from the 7.1 source. You're thinking this is an issue with my build in particular, or you've seen this before? - Kevin On 12/5/05, Richard Megginson wrote: > > Kevin Kovach wrote: > > > Thanks for the reply Richard. > > > > Are you able to supply any details on the issue? Is this a known > > problem that was already being worked on, or is this a brand new > > issue? If this has been around for a while, do you have a timetable > > on a fix? > > Actually, is your problem in the released FDS 7.1 you downloaded from > the download site, or did you build it yourself? > > > > > I've checked the list and have not seen anything regarding this error > > message. If there's anything I can do to help please let me know. > > > > Thanks. > > > > - Kevin > > > > On 12/5/05, *Richard Megginson* > > wrote: > > > > No, it's not a cert issue. It's a problem with the core server, and > > we're working on a fix right now. > > > > Kevin Kovach wrote: > > > > > Hello again, > > > > > > I'm suspecting more and more that it was a certificate issue, > since > > > the error log references port 636. > > > > > > However, I've gone over the SSL HOWTO on the FDS wiki and I don't > > > understand what the problem is. When I installed FDS about 5 > months > > > ago I used the information provided here, > > > > > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > > > on setting up a self signed certificate. This link was posted > > on the > > > SSL HOWTO on help with using certutil. > > > > > > I was able to get FDS up and running with SSL after a couple > > emails to > > > the list and a couple changes to the FDS wiki regarding SSL. As I > > > said, it's been running well for the past 5 months or so. > > > > > > My understanding was that the example there created a cert that > > would > > > be valid for 123 months (-v 120) plus the default 3 months? I > would > > > not expect this cert to have expired already. > > > > > > That said, I went through the same steps to try and recreate the > CA > > > and Server certs for the directory again now. After doing so > > without > > > any error messages, I tried to start the directory server again > and > > > I'm getting the same message. > > > > > > Thanks. > > > > > > - Kevin > > > > > > On 12/5/05, *Kevin Kovach* > > > > >> wrote: > > > > > > Hello, > > > > > > I'm a bit confused this morning. I woke up and realized that > my > > > directory was down, and when I tried to restart it I got the > > > following message ... > > > > > > # ./start-slapd > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software > has > > > expired ** > > > > > > Does this look familiar to anyone? I'm continuing to look > into > > > it, but if it's something simple issue that I'm unaware of I'd > > > appreciate any hints as to what the problem is? > > > > > > Some background information ... > > > > > > I've been running Fedora Directory Server for about 5 months > > > without any issues. It's been running great. I recently > > added a > > > root suffix to the directory that went smoothly. I was able > to > > > use the new root without any problems after I added it. I > > didn't > > > seem to have any issues with that change. This the only thing > > > I've done in the past couple months. > > > > > > I've just tired to save my config and back up the db with > > > ./saveconfig, ./db2bak, ./db2ldif, and ./db2dsml and all > > attempts > > > result in the same error message. > > > > > > Also, the only thing printed to the error log is the same > > message. > > > > > > # cat errors > > > Fedora-Directory/7.1 B2005.201.2115 > > > ldap.hostname.com:636 > > > > > (/opt/fedora-ds/slapd-instname) > > > > > > [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta software > has > > > expired ** > > > [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta software > has > > > expired ** > > > [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta software > has > > > expired ** > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta software > has > > > expired ** > > > [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta software > has > > > expired ** > > > [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta software > has > > > expired ** > > > [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta software > has > > > expired ** > > > > > > I'm really at a loss as to what has expired. Does the > > directory > > > have some kind of license that has expired? Can this be a > > message > > > for an expired cert? It doesn't really sound like it, but > > that's > > > the only thing I can think of off the top of my head. > > > > > > Thanks for any help and/or information. > > > > > > - Kevin > > > > > > > > > > > > > > > -- > > > Take back the web, http://www.switch2firefox.com/ > > > > > > > > >------------------------------------------------------------------------ > > > > > >-- > > >Fedora-directory-users mailing list > > >Fedora-directory-users at redhat.com > > > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > -- > > Take back the web, http://www.switch2firefox.com/ > > > >------------------------------------------------------------------------ > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- Take back the web, http://www.switch2firefox.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Dec 5 20:18:15 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Dec 2005 13:18:15 -0700 Subject: [Fedora-directory-users] Re: "This beta software has expired"? In-Reply-To: References: <43948B05.5020101@redhat.com> <43949B62.7030309@redhat.com> Message-ID: <4394A087.9070906@redhat.com> Kevin Kovach wrote: > Built this myself from the 7.1 source. You're thinking this is an > issue with my build in particular, or you've seen this before? Yes. The BUILD_BOMB is enabled by default. Our 7.1 binary builds had the build bomb disabled. In order to build with this disabled, use something like this: make PUMPKIN_AGE=0 BUILD_BOMB="" .... other args .... I apologize for this. We will be updating the wiki Building page ASAP. Future versions of the source code will disable the build bomb by default. > > - Kevin > > On 12/5/05, * Richard Megginson* > wrote: > > Kevin Kovach wrote: > > > Thanks for the reply Richard. > > > > Are you able to supply any details on the issue? Is this a known > > problem that was already being worked on, or is this a brand new > > issue? If this has been around for a while, do you have a > timetable > > on a fix? > > Actually, is your problem in the released FDS 7.1 you downloaded from > the download site, or did you build it yourself? > > > > > I've checked the list and have not seen anything regarding this > error > > message. If there's anything I can do to help please let me know. > > > > Thanks. > > > > - Kevin > > > > On 12/5/05, *Richard Megginson* > > >> wrote: > > > > No, it's not a cert issue. It's a problem with the core > server, and > > we're working on a fix right now. > > > > Kevin Kovach wrote: > > > > > Hello again, > > > > > > I'm suspecting more and more that it was a certificate > issue, since > > > the error log references port 636. > > > > > > However, I've gone over the SSL HOWTO on the FDS wiki and > I don't > > > understand what the problem is. When I installed FDS > about 5 months > > > ago I used the information provided here, > > > > > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > > > on setting up a self signed certificate. This link was > posted > > on the > > > SSL HOWTO on help with using certutil. > > > > > > I was able to get FDS up and running with SSL after a couple > > emails to > > > the list and a couple changes to the FDS wiki regarding > SSL. As I > > > said, it's been running well for the past 5 months or so. > > > > > > My understanding was that the example there created a cert > that > > would > > > be valid for 123 months (-v 120) plus the default 3 > months? I would > > > not expect this cert to have expired already. > > > > > > That said, I went through the same steps to try and > recreate the CA > > > and Server certs for the directory again now. After doing so > > without > > > any error messages, I tried to start the directory server > again and > > > I'm getting the same message. > > > > > > Thanks. > > > > > > - Kevin > > > > > > On 12/5/05, *Kevin Kovach* > > > > > > > >>> wrote: > > > > > > Hello, > > > > > > I'm a bit confused this morning. I woke up and > realized that my > > > directory was down, and when I tried to restart it I > got the > > > following message ... > > > > > > # ./start-slapd > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta > software has > > > expired ** > > > > > > Does this look familiar to anyone? I'm continuing to > look into > > > it, but if it's something simple issue that I'm > unaware of I'd > > > appreciate any hints as to what the problem is? > > > > > > Some background information ... > > > > > > I've been running Fedora Directory Server for about 5 > months > > > without any issues. It's been running great. I recently > > added a > > > root suffix to the directory that went smoothly. I > was able to > > > use the new root without any problems after I added > it. I > > didn't > > > seem to have any issues with that change. This the > only thing > > > I've done in the past couple months. > > > > > > I've just tired to save my config and back up the db with > > > ./saveconfig, ./db2bak, ./db2ldif, and ./db2dsml and all > > attempts > > > result in the same error message. > > > > > > Also, the only thing printed to the error log is the same > > message. > > > > > > # cat errors > > > Fedora-Directory/7.1 B2005.201.2115 > > > ldap.hostname.com:636 > > > > > > (/opt/fedora-ds/slapd-instname) > > > > > > [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta > software has > > > expired ** > > > [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta > software has > > > expired ** > > > [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta > software has > > > expired ** > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta > software has > > > expired ** > > > [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta > software has > > > expired ** > > > [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta > software has > > > expired ** > > > [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta > software has > > > expired ** > > > > > > I'm really at a loss as to what has expired. Does the > > directory > > > have some kind of license that has expired? Can this be a > > message > > > for an expired cert? It doesn't really sound like it, but > > that's > > > the only thing I can think of off the top of my head. > > > > > > Thanks for any help and/or information. > > > > > > - Kevin > > > > > > > > > > > > > > > -- > > > Take back the web, http://www.switch2firefox.com/ > > < http://www.switch2firefox.com/> > > > > > > >------------------------------------------------------------------------ > > > > > >-- > > >Fedora-directory-users mailing list > > >Fedora-directory-users at redhat.com > > > > > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > < > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > > -- > > Take back the web, http://www.switch2firefox.com/ > > > > >------------------------------------------------------------------------ > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > -- > Take back the web, http://www.switch2firefox.com/ > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From hyc at symas.com Mon Dec 5 21:14:00 2005 From: hyc at symas.com (Howard Chu) Date: Mon, 05 Dec 2005 13:14:00 -0800 Subject: [Fedora-directory-users] Advantages of using FDS vs OpenLDAP? In-Reply-To: <20051205190750.6228973267@hormel.redhat.com> References: <20051205190750.6228973267@hormel.redhat.com> Message-ID: <4394AD98.1040608@symas.com> > Date: Mon, 05 Dec 2005 10:18:35 -0700 > From: Richard Megginson > > Mike Jackson wrote: > > >> Howard Chu wrote: >> >> >>> Sorry to poke at a moldy old thread, but I think some misconceptions >>> need to be cleared up. >>> >> Hi Howard, >> That certainly was a moldy old thread. I'm surprised it took this >> long to catch your attention :-) >> I guess my attention has been elsewhere ;) >>> I'm not here to attack FDS. I have nothing but respect for the team >>> working on it today. But the fact that OpenLDAP developed under >>> different conditions, with a different philosophy, is just that - >>> philosophical difference. >>> >> This is one problem which I have with using OL in commercial systems: >> developers pushing their philosophy. The preaching of philosophies is >> a fundamental difference between open-source and commercial >> projects/products, and fortunately not all open-source projects do it. >> With a commercial product, the customer is always right and new >> features (like MMR) will appear and be enabled by default with >> sufficient customer demand. >> > > I don't believe the customer is always right. A good marketing > organization will give the customer what they ask for. A great one will > give the customer what he/she really needs/wants, which is not always > what the customer asks for. We were fortunate at Netscape and Red Hat > to have a couple of great PMs, and a few good ones. > Indeed. In my experience on many projects, the "customer" is almost always wrong. Fortunately for them they were usually shielded from me by several layers of sales/marketing, and those layers got to deal with twisting the language so that it appeared the customer was getting exactly what they asked for, when we were just delivering what they needed. I don't want to pollute this list with too much off-topic discussion, but this is a key difference - OpenLDAP did not begin as a commercial directory product, and that was not its original purpose. It was never Kurt's goal to create a directory server that could compete with other commercial directory servers, he just wanted something that would work for NetBoolean's mail routing product. Symas wasn't looking to become a commercial directory server company either, we were just looking for something that would work for our Connexitor EMS product. I.e., OL started as the bare necessities that a couple developers needed for something else entirely, and the only focus of the project has been satisfying its developers. Many people are put off by the "if you want it, add it yourself" attitude. I personally found this attitude attracted me to the project, because I enjoy creating code that does what I want. >> With an open-source project, the developers sometimes call the >> "customers" crazy, stupid, uninformed, etc, and tell them to be quiet >> or go away if they don't like it. >> > > That happens with proprietary software just as much or more, it's just > not as public :-) c.f. Microsoft, Oracle > > LOL. Indeed, when was the last time you ever heard "you're right, we'll fix that right away" from Microsoft... > That being said, I have been bothered by the tone of discussion on the > openldap lists at times, and I don't want to have that sort of > negativity on the fedora ds lists. Perhaps it is just a difference of > philosophy. > > Newbies tend to have a rough time with OL and with the OL lists. And teaching newbies about LDAP basics hasn't really been one of the priorities for OL. But in general the only time I've seen real problems has been due to folks who come onto the lists without a clue and who steadfastly ignore all the clues given to them. Ignorance isn't a sin, but aggressive ignorance is. >> Since this project's software has commercial roots, and still has >> commercial funding, thankfully you don't see much pushing of >> philosophy here. >> > > You see a different philosophy. Besides, OpenLDAP does have a > commercial entity behind it (Symas), and they do have customers, and > they do want to provide features and services for them. > Yes, and this marks a distinct change for OpenLDAP. "It works" used to be good enough, but isn't any more. A lot of initial development was driven purely by internal needs. The emphasis has slowly changed to making the code enterprise-grade, and that change has been largely due to Symas. The old codebase sucked, royally. We at Symas started profiling the code (and developing new code profiling tools to assist), re-factoring, ... and as a result the OL 2.1 code was 200 times faster than 2.0. With the old philosophy probably nobody would have bothered to investigate. But I'm a perfectionist; "it works" isn't nearly good enough for me... >> The biggest problem I have with OL is that the -users mailing list is >> censored, which is sometimes used to ensure that philosophy can be >> pushed without being questioned. I have had numerous postings to >> openldap-users blocked, which either questioned (even indirectly) the >> philosophy of OL or mentioned the name of another directory server. >> I'm happy that we have freedom of speech on this list and can have >> this discussion; it would be prohibited on openldap-users. I really >> despise being censored, and I'm sure that many other people feel the >> same way. >> > > There are other lists that can be used to talk about other directory > servers and how they compare to OpenLDAP e.g. the umich list, and to > some extend the ldap-interop list. I don't fault Kurt for keeping the > discussions germane - perhaps we will have to do the same with the > Fedora DS lists if we become victims of our own popularity, which is a > good problem to have :-) > > I think part of the problem was that the OL list was the only place to find free help on the entire technology, and it irked me to see my time being wasted giving free support to people using commercial products. 1) they paid money to a vendor already, the vendor should be supporting them. 2) if they have money to burn, they ought to be paying me instead. ;) The fact that these other lists are active has pretty much solved that problem. >> Considering those two problems, I would have a difficult time saying >> that I have nothing but respect for the *entire* OL team. However, I >> do have a lot of respect for you because you listen to opposing views >> with an open mind and are willing to debate them in a friendly manner. >> Thanks. A good debate is always nice; anyone who doesn't like intellectual challenge shouldn't be here in the first place... >> BR, >> Mike -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ From kovach at gmail.com Mon Dec 5 21:34:02 2005 From: kovach at gmail.com (Kevin Kovach) Date: Mon, 5 Dec 2005 16:34:02 -0500 Subject: [Fedora-directory-users] Re: "This beta software has expired"? In-Reply-To: <4394A087.9070906@redhat.com> References: <43948B05.5020101@redhat.com> <43949B62.7030309@redhat.com> <4394A087.9070906@redhat.com> Message-ID: Thanks again for the reply Richard. Can you please advise on how I might best go about recovering from this so that I can backup all my data and configuration and rebuild FDS? Now, I'd probably like to go to FDS 1.0 as well. I'd like to get this install up and running just long enough to back everything up and then go with a new install of 1.0. I've tried setting the time on the system back a couple months and that did not do the trick. I've noticed now that there's a pumpkin.pl PERL script in the fedora-ds directory? Is there some thing temporary I can do to expend the wick on the bomb for a bit, so that I might run for cover before it goes off again? :-) Thanks. - Kevin On 12/5/05, Richard Megginson wrote: > > Kevin Kovach wrote: > > > Built this myself from the 7.1 source. You're thinking this is an > > issue with my build in particular, or you've seen this before? > > Yes. The BUILD_BOMB is enabled by default. Our 7.1 binary builds had > the build bomb disabled. In order to build with this disabled, use > something like this: > make PUMPKIN_AGE=0 BUILD_BOMB="" .... other args .... > I apologize for this. We will be updating the wiki Building page ASAP. > Future versions of the source code will disable the build bomb by default. > > > > > - Kevin > > > > On 12/5/05, * Richard Megginson* > > wrote: > > > > Kevin Kovach wrote: > > > > > Thanks for the reply Richard. > > > > > > Are you able to supply any details on the issue? Is this a known > > > problem that was already being worked on, or is this a brand new > > > issue? If this has been around for a while, do you have a > > timetable > > > on a fix? > > > > Actually, is your problem in the released FDS 7.1 you downloaded > from > > the download site, or did you build it yourself? > > > > > > > > I've checked the list and have not seen anything regarding this > > error > > > message. If there's anything I can do to help please let me know. > > > > > > Thanks. > > > > > > - Kevin > > > > > > On 12/5/05, *Richard Megginson* > > > > >> wrote: > > > > > > No, it's not a cert issue. It's a problem with the core > > server, and > > > we're working on a fix right now. > > > > > > Kevin Kovach wrote: > > > > > > > Hello again, > > > > > > > > I'm suspecting more and more that it was a certificate > > issue, since > > > > the error log references port 636. > > > > > > > > However, I've gone over the SSL HOWTO on the FDS wiki and > > I don't > > > > understand what the problem is. When I installed FDS > > about 5 months > > > > ago I used the information provided here, > > > > > > > > > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > > > > on setting up a self signed certificate. This link was > > posted > > > on the > > > > SSL HOWTO on help with using certutil. > > > > > > > > I was able to get FDS up and running with SSL after a couple > > > emails to > > > > the list and a couple changes to the FDS wiki regarding > > SSL. As I > > > > said, it's been running well for the past 5 months or so. > > > > > > > > My understanding was that the example there created a cert > > that > > > would > > > > be valid for 123 months (-v 120) plus the default 3 > > months? I would > > > > not expect this cert to have expired already. > > > > > > > > That said, I went through the same steps to try and > > recreate the CA > > > > and Server certs for the directory again now. After doing > so > > > without > > > > any error messages, I tried to start the directory server > > again and > > > > I'm getting the same message. > > > > > > > > Thanks. > > > > > > > > - Kevin > > > > > > > > On 12/5/05, *Kevin Kovach* > > > > > > > > > > > >>> wrote: > > > > > > > > Hello, > > > > > > > > I'm a bit confused this morning. I woke up and > > realized that my > > > > directory was down, and when I tried to restart it I > > got the > > > > following message ... > > > > > > > > # ./start-slapd > > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > > > > > Does this look familiar to anyone? I'm continuing to > > look into > > > > it, but if it's something simple issue that I'm > > unaware of I'd > > > > appreciate any hints as to what the problem is? > > > > > > > > Some background information ... > > > > > > > > I've been running Fedora Directory Server for about 5 > > months > > > > without any issues. It's been running great. I > recently > > > added a > > > > root suffix to the directory that went smoothly. I > > was able to > > > > use the new root without any problems after I added > > it. I > > > didn't > > > > seem to have any issues with that change. This the > > only thing > > > > I've done in the past couple months. > > > > > > > > I've just tired to save my config and back up the db > with > > > > ./saveconfig, ./db2bak, ./db2ldif, and ./db2dsml and all > > > attempts > > > > result in the same error message. > > > > > > > > Also, the only thing printed to the error log is the > same > > > message. > > > > > > > > # cat errors > > > > Fedora-Directory/7.1 B2005.201.2115 > > > > ldap.hostname.com:636 > > > > > > > > > (/opt/fedora-ds/slapd-instname) > > > > > > > > [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > > > > > I'm really at a loss as to what has expired. Does the > > > directory > > > > have some kind of license that has expired? Can this be > a > > > message > > > > for an expired cert? It doesn't really sound like it, > but > > > that's > > > > the only thing I can think of off the top of my head. > > > > > > > > Thanks for any help and/or information. > > > > > > > > - Kevin > > > > > > > > > > > > > > > > > > > > -- > > > > Take back the web, http://www.switch2firefox.com/ > > > < http://www.switch2firefox.com/> > > > > > > > > > > >------------------------------------------------------------------------ > > > > > > > >-- > > > >Fedora-directory-users mailing list > > > >Fedora-directory-users at redhat.com > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > < > > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > > > > > > > > > -- > > > Take back the web, http://www.switch2firefox.com/ > > > > > > > > >------------------------------------------------------------------------ > > > > > >-- > > >Fedora-directory-users mailing list > > >Fedora-directory-users at redhat.com > > > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > -- > > Take back the web, http://www.switch2firefox.com/ > > > >------------------------------------------------------------------------ > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- Take back the web, http://www.switch2firefox.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Dec 5 21:39:25 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Dec 2005 14:39:25 -0700 Subject: [Fedora-directory-users] Re: "This beta software has expired"? In-Reply-To: References: <43948B05.5020101@redhat.com> <43949B62.7030309@redhat.com> <4394A087.9070906@redhat.com> Message-ID: <4394B38D.8090904@redhat.com> Kevin Kovach wrote: > Thanks again for the reply Richard. > > Can you please advise on how I might best go about recovering from > this so that I can backup all my data and configuration and rebuild > FDS? Now, I'd probably like to go to FDS 1.0 as well. I'd like to > get this install up and running just long enough to back everything up > and then go with a new install of 1.0. > > I've tried setting the time on the system back a couple months and > that did not do the trick. I've noticed now that there's a pumpkin.pl > PERL script in the fedora-ds directory? Is there some thing temporary > I can do to expend the wick on the bomb for a bit, so that I might run > for cover before it goes off again? :-) There's nothing you can do except to rebuild ns-slapd. This might work: 1) cd ldapserver/ldap/servers/slapd 2) touch main.c 3) make BUILD_BOMB="" PUMPKIN_AGE=0 .... other make args .... This will rebuild the ns-slapd binary, which is the one with the problem. main.c has the bomb code. This will create a new binary ldapserver/built/release//bin/slapd/server/ns-slapd. Just shutdown your old one and replace it with this new one, the restart. You should be good to go. > > Thanks. > > - Kevin > > On 12/5/05, *Richard Megginson* > wrote: > > Kevin Kovach wrote: > > > Built this myself from the 7.1 source. You're thinking this is an > > issue with my build in particular, or you've seen this before? > > Yes. The BUILD_BOMB is enabled by default. Our 7.1 binary builds had > the build bomb disabled. In order to build with this disabled, use > something like this: > make PUMPKIN_AGE=0 BUILD_BOMB="" .... other args .... > I apologize for this. We will be updating the wiki Building page > ASAP. > Future versions of the source code will disable the build bomb by > default. > > > > > - Kevin > > > > On 12/5/05, * Richard Megginson* > > >> wrote: > > > > Kevin Kovach wrote: > > > > > Thanks for the reply Richard. > > > > > > Are you able to supply any details on the issue? Is this > a known > > > problem that was already being worked on, or is this a > brand new > > > issue? If this has been around for a while, do you have a > > timetable > > > on a fix? > > > > Actually, is your problem in the released FDS 7.1 you > downloaded from > > the download site, or did you build it yourself? > > > > > > > > I've checked the list and have not seen anything regarding > this > > error > > > message. If there's anything I can do to help please let > me know. > > > > > > Thanks. > > > > > > - Kevin > > > > > > On 12/5/05, *Richard Megginson* > > > > > > > >>> wrote: > > > > > > No, it's not a cert issue. It's a problem with the core > > server, and > > > we're working on a fix right now. > > > > > > Kevin Kovach wrote: > > > > > > > Hello again, > > > > > > > > I'm suspecting more and more that it was a certificate > > issue, since > > > > the error log references port 636. > > > > > > > > However, I've gone over the SSL HOWTO on the FDS > wiki and > > I don't > > > > understand what the problem is. When I installed FDS > > about 5 months > > > > ago I used the information provided here, > > > > > > > > > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > > > > > on setting up a self signed certificate. This link was > > posted > > > on the > > > > SSL HOWTO on help with using certutil. > > > > > > > > I was able to get FDS up and running with SSL after > a couple > > > emails to > > > > the list and a couple changes to the FDS wiki regarding > > SSL. As I > > > > said, it's been running well for the past 5 months > or so. > > > > > > > > My understanding was that the example there created > a cert > > that > > > would > > > > be valid for 123 months (-v 120) plus the default 3 > > months? I would > > > > not expect this cert to have expired already. > > > > > > > > That said, I went through the same steps to try and > > recreate the CA > > > > and Server certs for the directory again now. After > doing so > > > without > > > > any error messages, I tried to start the directory > server > > again and > > > > I'm getting the same message. > > > > > > > > Thanks. > > > > > > > > - Kevin > > > > > > > > On 12/5/05, *Kevin Kovach* > > > > > > > >> > > > > > > > > > >>>> wrote: > > > > > > > > Hello, > > > > > > > > I'm a bit confused this morning. I woke up and > > realized that my > > > > directory was down, and when I tried to restart > it I > > got the > > > > following message ... > > > > > > > > # ./start-slapd > > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > > > > > Does this look familiar to anyone? I'm > continuing to > > look into > > > > it, but if it's something simple issue that I'm > > unaware of I'd > > > > appreciate any hints as to what the problem is? > > > > > > > > Some background information ... > > > > > > > > I've been running Fedora Directory Server for > about 5 > > months > > > > without any issues. It's been running great. I > recently > > > added a > > > > root suffix to the directory that went smoothly. I > > was able to > > > > use the new root without any problems after I added > > it. I > > > didn't > > > > seem to have any issues with that change. This the > > only thing > > > > I've done in the past couple months. > > > > > > > > I've just tired to save my config and back up > the db with > > > > ./saveconfig, ./db2bak, ./db2ldif, and ./db2dsml > and all > > > attempts > > > > result in the same error message. > > > > > > > > Also, the only thing printed to the error log is > the same > > > message. > > > > > > > > # cat errors > > > > Fedora-Directory/7.1 B2005.201.2115 > > > > ldap.hostname.com:636 > > > > > > < http://ldap.hostname.com:636> > > > > (/opt/fedora-ds/slapd-instname) > > > > > > > > [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta > > software has > > > > expired ** > > > > > > > > I'm really at a loss as to what has > expired. Does the > > > directory > > > > have some kind of license that has expired? Can > this be a > > > message > > > > for an expired cert? It doesn't really sound > like it, but > > > that's > > > > the only thing I can think of off the top of my > head. > > > > > > > > Thanks for any help and/or information. > > > > > > > > - Kevin > > > > > > > > > > > > > > > > > > > > -- > > > > Take back the web, http://www.switch2firefox.com/ > > > < http://www.switch2firefox.com/> > > > > > > > > > > >------------------------------------------------------------------------ > > > > > > > >-- > > > >Fedora-directory-users mailing list > > > >Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > < > > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > > > > > > > > > -- > > > Take back the web, http://www.switch2firefox.com/ > > < http://www.switch2firefox.com/> > > > > > > >------------------------------------------------------------------------ > > > > > >-- > > >Fedora-directory-users mailing list > > >Fedora-directory-users at redhat.com > > > > > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > < > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > > -- > > Take back the web, http://www.switch2firefox.com/ > > > > >------------------------------------------------------------------------ > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > -- > Take back the web, http://www.switch2firefox.com/ > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From kovach at gmail.com Mon Dec 5 22:40:01 2005 From: kovach at gmail.com (Kevin Kovach) Date: Mon, 5 Dec 2005 17:40:01 -0500 Subject: [Fedora-directory-users] Re: "This beta software has expired"? In-Reply-To: <4394B38D.8090904@redhat.com> References: <43948B05.5020101@redhat.com> <43949B62.7030309@redhat.com> <4394A087.9070906@redhat.com> <4394B38D.8090904@redhat.com> Message-ID: That worked. I'm back up and running now. Thanks again Richard. - Kevin On 12/5/05, Richard Megginson wrote: > > Kevin Kovach wrote: > > > Thanks again for the reply Richard. > > > > Can you please advise on how I might best go about recovering from > > this so that I can backup all my data and configuration and rebuild > > FDS? Now, I'd probably like to go to FDS 1.0 as well. I'd like to > > get this install up and running just long enough to back everything up > > and then go with a new install of 1.0. > > > > I've tried setting the time on the system back a couple months and > > that did not do the trick. I've noticed now that there's a pumpkin.pl > > PERL script in the fedora-ds directory? Is there some thing temporary > > I can do to expend the wick on the bomb for a bit, so that I might run > > for cover before it goes off again? :-) > > There's nothing you can do except to rebuild ns-slapd. This might work: > 1) cd ldapserver/ldap/servers/slapd > 2) touch main.c > 3) make BUILD_BOMB="" PUMPKIN_AGE=0 .... other make args .... > This will rebuild the ns-slapd binary, which is the one with the > problem. main.c has the bomb code. This will create a new binary > ldapserver/built/release//bin/slapd/server/ns-slapd. Just > shutdown your old one and replace it with this new one, the restart. > You should be good to go. > > > > > Thanks. > > > > - Kevin > > > > On 12/5/05, *Richard Megginson* > > wrote: > > > > Kevin Kovach wrote: > > > > > Built this myself from the 7.1 source. You're thinking this is an > > > issue with my build in particular, or you've seen this before? > > > > Yes. The BUILD_BOMB is enabled by default. Our 7.1 binary builds > had > > the build bomb disabled. In order to build with this disabled, use > > something like this: > > make PUMPKIN_AGE=0 BUILD_BOMB="" .... other args .... > > I apologize for this. We will be updating the wiki Building page > > ASAP. > > Future versions of the source code will disable the build bomb by > > default. > > > > > > > > - Kevin > > > > > > On 12/5/05, * Richard Megginson* > > > > >> wrote: > > > > > > Kevin Kovach wrote: > > > > > > > Thanks for the reply Richard. > > > > > > > > Are you able to supply any details on the issue? Is this > > a known > > > > problem that was already being worked on, or is this a > > brand new > > > > issue? If this has been around for a while, do you have a > > > timetable > > > > on a fix? > > > > > > Actually, is your problem in the released FDS 7.1 you > > downloaded from > > > the download site, or did you build it yourself? > > > > > > > > > > > I've checked the list and have not seen anything regarding > > this > > > error > > > > message. If there's anything I can do to help please let > > me know. > > > > > > > > Thanks. > > > > > > > > - Kevin > > > > > > > > On 12/5/05, *Richard Megginson* > > > > > > > > > > > >>> wrote: > > > > > > > > No, it's not a cert issue. It's a problem with the core > > > server, and > > > > we're working on a fix right now. > > > > > > > > Kevin Kovach wrote: > > > > > > > > > Hello again, > > > > > > > > > > I'm suspecting more and more that it was a certificate > > > issue, since > > > > > the error log references port 636. > > > > > > > > > > However, I've gone over the SSL HOWTO on the FDS > > wiki and > > > I don't > > > > > understand what the problem is. When I installed FDS > > > about 5 months > > > > > ago I used the information provided here, > > > > > > > > > > > > > > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > > < > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158> > > > > > on setting up a self signed certificate. This link > was > > > posted > > > > on the > > > > > SSL HOWTO on help with using certutil. > > > > > > > > > > I was able to get FDS up and running with SSL after > > a couple > > > > emails to > > > > > the list and a couple changes to the FDS wiki > regarding > > > SSL. As I > > > > > said, it's been running well for the past 5 months > > or so. > > > > > > > > > > My understanding was that the example there created > > a cert > > > that > > > > would > > > > > be valid for 123 months (-v 120) plus the default 3 > > > months? I would > > > > > not expect this cert to have expired already. > > > > > > > > > > That said, I went through the same steps to try and > > > recreate the CA > > > > > and Server certs for the directory again now. After > > doing so > > > > without > > > > > any error messages, I tried to start the directory > > server > > > again and > > > > > I'm getting the same message. > > > > > > > > > > Thanks. > > > > > > > > > > - Kevin > > > > > > > > > > On 12/5/05, *Kevin Kovach* > > > > > > > > > > > >> > > > > > > > > > > > > > >>>> wrote: > > > > > > > > > > Hello, > > > > > > > > > > I'm a bit confused this morning. I woke up and > > > realized that my > > > > > directory was down, and when I tried to restart > > it I > > > got the > > > > > following message ... > > > > > > > > > > # ./start-slapd > > > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta > > > software has > > > > > expired ** > > > > > > > > > > Does this look familiar to anyone? I'm > > continuing to > > > look into > > > > > it, but if it's something simple issue that I'm > > > unaware of I'd > > > > > appreciate any hints as to what the problem is? > > > > > > > > > > Some background information ... > > > > > > > > > > I've been running Fedora Directory Server for > > about 5 > > > months > > > > > without any issues. It's been running great. I > > recently > > > > added a > > > > > root suffix to the directory that went > smoothly. I > > > was able to > > > > > use the new root without any problems after I > added > > > it. I > > > > didn't > > > > > seem to have any issues with that change. This > the > > > only thing > > > > > I've done in the past couple months. > > > > > > > > > > I've just tired to save my config and back up > > the db with > > > > > ./saveconfig, ./db2bak, ./db2ldif, and ./db2dsml > > and all > > > > attempts > > > > > result in the same error message. > > > > > > > > > > Also, the only thing printed to the error log is > > the same > > > > message. > > > > > > > > > > # cat errors > > > > > Fedora-Directory/7.1 B2005.201.2115 > > > > > ldap.hostname.com:636 > > > > > > > > > < http://ldap.hostname.com:636> > > > > > (/opt/fedora-ds/slapd-instname) > > > > > > > > > > [05/Dec/2005:11:46:07 -0500] - ERROR: ** This beta > > > software has > > > > > expired ** > > > > > [05/Dec/2005:11:47:44 -0500] - ERROR: ** This beta > > > software has > > > > > expired ** > > > > > [05/Dec/2005:11:49:03 -0500] - ERROR: ** This beta > > > software has > > > > > expired ** > > > > > [05/Dec/2005:11:52:28 -0500] - ERROR: ** This beta > > > software has > > > > > expired ** > > > > > [05/Dec/2005:11:57:33 -0500] - ERROR: ** This beta > > > software has > > > > > expired ** > > > > > [05/Dec/2005:11:58:30 -0500] - ERROR: ** This beta > > > software has > > > > > expired ** > > > > > [05/Dec/2005:12:00:11 -0500] - ERROR: ** This beta > > > software has > > > > > expired ** > > > > > > > > > > I'm really at a loss as to what has > > expired. Does the > > > > directory > > > > > have some kind of license that has expired? Can > > this be a > > > > message > > > > > for an expired cert? It doesn't really sound > > like it, but > > > > that's > > > > > the only thing I can think of off the top of my > > head. > > > > > > > > > > Thanks for any help and/or information. > > > > > > > > > > - Kevin > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Take back the web, http://www.switch2firefox.com/ > > > > < http://www.switch2firefox.com/> > > > > > > > > > > > > > > > >------------------------------------------------------------------------ > > > > > > > > > >-- > > > > >Fedora-directory-users mailing list > > > > >Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > < > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Take back the web, http://www.switch2firefox.com/ > > > < http://www.switch2firefox.com/> > > > > > > > > > > >------------------------------------------------------------------------ > > > > > > > >-- > > > >Fedora-directory-users mailing list > > > >Fedora-directory-users at redhat.com > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > < > > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > > > > > > > > > -- > > > Take back the web, http://www.switch2firefox.com/ > > > > > > > > >------------------------------------------------------------------------ > > > > > >-- > > >Fedora-directory-users mailing list > > >Fedora-directory-users at redhat.com > > > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > -- > > Take back the web, http://www.switch2firefox.com/ > > > >------------------------------------------------------------------------ > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- Take back the web, http://www.switch2firefox.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From mj at sci.fi Mon Dec 5 22:41:36 2005 From: mj at sci.fi (Mike Jackson) Date: Tue, 06 Dec 2005 00:41:36 +0200 Subject: [Fedora-directory-users] problem importing sendmail.schema in fds In-Reply-To: <438C64A8.8000407@siris.sorbonne.fr> References: <438C56A0.9030000@siris.sorbonne.fr> <438C64A8.8000407@siris.sorbonne.fr> Message-ID: <4394C220.1090505@sci.fi> basile au siris wrote: > just have to delete blank in objectclass definition ........ > > > >> # >> #******************************************************************** >> # >> objectClasses: ( >> 1.3.6.1.4.1.6152.10.3.2.13 >> NAME 'sendmailMTAAlias' >> SUP sendmailMTA >> STRUCTURAL >> DESC 'Sendmail MTA alias definition' >> MAY ( sendmailMTAAliasGrouping $ sendmailMTACluster $ >> sendmailMTAHost $ Description ) >> ) >> # >> #******************************************************************** >> # >> objectClasses: ( >> 1.3.6.1.4.1.6152.10.3.2.14 >> NAME 'sendmailMTAAliasObject' >> SUP sendmailMTAAlias >> STRUCTURAL >> DESC 'Sendmail MTA alias object' >> MUST ( sendmailMTAKey $ sendmailMTAAliasValue ) >> MAY ( sendmailMTAAliasGrouping $ sendmailMTACluster $ >> sendmailMTAHost $ Description ) >> ) Hi, I have fixed this in the new version of the script, available from the wiki link. -- mike From golden at cnt.org Tue Dec 6 03:20:49 2005 From: golden at cnt.org (Golden Butler) Date: Mon, 05 Dec 2005 21:20:49 -0600 Subject: [Fedora-directory-users] Cant't Start Console Message-ID: <20051206032049.bc1f3b47@collab.cnt.org> I've just installed fedora directory server on my fedora core 4 machine. The installation was a breeze, but when I go to start the console, I get the following error: ./startconsole: Your JAVA_HOME environment variable is not set. Please set it appropriately. I've confirmend that I indeed have java run time installed. Is there some config somewhere that I need to set or is ignoring? Any help or suggestions will be appreciated. Thanks - Delamatrix -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Dec 6 04:09:19 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Dec 2005 21:09:19 -0700 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <20051206032049.bc1f3b47@collab.cnt.org> References: <20051206032049.bc1f3b47@collab.cnt.org> Message-ID: <43950EEF.9090209@redhat.com> Golden Butler wrote: > I've just installed fedora directory server on my fedora core 4 > machine. The installation was a breeze, but when I go to start the > console, I get the following error: > > ./startconsole: Your JAVA_HOME environment variable is not set. > Please set it appropriately. export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system with the RHEL4 IBM 1.4.2 JDK: export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 > > I've confirmend that I indeed have java run time installed. Is there > some config somewhere that I need to set or is ignoring? Any help or > suggestions will be appreciated. Thanks > > - Delamatrix > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From golden at cnt.org Tue Dec 6 05:43:24 2005 From: golden at cnt.org (Golden Butler) Date: Mon, 05 Dec 2005 23:43:24 -0600 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <43950EEF.9090209@redhat.com> Message-ID: <20051206054324.064e351e@collab.cnt.org> Thanks for the help. I've installed the IBM java kit and successfully exported JAVA_HOME to the install path. Now when I run ./startconsole, I get the following error: Exception in thread "main" java.lang.ExceptionInInitializerError at com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) at com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown Source) at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) at com.netscape.management.client.console.Console.common_init(Unknown Source) at com.netscape.management.client.console.Console.(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) Caused by: java.lang.NullPointerException at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) at java.lang.Runtime.loadLibrary0(Runtime.java:824) at java.lang.System.loadLibrary(System.java:910) at sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) at java.security.AccessController.doPrivileged1(Native Method) at java.security.AccessController.doPrivileged(AccessController.java:287) at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) at java.awt.Toolkit.(Toolkit.java:1511) ... 6 more Is this error saying something with the Java gui is screwed up? - Delamatrix _____ From: Richard Megginson [mailto:rmeggins at redhat.com] To: golden at cnt.org, General discussion list for the Fedora Directory server project. [mailto:fedora-directory-users at redhat.com] Sent: Mon, 05 Dec 2005 22:09:19 -0600 Subject: Re: [Fedora-directory-users] Cant't Start Console Golden Butler wrote: > I've just installed fedora directory server on my fedora core 4 > machine. The installation was a breeze, but when I go to start the > console, I get the following error: > > ./startconsole: Your JAVA_HOME environment variable is not set. > Please set it appropriately. export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system with the RHEL4 IBM 1.4.2 JDK: export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 > > I've confirmend that I indeed have java run time installed. Is there > some config somewhere that I need to set or is ignoring? Any help or > suggestions will be appreciated. Thanks > > - Delamatrix > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pvsem at mail.ru Tue Dec 6 12:56:24 2005 From: pvsem at mail.ru (Pavel V. Sementsov) Date: Tue, 06 Dec 2005 15:56:24 +0300 Subject: [Fedora-directory-users] FedoraDS-Postfix-Dovecot Message-ID: <43958A78.7060105@mail.ru> I'm trying to set up mail server using FedoraDS-Postfix-Dovecot and have FedoraDS installed. Does anybody have any how-to to setup postfix and dovecot using FedoraDS? From werder at mpd-2024.tvcom.ru Tue Dec 6 13:04:27 2005 From: werder at mpd-2024.tvcom.ru (Pavel Sementsov) Date: Tue, 06 Dec 2005 16:04:27 +0300 Subject: [Fedora-directory-users] FedoraDS-Postfix-Dovecot Message-ID: <43958C5B.2010402@mpd-2024.tvcom.ru> I'm trying to set up mail server using FedoraDS-Postfix-Dovecot and have FedoraDS installed. Does anybody have any how-to to setup postfix and dovecot using FedoraDS? From jdennis at redhat.com Tue Dec 6 14:11:24 2005 From: jdennis at redhat.com (John Dennis) Date: Tue, 06 Dec 2005 09:11:24 -0500 Subject: [Fedora-directory-users] FedoraDS-Postfix-Dovecot In-Reply-To: <43958A78.7060105@mail.ru> References: <43958A78.7060105@mail.ru> Message-ID: <1133878284.6037.3.camel@localhost.localdomain> On Tue, 2005-12-06 at 15:56 +0300, Pavel V. Sementsov wrote: > I'm trying to set up mail server using FedoraDS-Postfix-Dovecot and have > FedoraDS installed. Does anybody have any how-to to setup postfix and > dovecot using FedoraDS? I've done this many times, however I don't have anything formal written up. There are several approaches one could take and part of it depends on what you're trying to accomplish and what your schema is. If you contact me off the list and briefly tell me what you're goals are then I can probably send you some tips and snips of configuration files. -- John Dennis From rmeggins at redhat.com Tue Dec 6 14:26:32 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 06 Dec 2005 07:26:32 -0700 Subject: [Fedora-directory-users] FedoraDS-Postfix-Dovecot In-Reply-To: <1133878284.6037.3.camel@localhost.localdomain> References: <43958A78.7060105@mail.ru> <1133878284.6037.3.camel@localhost.localdomain> Message-ID: <43959F98.7020100@redhat.com> John Dennis wrote: >On Tue, 2005-12-06 at 15:56 +0300, Pavel V. Sementsov wrote: > > >>I'm trying to set up mail server using FedoraDS-Postfix-Dovecot and have >>FedoraDS installed. Does anybody have any how-to to setup postfix and >>dovecot using FedoraDS? >> >> > >I've done this many times, however I don't have anything formal written >up. There are several approaches one could take and part of it depends >on what you're trying to accomplish and what your schema is. If you >contact me off the list and briefly tell me what you're goals are then I >can probably send you some tips and snips of configuration files. > > And send me any information you have or find out, and I'll update the http://directory.fedora.redhat.com/wiki/Documentation#Howtos -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Dec 6 15:03:01 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 06 Dec 2005 08:03:01 -0700 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <20051206054324.064e351e@collab.cnt.org> References: <20051206054324.064e351e@collab.cnt.org> Message-ID: <4395A825.4010207@redhat.com> Try export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib then ./startconsole does the problem go away? Golden Butler wrote: > Thanks for the help. I've installed the IBM java kit and successfully > exported JAVA_HOME to the install path. > Now when I run ./startconsole, I get the following error: > > Exception in thread "main" java.lang.ExceptionInInitializerError > at > com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) > at > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown Source) > at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) > at > com.netscape.management.client.console.Console.common_init(Unknown Source) > at > com.netscape.management.client.console.Console.(Unknown Source) > at com.netscape.management.client.console.Console.main(Unknown > Source) > Caused by: java.lang.NullPointerException > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) > at java.lang.Runtime.loadLibrary0(Runtime.java:824) > at java.lang.System.loadLibrary(System.java:910) > at > sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) > at java.security.AccessController.doPrivileged1(Native Method) > at > java.security.AccessController.doPrivileged(AccessController.java:287) > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) > at java.awt.Toolkit.(Toolkit.java:1511) > ... 6 more > > Is this error saying something with the Java gui is screwed up? > > - Delamatrix > > ------------------------------------------------------------------------ > *From:* Richard Megginson [mailto:rmeggins at redhat.com] > *To:* golden at cnt.org, General discussion list for the Fedora > Directory server project. [mailto:fedora-directory-users at redhat.com] > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 > *Subject:* Re: [Fedora-directory-users] Cant't Start Console > > Golden Butler wrote: > > > I've just installed fedora directory server on my fedora core 4 > > machine. The installation was a breeze, but when I go to start the > > console, I get the following error: > > > > ./startconsole: Your JAVA_HOME environment variable is not set. > > Please set it appropriately. > > export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system > with the > RHEL4 IBM 1.4.2 JDK: > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 > > > > > I've confirmend that I indeed have java run time installed. Is > there > > some config somewhere that I need to set or is ignoring? Any > help or > > suggestions will be appreciated. Thanks > > > > - Delamatrix > > > >------------------------------------------------------------------------ > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From brzurom at tycho.ncsc.mil Tue Dec 6 15:35:59 2005 From: brzurom at tycho.ncsc.mil (Brian Zuromski) Date: Tue, 06 Dec 2005 10:35:59 -0500 Subject: [Fedora-directory-users] Gidnumber Message-ID: <1133883359.9527.4.camel@MOSS-TAUTOG.tycho.ncsc.mil> I'm having problems assigning a Gidnumber to a group. Or finding out how in the tons of documentation for that matter. I'm trying to create what is shown below without any luck!! Can anyone help? dn: cn=specialGroupFoo,ou=groups,dc=foo objectClass: top objectClass: posixGroup cn: specialGroupFoo gidNumber: 1001 memberUid: user1 memberUid: user2 memberUid: user3 memberUid: user4 From golden at cnt.org Tue Dec 6 17:32:52 2005 From: golden at cnt.org (Golden Butler) Date: Tue, 06 Dec 2005 11:32:52 -0600 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <4395A825.4010207@redhat.com> Message-ID: <20051206173252.19b2e6d1@collab.cnt.org> Thanks Richard. I tried running the export command like you suggested, but I still get the same error message. Golden Butler IT Support Center for Neighborhood Technology 2125 W. North Avenue Chicago, IL 60647 773-269-4061 golden at cnt.org www.cnt.org _____ From: Richard Megginson [mailto:rmeggins at redhat.com] To: golden at cnt.org Cc: fedora-directory-users at redhat.com Sent: Tue, 06 Dec 2005 09:03:01 -0600 Subject: Re: [Fedora-directory-users] Cant't Start Console Try export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib then ./startconsole does the problem go away? Golden Butler wrote: > Thanks for the help. I've installed the IBM java kit and successfully > exported JAVA_HOME to the install path. > Now when I run ./startconsole, I get the following error: > > Exception in thread "main" java.lang.ExceptionInInitializerError > at > com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) > at > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown Source) > at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) > at > com.netscape.management.client.console.Console.common_init(Unknown Source) > at > com.netscape.management.client.console.Console.(Unknown Source) > at com.netscape.management.client.console.Console.main(Unknown > Source) > Caused by: java.lang.NullPointerException > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) > at java.lang.Runtime.loadLibrary0(Runtime.java:824) > at java.lang.System.loadLibrary(System.java:910) > at > sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) > at java.security.AccessController.doPrivileged1(Native Method) > at > java.security.AccessController.doPrivileged(AccessController.java:287) > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) > at java.awt.Toolkit.(Toolkit.java:1511) > ... 6 more > > Is this error saying something with the Java gui is screwed up? > > - Delamatrix > > ------------------------------------------------------------------------ > *From:* Richard Megginson [mailto:rmeggins at redhat.com] > *To:* golden at cnt.org, General discussion list for the Fedora > Directory server project. [mailto:fedora-directory-users at redhat.com] > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 > *Subject:* Re: [Fedora-directory-users] Cant't Start Console > > Golden Butler wrote: > > > I've just installed fedora directory server on my fedora core 4 > > machine. The installation was a breeze, but when I go to start the > > console, I get the following error: > > > > ./startconsole: Your JAVA_HOME environment variable is not set. > > Please set it appropriately. > > export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system > with the > RHEL4 IBM 1.4.2 JDK: > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 > > > > > I've confirmend that I indeed have java run time installed. Is > there > > some config somewhere that I need to set or is ignoring? Any > help or > > suggestions will be appreciated. Thanks > > > > - Delamatrix > > > >------------------------------------------------------------------------ > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Dec 6 17:41:20 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 06 Dec 2005 10:41:20 -0700 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <20051206173252.19b2e6d1@collab.cnt.org> References: <20051206173252.19b2e6d1@collab.cnt.org> Message-ID: <4395CD40.5070400@redhat.com> Golden Butler wrote: > Thanks Richard. I tried running the export command like you > suggested, but I still get the same error message. What is your JAVA_HOME setting? Where did you download the IBM JDK from? > > Golden Butler > IT Support > > Center for Neighborhood Technology > 2125 W. North Avenue > Chicago, IL 60647 > > 773-269-4061 > golden at cnt.org > www.cnt.org > > ------------------------------------------------------------------------ > *From:* Richard Megginson [mailto:rmeggins at redhat.com] > *To:* golden at cnt.org > *Cc:* fedora-directory-users at redhat.com > *Sent:* Tue, 06 Dec 2005 09:03:01 -0600 > *Subject:* Re: [Fedora-directory-users] Cant't Start Console > > Try > export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib > then ./startconsole > does the problem go away? > > Golden Butler wrote: > > > Thanks for the help. I've installed the IBM java kit and > successfully > > exported JAVA_HOME to the install path. > > Now when I run ./startconsole, I get the following error: > > > > Exception in thread "main" java.lang.ExceptionInInitializerError > > at > > > com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) > > at > > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown > Source) > > at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) > > at > > > com.netscape.management.client.console.Console.common_init(Unknown > Source) > > at > > com.netscape.management.client.console.Console.(Unknown > Source) > > at com.netscape.management.client.console.Console.main(Unknown > > Source) > > Caused by: java.lang.NullPointerException > > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) > > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) > > at java.lang.Runtime.loadLibrary0(Runtime.java:824) > > at java.lang.System.loadLibrary(System.java:910) > > at > > sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) > > at java.security.AccessController.doPrivileged1(Native Method) > > at > > > java.security.AccessController.doPrivileged(AccessController.java:287) > > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) > > at java.awt.Toolkit.(Toolkit.java:1511) > > ... 6 more > > > > Is this error saying something with the Java gui is screwed up? > > > > - Delamatrix > > > > > ------------------------------------------------------------------------ > > *From:* Richard Megginson [mailto:rmeggins at redhat.com > ] > > *To:* golden at cnt.org , > General discussion list for the Fedora > > Directory server project. > [mailto:fedora-directory-users at redhat.com > ] > > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 > > *Subject:* Re: [Fedora-directory-users] Cant't Start Console > > > > Golden Butler wrote: > > > > > I've just installed fedora directory server on my fedora core 4 > > > machine. The installation was a breeze, but when I go to start the > > > console, I get the following error: > > > > > > ./startconsole: Your JAVA_HOME environment variable is not set. > > > Please set it appropriately. > > > > export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system > > with the > > RHEL4 IBM 1.4.2 JDK: > > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 > > > > > > > > I've confirmend that I indeed have java run time installed. Is > > there > > > some config somewhere that I need to set or is ignoring? Any > > help or > > > suggestions will be appreciated. Thanks > > > > > > - Delamatrix > > > > > > >------------------------------------------------------------------------ > > > > > >-- > > >Fedora-directory-users mailing list > > >Fedora-directory-users at redhat.com > > > ")> > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From D.R.Barker at exeter.ac.uk Tue Dec 6 17:43:46 2005 From: D.R.Barker at exeter.ac.uk (David Barker) Date: Tue, 06 Dec 2005 17:43:46 +0000 Subject: [Fedora-directory-users] Schema fun :-) Message-ID: <4395CDD2.7030703@exeter.ac.uk> Hi all, I've just been having some fun converting some schema's from our existing openldap schema to FDS :-) A couple of things have been thrown up, that I have listed below (for google and others in the audience ;-) - Those still on the samba 2.x ldap schema will find it clashes with 00core.ldif. Samba 2 defines pwdMustChange , as does 00core.ldif. Removing the pwdMustChange from the samba schema lets ns-slapd start, and samba works fine too. - openldap will let use use the syntax OID "1.3.6.1.4.1.1466.115.121.1.36" ( numericString - http://www.alvestrand.no/objectid/1.3.6.1.4.1.1466.115.121.1.36.html ) but ns-slapd won't. Not really a problem - in our case, we were able to use 1.3.6.1.4.1.1466.115.121.1.27 ( integer - http://www.alvestrand.no/objectid/1.3.6.1.4.1.1466.115.121.1.27.html ) instead but others are available too :) As an aside, are user updates going to be allowed to the wiki soon? :-) From craigwhite at azapple.com Tue Dec 6 18:06:57 2005 From: craigwhite at azapple.com (Craig White) Date: Tue, 06 Dec 2005 11:06:57 -0700 Subject: [Fedora-directory-users] another issue starting the console Message-ID: <1133892417.22429.61.camel@lin-workstation.azapple.com> I can start the console and I get a window asking me to log in but the login window is never presented. # cat /etc/profile.d/java.sh JREHOME="/usr/java/jre1.5.0_06/lib/i386" JAVA_HOME="/usr/java/jre1.5.0_06" JAVAWSHOME="/usr/java/jre1.5.0_06/javaws" LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$JREHOME:$JAVAWSHOME" PATH="$PATH:/usr/java/jre1.5.0_06/bin" export JAVA_HOME # echo $LD_LIBRARY_PATH :/usr/java/jre1.5.0_06/lib/i386:/usr/java/jre1.5.0_06/javaws # echo $PATH /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/java/jre1.5.0_06/bin:/root/bin # export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib # ./startconsole -u admin -a http://srv1.clsurvey.com:26996/ & nothing in /opt/fedora-ds/slapd-srv1/logs/ that suggests where the problem might be Is this a jre1.5.0_06 issue because on my own server, I am running j2re-1.4.2-11.1.fc3.rf Craig From nkwan at redhat.com Tue Dec 6 18:13:13 2005 From: nkwan at redhat.com (Thomas Kwan) Date: Tue, 06 Dec 2005 10:13:13 -0800 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <20051206173252.19b2e6d1@collab.cnt.org> References: <20051206173252.19b2e6d1@collab.cnt.org> Message-ID: <4395D4B9.9030907@redhat.com> Hi Golden, This may help. http://directory.fedora.redhat.com/wiki/FAQ#Exception_in_thread_.22main.22_java.lang.ExceptionInInitializerError thomas Golden Butler wrote: > Thanks Richard. I tried running the export command like you > suggested, but I still get the same error message. > > Golden Butler > IT Support > > Center for Neighborhood Technology > 2125 W. North Avenue > Chicago, IL 60647 > > 773-269-4061 > golden at cnt.org > www.cnt.org > > *From:* Richard Megginson [mailto:rmeggins at redhat.com] > *To:* golden at cnt.org > *Cc:* fedora-directory-users at redhat.com > *Sent:* Tue, 06 Dec 2005 09:03:01 -0600 > *Subject:* Re: [Fedora-directory-users] Cant't Start Console > > Try > export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib > then ./startconsole > does the problem go away? > > Golden Butler wrote: > > > Thanks for the help. I've installed the IBM java kit and > successfully > > exported JAVA_HOME to the install path. > > Now when I run ./startconsole, I get the following error: > > > > Exception in thread "main" java.lang.ExceptionInInitializerError > > at > > > com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) > > at > > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown > Source) > > at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) > > at > > > com.netscape.management.client.console.Console.common_init(Unknown > Source) > > at > > com.netscape.management.client.console.Console.(Unknown > Source) > > at com.netscape.management.client.console.Console.main(Unknown > > Source) > > Caused by: java.lang.NullPointerException > > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) > > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) > > at java.lang.Runtime.loadLibrary0(Runtime.java:824) > > at java.lang.System.loadLibrary(System.java:910) > > at > > sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) > > at java.security.AccessController.doPrivileged1(Native Method) > > at > > > java.security.AccessController.doPrivileged(AccessController.java:287) > > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) > > at java.awt.Toolkit.(Toolkit.java:1511) > > ... 6 more > > > > Is this error saying something with the Java gui is screwed up? > > > > - Delamatrix > > > > > ------------------------------------------------------------------------ > > *From:* Richard Megginson [mailto:rmeggins at redhat.com] > > *To:* golden at cnt.org, General discussion list for the Fedora > > Directory server project. [mailto:fedora-directory-users at redhat.com] > > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 > > *Subject:* Re: [Fedora-directory-users] Cant't Start Console > > > > Golden Butler wrote: > > > > > I've just installed fedora directory server on my fedora core 4 > > > machine. The installation was a breeze, but when I go to start the > > > console, I get the following error: > > > > > > ./startconsole: Your JAVA_HOME environment variable is not set. > > > Please set it appropriately. > > > > export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system > > with the > > RHEL4 IBM 1.4.2 JDK: > > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 > > > > > > > > I've confirmend that I indeed have java run time installed. Is > > there > > > some config somewhere that I need to set or is ignoring? Any > > help or > > > suggestions will be appreciated. Thanks > > > > > > - Delamatrix > > > > > > >------------------------------------------------------------------------ > > > > > >-- > > >Fedora-directory-users mailing list > > >Fedora-directory-users at redhat.com > > > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From nkinder at redhat.com Tue Dec 6 18:17:03 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 06 Dec 2005 10:17:03 -0800 Subject: [Fedora-directory-users] another issue starting the console In-Reply-To: <1133892417.22429.61.camel@lin-workstation.azapple.com> References: <1133892417.22429.61.camel@lin-workstation.azapple.com> Message-ID: <4395D59F.8020801@redhat.com> Craig White wrote: >I can start the console and I get a window asking me to log in but the >login window is never presented. > ># cat /etc/profile.d/java.sh >JREHOME="/usr/java/jre1.5.0_06/lib/i386" >JAVA_HOME="/usr/java/jre1.5.0_06" >JAVAWSHOME="/usr/java/jre1.5.0_06/javaws" >LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$JREHOME:$JAVAWSHOME" >PATH="$PATH:/usr/java/jre1.5.0_06/bin" >export JAVA_HOME > ># echo $LD_LIBRARY_PATH >:/usr/java/jre1.5.0_06/lib/i386:/usr/java/jre1.5.0_06/javaws > ># echo $PATH >/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/java/jre1.5.0_06/bin:/root/bin > ># export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib > ># ./startconsole -u admin -a http://srv1.clsurvey.com:26996/ & > >nothing in /opt/fedora-ds/slapd-srv1/logs/ that suggests where the >problem might be > >Is this a jre1.5.0_06 issue because on my own server, I am running >j2re-1.4.2-11.1.fc3.rf > > Run startconsole with the "-xnologo" option. The login window is being hidden behind the splash window that you are seeing. Yes, this is an issue that has been reported with users using jre 1.5. -NGK >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From simonf at cshl.edu Tue Dec 6 18:31:35 2005 From: simonf at cshl.edu (Vsevolod (Simon) Ilyushchenko) Date: Tue, 06 Dec 2005 13:31:35 -0500 Subject: [Fedora-directory-users] How to ldapsearch password expiration data? In-Reply-To: <437283B6.6020608@redhat.com> References: <43727FAC.90809@cshl.edu> <437283B6.6020608@redhat.com> Message-ID: <4395D907.90904@cshl.edu> Hi, For future reference, I have to use the filter "(|(objectclass=ldapsubentry)(objectclass=passwordpolicy))", not just "(objectclass=ldapsubentry)". Simon Richard Megginson wrote on 11/09/2005 06:18 PM: > Those attributes are operational, so you must explicitly ask for them on > the ldapsearch command line e.g. > ldapsearch -b > 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' > passwordMaxAge passwordWarning passwordMinAge passwordExp > passwordGraceLimit > > In addition, ldapsubentry objects are hidden from normal searches. You > must explicitly request objects of this type by adding the > (objectclass=ldapsubentry) to your search filter e.g. > '(|(objectclass=*)(objectclass=ldapsubentry))' > to get all regular entries and sub entries, or just > '(objectclass=ldapsubentry)' > to get only the sub entry objects. > > Vsevolod (Simon) Ilyushchenko wrote: > >> Hi, >> >> I finally found where the password expiration data are located. If I >> do a database export from the GUI, I can see the entry: >> >> *** >> dn: >> cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu >> >> modifyTimestamp: 20051109200121Z >> modifiersName: >> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo >> t >> passwordMaxAge: 864000000 >> passwordWarning: 0 >> passwordMinAge: 0 >> passwordExp: on >> passwordGraceLimit: 0 >> objectClass: ldapsubentry >> objectClass: passwordpolicy >> objectClass: top >> cn: cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu >> creatorsName: >> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot >> createTimestamp: 20051109200121Z >> nsUniqueId: 97b5d182-1dd111b2-80f8db9c-cc6f0000 >> *** >> >> However, if I ldapsearch -b >> 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' >> >> >> I'm not getting any subentries: >> >> *** >> # extended LDIF >> # >> # LDAPv3 >> # base >> >> with scope sub >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # search result >> search: 3 >> result: 0 Success >> *** >> >> I've tried connecting both as "cn=Manager" and "uid=admin". >> >> Is there a way to access these data programmatically using ldapsearch? >> >> Thanks, >> Simon >> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson From mj at sci.fi Tue Dec 6 20:42:20 2005 From: mj at sci.fi (Mike Jackson) Date: Tue, 06 Dec 2005 22:42:20 +0200 Subject: [Fedora-directory-users] Schema fun :-) In-Reply-To: <4395CDD2.7030703@exeter.ac.uk> References: <4395CDD2.7030703@exeter.ac.uk> Message-ID: <4395F7AC.3090803@sci.fi> David Barker wrote: >> > - openldap will let use use the syntax OID > "1.3.6.1.4.1.1466.115.121.1.36" ( numericString - > http://www.alvestrand.no/objectid/1.3.6.1.4.1.1466.115.121.1.36.html ) > but ns-slapd won't. Not really a problem - in our case, we were able to > use 1.3.6.1.4.1.1466.115.121.1.27 ( integer - > http://www.alvestrand.no/objectid/1.3.6.1.4.1.1466.115.121.1.27.html ) > instead but others are available too :) Yes, the list of RFC 2252 syntaxes which are supported in FDS is not complete. However, it doesn't look very difficult at all to implement new ones. As a test to see if I could do it, I started working a few hours ago on implementing the syntax plugin for "numeric string" (basically copying and modifying int.c, and making the needed addition to another couple of header files), which might be done in a day or two. > As an aside, are user updates going to be allowed to the wiki soon? :-) I can't answer that, but if you have a proposal for some new content, I could possibly add it there for you, e.g. I have write access but I can't create accounts for others. BR, Mike From kgtemp at ensenda.com Tue Dec 6 21:27:12 2005 From: kgtemp at ensenda.com (Kevin M. Goess) Date: Tue, 6 Dec 2005 13:27:12 -0800 Subject: [Fedora-directory-users] v1.0-2 admin server as non-root user? Message-ID: <200512061327.12677.kgtemp@ensenda.com> Has anyone been able to install the admin server as a non-root user? With a fresh install, not an upgrade, if I try to use a non-root user "ldapas" instead then the admin server refues to start and leaves a cryptic error message in the logs. Any suggestions? $ setup/setup ... Can't start Admin server [/opt/fedora-ds/start-admin > /tmp/file2dDMoZ 2>&1] (error: No such file or directory) You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds ./startconsole -u admin -a http://straylight.ensenda.com:16116/ INFO Finished with setup, logfile is setup/setup.log [/opt/fedora-ds]$ lsl -ad . drwxr-xr-x 15 ldapas ldapas 4096 Dec 6 13:12 ./ [/opt/fedora-ds]$ sudo ./start-admin [/opt/fedora-ds]$ telnet localhost 16116 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused [/opt/fedora-ds]$ tail admin-serv/logs/error [Tue Dec 06 13:14:06 2005] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed [/opt/fedora-ds]$ grep ldapas /etc/passwd ldapas:x:101:102::/opt/fedora-ds:/bin/bash On a side note, is there any reason not to use the standard redhat "ldap" user instead of "nobody" for the default suggested slapd user? My impression was that "nobody" should not own any files on the filesystem. -- Kevin M. Goess (415) 277-2079 Ensenda, Inc. From rmeggins at redhat.com Tue Dec 6 21:33:59 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 06 Dec 2005 14:33:59 -0700 Subject: [Fedora-directory-users] v1.0-2 admin server as non-root user? In-Reply-To: <200512061327.12677.kgtemp@ensenda.com> References: <200512061327.12677.kgtemp@ensenda.com> Message-ID: <439603C7.1070901@redhat.com> Kevin M. Goess wrote: >Has anyone been able to install the admin server as a non-root user? With a >fresh install, not an upgrade, if I try to use a non-root user "ldapas" >instead then the admin server refues to start and leaves a cryptic error >message in the logs. Any suggestions? > >$ setup/setup >... >Can't start Admin server [/opt/fedora-ds/start-admin > /tmp/file2dDMoZ 2>&1] >(error: No such file or directory) >You can now use the console. Here is the command to use to start the console: >cd /opt/fedora-ds >./startconsole -u admin -a http://straylight.ensenda.com:16116/ > >INFO Finished with setup, logfile is setup/setup.log >[/opt/fedora-ds]$ lsl -ad . >drwxr-xr-x 15 ldapas ldapas 4096 Dec 6 13:12 ./ >[/opt/fedora-ds]$ sudo ./start-admin >[/opt/fedora-ds]$ telnet localhost 16116 >Trying 127.0.0.1... >telnet: connect to address 127.0.0.1: Connection refused >[/opt/fedora-ds]$ tail admin-serv/logs/error >[Tue Dec 06 13:14:06 2005] [crit] host_ip_init(): PSET failure: Failed to >create PSET handle (pset error = ) >Configuration Failed > > This is a permissions problem. Did you use the same user for the directory server as for the admin server? What's in the file /tmp/file2dDMoZ? What is the output of ls -l admin-serv/config ? >[/opt/fedora-ds]$ grep ldapas /etc/passwd >ldapas:x:101:102::/opt/fedora-ds:/bin/bash > > >On a side note, is there any reason not to use the standard redhat "ldap" user >instead of "nobody" for the default suggested slapd user? > You should be able to use "ldap". >My impression was >that "nobody" should not own any files on the filesystem. > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From sbonnevi at redhat.com Tue Dec 6 23:44:35 2005 From: sbonnevi at redhat.com (Steven Bonneville) Date: Tue, 6 Dec 2005 18:44:35 -0500 Subject: [Fedora-directory-users] Re: a little bit of samba confusion In-Reply-To: <20051204170004.3783973194@hormel.redhat.com>; from fedora-directory-users-request@redhat.com on Sun, Dec 04, 2005 at 12:00:04PM -0500 References: <20051204170004.3783973194@hormel.redhat.com> Message-ID: <20051206184435.B21032@lacrosse.corp.redhat.com> Craig White wrote: > First, imported nearly my entire openldap structure...but couldn't > import this record > > dn: sambaDomainName=AZAPPLE,dc=azapple,dc=com > objectClass: sambaDomain > sambaDomainName: AZAPPLE > sambaSID: S-1-5-21-1423820788-2381578139-3444021595 > sambaAlgorithmicRidBase: 1000 > > Easy enough to recreate in console but didn't understand the error... > [03/Dec/2005:11:24:28 -0700] - Entry > "sambaDomainName=AZAPPLE,dc=azapple,dc=com" -- attribute "objectClass" > not allowed The samba.schema file was converted with a tool that doesn't avoid the "overly picky schema parsing" bug (#170791). You can try the new schema conversion script on the website to see if it handles this, or for samba.schema the workaround ./ol-schema-migrate.pl samba.schema | grep -v DESC > 61samba.ldif to remove all DESC lines from the schema will work, since the DESC line is an optional line that is out of order in the original file. See the bug for details about how this affects objectclass sambaDomain; the short story is that Directory Server doesn't know that sambaDomain is derived from objectclass top, from which sambaDomain inherits the "objectClass" attribute. -- Steve Bonneville From craigwhite at azapple.com Wed Dec 7 00:20:34 2005 From: craigwhite at azapple.com (Craig White) Date: Tue, 06 Dec 2005 17:20:34 -0700 Subject: [Fedora-directory-users] another issue starting the console In-Reply-To: <4395D59F.8020801@redhat.com> References: <1133892417.22429.61.camel@lin-workstation.azapple.com> <4395D59F.8020801@redhat.com> Message-ID: <1133914834.24136.3.camel@lin-workstation.azapple.com> On Tue, 2005-12-06 at 10:17 -0800, Nathan Kinder wrote: > Craig White wrote: > > >I can start the console and I get a window asking me to log in but the > >login window is never presented. > > > ># cat /etc/profile.d/java.sh > >JREHOME="/usr/java/jre1.5.0_06/lib/i386" > >JAVA_HOME="/usr/java/jre1.5.0_06" > >JAVAWSHOME="/usr/java/jre1.5.0_06/javaws" > >LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$JREHOME:$JAVAWSHOME" > >PATH="$PATH:/usr/java/jre1.5.0_06/bin" > >export JAVA_HOME > > > ># echo $LD_LIBRARY_PATH > >:/usr/java/jre1.5.0_06/lib/i386:/usr/java/jre1.5.0_06/javaws > > > ># echo $PATH > >/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/java/jre1.5.0_06/bin:/root/bin > > > ># export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib > > > ># ./startconsole -u admin -a http://srv1.clsurvey.com:26996/ & > > > >nothing in /opt/fedora-ds/slapd-srv1/logs/ that suggests where the > >problem might be > > > >Is this a jre1.5.0_06 issue because on my own server, I am running > >j2re-1.4.2-11.1.fc3.rf > > > > > Run startconsole with the "-xnologo" option. The login window is being > hidden behind the splash window that you are seeing. > > Yes, this is an issue that has been reported with users using jre 1.5. ---- for some reason, I had to separate the -x from nologo and it works - thanks Does the admin port change with each install? I've installed it twice and it is different on each install. Craig From nkinder at redhat.com Wed Dec 7 00:51:13 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 06 Dec 2005 16:51:13 -0800 Subject: [Fedora-directory-users] another issue starting the console In-Reply-To: <1133914834.24136.3.camel@lin-workstation.azapple.com> References: <1133892417.22429.61.camel@lin-workstation.azapple.com> <4395D59F.8020801@redhat.com> <1133914834.24136.3.camel@lin-workstation.azapple.com> Message-ID: <43963201.80109@redhat.com> Craig White wrote: >On Tue, 2005-12-06 at 10:17 -0800, Nathan Kinder wrote: > > >>Craig White wrote: >> >> >> >>>I can start the console and I get a window asking me to log in but the >>>login window is never presented. >>> >>># cat /etc/profile.d/java.sh >>>JREHOME="/usr/java/jre1.5.0_06/lib/i386" >>>JAVA_HOME="/usr/java/jre1.5.0_06" >>>JAVAWSHOME="/usr/java/jre1.5.0_06/javaws" >>>LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$JREHOME:$JAVAWSHOME" >>>PATH="$PATH:/usr/java/jre1.5.0_06/bin" >>>export JAVA_HOME >>> >>># echo $LD_LIBRARY_PATH >>>:/usr/java/jre1.5.0_06/lib/i386:/usr/java/jre1.5.0_06/javaws >>> >>># echo $PATH >>>/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/java/jre1.5.0_06/bin:/root/bin >>> >>># export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib >>> >>># ./startconsole -u admin -a http://srv1.clsurvey.com:26996/ & >>> >>>nothing in /opt/fedora-ds/slapd-srv1/logs/ that suggests where the >>>problem might be >>> >>>Is this a jre1.5.0_06 issue because on my own server, I am running >>>j2re-1.4.2-11.1.fc3.rf >>> >>> >>> >>> >>Run startconsole with the "-xnologo" option. The login window is being >>hidden behind the splash window that you are seeing. >> >>Yes, this is an issue that has been reported with users using jre 1.5. >> >> >---- >for some reason, I had to separate the -x from nologo and it works - >thanks > >Does the admin port change with each install? I've installed it twice >and it is different on each install. > > A random port is chosen as a default at install time. The installation lets you choose a different port if desired. -NGK >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Wed Dec 7 01:01:29 2005 From: craigwhite at azapple.com (Craig White) Date: Tue, 06 Dec 2005 18:01:29 -0700 Subject: [Fedora-directory-users] another issue starting the console In-Reply-To: <43963201.80109@redhat.com> References: <1133892417.22429.61.camel@lin-workstation.azapple.com> <4395D59F.8020801@redhat.com> <1133914834.24136.3.camel@lin-workstation.azapple.com> <43963201.80109@redhat.com> Message-ID: <1133917289.24136.15.camel@lin-workstation.azapple.com> On Tue, 2005-12-06 at 16:51 -0800, Nathan Kinder wrote: > >Does the admin port change with each install? I've installed it twice > >and it is different on each install. > > > > > A random port is chosen as a default at install time. The > installation > lets you choose a different port if desired. ---- I see that now...keep me guessing ;-) I also figured out where that body is buried and obviously can change it...(grep is my friend) /opt/fedora-ds/admin-serv/config/adm.conf Thanks Craig From golden at cnt.org Wed Dec 7 01:37:09 2005 From: golden at cnt.org (Golden Butler) Date: Tue, 06 Dec 2005 19:37:09 -0600 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <4395CD40.5070400@redhat.com> References: <20051206173252.19b2e6d1@collab.cnt.org> <4395CD40.5070400@redhat.com> Message-ID: <43963CC5.2020806@cnt.org> $JAVA_HOME = /opt/IBMJava2-142 Downloaded IBM JDK from = http://www-128.ibm.com/developerworks/java/jdk/linux140/download.html Is this right? Richard Megginson wrote: > Golden Butler wrote: > >> Thanks Richard. I tried running the export command like you >> suggested, but I still get the same error message. > > > What is your JAVA_HOME setting? Where did you download the IBM JDK from? > >> >> Golden Butler >> IT Support >> >> Center for Neighborhood Technology >> 2125 W. North Avenue >> Chicago, IL 60647 >> >> 773-269-4061 >> golden at cnt.org >> www.cnt.org >> >> >> ------------------------------------------------------------------------ >> *From:* Richard Megginson [mailto:rmeggins at redhat.com] >> *To:* golden at cnt.org >> *Cc:* fedora-directory-users at redhat.com >> *Sent:* Tue, 06 Dec 2005 09:03:01 -0600 >> *Subject:* Re: [Fedora-directory-users] Cant't Start Console >> >> Try >> export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib >> then ./startconsole >> does the problem go away? >> >> Golden Butler wrote: >> >> > Thanks for the help. I've installed the IBM java kit and >> successfully >> > exported JAVA_HOME to the install path. >> > Now when I run ./startconsole, I get the following error: >> > >> > Exception in thread "main" java.lang.ExceptionInInitializerError >> > at >> > >> >> com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) >> >> > at >> > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown >> Source) >> > at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) >> > at >> > >> com.netscape.management.client.console.Console.common_init(Unknown >> Source) >> > at >> > com.netscape.management.client.console.Console.(Unknown >> Source) >> > at com.netscape.management.client.console.Console.main(Unknown >> > Source) >> > Caused by: java.lang.NullPointerException >> > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) >> > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) >> > at java.lang.Runtime.loadLibrary0(Runtime.java:824) >> > at java.lang.System.loadLibrary(System.java:910) >> > at >> > >> sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) >> > at java.security.AccessController.doPrivileged1(Native Method) >> > at >> > >> >> java.security.AccessController.doPrivileged(AccessController.java:287) >> > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) >> > at java.awt.Toolkit.(Toolkit.java:1511) >> > ... 6 more >> > >> > Is this error saying something with the Java gui is screwed up? >> > >> > - Delamatrix >> > >> > >> >> ------------------------------------------------------------------------ >> > *From:* Richard Megginson [mailto:rmeggins at redhat.com >> ] >> > *To:* golden at cnt.org , >> General discussion list for the Fedora >> > Directory server project. >> [mailto:fedora-directory-users at redhat.com >> ] >> > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 >> > *Subject:* Re: [Fedora-directory-users] Cant't Start Console >> > >> > Golden Butler wrote: >> > >> > > I've just installed fedora directory server on my fedora core 4 >> > > machine. The installation was a breeze, but when I go to >> start the >> > > console, I get the following error: >> > > >> > > ./startconsole: Your JAVA_HOME environment variable is not set. >> > > Please set it appropriately. >> > >> > export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system >> > with the >> > RHEL4 IBM 1.4.2 JDK: >> > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 >> > >> > > >> > > I've confirmend that I indeed have java run time installed. Is >> > there >> > > some config somewhere that I need to set or is ignoring? Any >> > help or >> > > suggestions will be appreciated. Thanks >> > > >> > > - Delamatrix >> > > >> > >> >> >------------------------------------------------------------------------ >> >> > > >> > >-- >> > >Fedora-directory-users mailing list >> > >Fedora-directory-users at redhat.com >> >> > > ")> >> > >https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > >> > > >> > >> From rmeggins at redhat.com Wed Dec 7 01:49:03 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 06 Dec 2005 18:49:03 -0700 Subject: [Fedora-directory-users] another issue starting the console In-Reply-To: <1133914834.24136.3.camel@lin-workstation.azapple.com> References: <1133892417.22429.61.camel@lin-workstation.azapple.com> <4395D59F.8020801@redhat.com> <1133914834.24136.3.camel@lin-workstation.azapple.com> Message-ID: <43963F8F.5050201@redhat.com> Craig White wrote: >On Tue, 2005-12-06 at 10:17 -0800, Nathan Kinder wrote: > > >>Craig White wrote: >> >> >> >>>I can start the console and I get a window asking me to log in but the >>>login window is never presented. >>> >>># cat /etc/profile.d/java.sh >>>JREHOME="/usr/java/jre1.5.0_06/lib/i386" >>>JAVA_HOME="/usr/java/jre1.5.0_06" >>>JAVAWSHOME="/usr/java/jre1.5.0_06/javaws" >>>LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$JREHOME:$JAVAWSHOME" >>>PATH="$PATH:/usr/java/jre1.5.0_06/bin" >>>export JAVA_HOME >>> >>># echo $LD_LIBRARY_PATH >>>:/usr/java/jre1.5.0_06/lib/i386:/usr/java/jre1.5.0_06/javaws >>> >>># echo $PATH >>>/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/java/jre1.5.0_06/bin:/root/bin >>> >>># export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib >>> >>># ./startconsole -u admin -a http://srv1.clsurvey.com:26996/ & >>> >>>nothing in /opt/fedora-ds/slapd-srv1/logs/ that suggests where the >>>problem might be >>> >>>Is this a jre1.5.0_06 issue because on my own server, I am running >>>j2re-1.4.2-11.1.fc3.rf >>> >>> >>> >>> >>Run startconsole with the "-xnologo" option. The login window is being >>hidden behind the splash window that you are seeing. >> >>Yes, this is an issue that has been reported with users using jre 1.5. >> >> >---- >for some reason, I had to separate the -x from nologo and it works - >thanks > >Does the admin port change with each install? I've installed it twice >and it is different on each install. > > Yes. setup just picks a random high unused port. >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Dec 7 01:52:01 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 06 Dec 2005 18:52:01 -0700 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <43963CC5.2020806@cnt.org> References: <20051206173252.19b2e6d1@collab.cnt.org> <4395CD40.5070400@redhat.com> <43963CC5.2020806@cnt.org> Message-ID: <43964041.9090303@redhat.com> Golden Butler wrote: > $JAVA_HOME = /opt/IBMJava2-142 > > Downloaded IBM JDK from = > http://www-128.ibm.com/developerworks/java/jdk/linux140/download.html > > Is this right? Yes. But see here, as Thomas suggested - http://directory.fedora.redhat.com/wiki/FAQ#Exception_in_thread_.22main.22_java.lang.ExceptionInInitializerError > > Richard Megginson wrote: > >> Golden Butler wrote: >> >>> Thanks Richard. I tried running the export command like you >>> suggested, but I still get the same error message. >> >> >> >> What is your JAVA_HOME setting? Where did you download the IBM JDK >> from? >> >>> >>> Golden Butler >>> IT Support >>> >>> Center for Neighborhood Technology >>> 2125 W. North Avenue >>> Chicago, IL 60647 >>> >>> 773-269-4061 >>> golden at cnt.org >>> www.cnt.org >>> >>> >>> ------------------------------------------------------------------------ >>> >>> *From:* Richard Megginson [mailto:rmeggins at redhat.com] >>> *To:* golden at cnt.org >>> *Cc:* fedora-directory-users at redhat.com >>> *Sent:* Tue, 06 Dec 2005 09:03:01 -0600 >>> *Subject:* Re: [Fedora-directory-users] Cant't Start Console >>> >>> Try >>> export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib >>> then ./startconsole >>> does the problem go away? >>> >>> Golden Butler wrote: >>> >>> > Thanks for the help. I've installed the IBM java kit and >>> successfully >>> > exported JAVA_HOME to the install path. >>> > Now when I run ./startconsole, I get the following error: >>> > >>> > Exception in thread "main" java.lang.ExceptionInInitializerError >>> > at >>> > >>> >>> com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) >>> >>> > at >>> > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown >>> Source) >>> > at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) >>> > at >>> > >>> com.netscape.management.client.console.Console.common_init(Unknown >>> Source) >>> > at >>> > com.netscape.management.client.console.Console.(Unknown >>> Source) >>> > at com.netscape.management.client.console.Console.main(Unknown >>> > Source) >>> > Caused by: java.lang.NullPointerException >>> > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) >>> > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) >>> > at java.lang.Runtime.loadLibrary0(Runtime.java:824) >>> > at java.lang.System.loadLibrary(System.java:910) >>> > at >>> > >>> sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) >>> > at java.security.AccessController.doPrivileged1(Native Method) >>> > at >>> > >>> >>> java.security.AccessController.doPrivileged(AccessController.java:287) >>> > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) >>> > at java.awt.Toolkit.(Toolkit.java:1511) >>> > ... 6 more >>> > >>> > Is this error saying something with the Java gui is screwed up? >>> > >>> > - Delamatrix >>> > >>> > >>> >>> ------------------------------------------------------------------------ >>> >>> > *From:* Richard Megginson [mailto:rmeggins at redhat.com >>> ] >>> > *To:* golden at cnt.org , >>> General discussion list for the Fedora >>> > Directory server project. >>> [mailto:fedora-directory-users at redhat.com >>> ] >>> > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 >>> > *Subject:* Re: [Fedora-directory-users] Cant't Start Console >>> > >>> > Golden Butler wrote: >>> > >>> > > I've just installed fedora directory server on my fedora core 4 >>> > > machine. The installation was a breeze, but when I go to >>> start the >>> > > console, I get the following error: >>> > > >>> > > ./startconsole: Your JAVA_HOME environment variable is not set. >>> > > Please set it appropriately. >>> > >>> > export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system >>> > with the >>> > RHEL4 IBM 1.4.2 JDK: >>> > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 >>> > >>> > > >>> > > I've confirmend that I indeed have java run time installed. Is >>> > there >>> > > some config somewhere that I need to set or is ignoring? Any >>> > help or >>> > > suggestions will be appreciated. Thanks >>> > > >>> > > - Delamatrix >>> > > >>> > >>> >>> >------------------------------------------------------------------------ >>> >>> > > >>> > >-- >>> > >Fedora-directory-users mailing list >>> > >Fedora-directory-users at redhat.com >>> >>> > >> ")> >>> > >https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> > > >>> > > >>> > >>> > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Wed Dec 7 03:18:05 2005 From: craigwhite at azapple.com (Craig White) Date: Tue, 06 Dec 2005 20:18:05 -0700 Subject: [Fedora-directory-users] moron at the helm - can't coordinate users-groups & padl stuff Message-ID: <1133925485.24136.33.camel@lin-workstation.azapple.com> This is basic stuff and I could do it easily with openldap and I can see I am close. I can get what I need from command line ldapsearch and it works fine. RHEL 4 - have run authconfig and my pam.d/system-auth looks like wiki page for FDS with PAM I can tell that the padl stuff (nsswitch.conf and /etc/ldap.conf) is working because the logs show me that 'cn=Directory Manager' is attempting to bind but it always returns error=32 (obviously no such object...which by the way is a lousy error report because obviously this is about invalid credentials and should return error=49) Anyway, I do have the password for cn=Directory Manager in /etc/ldap.secret (have tried both with and without a line feed) and even tried to put rootbinddn & rootpw in /root/.ldaprc to no avail. Regardless, 'getent passwd' doesn't return anything but contents of /etc/passwd (likewise for group) Is there a clue stick for being able to derive accounts from FDS? I could post the contents of /etc/ldap.conf and /etc/nsswitch if necessary...perhaps it's one of the commented values in ldap.conf that I routinely pass over with openldap. Craig From kevin_myer at iu13.org Wed Dec 7 03:21:08 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Tue, 6 Dec 2005 22:21:08 -0500 Subject: [Fedora-directory-users] Gidnumber In-Reply-To: <1133883359.9527.4.camel@MOSS-TAUTOG.tycho.ncsc.mil> References: <1133883359.9527.4.camel@MOSS-TAUTOG.tycho.ncsc.mil> Message-ID: <20051206222108.gmoc2r0wkwoc48co@webapps.iu13.org> Quoting Brian Zuromski : > I'm having problems assigning a Gidnumber to a group. Or finding out > how in the tons of documentation for that matter. I'm trying to create > what is shown below without any luck!! Can anyone help? > > > dn: cn=specialGroupFoo,ou=groups,dc=foo > objectClass: top > objectClass: posixGroup > cn: specialGroupFoo > gidNumber: 1001 > memberUid: user1 > memberUid: user2 > memberUid: user3 > memberUid: user4 A little bit more info might be helpful - like what error message are you seeing, or how are you trying to create the above entry? Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From golden at cnt.org Wed Dec 7 03:59:40 2005 From: golden at cnt.org (Golden Butler) Date: Tue, 06 Dec 2005 21:59:40 -0600 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <43964041.9090303@redhat.com> References: <20051206173252.19b2e6d1@collab.cnt.org> <4395CD40.5070400@redhat.com> <43963CC5.2020806@cnt.org> <43964041.9090303@redhat.com> Message-ID: <43965E2C.5070805@cnt.org> Great! That worked. I didn't have the xorg* package installed. Now the console starts. I'm pretty new to Fedora Core 4, so how can I get the directory server to start on boot up? Richard Megginson wrote: > Golden Butler wrote: > >> $JAVA_HOME = /opt/IBMJava2-142 >> >> Downloaded IBM JDK from = >> http://www-128.ibm.com/developerworks/java/jdk/linux140/download.html >> >> Is this right? > > > Yes. But see here, as Thomas suggested - > http://directory.fedora.redhat.com/wiki/FAQ#Exception_in_thread_.22main.22_java.lang.ExceptionInInitializerError > > >> >> Richard Megginson wrote: >> >>> Golden Butler wrote: >>> >>>> Thanks Richard. I tried running the export command like you >>>> suggested, but I still get the same error message. >>> >>> >>> >>> >>> What is your JAVA_HOME setting? Where did you download the IBM JDK >>> from? >>> >>>> >>>> Golden Butler >>>> IT Support >>>> >>>> Center for Neighborhood Technology >>>> 2125 W. North Avenue >>>> Chicago, IL 60647 >>>> >>>> 773-269-4061 >>>> golden at cnt.org >>>> www.cnt.org >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> *From:* Richard Megginson [mailto:rmeggins at redhat.com] >>>> *To:* golden at cnt.org >>>> *Cc:* fedora-directory-users at redhat.com >>>> *Sent:* Tue, 06 Dec 2005 09:03:01 -0600 >>>> *Subject:* Re: [Fedora-directory-users] Cant't Start Console >>>> >>>> Try >>>> export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib >>>> then ./startconsole >>>> does the problem go away? >>>> >>>> Golden Butler wrote: >>>> >>>> > Thanks for the help. I've installed the IBM java kit and >>>> successfully >>>> > exported JAVA_HOME to the install path. >>>> > Now when I run ./startconsole, I get the following error: >>>> > >>>> > Exception in thread "main" java.lang.ExceptionInInitializerError >>>> > at >>>> > >>>> >>>> com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) >>>> >>>> > at >>>> > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown >>>> Source) >>>> > at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) >>>> > at >>>> > >>>> com.netscape.management.client.console.Console.common_init(Unknown >>>> Source) >>>> > at >>>> > com.netscape.management.client.console.Console.(Unknown >>>> Source) >>>> > at com.netscape.management.client.console.Console.main(Unknown >>>> > Source) >>>> > Caused by: java.lang.NullPointerException >>>> > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) >>>> > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) >>>> > at java.lang.Runtime.loadLibrary0(Runtime.java:824) >>>> > at java.lang.System.loadLibrary(System.java:910) >>>> > at >>>> > >>>> sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) >>>> > at java.security.AccessController.doPrivileged1(Native Method) >>>> > at >>>> > >>>> >>>> java.security.AccessController.doPrivileged(AccessController.java:287) >>>> > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) >>>> > at java.awt.Toolkit.(Toolkit.java:1511) >>>> > ... 6 more >>>> > >>>> > Is this error saying something with the Java gui is screwed up? >>>> > >>>> > - Delamatrix >>>> > >>>> > >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> > *From:* Richard Megginson [mailto:rmeggins at redhat.com >>>> ] >>>> > *To:* golden at cnt.org , >>>> General discussion list for the Fedora >>>> > Directory server project. >>>> [mailto:fedora-directory-users at redhat.com >>>> ] >>>> > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 >>>> > *Subject:* Re: [Fedora-directory-users] Cant't Start Console >>>> > >>>> > Golden Butler wrote: >>>> > >>>> > > I've just installed fedora directory server on my fedora >>>> core 4 >>>> > > machine. The installation was a breeze, but when I go to >>>> start the >>>> > > console, I get the following error: >>>> > > >>>> > > ./startconsole: Your JAVA_HOME environment variable is not >>>> set. >>>> > > Please set it appropriately. >>>> > >>>> > export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system >>>> > with the >>>> > RHEL4 IBM 1.4.2 JDK: >>>> > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 >>>> > >>>> > > >>>> > > I've confirmend that I indeed have java run time installed. Is >>>> > there >>>> > > some config somewhere that I need to set or is ignoring? Any >>>> > help or >>>> > > suggestions will be appreciated. Thanks >>>> > > >>>> > > - Delamatrix >>>> > > >>>> > >>>> >>>> >------------------------------------------------------------------------ >>>> >>>> > > >>>> > >-- >>>> > >Fedora-directory-users mailing list >>>> > >Fedora-directory-users at redhat.com >>>> >>>> > >>> ")> >>>> > >https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> > > >>>> > > >>>> > >>>> >> From kevin_myer at iu13.org Wed Dec 7 04:11:27 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Tue, 6 Dec 2005 23:11:27 -0500 Subject: [Fedora-directory-users] moron at the helm - can't coordinate users-groups & padl stuff In-Reply-To: <1133925485.24136.33.camel@lin-workstation.azapple.com> References: <1133925485.24136.33.camel@lin-workstation.azapple.com> Message-ID: <20051206231127.yhmbsytvp7w44oc8@webapps.iu13.org> Quoting Craig White : > This is basic stuff and I could do it easily with openldap and I can see > I am close. I can get what I need from command line ldapsearch and it > works fine. > > RHEL 4 - have run authconfig and my pam.d/system-auth looks like wiki > page for FDS with PAM > > I can tell that the padl stuff (nsswitch.conf and /etc/ldap.conf) is > working because the logs show me that 'cn=Directory Manager' is > attempting to bind but it always returns error=32 (obviously no such > object...which by the way is a lousy error report because obviously this > is about invalid credentials and should return error=49) Is "cn=Directory Manager" really your directory manager account? With OpenLDAP, I've always seen rootdn's like "cn=directory manager, dc=azapple,dc=com", for instance, so depending on how you converted your data, and setup your rootdn in FDS, error=32 is likely correct. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From rmeggins at redhat.com Wed Dec 7 04:49:30 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 06 Dec 2005 21:49:30 -0700 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <43965E2C.5070805@cnt.org> References: <20051206173252.19b2e6d1@collab.cnt.org> <4395CD40.5070400@redhat.com> <43963CC5.2020806@cnt.org> <43964041.9090303@redhat.com> <43965E2C.5070805@cnt.org> Message-ID: <439669DA.3020904@redhat.com> Golden Butler wrote: > Great! That worked. I didn't have the xorg* package installed. Now > the console starts. I'm pretty new to Fedora Core 4, so how can I get > the directory server to start on boot up? http://directory.fedora.redhat.com/wiki/Howto:SysVInit > > Richard Megginson wrote: > >> Golden Butler wrote: >> >>> $JAVA_HOME = /opt/IBMJava2-142 >>> >>> Downloaded IBM JDK from = >>> http://www-128.ibm.com/developerworks/java/jdk/linux140/download.html >>> >>> Is this right? >> >> >> >> Yes. But see here, as Thomas suggested - >> http://directory.fedora.redhat.com/wiki/FAQ#Exception_in_thread_.22main.22_java.lang.ExceptionInInitializerError >> >> >>> >>> Richard Megginson wrote: >>> >>>> Golden Butler wrote: >>>> >>>>> Thanks Richard. I tried running the export command like you >>>>> suggested, but I still get the same error message. >>>> >>>> >>>> >>>> >>>> >>>> What is your JAVA_HOME setting? Where did you download the IBM JDK >>>> from? >>>> >>>>> >>>>> Golden Butler >>>>> IT Support >>>>> >>>>> Center for Neighborhood Technology >>>>> 2125 W. North Avenue >>>>> Chicago, IL 60647 >>>>> >>>>> 773-269-4061 >>>>> golden at cnt.org >>>>> www.cnt.org >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> *From:* Richard Megginson [mailto:rmeggins at redhat.com] >>>>> *To:* golden at cnt.org >>>>> *Cc:* fedora-directory-users at redhat.com >>>>> *Sent:* Tue, 06 Dec 2005 09:03:01 -0600 >>>>> *Subject:* Re: [Fedora-directory-users] Cant't Start Console >>>>> >>>>> Try >>>>> export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib >>>>> then ./startconsole >>>>> does the problem go away? >>>>> >>>>> Golden Butler wrote: >>>>> >>>>> > Thanks for the help. I've installed the IBM java kit and >>>>> successfully >>>>> > exported JAVA_HOME to the install path. >>>>> > Now when I run ./startconsole, I get the following error: >>>>> > >>>>> > Exception in thread "main" >>>>> java.lang.ExceptionInInitializerError >>>>> > at >>>>> > >>>>> >>>>> com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) >>>>> >>>>> > at >>>>> > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown >>>>> Source) >>>>> > at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) >>>>> > at >>>>> > >>>>> >>>>> com.netscape.management.client.console.Console.common_init(Unknown >>>>> Source) >>>>> > at >>>>> > com.netscape.management.client.console.Console.(Unknown >>>>> Source) >>>>> > at com.netscape.management.client.console.Console.main(Unknown >>>>> > Source) >>>>> > Caused by: java.lang.NullPointerException >>>>> > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) >>>>> > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) >>>>> > at java.lang.Runtime.loadLibrary0(Runtime.java:824) >>>>> > at java.lang.System.loadLibrary(System.java:910) >>>>> > at >>>>> > >>>>> sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) >>>>> > at java.security.AccessController.doPrivileged1(Native Method) >>>>> > at >>>>> > >>>>> >>>>> java.security.AccessController.doPrivileged(AccessController.java:287) >>>>> >>>>> > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) >>>>> > at java.awt.Toolkit.(Toolkit.java:1511) >>>>> > ... 6 more >>>>> > >>>>> > Is this error saying something with the Java gui is screwed up? >>>>> > >>>>> > - Delamatrix >>>>> > >>>>> > >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> > *From:* Richard Megginson [mailto:rmeggins at redhat.com >>>>> ] >>>>> > *To:* golden at cnt.org >>>>> , >>>>> General discussion list for the Fedora >>>>> > Directory server project. >>>>> [mailto:fedora-directory-users at redhat.com >>>>> ] >>>>> > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 >>>>> > *Subject:* Re: [Fedora-directory-users] Cant't Start Console >>>>> > >>>>> > Golden Butler wrote: >>>>> > >>>>> > > I've just installed fedora directory server on my fedora >>>>> core 4 >>>>> > > machine. The installation was a breeze, but when I go to >>>>> start the >>>>> > > console, I get the following error: >>>>> > > >>>>> > > ./startconsole: Your JAVA_HOME environment variable is not >>>>> set. >>>>> > > Please set it appropriately. >>>>> > >>>>> > export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system >>>>> > with the >>>>> > RHEL4 IBM 1.4.2 JDK: >>>>> > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 >>>>> > >>>>> > > >>>>> > > I've confirmend that I indeed have java run time >>>>> installed. Is >>>>> > there >>>>> > > some config somewhere that I need to set or is ignoring? Any >>>>> > help or >>>>> > > suggestions will be appreciated. Thanks >>>>> > > >>>>> > > - Delamatrix >>>>> > > >>>>> > >>>>> >>>>> >------------------------------------------------------------------------ >>>>> >>>>> > > >>>>> > >-- >>>>> > >Fedora-directory-users mailing list >>>>> > >Fedora-directory-users at redhat.com >>>>> >>>>> > >>>> ")> >>>>> > >https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> > > >>>>> > > >>>>> > >>>>> >>> > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From golden at cnt.org Wed Dec 7 05:00:31 2005 From: golden at cnt.org (Golden Butler) Date: Tue, 06 Dec 2005 23:00:31 -0600 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <439669DA.3020904@redhat.com> Message-ID: <20051207050031.2b0a64e9@collab.cnt.org> thanks for the link! now excuse me my linux ignorance here, but where do I copy this scripts to, and what do I name them? _____ From: Richard Megginson [mailto:rmeggins at redhat.com] To: Golden Butler [mailto:golden at cnt.org] Cc: fedora-directory-users at redhat.com Sent: Tue, 06 Dec 2005 22:49:30 -0600 Subject: Re: [Fedora-directory-users] Cant't Start Console Golden Butler wrote: > Great! That worked. I didn't have the xorg* package installed. Now > the console starts. I'm pretty new to Fedora Core 4, so how can I get > the directory server to start on boot up? http://directory.fedora.redhat.com/wiki/Howto:SysVInit > > Richard Megginson wrote: > >> Golden Butler wrote: >> >>> $JAVA_HOME = /opt/IBMJava2-142 >>> >>> Downloaded IBM JDK from = >>> http://www-128.ibm.com/developerworks/java/jdk/linux140/download.html >>> >>> Is this right? >> >> >> >> Yes. But see here, as Thomas suggested - >> http://directory.fedora.redhat.com/wiki/FAQ#Exception_in_thread_.22main.22_java.lang.ExceptionInInitializerError >> >> >>> >>> Richard Megginson wrote: >>> >>>> Golden Butler wrote: >>>> >>>>> Thanks Richard. I tried running the export command like you >>>>> suggested, but I still get the same error message. >>>> >>>> >>>> >>>> >>>> >>>> What is your JAVA_HOME setting? Where did you download the IBM JDK >>>> from? >>>> >>>>> >>>>> Golden Butler >>>>> IT Support >>>>> >>>>> Center for Neighborhood Technology >>>>> 2125 W. North Avenue >>>>> Chicago, IL 60647 >>>>> >>>>> 773-269-4061 >>>>> golden at cnt.org >>>>> www.cnt.org >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> *From:* Richard Megginson [mailto:rmeggins at redhat.com] >>>>> *To:* golden at cnt.org >>>>> *Cc:* fedora-directory-users at redhat.com >>>>> *Sent:* Tue, 06 Dec 2005 09:03:01 -0600 >>>>> *Subject:* Re: [Fedora-directory-users] Cant't Start Console >>>>> >>>>> Try >>>>> export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib >>>>> then ./startconsole >>>>> does the problem go away? >>>>> >>>>> Golden Butler wrote: >>>>> >>>>> > Thanks for the help. I've installed the IBM java kit and >>>>> successfully >>>>> > exported JAVA_HOME to the install path. >>>>> > Now when I run ./startconsole, I get the following error: >>>>> > >>>>> > Exception in thread "main" >>>>> java.lang.ExceptionInInitializerError >>>>> > at >>>>> > >>>>> >>>>> com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) >>>>> >>>>> > at >>>>> > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown >>>>> Source) >>>>> > at javax.swing.UIManager.setLookAndFeel(UIManager.java:424) >>>>> > at >>>>> > >>>>> >>>>> com.netscape.management.client.console.Console.common_init(Unknown >>>>> Source) >>>>> > at >>>>> > com.netscape.management.client.console.Console.(Unknown >>>>> Source) >>>>> > at com.netscape.management.client.console.Console.main(Unknown >>>>> > Source) >>>>> > Caused by: java.lang.NullPointerException >>>>> > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) >>>>> > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) >>>>> > at java.lang.Runtime.loadLibrary0(Runtime.java:824) >>>>> > at java.lang.System.loadLibrary(System.java:910) >>>>> > at >>>>> > >>>>> sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) >>>>> > at java.security.AccessController.doPrivileged1(Native Method) >>>>> > at >>>>> > >>>>> >>>>> java.security.AccessController.doPrivileged(AccessController.java:287) >>>>> >>>>> > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) >>>>> > at java.awt.Toolkit.(Toolkit.java:1511) >>>>> > ... 6 more >>>>> > >>>>> > Is this error saying something with the Java gui is screwed up? >>>>> > >>>>> > - Delamatrix >>>>> > >>>>> > >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> > *From:* Richard Megginson [mailto:rmeggins at redhat.com >>>>> ] >>>>> > *To:* golden at cnt.org >>>>> , >>>>> General discussion list for the Fedora >>>>> > Directory server project. >>>>> [mailto:fedora-directory-users at redhat.com >>>>> ] >>>>> > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 >>>>> > *Subject:* Re: [Fedora-directory-users] Cant't Start Console >>>>> > >>>>> > Golden Butler wrote: >>>>> > >>>>> > > I've just installed fedora directory server on my fedora >>>>> core 4 >>>>> > > machine. The installation was a breeze, but when I go to >>>>> start the >>>>> > > console, I get the following error: >>>>> > > >>>>> > > ./startconsole: Your JAVA_HOME environment variable is not >>>>> set. >>>>> > > Please set it appropriately. >>>>> > >>>>> > export JAVA_HOME=/path/to/java e.g. on my Fedora Core 4 system >>>>> > with the >>>>> > RHEL4 IBM 1.4.2 JDK: >>>>> > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 >>>>> > >>>>> > > >>>>> > > I've confirmend that I indeed have java run time >>>>> installed. Is >>>>> > there >>>>> > > some config somewhere that I need to set or is ignoring? Any >>>>> > help or >>>>> > > suggestions will be appreciated. Thanks >>>>> > > >>>>> > > - Delamatrix >>>>> > > >>>>> > >>>>> >>>>> >------------------------------------------------------------------------ >>>>> >>>>> > > >>>>> > >-- >>>>> > >Fedora-directory-users mailing list >>>>> > >Fedora-directory-users at redhat.com >>>>> >>>>> > >>>> ")> >>>>> > >https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> > > >>>>> > > >>>>> > >>>>> >>> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mj at sci.fi Wed Dec 7 05:20:29 2005 From: mj at sci.fi (Mike Jackson) Date: Wed, 07 Dec 2005 07:20:29 +0200 Subject: [Fedora-directory-users] Re: a little bit of samba confusion In-Reply-To: <20051206184435.B21032@lacrosse.corp.redhat.com> References: <20051204170004.3783973194@hormel.redhat.com> <20051206184435.B21032@lacrosse.corp.redhat.com> Message-ID: <4396711D.2050306@sci.fi> Steven Bonneville wrote: > Craig White wrote: > >>First, imported nearly my entire openldap structure...but couldn't >>import this record >> >>dn: sambaDomainName=AZAPPLE,dc=azapple,dc=com >>objectClass: sambaDomain >>sambaDomainName: AZAPPLE >>sambaSID: S-1-5-21-1423820788-2381578139-3444021595 >>sambaAlgorithmicRidBase: 1000 >> >>Easy enough to recreate in console but didn't understand the error... >>[03/Dec/2005:11:24:28 -0700] - Entry >>"sambaDomainName=AZAPPLE,dc=azapple,dc=com" -- attribute "objectClass" >>not allowed > > > The samba.schema file was converted with a tool that doesn't avoid > the "overly picky schema parsing" bug (#170791). You can try the > new schema conversion script on the website to see if it handles > this, or for samba.schema the workaround > > ./ol-schema-migrate.pl samba.schema | grep -v DESC > 61samba.ldif > Hi, The `grep -v DESC' is not necessary now. I have fixed that script just two days ago to work with the overly picky schema parser :-) Note that I changed the url on the wiki to point to my web server, since I am not allowed to upload files to the fedora webserver itself. -- mike From pete at openrowley.com Wed Dec 7 08:11:28 2005 From: pete at openrowley.com (Pete Rowley) Date: Wed, 07 Dec 2005 00:11:28 -0800 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <20051207050031.2b0a64e9@collab.cnt.org> References: <20051207050031.2b0a64e9@collab.cnt.org> Message-ID: <1133943088.2904.8.camel@slop> On Tue, 2005-12-06 at 23:00 -0600, Golden Butler wrote: > thanks for the link! now excuse me my linux ignorance here, but where > do I copy this scripts to /etc/init.d/ > , and what do I name them? naming them as they appear in the url without the -ini.d would make sense. Something like: fedora-ds fedora-ds-admin to start the services: /etc/init.d/fedora-ds start /etc/init.d/fedora-ds-admin start or leave off the start option to see what else you can do. To have the servers start on boot do: /sbin/chkconfig --add fedora-ds /sbin/chkconfig --add fedora-ds-admin > > ______________________________________________________________ > From: Richard Megginson [mailto:rmeggins at redhat.com] > To: Golden Butler [mailto:golden at cnt.org] > Cc: fedora-directory-users at redhat.com > Sent: Tue, 06 Dec 2005 22:49:30 -0600 > Subject: Re: [Fedora-directory-users] Cant't Start Console > > Golden Butler wrote: > > > Great! That worked. I didn't have the xorg* package > installed. Now > > the console starts. I'm pretty new to Fedora Core 4, so how > can I get > > the directory server to start on boot up? > > http://directory.fedora.redhat.com/wiki/Howto:SysVInit > > > > > Richard Megginson wrote: > > > >> Golden Butler wrote: > >> > >>> $JAVA_HOME = /opt/IBMJava2-142 > >>> > >>> Downloaded IBM JDK from = > >>> > http://www-128.ibm.com/developerworks/java/jdk/linux140/download.html > >>> > >>> Is this right? > >> > >> > >> > >> Yes. But see here, as Thomas suggested - > >> > http://directory.fedora.redhat.com/wiki/FAQ#Exception_in_thread_.22main.22_java.lang.ExceptionInInitializerError > >> > >> > >>> > >>> Richard Megginson wrote: > >>> > >>>> Golden Butler wrote: > >>>> > >>>>> Thanks Richard. I tried running the export command like > you > >>>>> suggested, but I still get the same error message. > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> What is your JAVA_HOME setting? Where did you download > the IBM JDK > >>>> from? > >>>> > >>>>> > >>>>> Golden Butler > >>>>> IT Support > >>>>> > >>>>> Center for Neighborhood Technology > >>>>> 2125 W. North Avenue > >>>>> Chicago, IL 60647 > >>>>> > >>>>> 773-269-4061 > >>>>> golden at cnt.org > >>>>> www.cnt.org > >>>>> > >>>>> > >>>>> > ------------------------------------------------------------------------ > >>>>> > >>>>> *From:* Richard Megginson [mailto:rmeggins at redhat.com] > >>>>> *To:* golden at cnt.org > >>>>> *Cc:* fedora-directory-users at redhat.com > >>>>> *Sent:* Tue, 06 Dec 2005 09:03:01 -0600 > >>>>> *Subject:* Re: [Fedora-directory-users] Cant't Start > Console > >>>>> > >>>>> Try > >>>>> export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib > >>>>> then ./startconsole > >>>>> does the problem go away? > >>>>> > >>>>> Golden Butler wrote: > >>>>> > >>>>> > Thanks for the help. I've installed the IBM java kit > and > >>>>> successfully > >>>>> > exported JAVA_HOME to the install path. > >>>>> > Now when I run ./startconsole, I get the following > error: > >>>>> > > >>>>> > Exception in thread "main" > >>>>> java.lang.ExceptionInInitializerError > >>>>> > at > >>>>> > > >>>>> > >>>>> > com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) > >>>>> > >>>>> > at > >>>>> > > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown > >>>>> Source) > >>>>> > at > javax.swing.UIManager.setLookAndFeel(UIManager.java:424) > >>>>> > at > >>>>> > > >>>>> > >>>>> > com.netscape.management.client.console.Console.common_init(Unknown > >>>>> Source) > >>>>> > at > >>>>> > > com.netscape.management.client.console.Console.(Unknown > >>>>> Source) > >>>>> > at > com.netscape.management.client.console.Console.main(Unknown > >>>>> > Source) > >>>>> > Caused by: java.lang.NullPointerException > >>>>> > at > java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) > >>>>> > at > java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) > >>>>> > at java.lang.Runtime.loadLibrary0(Runtime.java:824) > >>>>> > at java.lang.System.loadLibrary(System.java:910) > >>>>> > at > >>>>> > > >>>>> > sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) > >>>>> > at java.security.AccessController.doPrivileged1(Native > Method) > >>>>> > at > >>>>> > > >>>>> > >>>>> > java.security.AccessController.doPrivileged(AccessController.java:287) > >>>>> > >>>>> > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) > >>>>> > at java.awt.Toolkit.(Toolkit.java:1511) > >>>>> > ... 6 more > >>>>> > > >>>>> > Is this error saying something with the Java gui is > screwed up? > >>>>> > > >>>>> > - Delamatrix > >>>>> > > >>>>> > > >>>>> > >>>>> > ------------------------------------------------------------------------ > >>>>> > >>>>> > *From:* Richard Megginson [mailto:rmeggins at redhat.com > >>>>> ] > >>>>> > *To:* golden at cnt.org > >>>>> , > >>>>> General discussion list for the Fedora > >>>>> > Directory server project. > >>>>> [mailto:fedora-directory-users at redhat.com > >>>>> > ] > >>>>> > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 > >>>>> > *Subject:* Re: [Fedora-directory-users] Cant't Start > Console > >>>>> > > >>>>> > Golden Butler wrote: > >>>>> > > >>>>> > > I've just installed fedora directory server on my > fedora > >>>>> core 4 > >>>>> > > machine. The installation was a breeze, but when I > go to > >>>>> start the > >>>>> > > console, I get the following error: > >>>>> > > > >>>>> > > ./startconsole: Your JAVA_HOME environment variable > is not > >>>>> set. > >>>>> > > Please set it appropriately. > >>>>> > > >>>>> > export JAVA_HOME=/path/to/java e.g. on my Fedora Core > 4 system > >>>>> > with the > >>>>> > RHEL4 IBM 1.4.2 JDK: > >>>>> > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 > >>>>> > > >>>>> > > > >>>>> > > I've confirmend that I indeed have java run time > >>>>> installed. Is > >>>>> > there > >>>>> > > some config somewhere that I need to set or is > ignoring? Any > >>>>> > help or > >>>>> > > suggestions will be appreciated. Thanks > >>>>> > > > >>>>> > > - Delamatrix > >>>>> > > > >>>>> > > >>>>> > >>>>> > >------------------------------------------------------------------------ > >>>>> > >>>>> > > > >>>>> > >-- > >>>>> > >Fedora-directory-users mailing list > >>>>> > >Fedora-directory-users at redhat.com > >>>>> > > >>>>> > > >>>>> > ")> > >>>>> > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>> > > > >>>>> > > > >>>>> > > >>>>> > >>> > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From taymour.elerian at tedata.net Wed Dec 7 10:00:06 2005 From: taymour.elerian at tedata.net (Taymour A. El Erian) Date: Wed, 07 Dec 2005 12:00:06 +0200 Subject: [Fedora-directory-users] FDS 1.0 console problem In-Reply-To: <439472F8.40901@redhat.com> References: <43940A2E.5040305@tedata.net> <439472F8.40901@redhat.com> Message-ID: <4396B2A6.5040609@tedata.net> Richard Megginson wrote: > Where is your Apache binary? Is it /usr/sbin/httpd.worker? If you do > ldd /usr/bin/httpd.worker, do you see a link to libldap? > Here it is ldd /usr/sbin/httpd.worker |grep ldap libldap.so.2 => //usr/lib/libldap.so.2 (0x001fd000) > Taymour A. El Erian wrote: > >> Hi, >> >> I have just downloaded FDS 1.0 to my FC2 box for testing (thinking >> of moving from OpenLDAP). I started the setup (tried the 3 modes) and >> finished the installation but unfortunately I am unable to login to the >> console and I have the following errors in the log >> >> [Mon Dec 05 11:20:02 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :148841712 >> [Mon Dec 05 11:20:02 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:20:10 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :145712368 >> [Mon Dec 05 11:20:10 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:20:11 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :156321008 >> [Mon Dec 05 11:20:11 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:20:12 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :141018352 >> [Mon Dec 05 11:20:12 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:20:13 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :144086256 >> [Mon Dec 05 11:20:13 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:20:14 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :163882224 >> [Mon Dec 05 11:20:14 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:20:16 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :161109232 >> [Mon Dec 05 11:20:16 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:20:45 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :144094448 >> [Mon Dec 05 11:20:45 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:20:47 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :152855792 >> [Mon Dec 05 11:20:47 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:20:49 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :163517680 >> [Mon Dec 05 11:20:49 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:21:37 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :145147120 >> [Mon Dec 05 11:21:37 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:21:55 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :152823024 >> [Mon Dec 05 11:21:55 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:21:56 2005] [crit] openLDAPConnection(): ldap_set_option >> failed to disable cache for :152845528 >> [Mon Dec 05 11:21:56 2005] [warn] Unable to open initial LDAPConnection >> to populate LocalAdmin tasks into cache. >> [Mon Dec 05 11:21:56 2005] [notice] Apache/2.0 configured -- resuming >> normal operations >> [Mon Dec 05 11:22:39 2005] [notice] [client 212.103.165.84] >> admserv_host_ip_check: Unauthorized host ip=xxx.xxx.xxx.xxx connection >> rejected >> >> xxx.xxx.xxx.xxx is my ip address (both the server and console run on it) >> >> Any help ? >> >> >> >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Taymour A El Erian System Division Manager RHCE, LPIC, CCNA, MCSE, CNA TE Data E-mail: taymour.elerian at tedata.net Web: www.tedata.net Tel: +(202)-4166600 Fax: +(202)-4166700 Ext: 1101 From hartmut.woehrle at mail.pcom.de Wed Dec 7 10:55:05 2005 From: hartmut.woehrle at mail.pcom.de (hartmut.woehrle at mail.pcom.de) Date: Wed, 7 Dec 2005 11:55:05 +0100 (CET) Subject: [Fedora-directory-users] Windows NT4 Password Sync Problem Message-ID: <6159.193.135.75.131.1133952905.squirrel@webmail.pcom.de> Hallo everyone, so now the Winsync from NT4 PDC -> FDS works fine (thanks to all) And now the next step gives me a problem. I do the Password sync without SSL connection (only one problem at a time). The setup should be correct: Windows Reg entry: (Default) (value not set) Cert Token "" Hostname "192.168.1.55" Install Path "C:\Program Files\Red....." Password "guessmypw" Password Field "userpassword" Port Number "389" Search Base "ou=People,dc=daheim,dc=weil" User Name "uid=useradmin,ou=Special Users,dc=daheim,dc=weil" User Name Field "ntuserdomainid" the bind user has the aci's to change all values in the user tree But I recive the following error at the PDC: "The description for event (105) in source (Password Synchronization Service) could not be found. It contains the following insertion string(s):." So in fact nothing happens :( At the FDS logs I don't see anything, so there seems no communication between ADS and FDS. The same as a question from RE: [Fedora-directory-users] AD sync from Darjo Gregoric at Thu, 3 Nov 2005 Is there anything missing in the setup? Or is something wrong in the Password Sync Programm. And how should the log at the FDS look like (error log set to "Replication")? CU Hartmut From ryan.ordway at oregonstate.edu Tue Dec 6 22:45:32 2005 From: ryan.ordway at oregonstate.edu (Ryan Ordway) Date: Tue, 06 Dec 2005 14:45:32 -0800 Subject: [Fedora-directory-users] MD5 passwords for FDS Message-ID: <1133909132.11486.173.camel@vodka.library.oregonstate.edu> Any ideas when the MD5 password handling code will be in the distributed binaries? I'm considering migrating from OpenLDAP to FDS, but I've got some users with MD5 passwords that I would need to be able to handle. Thanks, Ryan -- Ryan Ordway E-mail: ryan.ordway at oregonstate.edu Unix Systems Administrator rordway at library.oregonstate.edu Oregon State University Libraries 121 The Valley Library Office: The Valley Library #4657 Corvallis, OR 97331 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From ktemp at ensenda.com Wed Dec 7 01:08:49 2005 From: ktemp at ensenda.com (Kevin M. Goess) Date: Tue, 6 Dec 2005 17:08:49 -0800 Subject: [Fedora-directory-users] Re: Fedora-directory-users Digest, Vol 7, Issue 15 In-Reply-To: <20051206213318.34FE573266@hormel.redhat.com> References: <20051206213318.34FE573266@hormel.redhat.com> Message-ID: <200512061708.49912.ktemp@ensenda.com> On Tuesday 06 December 2005 01:33 pm, fedora-directory-users-request at redhat.com wrote: > This is a permissions problem. ?Did you use the same user for the > directory server as for the admin server? Nope, I used ldap for the directory server, which seems to work fine, and was trying to use 'ldapas' for the admin server. > What's in the file /tmp/file2dDMoZ? $ ls -lF /tmp/file2dDMoZ -rw-r--r-- 1 root root 0 Dec 6 13:12 /tmp/file2dDMoZ An empty file, owned by root. > What is the output of > ls -l admin-serv/config > ? $ ls -al admin-serv/config/ total 60 drwxr-xr-x 2 ldapas ldapas 4096 2005-12-06 16:59 . drwxr-xr-x 6 ldapas ldapas 4096 2005-12-06 16:59 .. -rw------- 1 ldapas root 347 2005-12-06 16:59 adm.conf -rw------- 1 ldapas ldapas 39 2005-12-06 16:59 admpw -rw------- 1 ldapas root 3537 2005-12-06 16:59 admserv.conf -rw------- 1 ldapas root 3722 2005-12-06 16:59 console.conf -rw------- 1 ldapas root 26608 2005-12-06 16:59 httpd.conf -rw------- 1 ldapas root 4573 2005-12-06 16:59 nss.conf > >On a side note, is there any reason not to use the standard redhat > >"ldap" user > >instead of "nobody" for the default suggested slapd user? > > You should be able to use "ldap". > > >My impression was > >that "nobody" should not own any files on the filesystem. Then would this be the place to suggest making the suggested default "ldap" intead of "nobody"? I know at least one sysadmin who would be saved the trouble of pulling out his hair in handfuls when he saw important system files owned by the "nobody" user. -- Kevin M. Goess (415) 277-2079 Ensenda, Inc. From billy at elec.gla.ac.uk Wed Dec 7 13:36:27 2005 From: billy at elec.gla.ac.uk (Billy Allan) Date: Wed, 7 Dec 2005 13:36:27 +0000 Subject: [Fedora-directory-users] Integration with Apple's OpenDirectory Message-ID: <20051207133627.GE6549@elec.gla.ac.uk> Hi, I'm looking to use FD as our main LDAP server - with Active Directory for windows clients and OpenDirectory for Apple clients. I was wondering if anyone had tried integration with Apple's software as I couldn't see anything in the docs or on the list? If anyone has - any tips/pointers/pitfalls? Billy. From nkinder at redhat.com Wed Dec 7 14:17:52 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 07 Dec 2005 06:17:52 -0800 Subject: [Fedora-directory-users] Windows NT4 Password Sync Problem In-Reply-To: <6159.193.135.75.131.1133952905.squirrel@webmail.pcom.de> References: <6159.193.135.75.131.1133952905.squirrel@webmail.pcom.de> Message-ID: <4396EF10.5050500@redhat.com> hartmut.woehrle at mail.pcom.de wrote: >Hallo everyone, > >so now the Winsync from NT4 PDC -> FDS works fine (thanks to all) > >And now the next step gives me a problem. >I do the Password sync without SSL connection (only one problem at a time). > > The PassSync service requires SSL. If you take a look at the passsync.log file, it should have an error about your SSL config. -NGK >The setup should be correct: > >Windows Reg entry: >(Default) (value not set) >Cert Token "" >Hostname "192.168.1.55" >Install Path "C:\Program Files\Red....." >Password "guessmypw" >Password Field "userpassword" >Port Number "389" >Search Base "ou=People,dc=daheim,dc=weil" >User Name "uid=useradmin,ou=Special Users,dc=daheim,dc=weil" >User Name Field "ntuserdomainid" > >the bind user has the aci's to change all values in the user tree >But I recive the following error at the PDC: > >"The description for event (105) in source (Password Synchronization >Service) could not be found. It contains the following insertion >string(s):." > >So in fact nothing happens :( >At the FDS logs I don't see anything, so there seems no communication >between ADS and FDS. The same as a question from > >RE: [Fedora-directory-users] AD sync >from Darjo Gregoric at Thu, 3 Nov 2005 > >Is there anything missing in the setup? Or is something wrong in the >Password Sync Programm. And how should the log at the FDS look like (error >log set to "Replication")? > >CU >Hartmut > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Dec 7 15:01:37 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 07 Dec 2005 08:01:37 -0700 Subject: [Fedora-directory-users] Re: Fedora-directory-users Digest, Vol 7, Issue 15 In-Reply-To: <200512061708.49912.ktemp@ensenda.com> References: <20051206213318.34FE573266@hormel.redhat.com> <200512061708.49912.ktemp@ensenda.com> Message-ID: <4396F951.4000400@redhat.com> Kevin M. Goess wrote: >On Tuesday 06 December 2005 01:33 pm, >fedora-directory-users-request at redhat.com wrote: > > >>This is a permissions problem. Did you use the same user for the >>directory server as for the admin server? >> >> > >Nope, I used ldap for the directory server, which seems to work fine, and was >trying to use 'ldapas' for the admin server. > > Right now you have to use the same user for both the directory server and the admin server. > > >>What's in the file /tmp/file2dDMoZ? >> >> > >$ ls -lF /tmp/file2dDMoZ >-rw-r--r-- 1 root root 0 Dec 6 13:12 /tmp/file2dDMoZ > >An empty file, owned by root. > > > > >>What is the output of >>ls -l admin-serv/config >>? >> >> > >$ ls -al admin-serv/config/ >total 60 >drwxr-xr-x 2 ldapas ldapas 4096 2005-12-06 16:59 . >drwxr-xr-x 6 ldapas ldapas 4096 2005-12-06 16:59 .. >-rw------- 1 ldapas root 347 2005-12-06 16:59 adm.conf >-rw------- 1 ldapas ldapas 39 2005-12-06 16:59 admpw >-rw------- 1 ldapas root 3537 2005-12-06 16:59 admserv.conf >-rw------- 1 ldapas root 3722 2005-12-06 16:59 console.conf >-rw------- 1 ldapas root 26608 2005-12-06 16:59 httpd.conf >-rw------- 1 ldapas root 4573 2005-12-06 16:59 nss.conf > > Hmm - that looks correct. If ldapas is the uid of the admin server, then it should be able to create the file local.conf in that directory. > > > >>>On a side note, is there any reason not to use the standard redhat >>>"ldap" user >>>instead of "nobody" for the default suggested slapd user? >>> >>> >>You should be able to use "ldap". >> >> >> >>>My impression was >>>that "nobody" should not own any files on the filesystem. >>> >>> > >Then would this be the place to suggest making the suggested default "ldap" >intead of "nobody"? I know at least one sysadmin who would be saved the >trouble of pulling out his hair in handfuls when he saw important system >files owned by the "nobody" user. > > We will be addressing this in the next major release. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Wed Dec 7 15:01:41 2005 From: craigwhite at azapple.com (Craig White) Date: Wed, 07 Dec 2005 08:01:41 -0700 Subject: [Fedora-directory-users] moron at the helm - can't coordinate users-groups & padl stuff In-Reply-To: <20051206231127.yhmbsytvp7w44oc8@webapps.iu13.org> References: <1133925485.24136.33.camel@lin-workstation.azapple.com> <20051206231127.yhmbsytvp7w44oc8@webapps.iu13.org> Message-ID: <1133967701.25110.15.camel@lin-workstation.azapple.com> On Tue, 2005-12-06 at 23:11 -0500, Kevin M. Myer wrote: > Quoting Craig White : > > > This is basic stuff and I could do it easily with openldap and I can see > > I am close. I can get what I need from command line ldapsearch and it > > works fine. > > > > RHEL 4 - have run authconfig and my pam.d/system-auth looks like wiki > > page for FDS with PAM > > > > I can tell that the padl stuff (nsswitch.conf and /etc/ldap.conf) is > > working because the logs show me that 'cn=Directory Manager' is > > attempting to bind but it always returns error=32 (obviously no such > > object...which by the way is a lousy error report because obviously this > > is about invalid credentials and should return error=49) > > Is "cn=Directory Manager" really your directory manager account? With > OpenLDAP, I've always seen rootdn's like "cn=directory manager, > dc=azapple,dc=com", for instance, so depending on how you converted > your data, and setup your rootdn in FDS, error=32 is likely correct. ---- You could be right on this but this is a 2nd install and not my home setup and not converted from openldap but an entirely new setup. # ldapsearch -x -h localhost -b "dc=clsurvey,dc=com" \ -D "cn=Directory Manager" -W '(uid=jim)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope sub # filter: (uid=jim) # requesting: ALL # # jim, People, Accounts, clsurvey.com dn: uid=jim,ou=People,ou=Accounts,dc=clsurvey,dc=com <> # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 but /etc/ldap.conf that has... # cat /etc/ldap.conf # host 127.0.0.1 base dc=clsurvey,dc=com rootbinddn "cn=Directory Manager" nss_base_passwd ou=People,ou=Accounts,dc=clsurvey,dc=com?one nss_base_passwd ou=Computers,ou=Accounts,dc=clsurvey,dc=com?one nss_base_shadow ou=People,ou=Accounts,dc=clsurvey,dc=com?one nss_base_group ou=Groups,dc=clsurvey,dc=com?one and /etc/ldap.secret with the same password that I type in response to the credential request in my ldapsearch command above should work. Instead the logs show... ### ldapsearch ### [07/Dec/2005:07:42:05 -0700] conn=185 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [07/Dec/2005:07:42:05 -0700] conn=185 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [07/Dec/2005:07:42:05 -0700] conn=185 op=1 SRCH base="dc=clsurvey,dc=com" scope=2 filter="(uid=jim)" attrs=ALL [07/Dec/2005:07:42:05 -0700] conn=185 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [07/Dec/2005:07:42:05 -0700] conn=185 op=2 UNBIND ### getent passwd ### [07/Dec/2005:07:46:53 -0700] conn=186 op=0 BIND dn="\22cn=Directory Manager\22" method=128 version=3 [07/Dec/2005:07:46:53 -0700] conn=186 op=0 RESULT err=32 tag=97 nentries=0 etime=0 [07/Dec/2005:07:46:53 -0700] conn=186 op=1 UNBIND Which turned out that it was the quotation marks around the rootbinddn value in /etc/ldap.conf - the log viewer in the console didn't reveal that issue but the plain text version of the logs made it clear to me. (The console simply showed 2 sets of double quotes). Thanks Craig From rmeggins at redhat.com Wed Dec 7 15:08:33 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 07 Dec 2005 08:08:33 -0700 Subject: [Fedora-directory-users] FDS 1.0 console problem In-Reply-To: <4396B2A6.5040609@tedata.net> References: <43940A2E.5040305@tedata.net> <439472F8.40901@redhat.com> <4396B2A6.5040609@tedata.net> Message-ID: <4396FAF1.4050808@redhat.com> Hmm - can you post your /opt/fedora-ds/start-admin script? Taymour A. El Erian wrote: >Richard Megginson wrote: > > > >>Where is your Apache binary? Is it /usr/sbin/httpd.worker? If you do >>ldd /usr/bin/httpd.worker, do you see a link to libldap? >> >> >> >Here it is > >ldd /usr/sbin/httpd.worker |grep ldap >libldap.so.2 => //usr/lib/libldap.so.2 (0x001fd000) > > > > >>Taymour A. El Erian wrote: >> >> >> >>>Hi, >>> >>> I have just downloaded FDS 1.0 to my FC2 box for testing (thinking >>>of moving from OpenLDAP). I started the setup (tried the 3 modes) and >>>finished the installation but unfortunately I am unable to login to the >>>console and I have the following errors in the log >>> >>>[Mon Dec 05 11:20:02 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :148841712 >>>[Mon Dec 05 11:20:02 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:20:10 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :145712368 >>>[Mon Dec 05 11:20:10 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:20:11 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :156321008 >>>[Mon Dec 05 11:20:11 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:20:12 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :141018352 >>>[Mon Dec 05 11:20:12 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:20:13 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :144086256 >>>[Mon Dec 05 11:20:13 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:20:14 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :163882224 >>>[Mon Dec 05 11:20:14 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:20:16 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :161109232 >>>[Mon Dec 05 11:20:16 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:20:45 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :144094448 >>>[Mon Dec 05 11:20:45 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:20:47 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :152855792 >>>[Mon Dec 05 11:20:47 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:20:49 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :163517680 >>>[Mon Dec 05 11:20:49 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:21:37 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :145147120 >>>[Mon Dec 05 11:21:37 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:21:55 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :152823024 >>>[Mon Dec 05 11:21:55 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:21:56 2005] [crit] openLDAPConnection(): ldap_set_option >>>failed to disable cache for :152845528 >>>[Mon Dec 05 11:21:56 2005] [warn] Unable to open initial LDAPConnection >>>to populate LocalAdmin tasks into cache. >>>[Mon Dec 05 11:21:56 2005] [notice] Apache/2.0 configured -- resuming >>>normal operations >>>[Mon Dec 05 11:22:39 2005] [notice] [client 212.103.165.84] >>>admserv_host_ip_check: Unauthorized host ip=xxx.xxx.xxx.xxx connection >>>rejected >>> >>>xxx.xxx.xxx.xxx is my ip address (both the server and console run on it) >>> >>>Any help ? >>> >>> >>> >>> >>> >>------------------------------------------------------------------------ >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From taymour.elerian at tedata.net Wed Dec 7 15:18:09 2005 From: taymour.elerian at tedata.net (Taymour A. El Erian) Date: Wed, 07 Dec 2005 17:18:09 +0200 Subject: [Fedora-directory-users] FDS 1.0 console problem In-Reply-To: <4396FAF1.4050808@redhat.com> References: <43940A2E.5040305@tedata.net> <439472F8.40901@redhat.com> <4396B2A6.5040609@tedata.net> <4396FAF1.4050808@redhat.com> Message-ID: <4396FD31.6010609@tedata.net> Richard Megginson wrote: > Hmm - can you post your /opt/fedora-ds/start-admin script? Here is the script SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT unset PASSWORD_PIPE LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export LD_LIBRARY_PATH LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; export LIBPATH SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH HTTPD=/usr/sbin//httpd.worker # see if httpd is linked with the openldap libraries - we need to override them OS=`uname -s` if [ $OS = "Linux" ]; then hasol=0 /usr/bin/ldd $HTTPD 2>&1 | grep libldap- > /dev/null 2>&1 && hasol=1 if [ $hasol -eq 1 ] ; then LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so ${SERVER_ROOT}/bin/admin/lib/libldap50.so" export LD_PRELOAD fi fi $HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf "$@" > > Taymour A. El Erian wrote: > >> Richard Megginson wrote: >> >> >> >>> Where is your Apache binary? Is it /usr/sbin/httpd.worker? If you do >>> ldd /usr/bin/httpd.worker, do you see a link to libldap? >>> >>> >> >> Here it is >> >> ldd /usr/sbin/httpd.worker |grep ldap >> libldap.so.2 => //usr/lib/libldap.so.2 (0x001fd000) >> >> >> >> >>> Taymour A. El Erian wrote: >>> >>> >>> >>>> Hi, >>>> >>>> I have just downloaded FDS 1.0 to my FC2 box for testing (thinking >>>> of moving from OpenLDAP). I started the setup (tried the 3 modes) and >>>> finished the installation but unfortunately I am unable to login to >>>> the >>>> console and I have the following errors in the log >>>> >>>> [Mon Dec 05 11:20:02 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :148841712 >>>> [Mon Dec 05 11:20:02 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:20:10 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :145712368 >>>> [Mon Dec 05 11:20:10 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:20:11 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :156321008 >>>> [Mon Dec 05 11:20:11 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:20:12 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :141018352 >>>> [Mon Dec 05 11:20:12 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:20:13 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :144086256 >>>> [Mon Dec 05 11:20:13 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:20:14 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :163882224 >>>> [Mon Dec 05 11:20:14 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:20:16 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :161109232 >>>> [Mon Dec 05 11:20:16 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:20:45 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :144094448 >>>> [Mon Dec 05 11:20:45 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:20:47 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :152855792 >>>> [Mon Dec 05 11:20:47 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:20:49 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :163517680 >>>> [Mon Dec 05 11:20:49 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:21:37 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :145147120 >>>> [Mon Dec 05 11:21:37 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:21:55 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :152823024 >>>> [Mon Dec 05 11:21:55 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:21:56 2005] [crit] openLDAPConnection(): >>>> ldap_set_option >>>> failed to disable cache for :152845528 >>>> [Mon Dec 05 11:21:56 2005] [warn] Unable to open initial >>>> LDAPConnection >>>> to populate LocalAdmin tasks into cache. >>>> [Mon Dec 05 11:21:56 2005] [notice] Apache/2.0 configured -- resuming >>>> normal operations >>>> [Mon Dec 05 11:22:39 2005] [notice] [client 212.103.165.84] >>>> admserv_host_ip_check: Unauthorized host ip=xxx.xxx.xxx.xxx connection >>>> rejected >>>> >>>> xxx.xxx.xxx.xxx is my ip address (both the server and console run >>>> on it) >>>> >>>> Any help ? >>>> >>>> >>>> >>>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> >> >> >> >> >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Taymour A El Erian System Division Manager RHCE, LPIC, CCNA, MCSE, CNA TE Data E-mail: taymour.elerian at tedata.net Web: www.tedata.net Tel: +(202)-4166600 Fax: +(202)-4166700 Ext: 1101 From rmeggins at redhat.com Wed Dec 7 15:26:48 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 07 Dec 2005 08:26:48 -0700 Subject: [Fedora-directory-users] FDS 1.0 console problem In-Reply-To: <4396FD31.6010609@tedata.net> References: <43940A2E.5040305@tedata.net> <439472F8.40901@redhat.com> <4396B2A6.5040609@tedata.net> <4396FAF1.4050808@redhat.com> <4396FD31.6010609@tedata.net> Message-ID: <4396FF38.2040805@redhat.com> Ok, that's the problem. You need to edit your start-admin script. See below inline: Taymour A. El Erian wrote: >Richard Megginson wrote: > > > >>Hmm - can you post your /opt/fedora-ds/start-admin script? >> >> > > >Here is the script > >SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT >NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT >ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT > >unset PASSWORD_PIPE > >LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export >LD_LIBRARY_PATH >LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; >export LIBPATH >SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH > >NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME >PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH > >HTTPD=/usr/sbin//httpd.worker > ># see if httpd is linked with the openldap libraries - we need to >override them >OS=`uname -s` >if [ $OS = "Linux" ]; then > hasol=0 > > /usr/bin/ldd $HTTPD 2>&1 | grep libldap- > /dev/null 2>&1 && hasol=1 > > Change "libldap-" to "libldap" in the above line. > if [ $hasol -eq 1 ] ; then > LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so >${SERVER_ROOT}/bin/admin/lib/libldap50.so" > export LD_PRELOAD > fi >fi > >$HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf "$@" > > The problem is that the Apache binary is linked with the openldap libraries. Our admin server module is linked with the moz ldap sdk which is included with FDS. Unfortunately, without the LD_PRELOAD, the admin server module resolves those ldap symbols from the ol libs linked into Apache. Q: So, why not just use the openldap libs? A: Because we require the use of NSS for crypto. openldap does not support NSS. > > >>Taymour A. El Erian wrote: >> >> >> >>>Richard Megginson wrote: >>> >>> >>> >>> >>> >>>>Where is your Apache binary? Is it /usr/sbin/httpd.worker? If you do >>>>ldd /usr/bin/httpd.worker, do you see a link to libldap? >>>> >>>> >>>> >>>> >>>Here it is >>> >>>ldd /usr/sbin/httpd.worker |grep ldap >>>libldap.so.2 => //usr/lib/libldap.so.2 (0x001fd000) >>> >>> >>> >>> >>> >>> >>>>Taymour A. El Erian wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Hi, >>>>> >>>>> I have just downloaded FDS 1.0 to my FC2 box for testing (thinking >>>>>of moving from OpenLDAP). I started the setup (tried the 3 modes) and >>>>>finished the installation but unfortunately I am unable to login to >>>>>the >>>>>console and I have the following errors in the log >>>>> >>>>>[Mon Dec 05 11:20:02 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :148841712 >>>>>[Mon Dec 05 11:20:02 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:10 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :145712368 >>>>>[Mon Dec 05 11:20:10 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:11 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :156321008 >>>>>[Mon Dec 05 11:20:11 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:12 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :141018352 >>>>>[Mon Dec 05 11:20:12 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:13 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :144086256 >>>>>[Mon Dec 05 11:20:13 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:14 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :163882224 >>>>>[Mon Dec 05 11:20:14 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:16 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :161109232 >>>>>[Mon Dec 05 11:20:16 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:45 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :144094448 >>>>>[Mon Dec 05 11:20:45 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:47 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :152855792 >>>>>[Mon Dec 05 11:20:47 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:49 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :163517680 >>>>>[Mon Dec 05 11:20:49 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:21:37 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :145147120 >>>>>[Mon Dec 05 11:21:37 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:21:55 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :152823024 >>>>>[Mon Dec 05 11:21:55 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:21:56 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :152845528 >>>>>[Mon Dec 05 11:21:56 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:21:56 2005] [notice] Apache/2.0 configured -- resuming >>>>>normal operations >>>>>[Mon Dec 05 11:22:39 2005] [notice] [client 212.103.165.84] >>>>>admserv_host_ip_check: Unauthorized host ip=xxx.xxx.xxx.xxx connection >>>>>rejected >>>>> >>>>>xxx.xxx.xxx.xxx is my ip address (both the server and console run >>>>>on it) >>>>> >>>>>Any help ? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>------------------------------------------------------------------------ >>>> >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users at redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>> >>------------------------------------------------------------------------ >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Dec 7 15:29:20 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 07 Dec 2005 08:29:20 -0700 Subject: [Fedora-directory-users] FDS 1.0 console problem In-Reply-To: <4396FD31.6010609@tedata.net> References: <43940A2E.5040305@tedata.net> <439472F8.40901@redhat.com> <4396B2A6.5040609@tedata.net> <4396FAF1.4050808@redhat.com> <4396FD31.6010609@tedata.net> Message-ID: <4396FFD0.1050903@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175187 Taymour A. El Erian wrote: >Richard Megginson wrote: > > > >>Hmm - can you post your /opt/fedora-ds/start-admin script? >> >> > > >Here is the script > >SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT >NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT >ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT > >unset PASSWORD_PIPE > >LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export >LD_LIBRARY_PATH >LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; >export LIBPATH >SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH > >NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME >PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH > >HTTPD=/usr/sbin//httpd.worker > ># see if httpd is linked with the openldap libraries - we need to >override them >OS=`uname -s` >if [ $OS = "Linux" ]; then > hasol=0 > > /usr/bin/ldd $HTTPD 2>&1 | grep libldap- > /dev/null 2>&1 && hasol=1 > > if [ $hasol -eq 1 ] ; then > LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so >${SERVER_ROOT}/bin/admin/lib/libldap50.so" > export LD_PRELOAD > fi >fi > >$HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf "$@" > > > >>Taymour A. El Erian wrote: >> >> >> >>>Richard Megginson wrote: >>> >>> >>> >>> >>> >>>>Where is your Apache binary? Is it /usr/sbin/httpd.worker? If you do >>>>ldd /usr/bin/httpd.worker, do you see a link to libldap? >>>> >>>> >>>> >>>> >>>Here it is >>> >>>ldd /usr/sbin/httpd.worker |grep ldap >>>libldap.so.2 => //usr/lib/libldap.so.2 (0x001fd000) >>> >>> >>> >>> >>> >>> >>>>Taymour A. El Erian wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Hi, >>>>> >>>>> I have just downloaded FDS 1.0 to my FC2 box for testing (thinking >>>>>of moving from OpenLDAP). I started the setup (tried the 3 modes) and >>>>>finished the installation but unfortunately I am unable to login to >>>>>the >>>>>console and I have the following errors in the log >>>>> >>>>>[Mon Dec 05 11:20:02 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :148841712 >>>>>[Mon Dec 05 11:20:02 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:10 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :145712368 >>>>>[Mon Dec 05 11:20:10 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:11 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :156321008 >>>>>[Mon Dec 05 11:20:11 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:12 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :141018352 >>>>>[Mon Dec 05 11:20:12 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:13 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :144086256 >>>>>[Mon Dec 05 11:20:13 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:14 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :163882224 >>>>>[Mon Dec 05 11:20:14 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:16 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :161109232 >>>>>[Mon Dec 05 11:20:16 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:45 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :144094448 >>>>>[Mon Dec 05 11:20:45 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:47 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :152855792 >>>>>[Mon Dec 05 11:20:47 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:20:49 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :163517680 >>>>>[Mon Dec 05 11:20:49 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:21:37 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :145147120 >>>>>[Mon Dec 05 11:21:37 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:21:55 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :152823024 >>>>>[Mon Dec 05 11:21:55 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:21:56 2005] [crit] openLDAPConnection(): >>>>>ldap_set_option >>>>>failed to disable cache for :152845528 >>>>>[Mon Dec 05 11:21:56 2005] [warn] Unable to open initial >>>>>LDAPConnection >>>>>to populate LocalAdmin tasks into cache. >>>>>[Mon Dec 05 11:21:56 2005] [notice] Apache/2.0 configured -- resuming >>>>>normal operations >>>>>[Mon Dec 05 11:22:39 2005] [notice] [client 212.103.165.84] >>>>>admserv_host_ip_check: Unauthorized host ip=xxx.xxx.xxx.xxx connection >>>>>rejected >>>>> >>>>>xxx.xxx.xxx.xxx is my ip address (both the server and console run >>>>>on it) >>>>> >>>>>Any help ? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>------------------------------------------------------------------------ >>>> >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users at redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>> >>------------------------------------------------------------------------ >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Dec 7 15:30:03 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 07 Dec 2005 08:30:03 -0700 Subject: [Fedora-directory-users] MD5 passwords for FDS In-Reply-To: <1133909132.11486.173.camel@vodka.library.oregonstate.edu> References: <1133909132.11486.173.camel@vodka.library.oregonstate.edu> Message-ID: <4396FFFB.8080104@redhat.com> This code is in Fedora DS 1.0 - http://directory.fedora.redhat.com/wiki/Download Ryan Ordway wrote: > Any ideas when the MD5 password handling code will be in the >distributed binaries? I'm considering migrating from OpenLDAP to >FDS, but I've got some users with MD5 passwords that I would need >to be able to handle. > > Thanks, > > Ryan > > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From D.R.Barker at exeter.ac.uk Wed Dec 7 15:34:08 2005 From: D.R.Barker at exeter.ac.uk (David Barker) Date: Wed, 07 Dec 2005 15:34:08 +0000 Subject: [Fedora-directory-users] Schema fun :-) In-Reply-To: <4395F7AC.3090803@sci.fi> References: <4395CDD2.7030703@exeter.ac.uk> <4395F7AC.3090803@sci.fi> Message-ID: <439700F0.7010100@exeter.ac.uk> >> As an aside, are user updates going to be allowed to the wiki soon? :-) > > > I can't answer that, but if you have a proposal for some new content, > I could possibly add it there for you, e.g. I have write access but I > can't create accounts for others. > Nothing in particular, but we have quite a few ldap "things" on campus, some of which might be helpful to document in the wiki for other groups to look at (e.g. pgina, exim, SSO with pubcookie, and a million different "useful" perl scripts) From taymour.elerian at tedata.net Wed Dec 7 15:47:48 2005 From: taymour.elerian at tedata.net (Taymour A. El Erian) Date: Wed, 07 Dec 2005 17:47:48 +0200 Subject: [Fedora-directory-users] FDS 1.0 console problem In-Reply-To: <4396FF38.2040805@redhat.com> References: <43940A2E.5040305@tedata.net> <439472F8.40901@redhat.com> <4396B2A6.5040609@tedata.net> <4396FAF1.4050808@redhat.com> <4396FD31.6010609@tedata.net> <4396FF38.2040805@redhat.com> Message-ID: <43970424.5070707@tedata.net> Richard Megginson wrote: > Ok, that's the problem. You need to edit your start-admin script. > See below inline: Thx, now it works > > Taymour A. El Erian wrote: > >> Richard Megginson wrote: >> >> >> >>> Hmm - can you post your /opt/fedora-ds/start-admin script? >>> >> >> >> >> Here is the script >> >> SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT >> NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT >> ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT >> >> unset PASSWORD_PIPE >> >> LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export >> >> LD_LIBRARY_PATH >> LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; >> >> export LIBPATH >> SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH >> >> NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME >> PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH >> >> HTTPD=/usr/sbin//httpd.worker >> >> # see if httpd is linked with the openldap libraries - we need to >> override them >> OS=`uname -s` >> if [ $OS = "Linux" ]; then >> hasol=0 >> >> /usr/bin/ldd $HTTPD 2>&1 | grep libldap- > /dev/null 2>&1 && hasol=1 >> >> > Change "libldap-" to "libldap" in the above line. > >> if [ $hasol -eq 1 ] ; then >> LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so >> ${SERVER_ROOT}/bin/admin/lib/libldap50.so" >> export LD_PRELOAD >> fi >> fi >> >> $HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf "$@" >> >> > The problem is that the Apache binary is linked with the openldap > libraries. Our admin server module is linked with the moz ldap sdk > which is included with FDS. Unfortunately, without the LD_PRELOAD, > the admin server module resolves those ldap symbols from the ol libs > linked into Apache. > > Q: So, why not just use the openldap libs? > A: Because we require the use of NSS for crypto. openldap does not > support NSS. > >> >> >>> Taymour A. El Erian wrote: >>> >>> >>> >>>> Richard Megginson wrote: >>>> >>>> >>>> >>>> >>>> >>>>> Where is your Apache binary? Is it /usr/sbin/httpd.worker? If >>>>> you do >>>>> ldd /usr/bin/httpd.worker, do you see a link to libldap? >>>>> >>>>> >>>>> >>>> >>>> Here it is >>>> >>>> ldd /usr/sbin/httpd.worker |grep ldap >>>> libldap.so.2 => //usr/lib/libldap.so.2 (0x001fd000) >>>> >>>> >>>> >>>> >>>> >>>> >>>>> Taymour A. El Erian wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> Hi, >>>>>> >>>>>> I have just downloaded FDS 1.0 to my FC2 box for testing (thinking >>>>>> of moving from OpenLDAP). I started the setup (tried the 3 modes) >>>>>> and >>>>>> finished the installation but unfortunately I am unable to login to >>>>>> the >>>>>> console and I have the following errors in the log >>>>>> >>>>>> [Mon Dec 05 11:20:02 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :148841712 >>>>>> [Mon Dec 05 11:20:02 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:20:10 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :145712368 >>>>>> [Mon Dec 05 11:20:10 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:20:11 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :156321008 >>>>>> [Mon Dec 05 11:20:11 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:20:12 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :141018352 >>>>>> [Mon Dec 05 11:20:12 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:20:13 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :144086256 >>>>>> [Mon Dec 05 11:20:13 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:20:14 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :163882224 >>>>>> [Mon Dec 05 11:20:14 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:20:16 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :161109232 >>>>>> [Mon Dec 05 11:20:16 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:20:45 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :144094448 >>>>>> [Mon Dec 05 11:20:45 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:20:47 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :152855792 >>>>>> [Mon Dec 05 11:20:47 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:20:49 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :163517680 >>>>>> [Mon Dec 05 11:20:49 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:21:37 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :145147120 >>>>>> [Mon Dec 05 11:21:37 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:21:55 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :152823024 >>>>>> [Mon Dec 05 11:21:55 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:21:56 2005] [crit] openLDAPConnection(): >>>>>> ldap_set_option >>>>>> failed to disable cache for :152845528 >>>>>> [Mon Dec 05 11:21:56 2005] [warn] Unable to open initial >>>>>> LDAPConnection >>>>>> to populate LocalAdmin tasks into cache. >>>>>> [Mon Dec 05 11:21:56 2005] [notice] Apache/2.0 configured -- >>>>>> resuming >>>>>> normal operations >>>>>> [Mon Dec 05 11:22:39 2005] [notice] [client 212.103.165.84] >>>>>> admserv_host_ip_check: Unauthorized host ip=xxx.xxx.xxx.xxx >>>>>> connection >>>>>> rejected >>>>>> >>>>>> xxx.xxx.xxx.xxx is my ip address (both the server and console run >>>>>> on it) >>>>>> >>>>>> Any help ? >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> >> >> >> >> >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Taymour A El Erian System Division Manager RHCE, LPIC, CCNA, MCSE, CNA TE Data E-mail: taymour.elerian at tedata.net Web: www.tedata.net Tel: +(202)-4166600 Fax: +(202)-4166700 Ext: 1101 From aly.dharshi at telus.net Wed Dec 7 15:51:51 2005 From: aly.dharshi at telus.net (Aly S.P Dharshi) Date: Wed, 7 Dec 2005 08:51:51 -0700 (MST) Subject: [Fedora-directory-users] Integration with Apple's OpenDirectory In-Reply-To: <20051207133627.GE6549@elec.gla.ac.uk> References: <20051207133627.GE6549@elec.gla.ac.uk> Message-ID: A while ago I tried hooking up a MacOS X client to an Sun DS (which isn't to different from a FDS system) and it worked just fine, there was a fellow in Ireland who had this as an FAQ, I would have to look for the link but it seems that it would cut out the need for OpenDirectory altogether. Cheers, Aly. On Wed, 7 Dec 2005, Billy Allan wrote: >Hi, > >I'm looking to use FD as our main LDAP server - with Active Directory >for windows clients and OpenDirectory for Apple clients. I was >wondering if anyone had tried integration with Apple's software as I >couldn't see anything in the docs or on the list? > >If anyone has - any tips/pointers/pitfalls? > > >Billy. > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Aly S.P Dharshi aly.dharshi at telus.net "A good speech is like a good dress that's short enough to be interesting and long enough to cover the subject" From billy at elec.gla.ac.uk Wed Dec 7 15:58:58 2005 From: billy at elec.gla.ac.uk (Billy Allan) Date: Wed, 7 Dec 2005 15:58:58 +0000 Subject: [Fedora-directory-users] Integration with Apple's OpenDirectory In-Reply-To: References: <20051207133627.GE6549@elec.gla.ac.uk> Message-ID: <20051207155858.GJ6549@elec.gla.ac.uk> On Wed, Dec 07, 2005 at 08:51:51AM -0700, Aly S.P Dharshi wrote: > A while ago I tried hooking up a MacOS X client to an Sun DS (which isn't > to different from a FDS system) and it worked just fine, there was a > fellow in Ireland who had this as an FAQ, I would have to look for the > link but it seems that it would cut out the need for OpenDirectory > altogether. Ok - thanks. I'd like to have them talk to OD in order to get some of the extra's like limiting app/control-panel items, mobility etc without having to figure out how apple is storing it :-) If it comes down to it though I'd rather just point them at FD :-) Billy. From rmeggins at redhat.com Wed Dec 7 16:07:20 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 07 Dec 2005 09:07:20 -0700 Subject: [Fedora-directory-users] SECURITY] Fedora Directory Server 1.0 Update: Admin Server Message-ID: <439708B8.9010305@redhat.com> --------------------------------------------------------------------- Fedora Directory Server Update Notification 2005-12-07 --------------------------------------------------------------------- Product : Fedora Directory Server Name : Admin Server Version : 1.0 Release : 1 Summary : The Admin Server httpd administrative engine. Description : The Admin Server component of Fedora Directory Server is an httpd server which uses Apache 2 to serve up web pages and execute CGIs used to administer the Fedora Directory Server. This package is included with Fedora Directory Server. --------------------------------------------------------------------- Update Information: Fixed bug #174837 (CVE-2005-3630) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837 Frank Reppin discovered a flaw in the default Apache configuration for Fedora DS. By default clients are allowed to read everything under the document root, which can reveal sensitive information to a remote user. This update modifies this behavior, only allowing read access to specific files and directories under the document root. --------------------------------------------------------------------- This update is a patch file available for download from: http://directory.fedora.redhat.com/download/adminserver10to101.patch 2d7553a300551ef2a19b1b89a017e5ff adminserver20051205.patch To install the patch: cd /opt/fedora-ds patch -p0 < adminserver10to101.patch ./restart-admin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From aly.dharshi at telus.net Wed Dec 7 16:22:13 2005 From: aly.dharshi at telus.net (Aly S.P Dharshi) Date: Wed, 7 Dec 2005 09:22:13 -0700 (MST) Subject: [Fedora-directory-users] Integration with Apple's OpenDirectory In-Reply-To: <20051207155858.GJ6549@elec.gla.ac.uk> References: <20051207133627.GE6549@elec.gla.ac.uk> <20051207155858.GJ6549@elec.gla.ac.uk> Message-ID: Truthfully you can integrate Window to FDS using PGina there is a link on the DS Wiki somewhere. Here it the e-mail, it was geared towards OpenLDAP but I had it working on Sun DS server, which is very similar if not the same as FDS 1.0 ---- Start of Paste ---- Hi all, Here is my OSX authentictaion to OpenLDAP HOWTO. http://www.tcd.ie/People/Paul.Reilly/MacLDAP/ It assumes no knowledge of OpenLDAP but it does assume knowledge of Linux, installing packages etc. I assume you have this as you are on the OpenLDAP list... :) NOTE 1: Please note that I'm NO EXPERT on LDAP at all. If you asked me this time last year how it worked, I wouldn't have known! The info contained in the HOWTO is what I have discovered since last September when we decided to deploy MacOSX in on 120 iMacs in college. Apple has very little documentation on this (bad Apple!) and this info is pieced together from various websites and trial and error experimentation. NOTE 2: Whats contained here is just a _basic_ authentication setup. It doesn't cover the following topics, but these are possible and we have them working here (docs in development) * LDAP over SSL/TLS working OK (this should be the default in production environment) * Auto-mounting of $HOME directories from a Windows/Linux smb:// or Mac afp:// file share for each user (see HOWTOS at http://www.jamfsoftware.com) * OpenLDAP passthrough Authentication to a window PDC (keep attributes in OpenLDAP, but use PDC for auth) * Account Lockout/Expiry (for this see Apple's Open Directory mappings) As you'll see my HOWTO is a work-in-progress. If you find it useful to you, please consider sending me a postcard from your part of the world. Paul +--------------------------------------------------------------------------+ | Paul Reilly email: paul.reilly at tcd.ie | | Unix Systems Administrator phone: +(353)-01-608-3641 | | IS Services, Trinity College Dublin fax: +(353)-01-671-1181 | | Dublin 2, Ireland web: http://tcd.ie/People/Paul.Reilly/ | +--------------------------------------------------------------------------+ | If you think of MS-DOS as mono, and Windows as stereo, then Linux is | | Dolby Pro-Logic Surround Sound with Bass Boost and all the music is free | +--------------------------------------------------------------------------+ ---- End of Paste ---- -- Aly S.P Dharshi aly.dharshi at telus.net "A good speech is like a good dress that's short enough to be interesting and long enough to cover the subject" From billy at elec.gla.ac.uk Wed Dec 7 16:34:15 2005 From: billy at elec.gla.ac.uk (Billy Allan) Date: Wed, 7 Dec 2005 16:34:15 +0000 Subject: [Fedora-directory-users] Integration with Apple's OpenDirectory In-Reply-To: References: <20051207133627.GE6549@elec.gla.ac.uk> <20051207155858.GJ6549@elec.gla.ac.uk> Message-ID: <20051207163415.GK6549@elec.gla.ac.uk> On Wed, Dec 07, 2005 at 09:22:13AM -0700, Aly S.P Dharshi wrote: > Truthfully you can integrate Window to FDS using PGina there is a link on > the DS Wiki somewhere. Yeah - we already have quite an investment in AD for other purposes and only one Windows guy, so I'd rather not impinge on him too much :-) > Here it the e-mail, it was geared towards OpenLDAP but I had it working on > Sun DS server, which is very similar if not the same as FDS 1.0 Sadly, the link is broken :-/ I'll try dropping him a mail and see if he is still around :-) Thanks for the info. Billy. From ckannan at redhat.com Wed Dec 7 16:44:46 2005 From: ckannan at redhat.com (Chandrasekar Kannan) Date: Wed, 07 Dec 2005 08:44:46 -0800 Subject: [Fedora-directory-users] Integration with Apple's OpenDirectory In-Reply-To: <20051207163415.GK6549@elec.gla.ac.uk> References: <20051207133627.GE6549@elec.gla.ac.uk> <20051207155858.GJ6549@elec.gla.ac.uk> <20051207163415.GK6549@elec.gla.ac.uk> Message-ID: <4397117E.1060806@redhat.com> Billy Allan wrote: > On Wed, Dec 07, 2005 at 09:22:13AM -0700, Aly S.P Dharshi wrote: > >> Truthfully you can integrate Window to FDS using PGina there is a link on >> the DS Wiki somewhere. >> > > Yeah - we already have quite an investment in AD for other purposes and > only one Windows guy, so I'd rather not impinge on him too much :-) > > > >> Here it the e-mail, it was geared towards OpenLDAP but I had it working on >> Sun DS server, which is very similar if not the same as FDS 1.0 >> > > Sadly, the link is broken :-/ You should try the archives .... http://web.archive.org/web/20030908035104/http://www.tcd.ie/People/Paul.Reilly/MacLDAP/ --Chandra > I'll try dropping him a mail and see if > he is still around :-) > > Thanks for the info. > > > > Billy. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Wed Dec 7 16:47:47 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 07 Dec 2005 09:47:47 -0700 Subject: [Fedora-directory-users] Correction: [SECURITY] Fedora Directory Server 1.0 Update: Admin Server Message-ID: <43971233.1030209@redhat.com> Correction to the below notice. The link is broken. It should be http://directory.fedora.redhat.com/sources/adminserver10to101.patch And the md5sum is not correct. It should be 1a18195b3bf057139e04852f6f3c0be9 adminserver10to101.patch I apologize for any inconvenience or confusion. --------------------------------------------------------------------- Fedora Directory Server Update Notification 2005-12-07 --------------------------------------------------------------------- Product : Fedora Directory Server Name : Admin Server Version : 1.0 Release : 1 Summary : The Admin Server httpd administrative engine. Description : The Admin Server component of Fedora Directory Server is an httpd server which uses Apache 2 to serve up web pages and execute CGIs used to administer the Fedora Directory Server. This package is included with Fedora Directory Server. --------------------------------------------------------------------- Update Information: Fixed bug #174837 (CVE-2005-3630) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837 Frank Reppin discovered a flaw in the default Apache configuration for Fedora DS. By default clients are allowed to read everything under the document root, which can reveal sensitive information to a remote user. This update modifies this behavior, only allowing read access to specific files and directories under the document root. --------------------------------------------------------------------- This update is a patch file available for download from: http://directory.fedora.redhat.com/download/adminserver10to101.patch 2d7553a300551ef2a19b1b89a017e5ff adminserver20051205.patch To install the patch: cd /opt/fedora-ds patch -p0 < adminserver10to101.patch ./restart-admin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From aly.dharshi at telus.net Wed Dec 7 17:10:52 2005 From: aly.dharshi at telus.net (Aly S.P Dharshi) Date: Wed, 7 Dec 2005 10:10:52 -0700 (MST) Subject: [Fedora-directory-users] Integration with Apple's OpenDirectory In-Reply-To: <4397117E.1060806@redhat.com> References: <20051207133627.GE6549@elec.gla.ac.uk> <20051207155858.GJ6549@elec.gla.ac.uk> <20051207163415.GK6549@elec.gla.ac.uk> <4397117E.1060806@redhat.com> Message-ID: Doesn't seem to work ! > > You should try the archives .... > > http://web.archive.org/web/20030908035104/http://www.tcd.ie/People/Paul.Reilly/MacLDAP/ > > --Chandra -- Aly S.P Dharshi aly.dharshi at telus.net "A good speech is like a good dress that's short enough to be interesting and long enough to cover the subject" From D.R.Barker at exeter.ac.uk Wed Dec 7 17:11:34 2005 From: D.R.Barker at exeter.ac.uk (David Barker) Date: Wed, 07 Dec 2005 17:11:34 +0000 Subject: [Fedora-directory-users] Integration with Apple's OpenDirectory In-Reply-To: <20051207155858.GJ6549@elec.gla.ac.uk> References: <20051207133627.GE6549@elec.gla.ac.uk> <20051207155858.GJ6549@elec.gla.ac.uk> Message-ID: <439717C6.4020509@exeter.ac.uk> Billy Allan wrote: >On Wed, Dec 07, 2005 at 08:51:51AM -0700, Aly S.P Dharshi wrote: > > >>A while ago I tried hooking up a MacOS X client to an Sun DS (which isn't >>to different from a FDS system) and it worked just fine, there was a >>fellow in Ireland who had this as an FAQ, I would have to look for the >>link but it seems that it would cut out the need for OpenDirectory >>altogether. >> >> > > >Ok - thanks. I'd like to have them talk to OD in order to get some of >the extra's like limiting app/control-panel items, mobility etc without >having to figure out how apple is storing it :-) > > OD is basically openldap, so you might be able to manually setup users (syncronise with a perl script from FD) and just have passwords refer to the master through something like sasl (e.g. http://www.openldap.org/faq/data/cache/944.html) >If it comes down to it though I'd rather just point them at FD :-) > > Unless you feel strongly about using OD, I'd go with FD too ;-) > > >Billy. > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From kgtemp at ensenda.com Wed Dec 7 17:47:12 2005 From: kgtemp at ensenda.com (Kevin M. Goess) Date: Wed, 7 Dec 2005 09:47:12 -0800 Subject: [Fedora-directory-users] Re: a little bit of samba confusion In-Reply-To: <20051207105521.379BA739C3@hormel.redhat.com> References: <20051207105521.379BA739C3@hormel.redhat.com> Message-ID: <200512070947.13195.kgtemp@ensenda.com> > The samba.schema file was converted with a tool that doesn't avoid > the "overly picky schema parsing" bug (#170791). You can try the > new schema conversion script on the website to see if it handles > this, or for samba.schema the workaround > > ./ol-schema-migrate.pl samba.schema | grep -v DESC > 61samba.ldif Jeez, I spent half a day tracking down that bug on Monday. Here are some improvements to your migration script so that it handles objectIdentifier macro expansion http://www.openldap.org/doc/admin22/schema.html#OID%20Macros and aliases in names. If the email mangles the patch, it's also at http://kevin.goess.org/software/ol-schema-migrate.diff --- ol-schema-migrate.pl.old 2005-12-07 08:53:49.375263056 -0800 +++ ol-schema-migrate.pl 2005-12-07 09:40:12.609147192 -0800 @@ -18,12 +18,29 @@ my $oc = 0; my $at_string; my $oc_string; +my (%objectidentifier, $objectidentifier_re); #macro replacement for (@lines) { next if (/^\s*\#/); # skip comments + if (/^\s*objectidentifier\s+(\S+)\s+(\S+)/) + { + my $macroname = $1; + my $subsval = $2; + + #do the expansion for this one + $subsval =~ s/($objectidentifier_re):/$objectidentifier{$1}./; + + $objectidentifier{$macroname} = $subsval; + + $objectidentifier_re = join('|',keys(%objectidentifier)); + + next; + } + + # going through the loop again if ($at) { @@ -86,8 +103,8 @@ s/\t/ /g; # remove embedded tabs s/\$ +/\$ /g; # remove multiple spaces after the $ sign - my $oid = $1 if ( /(\d.+? )/ ); - my $name = $1 if ( /(NAME +'.+?')/ ); + my $oid = $1 if ( /attributeTypes: \( ([\w:]+) / ); + my $name = $1 if ( /(NAME +\(?'.+?'\)?)/ ); my $desc = $1 if ( /(DESC +'.+?')/ ); my $obsolete = $1 if ( /(OBSOLETE)/ ); my $sup = $1 if ( /(SUP .+?) / ); @@ -97,6 +114,11 @@ my $syntax = $1 if ( /(SYNTAX .+?) / ); my $single = $1 if ( /(SINGLE-VALUE)/ ); + #macro expansion + $oid =~ s/\b($objectidentifier_re)(:)?/$objectidentifier{$1}.($2?'.':'')/e; + $syntax =~ s/\b($objectidentifier_re)(:)?/$objectidentifier{$1}. ($2?'.':'')/e; + + print "attributeTypes: (\n"; print " $oid\n"; print " $name\n"; @@ -123,7 +145,7 @@ # # OID; NAME; DESC; SUP; (STRUCTURAL|AUXILIARY|ABSTRACT); MUST; MAY # - my $oid = $1 if ( /(\d.+?) / ); + my $oid = $1 if ( /objectClasses: \( ([\w:]+) / ); my $name = $1 if ( /(NAME +'.+?')/ ); my $desc = $1 if ( /(DESC +'.+?')/ ); my $sup = $1 if ( /(SUP .+?) / ); @@ -131,6 +153,9 @@ my $must = $1 if ( /(MUST +\(.+?\))/ ); my $may = $1 if ( /(MAY +\(.+?\))/ ); + #macro expansion + $oid =~ s/\b($objectidentifier_re)(:)?/$objectidentifier{$1}.($2?'.':'')/e; + print "objectClasses: (\n"; print " $oid\n"; print " $name\n"; -- Kevin M. Goess (415) 277-2079 Ensenda, Inc. From HaneJ at gsicommerce.com Wed Dec 7 19:51:02 2005 From: HaneJ at gsicommerce.com (Jason Hane) Date: Wed, 7 Dec 2005 14:51:02 -0500 Subject: [Fedora-directory-users] Host Access Based on Group Membership Message-ID: I've been searching everywhere for the past week and haven't found a solution. I would like to be able to assign access to servers based upon membership to a group or role. For example, if I create a group/role called "Web Servers", everyone in that group can access all the web servers. Everyone in the group/role "Database Servers" would be allowed to log into the database servers. Users can be part of multiple groups. There has to be a way to do this already. All the clients are running OpenLDAP and can already authenticate to the Directory Server. To implement this solution, would I have to change ldap.conf or system-auth? Thanks, Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From sstrong at crwash.org Wed Dec 7 20:18:29 2005 From: sstrong at crwash.org (Steve Strong) Date: Wed, 07 Dec 2005 14:18:29 -0600 Subject: [Fedora-directory-users] have you already talked about this? Message-ID: <43974395.1020607@crwash.org> if so, I appologize (I'm a newbie) I've installed Fedora Directory on an RHEL 4 box. The install went well (no errors reported) and I can see the server using Directory Express, but starting the console appears to hang the software. I found a posting on one of the RedHat sites that said that the behavior I see is a bug that results in the dialog asking for a login is displayed behind the splash screen. The posting also said that the bug was reported by people using 1/5 or greater versions of the java_vm. Soooo, I went back to 1.4 and when I invoke the console I pass in another option (-xnologo) that is supposed to supress the splash screen. But, the behavior is the same. Any help would be greatly appreciated and thanks! steve -- Steve Strong Math and Computer Science Washington High School 2205 Forest Dr. SE Cedar Rapids, IA 52403 http://crwash.org mailto:sstrong at crwash.org From rmeggins at redhat.com Wed Dec 7 20:25:17 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 07 Dec 2005 13:25:17 -0700 Subject: [Fedora-directory-users] have you already talked about this? In-Reply-To: <43974395.1020607@crwash.org> References: <43974395.1020607@crwash.org> Message-ID: <4397452D.5020908@redhat.com> Steve Strong wrote: > if so, I appologize (I'm a newbie) > > I've installed Fedora Directory on an RHEL 4 box. The install went > well (no errors reported) and I can see the server using Directory > Express, but starting the console appears to hang the software. I > found a posting on one of the RedHat sites that said that the behavior > I see is a bug that results in the dialog asking for a login is > displayed behind the splash screen. The posting also said that the > bug was reported by people using 1/5 or greater versions of the java_vm. > > Soooo, I went back to 1.4 and when I invoke the console I pass in > another option (-xnologo) that is supposed to supress the splash > screen. But, the behavior is the same. Try -x nologo - note the space between the -x and nologo > > Any help would be greatly appreciated and thanks! > steve > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From hartmut.woehrle at mail.pcom.de Wed Dec 7 21:32:06 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?utf-8?q?W=C3=B6hrle?=) Date: Wed, 7 Dec 2005 22:32:06 +0100 Subject: [Fedora-directory-users] Windows NT4 Password Sync Problem In-Reply-To: <4396EF10.5050500@redhat.com> References: <6159.193.135.75.131.1133952905.squirrel@webmail.pcom.de> <4396EF10.5050500@redhat.com> Message-ID: <200512072232.06624.hartmut.woehrle@mail.pcom.de> Am Mittwoch, 7. Dezember 2005 15:17 schrieb Nathan Kinder: > hartmut.woehrle at mail.pcom.de wrote: > >Hallo everyone, > > > >so now the Winsync from NT4 PDC -> FDS works fine (thanks to all) > > > >And now the next step gives me a problem. > >I do the Password sync without SSL connection (only one problem at a > > time). > > The PassSync service requires SSL. If you take a look at the > passsync.log file, it should have an error about your SSL config. > > -NGK Is there a difffernec between AD and NT PDC, because in the discussion of Winsync password from Dean Jones you write: ---- citation from Thu, 17 Nov 2005 ------ Nope. Accounts can sync fine without SSL. SSL is only required for passwords to sync from AD -> FDS. You should take a look at the "errors" log on the FDS side. You may want to enable replication level logging through the Console application to get some useful info. -NGK ---- end citation from Thu, 17 Nov 2005 ------ And the followup from David Boreham says: ---- citation from Thu, 17 Nov 2005 ------ Other way around. Password sync AD -> FDS works without SSL. Password sync FDS -> AD requires SSL. AD will refuse to modify a password unless you connect via SSL. ---- end citation from Thu, 17 Nov 2005 ------ Cu Hartmut -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de From nkinder at redhat.com Wed Dec 7 21:39:47 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 07 Dec 2005 13:39:47 -0800 Subject: [Fedora-directory-users] Windows NT4 Password Sync Problem In-Reply-To: <200512072232.06624.hartmut.woehrle@mail.pcom.de> References: <6159.193.135.75.131.1133952905.squirrel@webmail.pcom.de> <4396EF10.5050500@redhat.com> <200512072232.06624.hartmut.woehrle@mail.pcom.de> Message-ID: <439756A3.5090903@redhat.com> Hartmut W?hrle wrote: >Am Mittwoch, 7. Dezember 2005 15:17 schrieb Nathan Kinder: > > >>hartmut.woehrle at mail.pcom.de wrote: >> >> >>>Hallo everyone, >>> >>>so now the Winsync from NT4 PDC -> FDS works fine (thanks to all) >>> >>>And now the next step gives me a problem. >>>I do the Password sync without SSL connection (only one problem at a >>>time). >>> >>> >>The PassSync service requires SSL. If you take a look at the >>passsync.log file, it should have an error about your SSL config. >> >>-NGK >> >> > >Is there a difffernec between AD and NT PDC, because in the discussion of >Winsync password from Dean Jones you write: > >---- citation from Thu, 17 Nov 2005 ------ >Nope. Accounts can sync fine without SSL. SSL is only required for passwords >to sync from AD -> FDS. You should take a look at the "errors" log on the FDS >side. You may want to enable replication level logging through the Console >application to get some useful info. > >-NGK >---- end citation from Thu, 17 Nov 2005 ------ > >And the followup from David Boreham says: > >---- citation from Thu, 17 Nov 2005 ------ >Other way around. Password sync AD -> FDS works without SSL. >Password sync FDS -> AD requires SSL. AD will refuse to modify >a password unless you connect via SSL. >---- end citation from Thu, 17 Nov 2005 ------ > > > The PassSync service operates exactly the same on AD, or a NT4 PDC. In my experience, it will not send a password across in the clear. Set the "Log Level" registry key to 1 for Password Sync, then restart the service. You will see that it complains about SSL needing to be setup from the passsync.log. You can also take a look at the access log on the FDS side, and you won't see any connections from PassSync unless SSL is setup. David noted that passwords will not sync the other way without SSL either. I haven't verified this myself, but I'll take his word on it. -NGK >Cu >Hartmut > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From uno at webworks.se Wed Dec 7 23:19:13 2005 From: uno at webworks.se (Uno Engborg) Date: Thu, 08 Dec 2005 00:19:13 +0100 Subject: [Fedora-directory-users] have you already talked about this? In-Reply-To: <43974395.1020607@crwash.org> References: <43974395.1020607@crwash.org> Message-ID: <43976DF1.7010101@webworks.se> Steve Strong wrote: > if so, I appologize (I'm a newbie) > > I've installed Fedora Directory on an RHEL 4 box. The install went > well (no errors reported) and I can see the server using Directory > Express, but starting the console appears to hang the software. I > found a posting on one of the RedHat sites that said that the behavior > I see is a bug that results in the dialog asking for a login is > displayed behind the splash screen. The posting also said that the > bug was reported by people using 1/5 or greater versions of the java_vm. > > Soooo, I went back to 1.4 and when I invoke the console I pass in > another option (-xnologo) that is supposed to supress the splash > screen. But, the behavior is the same. > > Any help would be greatly appreciated and thanks! > steve > The option is -x nologo Regards Uno Engborg From Gary_Tay at platts.com Thu Dec 8 10:36:55 2005 From: Gary_Tay at platts.com (Tay, Gary) Date: Thu, 8 Dec 2005 18:36:55 +0800 Subject: [Fedora-directory-users] Host Access Based on Group Membership Message-ID: FDS is very similar to SUN ONE DS5.2, I think netgroup ( + at netgroup XXX in /etc/passwd and /etc/shadow and "compat" keyword in /etc/nsswitch.conf) LDAP maps could be setup to achieve what you want, it has been used by many DS5.2 administrators See: http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20Open LDAP%20for%20RedHat%20Enterprise%20Linux3.htm Step 5Y: Configure "netgroup" to work with RedHat or Solaris Native LDAP Clients (i.e. controlling user access to host using netgroup LDAP maps) Also see: http://swforum.sun.com/jive/thread.jspa?threadID=52764&messageID=223846# 223846 Configuring LDAP netgroups Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Jason Hane Sent: Thursday, December 08, 2005 3:51 AM To: fedora-directory-users at redhat.com Subject: [Fedora-directory-users] Host Access Based on Group Membership I've been searching everywhere for the past week and haven't found a solution. I would like to be able to assign access to servers based upon membership to a group or role. For example, if I create a group/role called "Web Servers", everyone in that group can access all the web servers. Everyone in the group/role "Database Servers" would be allowed to log into the database servers. Users can be part of multiple groups. There has to be a way to do this already. All the clients are running OpenLDAP and can already authenticate to the Directory Server. To implement this solution, would I have to change ldap.conf or system-auth? Thanks, Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From dean.plant at roke.co.uk Thu Dec 8 10:56:10 2005 From: dean.plant at roke.co.uk (Plant, Dean) Date: Thu, 8 Dec 2005 10:56:10 -0000 Subject: [Fedora-directory-users] Small error in wiki Howto:Samba Message-ID: <2181C5F19DD0254692452BFF3EAF1D680152792E@rsys005a.comm.ad.roke.co.uk> The wiki Samba How to has a missing x in the Domain Guests/Computers line. Domain Admins:x:2512: Domain Users:x:2513: Domain Guests:2514: Domain Computers:2515: Should be Domain Admins:x:2512: Domain Users:x:2513: Domain Guests:x:2514: Domain Computers:x:2515: Dean From ds at marco.de Thu Dec 8 13:24:56 2005 From: ds at marco.de (Daniel Spannbauer) Date: Thu, 08 Dec 2005 14:24:56 +0100 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 Message-ID: <43983428.6080908@marco.de> Hallo, i Try to install the Directory-Server on SuSE 10.0. While the dsbuild I get an Error. Here the Complete Log of the dsbuild: -------------------------------------------------------------- ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] [===== NOW BUILDING: ds-1 =====] [fetch] complete for ds. [checksum] complete for ds. [extract] complete for ds. [patch] complete for ds. ==> Building ds/mozilla as a dependency ==> Building ds/icu as a dependency ==> Building ds/adminutil as a dependency ==> Building ds/setuputil as a dependency make[1]: Entering directory /root/dsbuild/ds/setuputil' [===== NOW BUILDING: fedora-setuputil-1.0 =====] [fetch] complete for fedora-setuputil. [checksum] complete for fedora-setuputil. [extract] complete for fedora-setuputil. [patch] complete for fedora-setuputil. [configure] complete for fedora-setuputil. ==> Running make in work/fedora-setuputil-1.0 cat: /etc/redhat-release: No such file or directory make[2]: Entering directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' if test ! -d Linux2.6; then mkdir Linux2.6; fi; perl buildnum.pl -p Linux2.6 perl pumpkin.pl 90 pumpkin.dat The components are up to date ==== Starting Server Installer Build ========== gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic MOZILLA_SOURCE_ROOT_EXT= BUILD_MODULE=SetupSDK -w installerSDK cat: /etc/redhat-release: No such file or directory gmake[3]: Entering directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl cat: /etc/redhat-release: No such file or directory cat: /etc/redhat-release: No such file or directory gmake[4]: Entering directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h code.h utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 NS_PRODUCT= VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w cat: /etc/redhat-release: No such file or directory cat: /etc/redhat-release: No such file or directory gmake[5]: Entering directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE -D_XOPEN_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX -DLinux -O2 -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap -I../../include ux-curse.c -o /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o In file included from ux-curse.c:33: ux-curse.h:52:38: error: curses.h: No such file or directory ux-curse.c: In function ?<80><98>exit_message?<80><99>: ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared (first use in this function) ux-curse.c:78: error: (Each undeclared identifier is reported only once ux-curse.c:78: error: for each function it appears in.) ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared (first use in this function) ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared (first use in this function) ux-curse.c: In function ?<80><98>new_page?<80><99>: ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared (first use in this function) ux-curse.c: In function ?<80><98>w_initscr?<80><99>: ux-curse.c:354: warning: comparison between pointer and integer ux-curse.c:356: warning: comparison between pointer and integer ux-curse.c:358: warning: comparison between pointer and integer gmake[5]: *** [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] Error 1gmake[5]: Leaving directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' gmake[3]: *** [installerSDK] Error 2 gmake[3]: Leaving directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' make[2]: *** [buildInstaller] Error 2 make[2]: Leaving directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 make[1]: Leaving directory /root/dsbuild/ds/setuputil' make: *** [dep-../../ds/setuputil] Error 2 ------------------------------------------------------------------ Does anybody know why? Thanks for helping Daniel From ds at marco.de Thu Dec 8 13:28:59 2005 From: ds at marco.de (Daniel Spannbauer) Date: Thu, 08 Dec 2005 14:28:59 +0100 Subject: [Fedora-directory-users] FDS with Open Exchange Message-ID: <4398351B.9000702@marco.de> Hallo, does anybody use Open Exchange with FDS instead of LDAP? When Yes, is there a HowTo? Greetings Daniel From rcritten at redhat.com Thu Dec 8 14:23:17 2005 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 08 Dec 2005 09:23:17 -0500 Subject: [Fedora-directory-users] Small error in wiki Howto:Samba In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D680152792E@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D680152792E@rsys005a.comm.ad.roke.co.uk> Message-ID: <439841D5.8000707@redhat.com> Fixed, thanks. rob Plant, Dean wrote: > The wiki Samba How to has a missing x in the Domain Guests/Computers > line. > > Domain Admins:x:2512: > Domain Users:x:2513: > Domain Guests:2514: > Domain Computers:2515: > > Should be > > Domain Admins:x:2512: > Domain Users:x:2513: > Domain Guests:x:2514: > Domain Computers:x:2515: > > Dean > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Dec 8 14:30:23 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 07:30:23 -0700 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 In-Reply-To: <43983428.6080908@marco.de> References: <43983428.6080908@marco.de> Message-ID: <4398437F.8080208@redhat.com> Looks like you need to install curses-devel or ncurses-devel Daniel Spannbauer wrote: > Hallo, > > i Try to install the Directory-Server on SuSE 10.0. While the dsbuild > I get an Error. > Here the Complete Log of the dsbuild: > -------------------------------------------------------------- > > ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] > [===== NOW BUILDING: ds-1 =====] > [fetch] complete for ds. > [checksum] complete for ds. > [extract] complete for ds. > [patch] complete for ds. > ==> Building ds/mozilla as a dependency > ==> Building ds/icu as a dependency > ==> Building ds/adminutil as a dependency > ==> Building ds/setuputil as a dependency > make[1]: Entering directory /root/dsbuild/ds/setuputil' > [===== NOW BUILDING: fedora-setuputil-1.0 =====] > [fetch] complete for fedora-setuputil. > [checksum] complete for fedora-setuputil. > [extract] complete for fedora-setuputil. > [patch] complete for fedora-setuputil. > [configure] complete for fedora-setuputil. > ==> Running make in work/fedora-setuputil-1.0 > cat: /etc/redhat-release: No such file or directory > make[2]: Entering directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' > if test ! -d Linux2.6; then mkdir Linux2.6; fi; > perl buildnum.pl -p Linux2.6 > perl pumpkin.pl 90 pumpkin.dat > The components are up to date > > ==== Starting Server Installer Build ========== > > gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic > MOZILLA_SOURCE_ROOT_EXT= > BUILD_MODULE=SetupSDK -w installerSDK > cat: /etc/redhat-release: No such file or directory > gmake[3]: Entering directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' > cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic > MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl > cat: /etc/redhat-release: No such file or directory > cat: /etc/redhat-release: No such file or directory > gmake[4]: Entering directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' > cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h > code.h > utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include > > cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic > MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 > NS_PRODUCT= > VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w > cat: /etc/redhat-release: No such file or directory > cat: /etc/redhat-release: No such file or directory > gmake[5]: Entering directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' > > gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE > -D_XOPEN_SOURCE > -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX > -DLinux -O2 > -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" > -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap -I../../include > ux-curse.c -o > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o > > In file included from ux-curse.c:33: > ux-curse.h:52:38: error: curses.h: No such file or directory > ux-curse.c: In function ?<80><98>exit_message?<80><99>: > ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared (first use > in this function) > ux-curse.c:78: error: (Each undeclared identifier is reported only once > ux-curse.c:78: error: for each function it appears in.) > ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: > ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared (first use > in this function) > ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: > ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared (first use > in this function) > ux-curse.c: In function ?<80><98>new_page?<80><99>: > ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared (first use > in this function) > ux-curse.c: In function ?<80><98>w_initscr?<80><99>: > ux-curse.c:354: warning: comparison between pointer and integer > ux-curse.c:356: warning: comparison between pointer and integer > ux-curse.c:358: warning: comparison between pointer and integer > gmake[5]: *** > [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] > > Error 1gmake[5]: Leaving directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' > gmake[4]: *** [all] Error 2 > gmake[4]: Leaving directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' > gmake[3]: *** [installerSDK] Error 2 > gmake[3]: Leaving directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' > make[2]: *** [buildInstaller] Error 2 > make[2]: Leaving directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' > make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 > make[1]: Leaving directory /root/dsbuild/ds/setuputil' > make: *** [dep-../../ds/setuputil] Error 2 > > ------------------------------------------------------------------ > > Does anybody know why? > > Thanks for helping > > Daniel > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From dyioulos at firstbhph.com Thu Dec 8 14:29:48 2005 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu, 8 Dec 2005 09:29:48 -0500 Subject: [Fedora-directory-users] Sync not updating Message-ID: <200512080929.49157.dyioulos@firstbhph.com> Hello to all. Firstly, congratulations and a big thank you to the developers and maintainers of, and contributors to, FDS on version 1.0. Great job all around. In the past, I'd had problems syncing with a Win2k3 ADS and the previous version of FDS. Well, with version 1.0, it appears that the initial sync brought over everything from ADS to FDS (yay!). OK, before I get too celabratory here, it also appears that updating isn't working. From the error log, I see this: NSMMReplicationPlugin - agmt="cn=Rockland Sync1" (rockland: 389): Replica has no update vector. It has never been initialized. Since it appears every five minutes, I'm taking a real leap here and guessing that's my problem. But how do I fix it? Thanks, again. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From david_list at boreham.org Thu Dec 8 15:06:24 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 08 Dec 2005 08:06:24 -0700 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <200512080929.49157.dyioulos@firstbhph.com> References: <200512080929.49157.dyioulos@firstbhph.com> Message-ID: <43984BF0.80209@boreham.org> Dimitri Yioulos wrote: >NSMMReplicationPlugin - agmt="cn=Rockland Sync1" (rockland: 389): Replica has >no update vector. It has never been initialized. > >Since it appears every five minutes, I'm taking a real leap here and guessing >that's my problem. But how do I fix it? > > Hmm...try this: add a new user to your FDS. Then initiate a full sync. See if the message goes away. From ds at marco.de Thu Dec 8 15:06:36 2005 From: ds at marco.de (Daniel Spannbauer) Date: Thu, 08 Dec 2005 16:06:36 +0100 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> Message-ID: <43984BFC.5080007@marco.de> Hallo Richard ncurses und ncurses-devel is installed. greetings Daniel Richard Megginson wrote: > Looks like you need to install curses-devel or ncurses-devel > > Daniel Spannbauer wrote: > >> Hallo, >> >> i Try to install the Directory-Server on SuSE 10.0. While the dsbuild >> I get an Error. >> Here the Complete Log of the dsbuild: >> -------------------------------------------------------------- >> >> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >> [===== NOW BUILDING: ds-1 =====] >> [fetch] complete for ds. >> [checksum] complete for ds. >> [extract] complete for ds. >> [patch] complete for ds. >> ==> Building ds/mozilla as a dependency >> ==> Building ds/icu as a dependency >> ==> Building ds/adminutil as a dependency >> ==> Building ds/setuputil as a dependency >> make[1]: Entering directory /root/dsbuild/ds/setuputil' >> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >> [fetch] complete for fedora-setuputil. >> [checksum] complete for fedora-setuputil. >> [extract] complete for fedora-setuputil. >> [patch] complete for fedora-setuputil. >> [configure] complete for fedora-setuputil. >> ==> Running make in work/fedora-setuputil-1.0 >> cat: /etc/redhat-release: No such file or directory >> make[2]: Entering directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >> perl buildnum.pl -p Linux2.6 >> perl pumpkin.pl 90 pumpkin.dat >> The components are up to date >> >> ==== Starting Server Installer Build ========== >> >> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >> MOZILLA_SOURCE_ROOT_EXT= >> BUILD_MODULE=SetupSDK -w installerSDK >> cat: /etc/redhat-release: No such file or directory >> gmake[3]: Entering directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >> cat: /etc/redhat-release: No such file or directory >> cat: /etc/redhat-release: No such file or directory >> gmake[4]: Entering directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h >> code.h >> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >> >> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >> NS_PRODUCT= >> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >> cat: /etc/redhat-release: No such file or directory >> cat: /etc/redhat-release: No such file or directory >> gmake[5]: Entering directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >> >> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >> -D_XOPEN_SOURCE >> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX >> -DLinux -O2 >> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap -I../../include >> ux-curse.c -o >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >> >> In file included from ux-curse.c:33: >> ux-curse.h:52:38: error: curses.h: No such file or directory >> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared (first use >> in this function) >> ux-curse.c:78: error: (Each undeclared identifier is reported only once >> ux-curse.c:78: error: for each function it appears in.) >> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared (first use >> in this function) >> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared (first use >> in this function) >> ux-curse.c: In function ?<80><98>new_page?<80><99>: >> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared (first use >> in this function) >> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >> ux-curse.c:354: warning: comparison between pointer and integer >> ux-curse.c:356: warning: comparison between pointer and integer >> ux-curse.c:358: warning: comparison between pointer and integer >> gmake[5]: *** >> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >> >> Error 1gmake[5]: Leaving directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >> gmake[4]: *** [all] Error 2 >> gmake[4]: Leaving directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >> gmake[3]: *** [installerSDK] Error 2 >> gmake[3]: Leaving directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >> make[2]: *** [buildInstaller] Error 2 >> make[2]: Leaving directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >> make: *** [dep-../../ds/setuputil] Error 2 >> >> ------------------------------------------------------------------ >> >> Does anybody know why? >> >> Thanks for helping >> >> Daniel >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Daniel Spannbauer EDV Systembetreuung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-66 Auf der Wies 8, D 87727 Babenhausen Fax +49 8333 9233-11 http://www.marco.de/ Email ds at marco.de From rmeggins at redhat.com Thu Dec 8 15:14:53 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 08:14:53 -0700 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 In-Reply-To: <43984BFC.5080007@marco.de> References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> Message-ID: <43984DED.5000304@redhat.com> I'm not sure what needs to be installed. On my Fedora Core 4 system, /usr/include/curses.h is provided by the ncurses-devel package. If you do find /usr/include -name curses.h -print do you get anything? Daniel Spannbauer wrote: > Hallo Richard > > ncurses und ncurses-devel is installed. > > greetings > > Daniel > > > Richard Megginson wrote: > >> Looks like you need to install curses-devel or ncurses-devel >> >> Daniel Spannbauer wrote: >> >>> Hallo, >>> >>> i Try to install the Directory-Server on SuSE 10.0. While the >>> dsbuild I get an Error. >>> Here the Complete Log of the dsbuild: >>> -------------------------------------------------------------- >>> >>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>> [===== NOW BUILDING: ds-1 =====] >>> [fetch] complete for ds. >>> [checksum] complete for ds. >>> [extract] complete for ds. >>> [patch] complete for ds. >>> ==> Building ds/mozilla as a dependency >>> ==> Building ds/icu as a dependency >>> ==> Building ds/adminutil as a dependency >>> ==> Building ds/setuputil as a dependency >>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>> [fetch] complete for fedora-setuputil. >>> [checksum] complete for fedora-setuputil. >>> [extract] complete for fedora-setuputil. >>> [patch] complete for fedora-setuputil. >>> [configure] complete for fedora-setuputil. >>> ==> Running make in work/fedora-setuputil-1.0 >>> cat: /etc/redhat-release: No such file or directory >>> make[2]: Entering directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>> perl buildnum.pl -p Linux2.6 >>> perl pumpkin.pl 90 pumpkin.dat >>> The components are up to date >>> >>> ==== Starting Server Installer Build ========== >>> >>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>> MOZILLA_SOURCE_ROOT_EXT= >>> BUILD_MODULE=SetupSDK -w installerSDK >>> cat: /etc/redhat-release: No such file or directory >>> gmake[3]: Entering directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>> cat: /etc/redhat-release: No such file or directory >>> cat: /etc/redhat-release: No such file or directory >>> gmake[4]: Entering directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h >>> code.h >>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>> >>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>> NS_PRODUCT= >>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>> cat: /etc/redhat-release: No such file or directory >>> cat: /etc/redhat-release: No such file or directory >>> gmake[5]: Entering directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>> >>> >>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>> -D_XOPEN_SOURCE >>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX >>> -DLinux -O2 >>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>> -I../../include >>> ux-curse.c -o >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>> >>> In file included from ux-curse.c:33: >>> ux-curse.h:52:38: error: curses.h: No such file or directory >>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared (first use >>> in this function) >>> ux-curse.c:78: error: (Each undeclared identifier is reported only once >>> ux-curse.c:78: error: for each function it appears in.) >>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared (first >>> use in this function) >>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared (first >>> use in this function) >>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared (first >>> use in this function) >>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>> ux-curse.c:354: warning: comparison between pointer and integer >>> ux-curse.c:356: warning: comparison between pointer and integer >>> ux-curse.c:358: warning: comparison between pointer and integer >>> gmake[5]: *** >>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>> >>> Error 1gmake[5]: Leaving directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>> >>> gmake[4]: *** [all] Error 2 >>> gmake[4]: Leaving directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>> gmake[3]: *** [installerSDK] Error 2 >>> gmake[3]: Leaving directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>> make[2]: *** [buildInstaller] Error 2 >>> make[2]: Leaving directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>> make: *** [dep-../../ds/setuputil] Error 2 >>> >>> ------------------------------------------------------------------ >>> >>> Does anybody know why? >>> >>> Thanks for helping >>> >>> Daniel >>> >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From dyioulos at firstbhph.com Thu Dec 8 15:27:41 2005 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu, 8 Dec 2005 10:27:41 -0500 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <43984BF0.80209@boreham.org> References: <200512080929.49157.dyioulos@firstbhph.com> <43984BF0.80209@boreham.org> Message-ID: <200512081027.41856.dyioulos@firstbhph.com> On Thursday December 08 2005 10:06 am, David Boreham wrote: > Dimitri Yioulos wrote: > >NSMMReplicationPlugin - agmt="cn=Rockland Sync1" (rockland: 389): Replica > > has no update vector. It has never been initialized. > > > >Since it appears every five minutes, I'm taking a real leap here and > > guessing that's my problem. But how do I fix it? > > Hmm...try this: add a new user to your FDS. Then initiate a full sync. > See if the message goes away. > New AD users are added via full sync, but not via update. NSmmReplicationPlugin error continues to show in error log. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ds at marco.de Thu Dec 8 15:42:28 2005 From: ds at marco.de (Daniel Spannbauer) Date: Thu, 08 Dec 2005 16:42:28 +0100 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> Message-ID: <43985464.4040809@marco.de> Hallo Richard, yes, I get an Output. There was something wrong on the system. Reboot solved it. Anyway: A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] [===== NOW BUILDING: ds-1 =====] [fetch] complete for ds. [checksum] complete for ds. [extract] complete for ds. [patch] complete for ds. ==> Building ds/mozilla as a dependency ==> Building ds/icu as a dependency ==> Building ds/adminutil as a dependency ==> Building ds/setuputil as a dependency make[1]: Entering directory /root/dsbuild/ds/setuputil' [===== NOW BUILDING: fedora-setuputil-1.0 =====] [fetch] complete for fedora-setuputil. [checksum] complete for fedora-setuputil. [extract] complete for fedora-setuputil. [patch] complete for fedora-setuputil. [configure] complete for fedora-setuputil. ==> Running make in work/fedora-setuputil-1.0 cat: /etc/redhat-release: No such file or directory make[2]: Entering directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' if test ! -d Linux2.6; then mkdir Linux2.6; fi; perl buildnum.pl -p Linux2.6 perl pumpkin.pl 90 pumpkin.dat The components are up to date ==== Starting Server Installer Build ========== gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic MOZILLA_SOURCE_ROOT_EXT= BUILD_MODULE=SetupSDK -w installerSDK cat: /etc/redhat-release: No such file or directory gmake[3]: Entering directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl cat: /etc/redhat-release: No such file or directory cat: /etc/redhat-release: No such file or directory gmake[4]: Entering directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h code.h utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 NS_PRODUCT= VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w cat: /etc/redhat-release: No such file or directory cat: /etc/redhat-release: No such file or directory gmake[5]: Entering directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' gmake[5]: *** No rule to make target -lcurses', needed by /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. Stop. gmake[5]: Leaving directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' gmake[3]: *** [installerSDK] Error 2 gmake[3]: Leaving directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' make[2]: *** [buildInstaller] Error 2 make[2]: Leaving directory /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 make[1]: Leaving directory /root/dsbuild/ds/setuputil' make: *** [dep-../../ds/setuputil] Error 2 ------------------- Thanks for your help. Regards Daniel ---------------------- Richard Megginson wrote: > I'm not sure what needs to be installed. On my Fedora Core 4 system, > /usr/include/curses.h is provided by the ncurses-devel package. > If you do > find /usr/include -name curses.h -print > do you get anything? > > Daniel Spannbauer wrote: > >> Hallo Richard >> >> ncurses und ncurses-devel is installed. >> >> greetings >> >> Daniel >> >> >> Richard Megginson wrote: >> >>> Looks like you need to install curses-devel or ncurses-devel >>> >>> Daniel Spannbauer wrote: >>> >>>> Hallo, >>>> >>>> i Try to install the Directory-Server on SuSE 10.0. While the >>>> dsbuild I get an Error. >>>> Here the Complete Log of the dsbuild: >>>> -------------------------------------------------------------- >>>> >>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>> [===== NOW BUILDING: ds-1 =====] >>>> [fetch] complete for ds. >>>> [checksum] complete for ds. >>>> [extract] complete for ds. >>>> [patch] complete for ds. >>>> ==> Building ds/mozilla as a dependency >>>> ==> Building ds/icu as a dependency >>>> ==> Building ds/adminutil as a dependency >>>> ==> Building ds/setuputil as a dependency >>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>> [fetch] complete for fedora-setuputil. >>>> [checksum] complete for fedora-setuputil. >>>> [extract] complete for fedora-setuputil. >>>> [patch] complete for fedora-setuputil. >>>> [configure] complete for fedora-setuputil. >>>> ==> Running make in work/fedora-setuputil-1.0 >>>> cat: /etc/redhat-release: No such file or directory >>>> make[2]: Entering directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>> perl buildnum.pl -p Linux2.6 >>>> perl pumpkin.pl 90 pumpkin.dat >>>> The components are up to date >>>> >>>> ==== Starting Server Installer Build ========== >>>> >>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>> MOZILLA_SOURCE_ROOT_EXT= >>>> BUILD_MODULE=SetupSDK -w installerSDK >>>> cat: /etc/redhat-release: No such file or directory >>>> gmake[3]: Entering directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>> cat: /etc/redhat-release: No such file or directory >>>> cat: /etc/redhat-release: No such file or directory >>>> gmake[4]: Entering directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h >>>> code.h >>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>> >>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>>> NS_PRODUCT= >>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>> cat: /etc/redhat-release: No such file or directory >>>> cat: /etc/redhat-release: No such file or directory >>>> gmake[5]: Entering directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>> >>>> >>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>> -D_XOPEN_SOURCE >>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX >>>> -DLinux -O2 >>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>> -I../../include >>>> ux-curse.c -o >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>> >>>> In file included from ux-curse.c:33: >>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared (first >>>> use in this function) >>>> ux-curse.c:78: error: (Each undeclared identifier is reported only once >>>> ux-curse.c:78: error: for each function it appears in.) >>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared (first >>>> use in this function) >>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared (first >>>> use in this function) >>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared (first >>>> use in this function) >>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>> ux-curse.c:354: warning: comparison between pointer and integer >>>> ux-curse.c:356: warning: comparison between pointer and integer >>>> ux-curse.c:358: warning: comparison between pointer and integer >>>> gmake[5]: *** >>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>> >>>> Error 1gmake[5]: Leaving directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>> >>>> gmake[4]: *** [all] Error 2 >>>> gmake[4]: Leaving directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>> gmake[3]: *** [installerSDK] Error 2 >>>> gmake[3]: Leaving directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>> make[2]: *** [buildInstaller] Error 2 >>>> make[2]: Leaving directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>> make: *** [dep-../../ds/setuputil] Error 2 >>>> >>>> ------------------------------------------------------------------ >>>> >>>> Does anybody know why? >>>> >>>> Thanks for helping >>>> >>>> Daniel >>>> >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From tngan at redhat.com Thu Dec 8 15:52:26 2005 From: tngan at redhat.com (To Ngan) Date: Thu, 08 Dec 2005 07:52:26 -0800 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <200512081027.41856.dyioulos@firstbhph.com> References: <200512080929.49157.dyioulos@firstbhph.com> <43984BF0.80209@boreham.org> <200512081027.41856.dyioulos@firstbhph.com> Message-ID: <439856BA.309@redhat.com> Dimitri Yioulos wrote: >On Thursday December 08 2005 10:06 am, David Boreham wrote: > > >>Dimitri Yioulos wrote: >> >> >>>NSMMReplicationPlugin - agmt="cn=Rockland Sync1" (rockland: 389): Replica >>>has no update vector. It has never been initialized. >>> >>>Since it appears every five minutes, I'm taking a real leap here and >>>guessing that's my problem. But how do I fix it? >>> >>> >>Hmm...try this: add a new user to your FDS. Then initiate a full sync. >>See if the message goes away. >> >> >> >New AD users are added via full sync, but not via update. >NSmmReplicationPlugin error continues to show in error log. > > Did you restart FDS after enabling changelog? Also, did you reboot ADS box after installing the sync service? -- toto -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3166 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Dec 8 16:04:32 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 09:04:32 -0700 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 In-Reply-To: <43985464.4040809@marco.de> References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> Message-ID: <43985990.4000805@redhat.com> On my system, the curses libs are provided by the ncurses and ncurses-devel packages. Try this: find /usr/lib -name \*curses\* -print ? Daniel Spannbauer wrote: > Hallo Richard, > > yes, I get an Output. > There was something wrong on the system. Reboot solved it. > Anyway: > A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] > [===== NOW BUILDING: ds-1 =====] > [fetch] complete for ds. > [checksum] complete for ds. > [extract] complete for ds. > [patch] complete for ds. > ==> Building ds/mozilla as a dependency > ==> Building ds/icu as a dependency > ==> Building ds/adminutil as a dependency > ==> Building ds/setuputil as a dependency > make[1]: Entering directory /root/dsbuild/ds/setuputil' > [===== NOW BUILDING: fedora-setuputil-1.0 =====] > [fetch] complete for fedora-setuputil. > [checksum] complete for fedora-setuputil. > [extract] complete for fedora-setuputil. > [patch] complete for fedora-setuputil. > [configure] complete for fedora-setuputil. > ==> Running make in work/fedora-setuputil-1.0 > cat: /etc/redhat-release: No such file or directory > make[2]: Entering directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' > if test ! -d Linux2.6; then mkdir Linux2.6; fi; > perl buildnum.pl -p Linux2.6 > perl pumpkin.pl 90 pumpkin.dat > The components are up to date > > ==== Starting Server Installer Build ========== > > gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic > MOZILLA_SOURCE_ROOT_EXT= > BUILD_MODULE=SetupSDK -w installerSDK > cat: /etc/redhat-release: No such file or directory > gmake[3]: Entering directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' > cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic > MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl > cat: /etc/redhat-release: No such file or directory > cat: /etc/redhat-release: No such file or directory > gmake[4]: Entering directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' > cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h > code.h > utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include > > cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic > MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 > NS_PRODUCT= > VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w > cat: /etc/redhat-release: No such file or directory > cat: /etc/redhat-release: No such file or directory > gmake[5]: Entering directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' > gmake[5]: *** No rule to make target -lcurses', needed by > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. > > Stop. > gmake[5]: Leaving directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' > gmake[4]: *** [all] Error 2 > gmake[4]: Leaving directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' > gmake[3]: *** [installerSDK] Error 2 > gmake[3]: Leaving directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' > make[2]: *** [buildInstaller] Error 2 > make[2]: Leaving directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' > make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 > make[1]: Leaving directory /root/dsbuild/ds/setuputil' > make: *** [dep-../../ds/setuputil] Error 2 > > > ------------------- > > Thanks for your help. > > Regards > > Daniel > > ---------------------- > > > Richard Megginson wrote: > >> I'm not sure what needs to be installed. On my Fedora Core 4 system, >> /usr/include/curses.h is provided by the ncurses-devel package. >> If you do >> find /usr/include -name curses.h -print >> do you get anything? >> >> Daniel Spannbauer wrote: >> >>> Hallo Richard >>> >>> ncurses und ncurses-devel is installed. >>> >>> greetings >>> >>> Daniel >>> >>> >>> Richard Megginson wrote: >>> >>>> Looks like you need to install curses-devel or ncurses-devel >>>> >>>> Daniel Spannbauer wrote: >>>> >>>>> Hallo, >>>>> >>>>> i Try to install the Directory-Server on SuSE 10.0. While the >>>>> dsbuild I get an Error. >>>>> Here the Complete Log of the dsbuild: >>>>> -------------------------------------------------------------- >>>>> >>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>> [===== NOW BUILDING: ds-1 =====] >>>>> [fetch] complete for ds. >>>>> [checksum] complete for ds. >>>>> [extract] complete for ds. >>>>> [patch] complete for ds. >>>>> ==> Building ds/mozilla as a dependency >>>>> ==> Building ds/icu as a dependency >>>>> ==> Building ds/adminutil as a dependency >>>>> ==> Building ds/setuputil as a dependency >>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>> [fetch] complete for fedora-setuputil. >>>>> [checksum] complete for fedora-setuputil. >>>>> [extract] complete for fedora-setuputil. >>>>> [patch] complete for fedora-setuputil. >>>>> [configure] complete for fedora-setuputil. >>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>> cat: /etc/redhat-release: No such file or directory >>>>> make[2]: Entering directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>> perl buildnum.pl -p Linux2.6 >>>>> perl pumpkin.pl 90 pumpkin.dat >>>>> The components are up to date >>>>> >>>>> ==== Starting Server Installer Build ========== >>>>> >>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>> cat: /etc/redhat-release: No such file or directory >>>>> gmake[3]: Entering directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>> cat: /etc/redhat-release: No such file or directory >>>>> cat: /etc/redhat-release: No such file or directory >>>>> gmake[4]: Entering directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>> uninstall.h code.h >>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>> >>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>>>> NS_PRODUCT= >>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>> cat: /etc/redhat-release: No such file or directory >>>>> cat: /etc/redhat-release: No such file or directory >>>>> gmake[5]: Entering directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>> >>>>> >>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>> -D_XOPEN_SOURCE >>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX >>>>> -DLinux -O2 >>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>> -I../../include >>>>> ux-curse.c -o >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>> >>>>> In file included from ux-curse.c:33: >>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared (first >>>>> use in this function) >>>>> ux-curse.c:78: error: (Each undeclared identifier is reported only >>>>> once >>>>> ux-curse.c:78: error: for each function it appears in.) >>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared (first >>>>> use in this function) >>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared (first >>>>> use in this function) >>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared (first >>>>> use in this function) >>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>> ux-curse.c:354: warning: comparison between pointer and integer >>>>> ux-curse.c:356: warning: comparison between pointer and integer >>>>> ux-curse.c:358: warning: comparison between pointer and integer >>>>> gmake[5]: *** >>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>> >>>>> Error 1gmake[5]: Leaving directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>> >>>>> gmake[4]: *** [all] Error 2 >>>>> gmake[4]: Leaving directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>> gmake[3]: *** [installerSDK] Error 2 >>>>> gmake[3]: Leaving directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>> make[2]: *** [buildInstaller] Error 2 >>>>> make[2]: Leaving directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>> >>>>> ------------------------------------------------------------------ >>>>> >>>>> Does anybody know why? >>>>> >>>>> Thanks for helping >>>>> >>>>> Daniel >>>>> >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From dyioulos at firstbhph.com Thu Dec 8 16:21:11 2005 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu, 8 Dec 2005 11:21:11 -0500 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <439856BA.309@redhat.com> References: <200512080929.49157.dyioulos@firstbhph.com> <200512081027.41856.dyioulos@firstbhph.com> <439856BA.309@redhat.com> Message-ID: <200512081121.11676.dyioulos@firstbhph.com> On Thursday December 08 2005 10:52 am, To Ngan wrote: > Dimitri Yioulos wrote: > >On Thursday December 08 2005 10:06 am, David Boreham wrote: > >>Dimitri Yioulos wrote: > >>>NSMMReplicationPlugin - agmt="cn=Rockland Sync1" (rockland: 389): > >>> Replica has no update vector. It has never been initialized. > >>> > >>>Since it appears every five minutes, I'm taking a real leap here and > >>>guessing that's my problem. But how do I fix it? > >> > >>Hmm...try this: add a new user to your FDS. Then initiate a full sync. > >>See if the message goes away. > > > >New AD users are added via full sync, but not via update. > >NSmmReplicationPlugin error continues to show in error log. > > Did you restart FDS after enabling changelog? Yes. > Also, did you reboot ADS > box after installing the sync service? Are you speaking of PassSync? Since it's meant for password synchronization (at least, I think. I haven't implemented that yet; just want to get the basic sync working), is it necessary for basic synchronization? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From david_list at boreham.org Thu Dec 8 16:26:34 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 08 Dec 2005 09:26:34 -0700 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <200512081121.11676.dyioulos@firstbhph.com> References: <200512080929.49157.dyioulos@firstbhph.com> <200512081027.41856.dyioulos@firstbhph.com> <439856BA.309@redhat.com> <200512081121.11676.dyioulos@firstbhph.com> Message-ID: <43985EBA.2060305@boreham.org> >>>New AD users are added via full sync, but not via update. >>>NSmmReplicationPlugin error continues to show in error log. >>> >>> Try a second full sync. From dyioulos at firstbhph.com Thu Dec 8 16:53:22 2005 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu, 8 Dec 2005 11:53:22 -0500 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <43985EBA.2060305@boreham.org> References: <200512080929.49157.dyioulos@firstbhph.com> <200512081121.11676.dyioulos@firstbhph.com> <43985EBA.2060305@boreham.org> Message-ID: <200512081153.22452.dyioulos@firstbhph.com> On Thursday December 08 2005 11:26 am, David Boreham wrote: > >>>New AD users are added via full sync, but not via update. > >>>NSmmReplicationPlugin error continues to show in error log. > > Try a second full sync. > No change - same message. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dean at hwr.arizona.edu Thu Dec 8 16:59:10 2005 From: dean at hwr.arizona.edu (Dean Jones) Date: Thu, 08 Dec 2005 09:59:10 -0700 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <200512081153.22452.dyioulos@firstbhph.com> References: <200512080929.49157.dyioulos@firstbhph.com> <200512081121.11676.dyioulos@firstbhph.com> <43985EBA.2060305@boreham.org> <200512081153.22452.dyioulos@firstbhph.com> Message-ID: <4398665E.8060907@hwr.arizona.edu> Dimitri Yioulos wrote: > On Thursday December 08 2005 11:26 am, David Boreham wrote: > >>>>>New AD users are added via full sync, but not via update. >>>>>NSmmReplicationPlugin error continues to show in error log. >> >>Try a second full sync. >> > > No change - same message. > I had this happen as well with FDS 1.. had to erase the sync agreement and reset it up. upon creation of the sync agreement, immediately do a Full sync. when that finishes do another full sync. restart the directory server (slapd) then do another full sync. it should stop complaining after this point. you can do a 'Send and receive updates' to check for the error. From scott.boggs at gmail.com Thu Dec 8 17:01:16 2005 From: scott.boggs at gmail.com (lvtx) Date: Thu, 8 Dec 2005 11:01:16 -0600 Subject: [Fedora-directory-users] PassSync .. again Message-ID: <90c2b9880512080901o1a5f5cberd5c9e1cea26a81dd@mail.gmail.com> I am hoping that I can get some clarification on the whole PassSync - SSL issue. I have reviewed all the archives and I see a number of locations where it is stated that PassSync will function from a Active Directory Server - -> Fedora Directory Server without the use of SSL. However, I also see that is is a must to do any PassSync in any direction. I have WinSync working fine and want to validate PassSync, but I am just failing when it comes to configuring certificates on the Windows Active Directory side. So my hope is I can just validate without the trouble of SSL. Can I do this? If so is there any un-documented steps that would need to occur? My testing without SSL seems to validate that it is needed, but I am not 100% on if I completed all the steps to make a "non-SSL" PassSync to occure. If it turns out that I indeed need SSL, I am hoping someone can point me in the correct direction for configuring the MS Active Directory side. I have build a AD using Windows 2003 server. I have attempted to use the MS documentation on "Requirements for Domain Controllers from a Third-Party CA", but failed miserably. Is this the correct method and if so does it work with 2003 svr? I am sorry, that I am still hitting on the same subject that I have requested assistance on before, but I am just not making any headway.. If anyone could point me the documentation or advise me on how I should research it, it would be appreciated more than you know.. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From arunudr at sancharnet.in Thu Dec 8 14:59:22 2005 From: arunudr at sancharnet.in (arun shrimali) Date: Thu, 08 Dec 2005 20:29:22 +0530 Subject: [Fedora-directory-users] sharing files Message-ID: <05c901c5fc1a$97d69960$3cc2003d@aa> Dear All developers, I love to be work on Linux, but as all my peer works on windows, thus I am surrounded by windows users having eye on me "how Linux works", my major problem is access shared files on other PCs (windows), though samba works well, but I request you to have the user friendly system to access the files on other PCs / Server. (may be, my peers define userfriendliness in light of the way windows shares files) If this happens I can convenes to switch over to Linux best wishes Arun Shrimali M-9414239074 arunudr at sancharnet.in -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Dec 8 18:35:05 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 11:35:05 -0700 Subject: [Fedora-directory-users] sharing files In-Reply-To: <05c901c5fc1a$97d69960$3cc2003d@aa> References: <05c901c5fc1a$97d69960$3cc2003d@aa> Message-ID: <43987CD9.2030809@redhat.com> arun shrimali wrote: > Dear All developers, > > I love to be work on Linux, but as all my peer works on windows, thus > I am surrounded by windows users having eye on me "how Linux works", > my major problem is access shared files on other PCs (windows), though > samba works well, but I request you to have the user friendly system > to access the files on other PCs / Server. (may be, my peers define > userfriendliness in light of the way windows shares files) > > If this happens I can convenes to switch over to Linux This email list pertains to Fedora Directory Server. I doubt there are many people here who will be able to help you with your query. You might try a Samba list or a linux Desktop list. I do know that Gnome on RHEL4 and probably Fedora Core 3 and later has samba integration with the desktop, so that you can connect to a view your shares using the desktop file browser. > > best wishes > > Arun Shrimali > M-9414239074 > arunudr at sancharnet.in > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Thu Dec 8 18:57:20 2005 From: mj at sci.fi (Mike Jackson) Date: Thu, 08 Dec 2005 20:57:20 +0200 Subject: [Fedora-directory-users] Re: a little bit of samba confusion In-Reply-To: <200512070947.13195.kgtemp@ensenda.com> References: <20051207105521.379BA739C3@hormel.redhat.com> <200512070947.13195.kgtemp@ensenda.com> Message-ID: <43988210.2080109@sci.fi> Kevin M. Goess wrote: > Here are some improvements to your migration script so that it handles > objectIdentifier macro expansion > http://www.openldap.org/doc/admin22/schema.html#OID%20Macros and aliases in > names. Kevin, Thanks for the patch. I have applied it and the new version is available from the same link. BR, Mike From dyioulos at firstbhph.com Thu Dec 8 19:17:30 2005 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu, 8 Dec 2005 14:17:30 -0500 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <1134069137.32035@mail1.firstbhph.com> References: <1134069137.32035@mail1.firstbhph.com> Message-ID: <200512081417.30416.dyioulos@firstbhph.com> On Thursday December 08 2005 2:12 pm, you wrote: > Dean Jones wrote .. > > > Dimitri Yioulos wrote: > > > On Thursday December 08 2005 11:26 am, David Boreham wrote: > > >>>>>New AD users are added via full sync, but not via update. > > >>>>>NSmmReplicationPlugin error continues to show in error log. > > >> > > >>Try a second full sync. > > > > > > No change - same message. > > > > I had this happen as well with FDS 1.. > > > > had to erase the sync agreement and reset it up. > > upon creation of the sync agreement, immediately do a Full sync. > > when that finishes do another full sync. > > restart the directory server (slapd) then do another full sync. > > > > it should stop complaining after this point. > > you can do a 'Send and receive updates' to check for the error. > > > > -- Thank you for the suggestion, but that didn't work either. So, to recap, full sync works fine, update doesn't. Arrrgh! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From craigwhite at azapple.com Thu Dec 8 19:50:16 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 12:50:16 -0700 Subject: [Fedora-directory-users] self signed certificates Message-ID: <1134071416.28654.9.camel@lin-workstation.azapple.com> Trying to follow instructions at http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 Step #8 Copy the key3.db and cert8.db you created to the default databases created at Directory Server installation: where is this 'default databases'? /opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server Craig From rmeggins at redhat.com Thu Dec 8 20:00:38 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 13:00:38 -0700 Subject: [Fedora-directory-users] self signed certificates In-Reply-To: <1134071416.28654.9.camel@lin-workstation.azapple.com> References: <1134071416.28654.9.camel@lin-workstation.azapple.com> Message-ID: <439890E6.1030900@redhat.com> Craig White wrote: >Trying to follow instructions at >http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > >Step #8 >Copy the key3.db and cert8.db you created to the default databases >created at Directory Server installation: > >where is this 'default databases'? > >/opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server > > /opt/fedora-ds/alias/slapd-srv1-key3.db /opt/fedora-ds/alias/slapd-srv1-cert8.db >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Thu Dec 8 20:17:07 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 08 Dec 2005 13:17:07 -0700 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <200512081417.30416.dyioulos@firstbhph.com> References: <1134069137.32035@mail1.firstbhph.com> <200512081417.30416.dyioulos@firstbhph.com> Message-ID: <439894C3.7050705@boreham.org> >Thank you for the suggestion, but that didn't work either. So, to recap, full >sync works fine, update doesn't. Arrrgh! > > I think you have hit a problem that hasn't been seen before. Could you please enable verbose replication logging (this can be done in the console or via the start-slapd script, please let us know if you need help with that). Then restart the server and grab the contents of the file logs/errors _before_ the message that you are seeing now (there should be much more windows sync related logging now). Post that log here or a link to somewhere we can see it. Thanks. From craigwhite at azapple.com Thu Dec 8 20:17:19 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 13:17:19 -0700 Subject: [Fedora-directory-users] self signed certificates In-Reply-To: <439890E6.1030900@redhat.com> References: <1134071416.28654.9.camel@lin-workstation.azapple.com> <439890E6.1030900@redhat.com> Message-ID: <1134073039.28654.21.camel@lin-workstation.azapple.com> On Thu, 2005-12-08 at 13:00 -0700, Richard Megginson wrote: > Craig White wrote: > > >Trying to follow instructions at > >http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > > > >Step #8 > >Copy the key3.db and cert8.db you created to the default databases > >created at Directory Server installation: > > > >where is this 'default databases'? > > > >/opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server > > > > > /opt/fedora-ds/alias/slapd-srv1-key3.db > /opt/fedora-ds/alias/slapd-srv1-cert8.db ---- OK - well that was where I created them... # ls -l /opt/fedora-ds/alias/ total 520 -rw------- 1 nobody nobody 65536 Dec 8 12:55 admin-serv-srv1-cert8.db -rw------- 1 nobody nobody 16384 Dec 8 12:55 admin-serv-srv1-key3.db -rw------- 1 root root 65536 Dec 8 11:18 cert8.db -rw------- 1 root root 2644 Dec 8 11:18 cert.pk12 -rw------- 1 root root 16384 Dec 8 11:18 key3.db -rwxr-xr-x 1 root nobody 194880 Nov 29 15:06 libnssckbi.so -rw-r--r-- 1 root root 55 Dec 8 11:09 noise.txt -rw------- 1 root root 9 Dec 8 11:09 pwdfile.txt -rw------- 1 nobody nobody 16384 Dec 6 08:46 secmod.db -rw------- 1 nobody nobody 65536 Dec 8 10:55 slapd-srv1-cert8.db -rw------- 1 nobody nobody 16384 Dec 8 10:55 slapd-srv1-key3.db I didn't see them listed anywhere in the console. I ended up doing this with openssl... # first using console, I created a server csr (fedora-ds.csr) then... openssl req -config /usr/share/ssl/openssl.cnf -new -x509 \ -days 3650 -key ca.key -out ca.cert openssl genrsa -out ldap.key 1024 openssl req -config /usr/share/ssl/openssl.cnf -new -key ldap.key \ -out ldap.csr openssl x509 -req -in ldap.csr -out ldap.cert -CA ca.cert \ -CAkey ca.key -CAcreateserial -days 3650 openssl x509 -req -in fedora-ds.csr -out fedora-ds.cert -CA ca.cert \ -CAkey ca.key -CAcreateserial -days 3650cp ca.cert /etc/ssl Then using the console - in Administration console, Manage Certificates, CA Certs, I 'installed' the file ca.cert (it seemed happy) Then in Server Certs, I installed fedora-ds.cert (it seemed happy) I pretty much repeated the process of creating the signing request and signing it and generating another server cert and it seems to be happy too as now, it too lists the certificates both in the server certs and the CA certs. So I am pretty good to go right? Thanks Craig From dyioulos at firstbhph.com Thu Dec 8 20:22:37 2005 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu, 8 Dec 2005 15:22:37 -0500 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <439894C3.7050705@boreham.org> References: <1134069137.32035@mail1.firstbhph.com> <200512081417.30416.dyioulos@firstbhph.com> <439894C3.7050705@boreham.org> Message-ID: <200512081522.38063.dyioulos@firstbhph.com> On Thursday December 08 2005 3:17 pm, David Boreham wrote: > >Thank you for the suggestion, but that didn't work either. So, to recap, > > full sync works fine, update doesn't. Arrrgh! > > I think you have hit a problem that hasn't been seen before. > Could you please enable verbose replication logging (this can be > done in the console or via the start-slapd script, please let > us know if you need help with that). Then restart the server > and grab the contents of the file logs/errors _before_ the message > that you are seeing now (there should be much more windows > sync related logging now). Post that log here or a link to > somewhere we can see it. > > Thanks. > David, I do need help with that. I also recall that it can be accomplished from the console. I just don't remember how. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rmeggins at redhat.com Thu Dec 8 20:27:53 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 13:27:53 -0700 Subject: [Fedora-directory-users] self signed certificates In-Reply-To: <1134073039.28654.21.camel@lin-workstation.azapple.com> References: <1134071416.28654.9.camel@lin-workstation.azapple.com> <439890E6.1030900@redhat.com> <1134073039.28654.21.camel@lin-workstation.azapple.com> Message-ID: <43989749.3030700@redhat.com> Craig White wrote: >On Thu, 2005-12-08 at 13:00 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> >> >>>Trying to follow instructions at >>>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 >>> >>>Step #8 >>>Copy the key3.db and cert8.db you created to the default databases >>>created at Directory Server installation: >>> >>>where is this 'default databases'? >>> >>>/opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server >>> >>> >>> >>> >>/opt/fedora-ds/alias/slapd-srv1-key3.db >>/opt/fedora-ds/alias/slapd-srv1-cert8.db >> >> >---- >OK - well that was where I created them... > ># ls -l /opt/fedora-ds/alias/ >total 520 >-rw------- 1 nobody nobody 65536 Dec 8 12:55 admin-serv-srv1-cert8.db >-rw------- 1 nobody nobody 16384 Dec 8 12:55 admin-serv-srv1-key3.db >-rw------- 1 root root 65536 Dec 8 11:18 cert8.db >-rw------- 1 root root 2644 Dec 8 11:18 cert.pk12 >-rw------- 1 root root 16384 Dec 8 11:18 key3.db >-rwxr-xr-x 1 root nobody 194880 Nov 29 15:06 libnssckbi.so >-rw-r--r-- 1 root root 55 Dec 8 11:09 noise.txt >-rw------- 1 root root 9 Dec 8 11:09 pwdfile.txt >-rw------- 1 nobody nobody 16384 Dec 6 08:46 secmod.db >-rw------- 1 nobody nobody 65536 Dec 8 10:55 slapd-srv1-cert8.db >-rw------- 1 nobody nobody 16384 Dec 8 10:55 slapd-srv1-key3.db > >I didn't see them listed anywhere in the console. > > Didn't see what listed anywhere in the console? I think the directions mean "copy your new key3.db over slapd-srv1-key3.db and copy your new cert8.db over slapd-srv1-cert8.db". When you do this, make sure slapd isn't running, and make sure you retain the old ownership and permissions of those files (e.g. nobody:nobody and 0600). Slapd (uid nobody) has to open those files in read-write mode. >I ended up doing this with openssl... ># first using console, I created a server csr (fedora-ds.csr) > >then... >openssl req -config /usr/share/ssl/openssl.cnf -new -x509 \ >-days 3650 -key ca.key -out ca.cert >openssl genrsa -out ldap.key 1024 >openssl req -config /usr/share/ssl/openssl.cnf -new -key ldap.key \ >-out ldap.csr >openssl x509 -req -in ldap.csr -out ldap.cert -CA ca.cert \ >-CAkey ca.key -CAcreateserial -days 3650 >openssl x509 -req -in fedora-ds.csr -out fedora-ds.cert -CA ca.cert \ >-CAkey ca.key -CAcreateserial -days 3650cp ca.cert /etc/ssl > >Then using the console - in Administration console, Manage Certificates, >CA Certs, I 'installed' the file ca.cert (it seemed happy) > >Then in Server Certs, I installed fedora-ds.cert (it seemed happy) > >I pretty much repeated the process of creating the signing request and >signing it and generating another server cert and it seems to be happy >too as now, it too lists the certificates both in the server certs and >the CA certs. > >So I am pretty good to go right? > >Thanks > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From golden at cnt.org Thu Dec 8 21:24:16 2005 From: golden at cnt.org (Golden Butler) Date: Thu, 08 Dec 2005 15:24:16 -0600 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <1133943088.2904.8.camel@slop> Message-ID: <20051208212416.77d00202@collab.cnt.org> thanks Pete! I've tested the scripts, and they indeed start fedora-directory. But when I try to get them to at boot up issuing /sbin/chkconfig --add fedora-ds I get the following error: service fedora-ds does not support chkconfig Any ideas? - Delamatrix _____ From: Pete Rowley [mailto:pete at openrowley.com] To: golden at cnt.org, General discussion list for the Fedora Directory server project. [mailto:fedora-directory-users at redhat.com] Sent: Wed, 07 Dec 2005 02:11:28 -0600 Subject: Re: [Fedora-directory-users] Cant't Start Console On Tue, 2005-12-06 at 23:00 -0600, Golden Butler wrote: > thanks for the link! now excuse me my linux ignorance here, but where > do I copy this scripts to /etc/init.d/ > , and what do I name them? naming them as they appear in the url without the -ini.d would make sense. Something like: fedora-ds fedora-ds-admin to start the services: /etc/init.d/fedora-ds start /etc/init.d/fedora-ds-admin start or leave off the start option to see what else you can do. To have the servers start on boot do: /sbin/chkconfig --add fedora-ds /sbin/chkconfig --add fedora-ds-admin > > ______________________________________________________________ > From: Richard Megginson [mailto:rmeggins at redhat.com] > To: Golden Butler [mailto:golden at cnt.org] > Cc: fedora-directory-users at redhat.com > Sent: Tue, 06 Dec 2005 22:49:30 -0600 > Subject: Re: [Fedora-directory-users] Cant't Start Console > > Golden Butler wrote: > > > Great! That worked. I didn't have the xorg* package > installed. Now > > the console starts. I'm pretty new to Fedora Core 4, so how > can I get > > the directory server to start on boot up? > > http://directory.fedora.redhat.com/wiki/Howto:SysVInit > > > > > Richard Megginson wrote: > > > >> Golden Butler wrote: > >> > >>> $JAVA_HOME = /opt/IBMJava2-142 > >>> > >>> Downloaded IBM JDK from = > >>> > http://www-128.ibm.com/developerworks/java/jdk/linux140/download.html > >>> > >>> Is this right? > >> > >> > >> > >> Yes. But see here, as Thomas suggested - > >> > http://directory.fedora.redhat.com/wiki/FAQ#Exception_in_thread_.22main.22_java.lang.ExceptionInInitializerError > >> > >> > >>> > >>> Richard Megginson wrote: > >>> > >>>> Golden Butler wrote: > >>>> > >>>>> Thanks Richard. I tried running the export command like > you > >>>>> suggested, but I still get the same error message. > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> What is your JAVA_HOME setting? Where did you download > the IBM JDK > >>>> from? > >>>> > >>>>> > >>>>> Golden Butler > >>>>> IT Support > >>>>> > >>>>> Center for Neighborhood Technology > >>>>> 2125 W. North Avenue > >>>>> Chicago, IL 60647 > >>>>> > >>>>> 773-269-4061 > >>>>> golden at cnt.org > >>>>> www.cnt.org > >>>>> > >>>>> > >>>>> > ------------------------------------------------------------------------ > >>>>> > >>>>> *From:* Richard Megginson [mailto:rmeggins at redhat.com] > >>>>> *To:* golden at cnt.org > >>>>> *Cc:* fedora-directory-users at redhat.com > >>>>> *Sent:* Tue, 06 Dec 2005 09:03:01 -0600 > >>>>> *Subject:* Re: [Fedora-directory-users] Cant't Start > Console > >>>>> > >>>>> Try > >>>>> export LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib > >>>>> then ./startconsole > >>>>> does the problem go away? > >>>>> > >>>>> Golden Butler wrote: > >>>>> > >>>>> > Thanks for the help. I've installed the IBM java kit > and > >>>>> successfully > >>>>> > exported JAVA_HOME to the install path. > >>>>> > Now when I run ./startconsole, I get the following > error: > >>>>> > > >>>>> > Exception in thread "main" > >>>>> java.lang.ExceptionInInitializerError > >>>>> > at > >>>>> > > >>>>> > >>>>> > com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154) > >>>>> > >>>>> > at > >>>>> > > com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown > >>>>> Source) > >>>>> > at > javax.swing.UIManager.setLookAndFeel(UIManager.java:424) > >>>>> > at > >>>>> > > >>>>> > >>>>> > com.netscape.management.client.console.Console.common_init(Unknown > >>>>> Source) > >>>>> > at > >>>>> > > com.netscape.management.client.console.Console.(Unknown > >>>>> Source) > >>>>> > at > com.netscape.management.client.console.Console.main(Unknown > >>>>> > Source) > >>>>> > Caused by: java.lang.NullPointerException > >>>>> > at > java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2171) > >>>>> > at > java.lang.ClassLoader.loadLibrary(ClassLoader.java:2006) > >>>>> > at java.lang.Runtime.loadLibrary0(Runtime.java:824) > >>>>> > at java.lang.System.loadLibrary(System.java:910) > >>>>> > at > >>>>> > > >>>>> > sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76) > >>>>> > at java.security.AccessController.doPrivileged1(Native > Method) > >>>>> > at > >>>>> > > >>>>> > >>>>> > java.security.AccessController.doPrivileged(AccessController.java:287) > >>>>> > >>>>> > at java.awt.Toolkit.loadLibraries(Toolkit.java:1488) > >>>>> > at java.awt.Toolkit.(Toolkit.java:1511) > >>>>> > ... 6 more > >>>>> > > >>>>> > Is this error saying something with the Java gui is > screwed up? > >>>>> > > >>>>> > - Delamatrix > >>>>> > > >>>>> > > >>>>> > >>>>> > ------------------------------------------------------------------------ > >>>>> > >>>>> > *From:* Richard Megginson [mailto:rmeggins at redhat.com > >>>>> ] > >>>>> > *To:* golden at cnt.org > >>>>> , > >>>>> General discussion list for the Fedora > >>>>> > Directory server project. > >>>>> [mailto:fedora-directory-users at redhat.com > >>>>> > ] > >>>>> > *Sent:* Mon, 05 Dec 2005 22:09:19 -0600 > >>>>> > *Subject:* Re: [Fedora-directory-users] Cant't Start > Console > >>>>> > > >>>>> > Golden Butler wrote: > >>>>> > > >>>>> > > I've just installed fedora directory server on my > fedora > >>>>> core 4 > >>>>> > > machine. The installation was a breeze, but when I > go to > >>>>> start the > >>>>> > > console, I get the following error: > >>>>> > > > >>>>> > > ./startconsole: Your JAVA_HOME environment variable > is not > >>>>> set. > >>>>> > > Please set it appropriately. > >>>>> > > >>>>> > export JAVA_HOME=/path/to/java e.g. on my Fedora Core > 4 system > >>>>> > with the > >>>>> > RHEL4 IBM 1.4.2 JDK: > >>>>> > export JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 > >>>>> > > >>>>> > > > >>>>> > > I've confirmend that I indeed have java run time > >>>>> installed. Is > >>>>> > there > >>>>> > > some config somewhere that I need to set or is > ignoring? Any > >>>>> > help or > >>>>> > > suggestions will be appreciated. Thanks > >>>>> > > > >>>>> > > - Delamatrix > >>>>> > > > >>>>> > > >>>>> > >>>>> > >------------------------------------------------------------------------ > >>>>> > >>>>> > > > >>>>> > >-- > >>>>> > >Fedora-directory-users mailing list > >>>>> > >Fedora-directory-users at redhat.com > >>>>> > > >>>>> > > >>>>> > ")> > >>>>> > > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>> > > > >>>>> > > > >>>>> > > >>>>> > >>> > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From dyioulos at firstbhph.com Thu Dec 8 21:33:09 2005 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu, 8 Dec 2005 16:33:09 -0500 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <200512081522.38063.dyioulos@firstbhph.com> References: <1134069137.32035@mail1.firstbhph.com> <439894C3.7050705@boreham.org> <200512081522.38063.dyioulos@firstbhph.com> Message-ID: <200512081633.09400.dyioulos@firstbhph.com> On Thursday December 08 2005 3:22 pm, Dimitri Yioulos wrote: > On Thursday December 08 2005 3:17 pm, David Boreham wrote: > > >Thank you for the suggestion, but that didn't work either. So, to > > > recap, full sync works fine, update doesn't. Arrrgh! > > > > I think you have hit a problem that hasn't been seen before. > > Could you please enable verbose replication logging (this can be > > done in the console or via the start-slapd script, please let > > us know if you need help with that). Then restart the server > > and grab the contents of the file logs/errors _before_ the message > > that you are seeing now (there should be much more windows > > sync related logging now). Post that log here or a link to > > somewhere we can see it. > > > > Thanks. > > David, > > I do need help with that. I also recall that it can be accomplished from > the console. I just don't remember how. No, actually I don't need help, I just have to RTFM. Here's the output from with log level 8192: [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland:389): State: wait_for_changes -> wait_for_changes [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland:389): State: wait_for_changes -> start [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland:389): No linger to cancel on the connection [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Disconnected from the consumer [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: start -> ready_to_acquire_replica [08/Dec/2005:16:10:37 -0500] - acquire_replica, supplier RUV: [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - supplier: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:10:37 -0500] - acquire_replica, consumer RUV: [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - consumer: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Trying non-secure slapi_ldap_init [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): binddn = cn=Administrator,cn=Users,dc=Headquarters,dc=firstbhph,dc=com, passwd = {DE S}LW8hCYz9qRFS0787nlyzPA== [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): No linger to cancel on the connection [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - windows_acquire_replica returned succe ss (101) [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: ready_to_acquire_replica -> sending_updates [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Replica has no update vector. It has never been initialized. [08/Dec/2005:16:10:37 -0500] - Sending dirsync search request [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Beginning linger on the connection [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Linger timeout has expired on the connection [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: sending_updates -> start_backoff [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Disconnected from the consumer [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: start_backoff -> start [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): No linger to cancel on the connection [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Disconnected from the consumer [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: start -> ready_to_acquire_replica [08/Dec/2005:16:10:38 -0500] - acquire_replica, supplier RUV: [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - supplier: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:10:38 -0500] - acquire_replica, consumer RUV: [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - consumer: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Trying non-secure slapi_ldap_init [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): binddn = cn=Administrator,cn=Users,dc=Headquarters,dc=firstbhph,dc=com, passwd = {DE S}LW8hCYz9qRFS0787nlyzPA== [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): No linger to cancel on the connection [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - windows_acquire_replica returned succe ss (101) [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: ready_to_acquire_replica -> sending_updates [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Replica has no update vector. It has never been initialized. [08/Dec/2005:16:10:38 -0500] - Sending dirsync search request [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Beginning linger on the connection [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Linger timeout has expired on the connection [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Disconnected from the consumer [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: sending_updates -> start_backoff [08/Dec/2005:16:10:42 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: start_backoff -> backoff [08/Dec/2005:16:10:42 -0500] - acquire_replica, supplier RUV: [08/Dec/2005:16:10:42 -0500] NSMMReplicationPlugin - supplier: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:10:42 -0500] - acquire_replica, consumer RUV: [08/Dec/2005:16:10:42 -0500] NSMMReplicationPlugin - consumer: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:10:42 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: backoff -> wait_for_changes [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - Running Dirsync [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: wait_for_changes -> wait_for_changes [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: wait_for_changes -> ready_to_acquire_replica [08/Dec/2005:16:11:02 -0500] - acquire_replica, supplier RUV: [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - supplier: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:11:02 -0500] - acquire_replica, consumer RUV: [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - consumer: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Trying non-secure slapi_ldap_init [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland:389): binddn = cn=Administrator,cn=Users,dc=Headquarters,dc=firstbhph,dc=com, passwd = {DE S}LW8hCYz9qRFS0787nlyzPA== [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): No linger to cancel on the connection [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - windows_acquire_replica returned succe ss (101) [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: ready_to_acquire_replica -> sending_updates [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Replica has no update vector. It has never been initialized. [08/Dec/2005:16:11:02 -0500] - Sending dirsync search request [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Beginning linger on the connection [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: sending_updates -> start_backoff [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Linger timeout has expired on the connection [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): Disconnected from the consumer [08/Dec/2005:16:11:06 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: start_backoff -> backoff [08/Dec/2005:16:11:06 -0500] - acquire_replica, supplier RUV: [08/Dec/2005:16:11:06 -0500] NSMMReplicationPlugin - supplier: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:11:06 -0500] - acquire_replica, consumer RUV: [08/Dec/2005:16:11:06 -0500] NSMMReplicationPlugin - consumer: {replicageneration} 4394acf9 0000ffff0000 [08/Dec/2005:16:11:07 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS Sync" (rockland: 389): State: backoff -> wait_for_changes -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From craigwhite at azapple.com Thu Dec 8 21:53:36 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 14:53:36 -0700 Subject: [Fedora-directory-users] self signed certificates In-Reply-To: <43989749.3030700@redhat.com> References: <1134071416.28654.9.camel@lin-workstation.azapple.com> <439890E6.1030900@redhat.com> <1134073039.28654.21.camel@lin-workstation.azapple.com> <43989749.3030700@redhat.com> Message-ID: <1134078816.28654.28.camel@lin-workstation.azapple.com> On Thu, 2005-12-08 at 13:27 -0700, Richard Megginson wrote: > Craig White wrote: > > >On Thu, 2005-12-08 at 13:00 -0700, Richard Megginson wrote: > > > > > >>Craig White wrote: > >> > >> > >> > >>>Trying to follow instructions at > >>>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > >>> > >>>Step #8 > >>>Copy the key3.db and cert8.db you created to the default databases > >>>created at Directory Server installation: > >>> > >>>where is this 'default databases'? > >>> > >>>/opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server > >>> > >>> > >>> > >>> > >>/opt/fedora-ds/alias/slapd-srv1-key3.db > >>/opt/fedora-ds/alias/slapd-srv1-cert8.db > >> > >> > >---- > >OK - well that was where I created them... > > > ># ls -l /opt/fedora-ds/alias/ > >total 520 > >-rw------- 1 nobody nobody 65536 Dec 8 12:55 admin-serv-srv1-cert8.db > >-rw------- 1 nobody nobody 16384 Dec 8 12:55 admin-serv-srv1-key3.db > >-rw------- 1 root root 65536 Dec 8 11:18 cert8.db > >-rw------- 1 root root 2644 Dec 8 11:18 cert.pk12 > >-rw------- 1 root root 16384 Dec 8 11:18 key3.db > >-rwxr-xr-x 1 root nobody 194880 Nov 29 15:06 libnssckbi.so > >-rw-r--r-- 1 root root 55 Dec 8 11:09 noise.txt > >-rw------- 1 root root 9 Dec 8 11:09 pwdfile.txt > >-rw------- 1 nobody nobody 16384 Dec 6 08:46 secmod.db > >-rw------- 1 nobody nobody 65536 Dec 8 10:55 slapd-srv1-cert8.db > >-rw------- 1 nobody nobody 16384 Dec 8 10:55 slapd-srv1-key3.db > > > >I didn't see them listed anywhere in the console. > > > > > Didn't see what listed anywhere in the console? ---- the certificates that I generated using certutil. I never could find evidence of them in any console. The files listed above I am certain were generated by openssl creation of the CA certificate and using that to sign the requests from the Server Certs portions of the Administration and Directory Consoles - and 'installing' them in the console...because of the time signatures. ---- > > I think the directions mean "copy your new key3.db over > slapd-srv1-key3.db and copy your new cert8.db over > slapd-srv1-cert8.db". When you do this, make sure slapd isn't running, > and make sure you retain the old ownership and permissions of those > files (e.g. nobody:nobody and 0600). Slapd (uid nobody) has to open > those files in read-write mode. > ---- it would appear that having the above contents of /opt/fedora-ds/alias and the db files chmod 600 nobody:nobody as per above - that even though I generated them ultimately with openssl and not certutil and they are listed in both Administration and Directory consoles in both CA Certs and Server Certs that I am good to go to next step. Thanks Craig From craigwhite at azapple.com Thu Dec 8 21:55:36 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 14:55:36 -0700 Subject: [Fedora-directory-users] Cant't Start Console In-Reply-To: <20051208212416.77d00202@collab.cnt.org> References: <20051208212416.77d00202@collab.cnt.org> Message-ID: <1134078936.28654.30.camel@lin-workstation.azapple.com> On Thu, 2005-12-08 at 15:24 -0600, Golden Butler wrote: > thanks Pete! I've tested the scripts, and they indeed start fedora- > directory. But when I try to get them to at boot up issuing > > /sbin/chkconfig --add fedora-ds > > I get the following error: > > service fedora-ds does not support chkconfig > > Any ideas? ---- yeah - some of the samples need the line to be formatted something more like this... # chkconfig: 345 86 14 ^^^ runlevels Craig From sstrong at crwash.org Thu Dec 8 22:31:38 2005 From: sstrong at crwash.org (Steve Strong) Date: Thu, 08 Dec 2005 16:31:38 -0600 Subject: [Fedora-directory-users] migrating from flat files to fedora directory... Message-ID: <4398B44A.7040007@crwash.org> ... seems harder than I thought. I can't get Ldapimport to do anything and it doesn't display any errors and the old fedora 4 /usr/share/openldap/migration scripts all die with a message saying there is not "require" command. thanks in advance for the help, steve -- Steve Strong Math and Computer Science Washington High School 2205 Forest Dr. SE Cedar Rapids, IA 52403 http://crwash.org mailto:sstrong at crwash.org From craigwhite at azapple.com Thu Dec 8 22:38:36 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 15:38:36 -0700 Subject: [Fedora-directory-users] migrating from flat files to fedora directory... In-Reply-To: <4398B44A.7040007@crwash.org> References: <4398B44A.7040007@crwash.org> Message-ID: <1134081517.28654.32.camel@lin-workstation.azapple.com> On Thu, 2005-12-08 at 16:31 -0600, Steve Strong wrote: > .... seems harder than I thought. I can't get Ldapimport to do anything > and it doesn't display any errors and the old fedora 4 > /usr/share/openldap/migration scripts all die with a message saying > there is not "require" command. ---- can't help with LdapImport ... migration scripts have always worked for me... did you edit migrate_common.ph for your specific situation? try running ./migrate_passwd /etc/passwd > passwd.ldif how does that look? Error...post the entire error. Craig From craigwhite at azapple.com Thu Dec 8 22:45:42 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 15:45:42 -0700 Subject: [Fedora-directory-users] still working instructions through... Message-ID: <1134081942.28654.38.camel@lin-workstation.azapple.com> FDS is running as nobody UID - I checked off in console to run with SSL eneabled, ignored warning about only root can run ports < 1024 restarted server - you know what happened next ;-) OK so I have it turned off and server back up and running. 1. Following instructions on wiki... http://directory.fedora.redhat.com/wiki/Howto:SSL # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)' SSL initialization failed: error -8192 (An I/O error occurred during security authorization.) 2. My guess is that is because SSL isn't on. How do I deal with running as UID nobody and SSL ? Craig From rmeggins at redhat.com Thu Dec 8 23:29:58 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 16:29:58 -0700 Subject: [Fedora-directory-users] self signed certificates In-Reply-To: <1134078816.28654.28.camel@lin-workstation.azapple.com> References: <1134071416.28654.9.camel@lin-workstation.azapple.com> <439890E6.1030900@redhat.com> <1134073039.28654.21.camel@lin-workstation.azapple.com> <43989749.3030700@redhat.com> <1134078816.28654.28.camel@lin-workstation.azapple.com> Message-ID: <4398C1F6.2070402@redhat.com> Craig White wrote: >On Thu, 2005-12-08 at 13:27 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> >> >>>On Thu, 2005-12-08 at 13:00 -0700, Richard Megginson wrote: >>> >>> >>> >>> >>>>Craig White wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Trying to follow instructions at >>>>>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 >>>>> >>>>>Step #8 >>>>>Copy the key3.db and cert8.db you created to the default databases >>>>>created at Directory Server installation: >>>>> >>>>>where is this 'default databases'? >>>>> >>>>>/opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>/opt/fedora-ds/alias/slapd-srv1-key3.db >>>>/opt/fedora-ds/alias/slapd-srv1-cert8.db >>>> >>>> >>>> >>>> >>>---- >>>OK - well that was where I created them... >>> >>># ls -l /opt/fedora-ds/alias/ >>>total 520 >>>-rw------- 1 nobody nobody 65536 Dec 8 12:55 admin-serv-srv1-cert8.db >>>-rw------- 1 nobody nobody 16384 Dec 8 12:55 admin-serv-srv1-key3.db >>>-rw------- 1 root root 65536 Dec 8 11:18 cert8.db >>>-rw------- 1 root root 2644 Dec 8 11:18 cert.pk12 >>>-rw------- 1 root root 16384 Dec 8 11:18 key3.db >>>-rwxr-xr-x 1 root nobody 194880 Nov 29 15:06 libnssckbi.so >>>-rw-r--r-- 1 root root 55 Dec 8 11:09 noise.txt >>>-rw------- 1 root root 9 Dec 8 11:09 pwdfile.txt >>>-rw------- 1 nobody nobody 16384 Dec 6 08:46 secmod.db >>>-rw------- 1 nobody nobody 65536 Dec 8 10:55 slapd-srv1-cert8.db >>>-rw------- 1 nobody nobody 16384 Dec 8 10:55 slapd-srv1-key3.db >>> >>>I didn't see them listed anywhere in the console. >>> >>> >>> >>> >>Didn't see what listed anywhere in the console? >> >> >---- >the certificates that I generated using certutil. I never could find >evidence of them in any console. > They have to be in the file called slapd-name-cert8.db - it won't find them if they are in cert8.db. >The files listed above I am certain >were generated by openssl creation of the CA certificate and using that >to sign the requests from the Server Certs portions of the >Administration and Directory Consoles - and 'installing' them in the >console...because of the time signatures. >---- > > >>I think the directions mean "copy your new key3.db over >>slapd-srv1-key3.db and copy your new cert8.db over >>slapd-srv1-cert8.db". When you do this, make sure slapd isn't running, >>and make sure you retain the old ownership and permissions of those >>files (e.g. nobody:nobody and 0600). Slapd (uid nobody) has to open >>those files in read-write mode. >> >> >> >---- >it would appear that having the above contents of /opt/fedora-ds/alias >and the db files chmod 600 nobody:nobody as per above - that even though >I generated them ultimately with openssl and not certutil and they are >listed in both Administration and Directory consoles in both CA Certs >and Server Certs that I am good to go to next step. > > Ok. >Thanks > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Dec 8 23:37:39 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 16:37:39 -0700 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <1134081942.28654.38.camel@lin-workstation.azapple.com> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> Message-ID: <4398C3C3.6010709@redhat.com> Craig White wrote: >FDS is running as nobody UID - I checked off in console to run with SSL >eneabled, ignored warning about only root can run ports < 1024 restarted >server - you know what happened next ;-) > > No, not really. The admin server has the capability to start up slapd as root so that it can listen to port 389 and 636. slapd then does a setuid to "nobody" after it has bound to these ports. >OK so I have it turned off and server back up and running. > >1. Following instructions on wiki... > http://directory.fedora.redhat.com/wiki/Howto:SSL > > # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)' > SSL initialization failed: error -8192 (An I/O error occurred > during security authorization.) > > No, not exactly. The instructions assume you are setting up the other ldap clients on the linux box, almost all of which use openldap. So, in order to test, you must use the openldap ldapsearch from /usr/bin. >2. My guess is that is because SSL isn't on. How do I deal with running > as UID nobody and SSL ? > > You shouldn't have to worry about it, as long as you start up your slapd in one of these 3 ways: 1) Using the sys4 init script during startup - http://directory.fedora.redhat.com/wiki/Howto:SysVInit 2) As root from the command line by using /opt/fedora-ds/slapd-host/start-slapd 3) Using the admin server via the console or admin express >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Fri Dec 9 00:07:52 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 17:07:52 -0700 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <4398C3C3.6010709@redhat.com> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> <4398C3C3.6010709@redhat.com> Message-ID: <1134086872.28654.59.camel@lin-workstation.azapple.com> On Thu, 2005-12-08 at 16:37 -0700, Richard Megginson wrote: > Craig White wrote: > > >FDS is running as nobody UID - I checked off in console to run with SSL > >eneabled, ignored warning about only root can run ports < 1024 restarted > >server - you know what happened next ;-) > > > > > No, not really. The admin server has the capability to start up slapd > as root so that it can listen to port 389 and 636. slapd then does a > setuid to "nobody" after it has bound to these ports. ---- ok - good to know. It is running and peering into console I see that it is still checked. Restarting from console was a failure and I ended up closing out the console, restarting from SysV and getting back into console (that's not a big problem but very confusing) ---- > > >OK so I have it turned off and server back up and running. > > > >1. Following instructions on wiki... > > http://directory.fedora.redhat.com/wiki/Howto:SSL > > > > # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)' > > SSL initialization failed: error -8192 (An I/O error occurred > > during security authorization.) > > > > > No, not exactly. The instructions assume you are setting up the other > ldap clients on the linux box, almost all of which use openldap. So, in > order to test, you must use the openldap ldapsearch from /usr/bin. ---- OK - not a problem, I can use openldap clients... # ldapsearch -ZZ '(uid=jim)' ldap_start_tls: Protocol error (2) additional info: unsupported extended operation oh - oh...still same issue # tail -n 5 /etc/openldap/ldap.conf URI ldap://srv1.clsurvey.com HOST 127.0.0.1 BASE dc=clsurvey,dc=com TLS_CACERTDIR /etc/ssl TLS_REQCERT allow tail -n 4 /opt/fedora-ds/slapd-srv1/logs/access [08/Dec/2005:16:55:26 -0700] conn=20 op=0 EXT oid="1.3.6.1.4.1.1466.20037" [08/Dec/2005:16:55:26 -0700] conn=20 op=0 RESULT err=2 tag=120 nentries=0 etime=0 [08/Dec/2005:16:55:26 -0700] conn=20 op=-1 fd=66 closed - B1 [08/Dec/2005:16:56:21 -0700] conn=0 fd=64 slot=64 connection from 127.0.0.1 to 127.0.0.1 ? Craig From rmeggins at redhat.com Fri Dec 9 00:58:48 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 17:58:48 -0700 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <1134086872.28654.59.camel@lin-workstation.azapple.com> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> <4398C3C3.6010709@redhat.com> <1134086872.28654.59.camel@lin-workstation.azapple.com> Message-ID: <4398D6C8.1070601@redhat.com> Craig White wrote: >On Thu, 2005-12-08 at 16:37 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> >> >>>FDS is running as nobody UID - I checked off in console to run with SSL >>>eneabled, ignored warning about only root can run ports < 1024 restarted >>>server - you know what happened next ;-) >>> >>> >>> >>> >>No, not really. The admin server has the capability to start up slapd >>as root so that it can listen to port 389 and 636. slapd then does a >>setuid to "nobody" after it has bound to these ports. >> >> >---- >ok - good to know. It is running and peering into console I see that it >is still checked. Restarting from console was a failure and I ended up >closing out the console, restarting from SysV and getting back into >console (that's not a big problem but very confusing) > > When you tried to restart in the console, what error messages did you get? Did you get any error messages in admin-serv/logs/access or admin-serv/logs/error? >---- > > >>>OK so I have it turned off and server back up and running. >>> >>>1. Following instructions on wiki... >>> http://directory.fedora.redhat.com/wiki/Howto:SSL >>> >>> # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)' >>> SSL initialization failed: error -8192 (An I/O error occurred >>> during security authorization.) >>> >>> >>> >>> >>No, not exactly. The instructions assume you are setting up the other >>ldap clients on the linux box, almost all of which use openldap. So, in >>order to test, you must use the openldap ldapsearch from /usr/bin. >> >> >---- >OK - not a problem, I can use openldap clients... ># ldapsearch -ZZ '(uid=jim)' >ldap_start_tls: Protocol error (2) > additional info: unsupported extended operation > > You will get this error if you try to use startTLS but the server is not configured for security, which brings us back to your earlier problem . . . What are the first few lines of slapd-srv1/logs/errors? >oh - oh...still same issue > ># tail -n 5 /etc/openldap/ldap.conf >URI ldap://srv1.clsurvey.com >HOST 127.0.0.1 >BASE dc=clsurvey,dc=com >TLS_CACERTDIR /etc/ssl >TLS_REQCERT allow > >tail -n 4 /opt/fedora-ds/slapd-srv1/logs/access >[08/Dec/2005:16:55:26 -0700] conn=20 op=0 EXT >oid="1.3.6.1.4.1.1466.20037" >[08/Dec/2005:16:55:26 -0700] conn=20 op=0 RESULT err=2 tag=120 >nentries=0 etime=0 >[08/Dec/2005:16:55:26 -0700] conn=20 op=-1 fd=66 closed - B1 >[08/Dec/2005:16:56:21 -0700] conn=0 fd=64 slot=64 connection from >127.0.0.1 to 127.0.0.1 > >? > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Fri Dec 9 01:40:40 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 18:40:40 -0700 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <4398D6C8.1070601@redhat.com> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> <4398C3C3.6010709@redhat.com> <1134086872.28654.59.camel@lin-workstation.azapple.com> <4398D6C8.1070601@redhat.com> Message-ID: <1134092440.28654.68.camel@lin-workstation.azapple.com> On Thu, 2005-12-08 at 17:58 -0700, Richard Megginson wrote: > Craig White wrote: > > >On Thu, 2005-12-08 at 16:37 -0700, Richard Megginson wrote: > > > > > >>Craig White wrote: > >> > >> > >> > >>>FDS is running as nobody UID - I checked off in console to run with SSL > >>>eneabled, ignored warning about only root can run ports < 1024 restarted > >>>server - you know what happened next ;-) > >>> > >>> > >>> > >>> > >>No, not really. The admin server has the capability to start up slapd > >>as root so that it can listen to port 389 and 636. slapd then does a > >>setuid to "nobody" after it has bound to these ports. > >> > >> > >---- > >ok - good to know. It is running and peering into console I see that it > >is still checked. Restarting from console was a failure and I ended up > >closing out the console, restarting from SysV and getting back into > >console (that's not a big problem but very confusing) > > > > > When you tried to restart in the console, what error messages did you > get? Did you get any error messages in admin-serv/logs/access or > admin-serv/logs/error? > > >---- > > > > > >>>OK so I have it turned off and server back up and running. > >>> > >>>1. Following instructions on wiki... > >>> http://directory.fedora.redhat.com/wiki/Howto:SSL > >>> > >>> # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)' > >>> SSL initialization failed: error -8192 (An I/O error occurred > >>> during security authorization.) > >>> > >>> > >>> > >>> > >>No, not exactly. The instructions assume you are setting up the other > >>ldap clients on the linux box, almost all of which use openldap. So, in > >>order to test, you must use the openldap ldapsearch from /usr/bin. > >> > >> > >---- > >OK - not a problem, I can use openldap clients... > ># ldapsearch -ZZ '(uid=jim)' > >ldap_start_tls: Protocol error (2) > > additional info: unsupported extended operation > > > > > You will get this error if you try to use startTLS but the server is not > configured for security, which brings us back to your earlier problem . . . > What are the first few lines of slapd-srv1/logs/errors? ---- you are right on the money but I don't know why. nsslapd-security: on # in /opt/fedora-ds/slapd-srv1/config/dse.ldif then 'service fds restart' will absolutely hang and never start up. if it equals 'off' then obviously slapd will start up. recent efforts which include the 'hang' effect show nothing in /opt/fedora-ds/slapd-srv1/logs/error but the one time that I restarted the server from the console, it did show this... [08/Dec/2005:15:22:57 -0700] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8177 - The security password entered is incorrect.) [08/Dec/2005:15:22:57 -0700] - ERROR: SSL Initialization Failed. ---- > > >oh - oh...still same issue > > > ># tail -n 5 /etc/openldap/ldap.conf > >URI ldap://srv1.clsurvey.com > >HOST 127.0.0.1 > >BASE dc=clsurvey,dc=com > >TLS_CACERTDIR /etc/ssl > >TLS_REQCERT allow > > > >tail -n 4 /opt/fedora-ds/slapd-srv1/logs/access > >[08/Dec/2005:16:55:26 -0700] conn=20 op=0 EXT > >oid="1.3.6.1.4.1.1466.20037" > >[08/Dec/2005:16:55:26 -0700] conn=20 op=0 RESULT err=2 tag=120 > >nentries=0 etime=0 > >[08/Dec/2005:16:55:26 -0700] conn=20 op=-1 fd=66 closed - B1 > >[08/Dec/2005:16:56:21 -0700] conn=0 fd=64 slot=64 connection from > >127.0.0.1 to 127.0.0.1 From rmeggins at redhat.com Fri Dec 9 02:11:43 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 19:11:43 -0700 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <1134092440.28654.68.camel@lin-workstation.azapple.com> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> <4398C3C3.6010709@redhat.com> <1134086872.28654.59.camel@lin-workstation.azapple.com> <4398D6C8.1070601@redhat.com> <1134092440.28654.68.camel@lin-workstation.azapple.com> Message-ID: <4398E7DF.1040501@redhat.com> Craig White wrote: >On Thu, 2005-12-08 at 17:58 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> >> >>>On Thu, 2005-12-08 at 16:37 -0700, Richard Megginson wrote: >>> >>> >>> >>> >>>>Craig White wrote: >>>> >>>> >>>> >>>> >>>> >>>>>FDS is running as nobody UID - I checked off in console to run with SSL >>>>>eneabled, ignored warning about only root can run ports < 1024 restarted >>>>>server - you know what happened next ;-) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>No, not really. The admin server has the capability to start up slapd >>>>as root so that it can listen to port 389 and 636. slapd then does a >>>>setuid to "nobody" after it has bound to these ports. >>>> >>>> >>>> >>>> >>>---- >>>ok - good to know. It is running and peering into console I see that it >>>is still checked. Restarting from console was a failure and I ended up >>>closing out the console, restarting from SysV and getting back into >>>console (that's not a big problem but very confusing) >>> >>> >>> >>> >>When you tried to restart in the console, what error messages did you >>get? Did you get any error messages in admin-serv/logs/access or >>admin-serv/logs/error? >> >> >> >>>---- >>> >>> >>> >>> >>>>>OK so I have it turned off and server back up and running. >>>>> >>>>>1. Following instructions on wiki... >>>>> http://directory.fedora.redhat.com/wiki/Howto:SSL >>>>> >>>>> # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)' >>>>> SSL initialization failed: error -8192 (An I/O error occurred >>>>> during security authorization.) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>No, not exactly. The instructions assume you are setting up the other >>>>ldap clients on the linux box, almost all of which use openldap. So, in >>>>order to test, you must use the openldap ldapsearch from /usr/bin. >>>> >>>> >>>> >>>> >>>---- >>>OK - not a problem, I can use openldap clients... >>># ldapsearch -ZZ '(uid=jim)' >>>ldap_start_tls: Protocol error (2) >>> additional info: unsupported extended operation >>> >>> >>> >>> >>You will get this error if you try to use startTLS but the server is not >>configured for security, which brings us back to your earlier problem . . . >>What are the first few lines of slapd-srv1/logs/errors? >> >> >---- >you are right on the money but I don't know why. > >nsslapd-security: on # in /opt/fedora-ds/slapd-srv1/config/dse.ldif > >then 'service fds restart' will absolutely hang and never start up. > >if it equals 'off' then obviously slapd will start up. > >recent efforts which include the 'hang' effect show nothing >in /opt/fedora-ds/slapd-srv1/logs/error but the one time that I >restarted the server from the console, it did show this... > >[08/Dec/2005:15:22:57 -0700] - SSL alert: Security Initialization: >Unable to authenticate (Netscape Portable Runtime error -8177 - The >security password entered is incorrect.) >[08/Dec/2005:15:22:57 -0700] - ERROR: SSL Initialization Failed. > > Darn it. That's right. With SSL enabled, you must start the server from the console, in order to provide the pin for the key/cert db. If you want to do unattended server restarts, you have to purchase a PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt file in the proper format with the cleartext password in it. >---- > > >>>oh - oh...still same issue >>> >>># tail -n 5 /etc/openldap/ldap.conf >>>URI ldap://srv1.clsurvey.com >>>HOST 127.0.0.1 >>>BASE dc=clsurvey,dc=com >>>TLS_CACERTDIR /etc/ssl >>>TLS_REQCERT allow >>> >>>tail -n 4 /opt/fedora-ds/slapd-srv1/logs/access >>>[08/Dec/2005:16:55:26 -0700] conn=20 op=0 EXT >>>oid="1.3.6.1.4.1.1466.20037" >>>[08/Dec/2005:16:55:26 -0700] conn=20 op=0 RESULT err=2 tag=120 >>>nentries=0 etime=0 >>>[08/Dec/2005:16:55:26 -0700] conn=20 op=-1 fd=66 closed - B1 >>>[08/Dec/2005:16:56:21 -0700] conn=0 fd=64 slot=64 connection from >>>127.0.0.1 to 127.0.0.1 >>> >>> > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Fri Dec 9 02:40:42 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 19:40:42 -0700 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <4398E7DF.1040501@redhat.com> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> <4398C3C3.6010709@redhat.com> <1134086872.28654.59.camel@lin-workstation.azapple.com> <4398D6C8.1070601@redhat.com> <1134092440.28654.68.camel@lin-workstation.azapple.com> <4398E7DF.1040501@redhat.com> Message-ID: <1134096043.28654.81.camel@lin-workstation.azapple.com> On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote: > Craig White wrote: > >>> > >>You will get this error if you try to use startTLS but the server is not > >>configured for security, which brings us back to your earlier problem . . . > >>What are the first few lines of slapd-srv1/logs/errors? > >> > >> > >---- > >you are right on the money but I don't know why. > > > >nsslapd-security: on # in /opt/fedora-ds/slapd-srv1/config/dse.ldif > > > >then 'service fds restart' will absolutely hang and never start up. > > > >if it equals 'off' then obviously slapd will start up. > > > >recent efforts which include the 'hang' effect show nothing > >in /opt/fedora-ds/slapd-srv1/logs/error but the one time that I > >restarted the server from the console, it did show this... > > > >[08/Dec/2005:15:22:57 -0700] - SSL alert: Security Initialization: > >Unable to authenticate (Netscape Portable Runtime error -8177 - The > >security password entered is incorrect.) > >[08/Dec/2005:15:22:57 -0700] - ERROR: SSL Initialization Failed. > > > > > Darn it. That's right. With SSL enabled, you must start the server > from the console, in order to provide the pin for the key/cert db. > > If you want to do unattended server restarts, you have to purchase a > PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt file in > the proper format with the cleartext password in it. ---- OK - important detail slapd-srv1-pin.txt does that go in /opt/fedora-ds/alias ? /opt/fedora-ds/slapd-srv1 ? Thanks Craig From craigwhite at azapple.com Fri Dec 9 02:56:16 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 19:56:16 -0700 Subject: [Fedora-directory-users] Console - Administration Panel Message-ID: <1134096977.28654.90.camel@lin-workstation.azapple.com> OK - while mucking around with console and certificates, I manually clipped out the stuff from admin-serv/config/adm.conf & console.conf and local.conf and seem to have everything back in order. I restart the admin-serv and the encryption stuff comes right back into local.conf and I can't figure out where it is coming from. So the console tells me that the Administration console is stopped when it isn't stopped but it can't access it. Any clues? (I am getting into a lot of trouble with the console application) ;-) thanks Craig From rmeggins at redhat.com Fri Dec 9 03:19:42 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 20:19:42 -0700 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <1134096043.28654.81.camel@lin-workstation.azapple.com> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> <4398C3C3.6010709@redhat.com> <1134086872.28654.59.camel@lin-workstation.azapple.com> <4398D6C8.1070601@redhat.com> <1134092440.28654.68.camel@lin-workstation.azapple.com> <4398E7DF.1040501@redhat.com> <1134096043.28654.81.camel@lin-workstation.azapple.com> Message-ID: <4398F7CE.7020203@redhat.com> Craig White wrote: >On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> > > > >>>>You will get this error if you try to use startTLS but the server is not >>>>configured for security, which brings us back to your earlier problem . . . >>>>What are the first few lines of slapd-srv1/logs/errors? >>>> >>>> >>>> >>>> >>>---- >>>you are right on the money but I don't know why. >>> >>>nsslapd-security: on # in /opt/fedora-ds/slapd-srv1/config/dse.ldif >>> >>>then 'service fds restart' will absolutely hang and never start up. >>> >>>if it equals 'off' then obviously slapd will start up. >>> >>>recent efforts which include the 'hang' effect show nothing >>>in /opt/fedora-ds/slapd-srv1/logs/error but the one time that I >>>restarted the server from the console, it did show this... >>> >>>[08/Dec/2005:15:22:57 -0700] - SSL alert: Security Initialization: >>>Unable to authenticate (Netscape Portable Runtime error -8177 - The >>>security password entered is incorrect.) >>>[08/Dec/2005:15:22:57 -0700] - ERROR: SSL Initialization Failed. >>> >>> >>> >>> >>Darn it. That's right. With SSL enabled, you must start the server >>from the console, in order to provide the pin for the key/cert db. >> >>If you want to do unattended server restarts, you have to purchase a >>PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt file in >>the proper format with the cleartext password in it. >> >> >---- >OK - important detail > >slapd-srv1-pin.txt > >does that go in > >/opt/fedora-ds/alias ? >/opt/fedora-ds/slapd-srv1 ? > > It should go in the alias directory and have the following format: Internal (Software) Token:password >Thanks > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Dec 9 03:25:52 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 20:25:52 -0700 Subject: [Fedora-directory-users] Console - Administration Panel In-Reply-To: <1134096977.28654.90.camel@lin-workstation.azapple.com> References: <1134096977.28654.90.camel@lin-workstation.azapple.com> Message-ID: <4398F940.4000806@redhat.com> Craig White wrote: >OK - while mucking around with console and certificates, I manually >clipped out the stuff from admin-serv/config/adm.conf & console.conf and >local.conf and seem to have everything back in order. > >I restart the admin-serv and the encryption stuff comes right back into >local.conf and I can't figure out where it is coming from. > > It's stored in the directory server under o=netscaperoot - do an ldapsearch for ldapsearch -b o=netscaperoot -D "cn=directory manager" -w password "cn=configuration" The local.conf file is just a read-only cache of that information. If you cannot edit it using the console, you can use ldapmodify 1) find the full dn of the entry using the ldapsearch as above 2) identify the attributes that deal with the encryption stuff 3) use ldapmodify like the following: ldapmodify -D "cn=directory manager" -w password dn: cn=configuration,..... changetype: modify replace: nameofattr nameofattr: newvalue >So the console tells me that the Administration console is stopped when >it isn't stopped but it can't access it. > >Any clues? (I am getting into a lot of trouble with the console >application) ;-) > >thanks > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From kevin_myer at iu13.org Fri Dec 9 03:47:09 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Thu, 8 Dec 2005 22:47:09 -0500 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <4398F7CE.7020203@redhat.com> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> <4398C3C3.6010709@redhat.com> <1134086872.28654.59.camel@lin-workstation.azapple.com> <4398D6C8.1070601@redhat.com> <1134092440.28654.68.camel@lin-workstation.azapple.com> <4398E7DF.1040501@redhat.com> <1134096043.28654.81.camel@lin-workstation.azapple.com> <4398F7CE.7020203@redhat.com> Message-ID: <20051208224709.c2b5pba59p62o0so@webapps.iu13.org> Quoting Richard Megginson : > Craig White wrote: > >> On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote: >> >>> Darn it. That's right. With SSL enabled, you must start the >>> server from the console, in order to provide the pin for the >>> key/cert db. >>> >>> If you want to do unattended server restarts, you have to purchase >>> a PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt >>> file in the proper format with the cleartext password in it. >>> >> ---- >> OK - important detail >> >> slapd-srv1-pin.txt >> >> does that go in >> >> /opt/fedora-ds/alias ? >> /opt/fedora-ds/slapd-srv1 ? >> > It should go in the alias directory and have the following format: > Internal (Software) Token:password > Is there an equivalent setup for the admin server, either using a security module, or other means? Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From rmeggins at redhat.com Fri Dec 9 03:56:51 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 20:56:51 -0700 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <20051208224709.c2b5pba59p62o0so@webapps.iu13.org> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> <4398C3C3.6010709@redhat.com> <1134086872.28654.59.camel@lin-workstation.azapple.com> <4398D6C8.1070601@redhat.com> <1134092440.28654.68.camel@lin-workstation.azapple.com> <4398E7DF.1040501@redhat.com> <1134096043.28654.81.camel@lin-workstation.azapple.com> <4398F7CE.7020203@redhat.com> <20051208224709.c2b5pba59p62o0so@webapps.iu13.org> Message-ID: <43990083.4080605@redhat.com> Kevin M. Myer wrote: > Quoting Richard Megginson : > >> Craig White wrote: >> >>> On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote: >>> >>>> Darn it. That's right. With SSL enabled, you must start the >>>> server from the console, in order to provide the pin for the >>>> key/cert db. >>>> >>>> If you want to do unattended server restarts, you have to purchase >>>> a PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt >>>> file in the proper format with the cleartext password in it. >>>> >>> ---- >>> OK - important detail >>> >>> slapd-srv1-pin.txt >>> >>> does that go in >>> >>> /opt/fedora-ds/alias ? >>> /opt/fedora-ds/slapd-srv1 ? >>> >> It should go in the alias directory and have the following format: >> Internal (Software) Token:password >> > > Is there an equivalent setup for the admin server, either using a > security module, or other means? Yes. In admin-serv/config/console.conf, change NSSPassPhraseDialog builtin to NSSPassPhraseDialog file:/opt/fedora-ds/alias/admin-serv-pin.txt Then put the password in cleartext in the file /opt/fedora-ds/alias/admin-serv-pin.txt You can name the file whatever you like. > > Kevin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Dec 9 03:59:05 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 20:59:05 -0700 Subject: [Fedora-directory-users] still working instructions through... In-Reply-To: <43990083.4080605@redhat.com> References: <1134081942.28654.38.camel@lin-workstation.azapple.com> <4398C3C3.6010709@redhat.com> <1134086872.28654.59.camel@lin-workstation.azapple.com> <4398D6C8.1070601@redhat.com> <1134092440.28654.68.camel@lin-workstation.azapple.com> <4398E7DF.1040501@redhat.com> <1134096043.28654.81.camel@lin-workstation.azapple.com> <4398F7CE.7020203@redhat.com> <20051208224709.c2b5pba59p62o0so@webapps.iu13.org> <43990083.4080605@redhat.com> Message-ID: <43990109.6010205@redhat.com> Whoops, not correct. The format of the password file is tokenname:password e.g. internal:password Richard Megginson wrote: > Kevin M. Myer wrote: > >> Quoting Richard Megginson : >> >>> Craig White wrote: >>> >>>> On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote: >>>> >>>>> Darn it. That's right. With SSL enabled, you must start the >>>>> server from the console, in order to provide the pin for the >>>>> key/cert db. >>>>> >>>>> If you want to do unattended server restarts, you have to purchase >>>>> a PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt >>>>> file in the proper format with the cleartext password in it. >>>>> >>>> ---- >>>> OK - important detail >>>> >>>> slapd-srv1-pin.txt >>>> >>>> does that go in >>>> >>>> /opt/fedora-ds/alias ? >>>> /opt/fedora-ds/slapd-srv1 ? >>>> >>> It should go in the alias directory and have the following format: >>> Internal (Software) Token:password >>> >> >> Is there an equivalent setup for the admin server, either using a >> security module, or other means? > > > Yes. In admin-serv/config/console.conf, change > NSSPassPhraseDialog builtin > to > NSSPassPhraseDialog file:/opt/fedora-ds/alias/admin-serv-pin.txt > > Then put the password in cleartext in the file > /opt/fedora-ds/alias/admin-serv-pin.txt > > You can name the file whatever you like. > >> >> Kevin >> >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Dec 9 04:51:25 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 21:51:25 -0700 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0.1 Message-ID: <43990D4D.7040200@redhat.com> Fedora Directory Server 1.0.1 is released! This release is primarily a patch release to address some issues with the 1.0 release. If you are using 1.0, you are strongly encouraged to upgrade to 1.0.1 as soon as possible. If you have not installed 1.0 yet, use 1.0.1 instead. Release Notes: http://directory.fedora.redhat.com/wiki/Release_Notes Download: http://directory.fedora.redhat.com/wiki/Download Home Page: http://directory.fedora.redhat.com/wiki/Main_Page -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From tim at registriesltd.com.au Fri Dec 9 04:55:07 2005 From: tim at registriesltd.com.au (Tim Edwards) Date: Fri, 09 Dec 2005 15:55:07 +1100 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0.1 In-Reply-To: <43990D4D.7040200@redhat.com> References: <43990D4D.7040200@redhat.com> Message-ID: <43990E2B.6040906@registriesltd.com.au> Richard Megginson wrote: > Fedora Directory Server 1.0.1 is released! This release is primarily a > patch release to address some issues with the 1.0 release. If you are > using 1.0, you are strongly encouraged to upgrade to 1.0.1 as soon as > possible. If you have not installed 1.0 yet, use 1.0.1 instead. > > Release Notes: http://directory.fedora.redhat.com/wiki/Release_Notes > Download: http://directory.fedora.redhat.com/wiki/Download > Home Page: http://directory.fedora.redhat.com/wiki/Main_Page Are you sure that's the new version on the download page? I'm trying to get it for FC3/RHEL4 and the filename is fedora-ds-1.0-2.RHEL4.i386.opt.rpm which I think is the same as 1.0.0? -- Tim Edwards From rmeggins at redhat.com Fri Dec 9 05:03:00 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 08 Dec 2005 22:03:00 -0700 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0.1 In-Reply-To: <43990E2B.6040906@registriesltd.com.au> References: <43990D4D.7040200@redhat.com> <43990E2B.6040906@registriesltd.com.au> Message-ID: <43991004.4030100@redhat.com> Tim Edwards wrote: > Richard Megginson wrote: > >> Fedora Directory Server 1.0.1 is released! This release is primarily >> a patch release to address some issues with the 1.0 release. If you >> are using 1.0, you are strongly encouraged to upgrade to 1.0.1 as >> soon as possible. If you have not installed 1.0 yet, use 1.0.1 instead. >> >> Release Notes: http://directory.fedora.redhat.com/wiki/Release_Notes >> Download: http://directory.fedora.redhat.com/wiki/Download >> Home Page: http://directory.fedora.redhat.com/wiki/Main_Page > > > Are you sure that's the new version on the download page? I'm trying > to get it for FC3/RHEL4 and the filename is > fedora-ds-1.0-2.RHEL4.i386.opt.rpm which I think is the same as 1.0.0? It must be a caching problem, either in your browser or in the squid. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From tim at registriesltd.com.au Fri Dec 9 05:09:45 2005 From: tim at registriesltd.com.au (Tim Edwards) Date: Fri, 09 Dec 2005 16:09:45 +1100 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0.1 In-Reply-To: <43991004.4030100@redhat.com> References: <43990D4D.7040200@redhat.com> <43990E2B.6040906@registriesltd.com.au> <43991004.4030100@redhat.com> Message-ID: <43991199.90502@registriesltd.com.au> Richard Megginson wrote: > > > It must be a caching problem, either in your browser or in the squid. > > Woops! A shift-refresh in Firefox solved the problem -- Tim Edwards From ch at code-heads.com Fri Dec 9 05:35:30 2005 From: ch at code-heads.com (CodeHeads) Date: Fri, 09 Dec 2005 00:35:30 -0500 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0.1 In-Reply-To: <43991004.4030100@redhat.com> References: <43990D4D.7040200@redhat.com> <43990E2B.6040906@registriesltd.com.au> <43991004.4030100@redhat.com> Message-ID: <439917A2.1020700@code-heads.com> Richard Megginson wrote: > Tim Edwards wrote: > >> Richard Megginson wrote: >> >>> Fedora Directory Server 1.0.1 is released! This release is primarily >>> a patch release to address some issues with the 1.0 release. If you >>> are using 1.0, you are strongly encouraged to upgrade to 1.0.1 as >>> soon as possible. If you have not installed 1.0 yet, use 1.0.1 instead. >>> >>> Release Notes: http://directory.fedora.redhat.com/wiki/Release_Notes >>> Download: http://directory.fedora.redhat.com/wiki/Download >>> Home Page: http://directory.fedora.redhat.com/wiki/Main_Page Sorry for the stupid question but what is the difference between 1.0.1 and 7.1? There is a link at the bottom of that page that has 7.1?? ~WILL~ From craigwhite at azapple.com Fri Dec 9 05:55:26 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 22:55:26 -0700 Subject: [Fedora-directory-users] Console - Administration Panel In-Reply-To: <4398F940.4000806@redhat.com> References: <1134096977.28654.90.camel@lin-workstation.azapple.com> <4398F940.4000806@redhat.com> Message-ID: <1134107726.29271.10.camel@lin-workstation.azapple.com> On Thu, 2005-12-08 at 20:25 -0700, Richard Megginson wrote: > Craig White wrote: > > >OK - while mucking around with console and certificates, I manually > >clipped out the stuff from admin-serv/config/adm.conf & console.conf and > >local.conf and seem to have everything back in order. > > > >I restart the admin-serv and the encryption stuff comes right back into > >local.conf and I can't figure out where it is coming from. > > > > > It's stored in the directory server under o=netscaperoot - do an > ldapsearch for > ldapsearch -b o=netscaperoot -D "cn=directory manager" -w password > "cn=configuration" > > The local.conf file is just a read-only cache of that information. > > If you cannot edit it using the console, you can use ldapmodify > 1) find the full dn of the entry using the ldapsearch as above > 2) identify the attributes that deal with the encryption stuff > 3) use ldapmodify like the following: > ldapmodify -D "cn=directory manager" -w password > dn: cn=configuration,..... > changetype: modify > replace: nameofattr > nameofattr: newvalue ---- Thanks - I can probably do that but it occurred to me that I should just probably restore from my last backup but now I can't find my backup. # ls -l /opt/fedora-ds/slapd-srv1/bak total 0 I had created 2 separate backups using the console application (and even restored once so I know that it worked) but now they are nowhere to be found and so I can't restore. I'm beginning the think that the console application - though exceedingly dangerous in this rookie's hands is possibly not quite ready for prime time...why did the backups disappear? Is there a method to wipe out the entire DSA and start over without removing the rpm and re-installing rpm again? And by the way, I am most appreciate of all of the help you have been giving me Richard - just in case I haven't made it obvious - you have been exceedingly patient and helpful. Thanks Craig From craigwhite at azapple.com Fri Dec 9 06:02:31 2005 From: craigwhite at azapple.com (Craig White) Date: Thu, 08 Dec 2005 23:02:31 -0700 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0.1 In-Reply-To: <439917A2.1020700@code-heads.com> References: <43990D4D.7040200@redhat.com> <43990E2B.6040906@registriesltd.com.au> <43991004.4030100@redhat.com> <439917A2.1020700@code-heads.com> Message-ID: <1134108151.29271.12.camel@lin-workstation.azapple.com> On Fri, 2005-12-09 at 00:35 -0500, CodeHeads wrote: > Richard Megginson wrote: > > Tim Edwards wrote: > > > >> Richard Megginson wrote: > >> > >>> Fedora Directory Server 1.0.1 is released! This release is primarily > >>> a patch release to address some issues with the 1.0 release. If you > >>> are using 1.0, you are strongly encouraged to upgrade to 1.0.1 as > >>> soon as possible. If you have not installed 1.0 yet, use 1.0.1 instead. > >>> > >>> Release Notes: http://directory.fedora.redhat.com/wiki/Release_Notes > >>> Download: http://directory.fedora.redhat.com/wiki/Download > >>> Home Page: http://directory.fedora.redhat.com/wiki/Main_Page > > > Sorry for the stupid question but what is the difference between 1.0.1 > and 7.1? There is a link at the bottom of that page that has 7.1?? > ---- Most of this is answered here... http://directory.fedora.redhat.com/wiki/FAQ Craig From ch at code-heads.com Fri Dec 9 06:12:40 2005 From: ch at code-heads.com (CodeHeads) Date: Fri, 09 Dec 2005 01:12:40 -0500 Subject: [Fedora-directory-users] Announcing Fedora Directory Server 1.0.1 In-Reply-To: <1134108151.29271.12.camel@lin-workstation.azapple.com> References: <43990D4D.7040200@redhat.com> <43990E2B.6040906@registriesltd.com.au> <43991004.4030100@redhat.com> <439917A2.1020700@code-heads.com> <1134108151.29271.12.camel@lin-workstation.azapple.com> Message-ID: <43992058.5080505@code-heads.com> Craig White wrote: >>>>>Fedora Directory Server 1.0.1 is released! This release is primarily >>>>>a patch release to address some issues with the 1.0 release. If you >>>>>are using 1.0, you are strongly encouraged to upgrade to 1.0.1 as >>>>>soon as possible. If you have not installed 1.0 yet, use 1.0.1 instead. >>>>> >>>>>Release Notes: http://directory.fedora.redhat.com/wiki/Release_Notes >>>>>Download: http://directory.fedora.redhat.com/wiki/Download >>>>>Home Page: http://directory.fedora.redhat.com/wiki/Main_Page >> >> >>Sorry for the stupid question but what is the difference between 1.0.1 >>and 7.1? There is a link at the bottom of that page that has 7.1?? >> > > ---- > Most of this is answered here... > > http://directory.fedora.redhat.com/wiki/FAQ > > Craig Thanks Craig! :) ~WILL~ From ds at marco.de Fri Dec 9 07:19:01 2005 From: ds at marco.de (Daniel Spannbauer) Date: Fri, 09 Dec 2005 08:19:01 +0100 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> Message-ID: <43992FE5.4080706@marco.de> Hallo Richard, the Output is: ox:~ # find /usr/include/ -name \*curses\* -print /usr/include/cursesapp.h /usr/include/curses.h /usr/include/ncurses.h /usr/include/cursesf.h /usr/include/cursesm.h /usr/include/cursesp.h /usr/include/cursesw.h /usr/include/ncurses_dll.h Thats all. Regards Daniel Richard Megginson wrote: > On my system, the curses libs are provided by the ncurses and > ncurses-devel packages. > Try this: > find /usr/lib -name \*curses\* -print > ? > > Daniel Spannbauer wrote: > >> Hallo Richard, >> >> yes, I get an Output. >> There was something wrong on the system. Reboot solved it. >> Anyway: >> A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >> [===== NOW BUILDING: ds-1 =====] >> [fetch] complete for ds. >> [checksum] complete for ds. >> [extract] complete for ds. >> [patch] complete for ds. >> ==> Building ds/mozilla as a dependency >> ==> Building ds/icu as a dependency >> ==> Building ds/adminutil as a dependency >> ==> Building ds/setuputil as a dependency >> make[1]: Entering directory /root/dsbuild/ds/setuputil' >> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >> [fetch] complete for fedora-setuputil. >> [checksum] complete for fedora-setuputil. >> [extract] complete for fedora-setuputil. >> [patch] complete for fedora-setuputil. >> [configure] complete for fedora-setuputil. >> ==> Running make in work/fedora-setuputil-1.0 >> cat: /etc/redhat-release: No such file or directory >> make[2]: Entering directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >> perl buildnum.pl -p Linux2.6 >> perl pumpkin.pl 90 pumpkin.dat >> The components are up to date >> >> ==== Starting Server Installer Build ========== >> >> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >> MOZILLA_SOURCE_ROOT_EXT= >> BUILD_MODULE=SetupSDK -w installerSDK >> cat: /etc/redhat-release: No such file or directory >> gmake[3]: Entering directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >> cat: /etc/redhat-release: No such file or directory >> cat: /etc/redhat-release: No such file or directory >> gmake[4]: Entering directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h >> code.h >> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >> >> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >> NS_PRODUCT= >> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >> cat: /etc/redhat-release: No such file or directory >> cat: /etc/redhat-release: No such file or directory >> gmake[5]: Entering directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >> gmake[5]: *** No rule to make target -lcurses', needed by >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >> >> Stop. >> gmake[5]: Leaving directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >> gmake[4]: *** [all] Error 2 >> gmake[4]: Leaving directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >> gmake[3]: *** [installerSDK] Error 2 >> gmake[3]: Leaving directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >> make[2]: *** [buildInstaller] Error 2 >> make[2]: Leaving directory >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >> make: *** [dep-../../ds/setuputil] Error 2 >> >> >> ------------------- >> >> Thanks for your help. >> >> Regards >> >> Daniel >> >> ---------------------- >> >> >> Richard Megginson wrote: >> >>> I'm not sure what needs to be installed. On my Fedora Core 4 >>> system, /usr/include/curses.h is provided by the ncurses-devel package. >>> If you do >>> find /usr/include -name curses.h -print >>> do you get anything? >>> >>> Daniel Spannbauer wrote: >>> >>>> Hallo Richard >>>> >>>> ncurses und ncurses-devel is installed. >>>> >>>> greetings >>>> >>>> Daniel >>>> >>>> >>>> Richard Megginson wrote: >>>> >>>>> Looks like you need to install curses-devel or ncurses-devel >>>>> >>>>> Daniel Spannbauer wrote: >>>>> >>>>>> Hallo, >>>>>> >>>>>> i Try to install the Directory-Server on SuSE 10.0. While the >>>>>> dsbuild I get an Error. >>>>>> Here the Complete Log of the dsbuild: >>>>>> -------------------------------------------------------------- >>>>>> >>>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>> [fetch] complete for ds. >>>>>> [checksum] complete for ds. >>>>>> [extract] complete for ds. >>>>>> [patch] complete for ds. >>>>>> ==> Building ds/mozilla as a dependency >>>>>> ==> Building ds/icu as a dependency >>>>>> ==> Building ds/adminutil as a dependency >>>>>> ==> Building ds/setuputil as a dependency >>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>> [fetch] complete for fedora-setuputil. >>>>>> [checksum] complete for fedora-setuputil. >>>>>> [extract] complete for fedora-setuputil. >>>>>> [patch] complete for fedora-setuputil. >>>>>> [configure] complete for fedora-setuputil. >>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> make[2]: Entering directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>> perl buildnum.pl -p Linux2.6 >>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>> The components are up to date >>>>>> >>>>>> ==== Starting Server Installer Build ========== >>>>>> >>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> gmake[3]: Entering directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> gmake[4]: Entering directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>> uninstall.h code.h >>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>> >>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>>>>> NS_PRODUCT= >>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> gmake[5]: Entering directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>> >>>>>> >>>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>>> -D_XOPEN_SOURCE >>>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX >>>>>> -DLinux -O2 >>>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>>> -I../../include >>>>>> ux-curse.c -o >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>>> >>>>>> In file included from ux-curse.c:33: >>>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared (first >>>>>> use in this function) >>>>>> ux-curse.c:78: error: (Each undeclared identifier is reported >>>>>> only once >>>>>> ux-curse.c:78: error: for each function it appears in.) >>>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared (first >>>>>> use in this function) >>>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared (first >>>>>> use in this function) >>>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared (first >>>>>> use in this function) >>>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>>> ux-curse.c:354: warning: comparison between pointer and integer >>>>>> ux-curse.c:356: warning: comparison between pointer and integer >>>>>> ux-curse.c:358: warning: comparison between pointer and integer >>>>>> gmake[5]: *** >>>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>>> >>>>>> Error 1gmake[5]: Leaving directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>> >>>>>> gmake[4]: *** [all] Error 2 >>>>>> gmake[4]: Leaving directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>> gmake[3]: Leaving directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>> make[2]: Leaving directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>> >>>>>> ------------------------------------------------------------------ >>>>>> >>>>>> Does anybody know why? >>>>>> >>>>>> Thanks for helping >>>>>> >>>>>> Daniel >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>> >>> ------------------------------------------------------------------------ >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From rmeggins at redhat.com Fri Dec 9 13:47:14 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 09 Dec 2005 06:47:14 -0700 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 In-Reply-To: <43992FE5.4080706@marco.de> References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> Message-ID: <43998AE2.5010409@redhat.com> Ok. Try find /usr/lib -name \*curses\* -print It's failing to find -lcurses, which should be the file /usr/lib/*curses* Daniel Spannbauer wrote: > Hallo Richard, > > the Output is: > ox:~ # find /usr/include/ -name \*curses\* -print > /usr/include/cursesapp.h > /usr/include/curses.h > /usr/include/ncurses.h > /usr/include/cursesf.h > /usr/include/cursesm.h > /usr/include/cursesp.h > /usr/include/cursesw.h > /usr/include/ncurses_dll.h > > Thats all. > > Regards > Daniel > > > > Richard Megginson wrote: > >> On my system, the curses libs are provided by the ncurses and >> ncurses-devel packages. >> Try this: >> find /usr/lib -name \*curses\* -print >> ? >> >> Daniel Spannbauer wrote: >> >>> Hallo Richard, >>> >>> yes, I get an Output. >>> There was something wrong on the system. Reboot solved it. >>> Anyway: >>> A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>> [===== NOW BUILDING: ds-1 =====] >>> [fetch] complete for ds. >>> [checksum] complete for ds. >>> [extract] complete for ds. >>> [patch] complete for ds. >>> ==> Building ds/mozilla as a dependency >>> ==> Building ds/icu as a dependency >>> ==> Building ds/adminutil as a dependency >>> ==> Building ds/setuputil as a dependency >>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>> [fetch] complete for fedora-setuputil. >>> [checksum] complete for fedora-setuputil. >>> [extract] complete for fedora-setuputil. >>> [patch] complete for fedora-setuputil. >>> [configure] complete for fedora-setuputil. >>> ==> Running make in work/fedora-setuputil-1.0 >>> cat: /etc/redhat-release: No such file or directory >>> make[2]: Entering directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>> perl buildnum.pl -p Linux2.6 >>> perl pumpkin.pl 90 pumpkin.dat >>> The components are up to date >>> >>> ==== Starting Server Installer Build ========== >>> >>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>> MOZILLA_SOURCE_ROOT_EXT= >>> BUILD_MODULE=SetupSDK -w installerSDK >>> cat: /etc/redhat-release: No such file or directory >>> gmake[3]: Entering directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>> cat: /etc/redhat-release: No such file or directory >>> cat: /etc/redhat-release: No such file or directory >>> gmake[4]: Entering directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h >>> code.h >>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>> >>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>> NS_PRODUCT= >>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>> cat: /etc/redhat-release: No such file or directory >>> cat: /etc/redhat-release: No such file or directory >>> gmake[5]: Entering directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>> >>> gmake[5]: *** No rule to make target -lcurses', needed by >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >>> >>> Stop. >>> gmake[5]: Leaving directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>> >>> gmake[4]: *** [all] Error 2 >>> gmake[4]: Leaving directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>> gmake[3]: *** [installerSDK] Error 2 >>> gmake[3]: Leaving directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>> make[2]: *** [buildInstaller] Error 2 >>> make[2]: Leaving directory >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>> make: *** [dep-../../ds/setuputil] Error 2 >>> >>> >>> ------------------- >>> >>> Thanks for your help. >>> >>> Regards >>> >>> Daniel >>> >>> ---------------------- >>> >>> >>> Richard Megginson wrote: >>> >>>> I'm not sure what needs to be installed. On my Fedora Core 4 >>>> system, /usr/include/curses.h is provided by the ncurses-devel >>>> package. >>>> If you do >>>> find /usr/include -name curses.h -print >>>> do you get anything? >>>> >>>> Daniel Spannbauer wrote: >>>> >>>>> Hallo Richard >>>>> >>>>> ncurses und ncurses-devel is installed. >>>>> >>>>> greetings >>>>> >>>>> Daniel >>>>> >>>>> >>>>> Richard Megginson wrote: >>>>> >>>>>> Looks like you need to install curses-devel or ncurses-devel >>>>>> >>>>>> Daniel Spannbauer wrote: >>>>>> >>>>>>> Hallo, >>>>>>> >>>>>>> i Try to install the Directory-Server on SuSE 10.0. While the >>>>>>> dsbuild I get an Error. >>>>>>> Here the Complete Log of the dsbuild: >>>>>>> -------------------------------------------------------------- >>>>>>> >>>>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>> [fetch] complete for ds. >>>>>>> [checksum] complete for ds. >>>>>>> [extract] complete for ds. >>>>>>> [patch] complete for ds. >>>>>>> ==> Building ds/mozilla as a dependency >>>>>>> ==> Building ds/icu as a dependency >>>>>>> ==> Building ds/adminutil as a dependency >>>>>>> ==> Building ds/setuputil as a dependency >>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>> [fetch] complete for fedora-setuputil. >>>>>>> [checksum] complete for fedora-setuputil. >>>>>>> [extract] complete for fedora-setuputil. >>>>>>> [patch] complete for fedora-setuputil. >>>>>>> [configure] complete for fedora-setuputil. >>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> make[2]: Entering directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>> The components are up to date >>>>>>> >>>>>>> ==== Starting Server Installer Build ========== >>>>>>> >>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> gmake[3]: Entering directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>> SECURITY=domestic >>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> gmake[4]: Entering directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>> uninstall.h code.h >>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>> >>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>>>>>> NS_PRODUCT= >>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> gmake[5]: Entering directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>> >>>>>>> >>>>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>>>> -D_XOPEN_SOURCE >>>>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX >>>>>>> -DLinux -O2 >>>>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>>>> -I../../include >>>>>>> ux-curse.c -o >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>>>> >>>>>>> In file included from ux-curse.c:33: >>>>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared (first >>>>>>> use in this function) >>>>>>> ux-curse.c:78: error: (Each undeclared identifier is reported >>>>>>> only once >>>>>>> ux-curse.c:78: error: for each function it appears in.) >>>>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>> (first use in this function) >>>>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>> (first use in this function) >>>>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>> (first use in this function) >>>>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>>>> ux-curse.c:354: warning: comparison between pointer and integer >>>>>>> ux-curse.c:356: warning: comparison between pointer and integer >>>>>>> ux-curse.c:358: warning: comparison between pointer and integer >>>>>>> gmake[5]: *** >>>>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>>>> >>>>>>> Error 1gmake[5]: Leaving directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>> >>>>>>> gmake[4]: *** [all] Error 2 >>>>>>> gmake[4]: Leaving directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>> gmake[3]: Leaving directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>> make[2]: Leaving directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>> >>>>>>> ------------------------------------------------------------------ >>>>>>> >>>>>>> Does anybody know why? >>>>>>> >>>>>>> Thanks for helping >>>>>>> >>>>>>> Daniel >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Dec 9 13:53:37 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 09 Dec 2005 06:53:37 -0700 Subject: [Fedora-directory-users] Console - Administration Panel In-Reply-To: <1134107726.29271.10.camel@lin-workstation.azapple.com> References: <1134096977.28654.90.camel@lin-workstation.azapple.com> <4398F940.4000806@redhat.com> <1134107726.29271.10.camel@lin-workstation.azapple.com> Message-ID: <43998C61.4060009@redhat.com> Craig White wrote: >On Thu, 2005-12-08 at 20:25 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> >> >>>OK - while mucking around with console and certificates, I manually >>>clipped out the stuff from admin-serv/config/adm.conf & console.conf and >>>local.conf and seem to have everything back in order. >>> >>>I restart the admin-serv and the encryption stuff comes right back into >>>local.conf and I can't figure out where it is coming from. >>> >>> >>> >>> >>It's stored in the directory server under o=netscaperoot - do an >>ldapsearch for >>ldapsearch -b o=netscaperoot -D "cn=directory manager" -w password >>"cn=configuration" >> >>The local.conf file is just a read-only cache of that information. >> >>If you cannot edit it using the console, you can use ldapmodify >>1) find the full dn of the entry using the ldapsearch as above >>2) identify the attributes that deal with the encryption stuff >>3) use ldapmodify like the following: >>ldapmodify -D "cn=directory manager" -w password >>dn: cn=configuration,..... >>changetype: modify >>replace: nameofattr >>nameofattr: newvalue >> >> >---- >Thanks - I can probably do that but it occurred to me that I should just >probably restore from my last backup but now I can't find my backup. > ># ls -l /opt/fedora-ds/slapd-srv1/bak >total 0 > >I had created 2 separate backups using the console application (and even >restored once so I know that it worked) but now they are nowhere to be >found and so I can't restore. > That's really strange. I've never seen this happen before. >I'm beginning the think that the console >application - though exceedingly dangerous in this rookie's hands is >possibly not quite ready for prime time...why did the backups disappear? > > I have no idea. I've never seen this before. The console has been used for this purpose for 7 years now in large production environments and this is the first time I've ever heard of this happening. >Is there a method to wipe out the entire DSA and start over without >removing the rpm and re-installing rpm again? > > Not really, not without the data. >And by the way, I am most appreciate of all of the help you have been >giving me Richard - just in case I haven't made it obvious - you have >been exceedingly patient and helpful. > >Thanks > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Fri Dec 9 14:34:14 2005 From: craigwhite at azapple.com (Craig White) Date: Fri, 09 Dec 2005 07:34:14 -0700 Subject: [Fedora-directory-users] Console - Administration Panel In-Reply-To: <43998C61.4060009@redhat.com> References: <1134096977.28654.90.camel@lin-workstation.azapple.com> <4398F940.4000806@redhat.com> <1134107726.29271.10.camel@lin-workstation.azapple.com> <43998C61.4060009@redhat.com> Message-ID: <1134138854.29271.55.camel@lin-workstation.azapple.com> On Fri, 2005-12-09 at 06:53 -0700, Richard Megginson wrote: > Craig White wrote: > > >On Thu, 2005-12-08 at 20:25 -0700, Richard Megginson wrote: > > > > > >>Craig White wrote: > >> > >> > >> > >>>OK - while mucking around with console and certificates, I manually > >>>clipped out the stuff from admin-serv/config/adm.conf & console.conf and > >>>local.conf and seem to have everything back in order. > >>> > >>>I restart the admin-serv and the encryption stuff comes right back into > >>>local.conf and I can't figure out where it is coming from. > >>> > >>> > >>> > >>> > >>It's stored in the directory server under o=netscaperoot - do an > >>ldapsearch for > >>ldapsearch -b o=netscaperoot -D "cn=directory manager" -w password > >>"cn=configuration" > >> > >>The local.conf file is just a read-only cache of that information. > >> > >>If you cannot edit it using the console, you can use ldapmodify > >>1) find the full dn of the entry using the ldapsearch as above > >>2) identify the attributes that deal with the encryption stuff > >>3) use ldapmodify like the following: > >>ldapmodify -D "cn=directory manager" -w password > >>dn: cn=configuration,..... > >>changetype: modify > >>replace: nameofattr > >>nameofattr: newvalue > >> > >> > >---- > >Thanks - I can probably do that but it occurred to me that I should just > >probably restore from my last backup but now I can't find my backup. > > > ># ls -l /opt/fedora-ds/slapd-srv1/bak > >total 0 > > > >I had created 2 separate backups using the console application (and even > >restored once so I know that it worked) but now they are nowhere to be > >found and so I can't restore. > > > That's really strange. I've never seen this happen before. > > >I'm beginning the think that the console > >application - though exceedingly dangerous in this rookie's hands is > >possibly not quite ready for prime time...why did the backups disappear? > > > > > I have no idea. I've never seen this before. The console has been used > for this purpose for 7 years now in large production environments and > this is the first time I've ever heard of this happening. ---- I am a bit disconcerted about this - I ***know*** that I didn't delete the backups in /opt/fedora-ds/slapd-srv1/bak and was of the opinion that this is where the console put these backups. Perhaps they were removed when I restored using the console. OK - presuming that using the console to backup or command line to backup ( db2bak /opt/redhat-ds/servers/slapd- dirserver/bak/bak_2001070110) are the same thing - a complete backup of the DSA... Then I would want to periodically back up /opt/fedora-ds/slapd-srv1/bak as a 'just in case' this happens again thingy... Just for confirmation of what - console backup or db2bak actually backup... 1. does this backup configuration too? 2. does this backup items in /opt/fedora-ds/alias or should I do that separately? 3. Is there anything else that I need to back up to get a reasonably quick 'restore' to previous functionality to guard against my uneducated bullets to my feet? Thanks Craig From rmeggins at redhat.com Fri Dec 9 15:05:25 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 09 Dec 2005 08:05:25 -0700 Subject: [Fedora-directory-users] Console - Administration Panel In-Reply-To: <1134138854.29271.55.camel@lin-workstation.azapple.com> References: <1134096977.28654.90.camel@lin-workstation.azapple.com> <4398F940.4000806@redhat.com> <1134107726.29271.10.camel@lin-workstation.azapple.com> <43998C61.4060009@redhat.com> <1134138854.29271.55.camel@lin-workstation.azapple.com> Message-ID: <43999D35.7080508@redhat.com> Craig White wrote: >On Fri, 2005-12-09 at 06:53 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> >> >>>On Thu, 2005-12-08 at 20:25 -0700, Richard Megginson wrote: >>> >>> >>> >>> >>>>Craig White wrote: >>>> >>>> >>>> >>>> >>>> >>>>>OK - while mucking around with console and certificates, I manually >>>>>clipped out the stuff from admin-serv/config/adm.conf & console.conf and >>>>>local.conf and seem to have everything back in order. >>>>> >>>>>I restart the admin-serv and the encryption stuff comes right back into >>>>>local.conf and I can't figure out where it is coming from. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>It's stored in the directory server under o=netscaperoot - do an >>>>ldapsearch for >>>>ldapsearch -b o=netscaperoot -D "cn=directory manager" -w password >>>>"cn=configuration" >>>> >>>>The local.conf file is just a read-only cache of that information. >>>> >>>>If you cannot edit it using the console, you can use ldapmodify >>>>1) find the full dn of the entry using the ldapsearch as above >>>>2) identify the attributes that deal with the encryption stuff >>>>3) use ldapmodify like the following: >>>>ldapmodify -D "cn=directory manager" -w password >>>>dn: cn=configuration,..... >>>>changetype: modify >>>>replace: nameofattr >>>>nameofattr: newvalue >>>> >>>> >>>> >>>> >>>---- >>>Thanks - I can probably do that but it occurred to me that I should just >>>probably restore from my last backup but now I can't find my backup. >>> >>># ls -l /opt/fedora-ds/slapd-srv1/bak >>>total 0 >>> >>>I had created 2 separate backups using the console application (and even >>>restored once so I know that it worked) but now they are nowhere to be >>>found and so I can't restore. >>> >>> >>> >>That's really strange. I've never seen this happen before. >> >> >> >>>I'm beginning the think that the console >>>application - though exceedingly dangerous in this rookie's hands is >>>possibly not quite ready for prime time...why did the backups disappear? >>> >>> >>> >>> >>I have no idea. I've never seen this before. The console has been used >>for this purpose for 7 years now in large production environments and >>this is the first time I've ever heard of this happening. >> >> >---- >I am a bit disconcerted about this - I ***know*** that I didn't delete >the backups in /opt/fedora-ds/slapd-srv1/bak and was of the opinion that >this is where the console put these backups. Perhaps they were removed >when I restored using the console. > >OK - presuming that using the console to backup or command line to >backup ( db2bak /opt/redhat-ds/servers/slapd- >dirserver/bak/bak_2001070110) are the same thing - a complete backup of >the DSA... > >Then I would want to periodically back up /opt/fedora-ds/slapd-srv1/bak >as a 'just in case' this happens again thingy... > > But if you can reproduce the bak file removal, please let us know! >Just for confirmation of what - console backup or db2bak actually >backup... > >1. does this backup configuration too? > > It backs up the database configuration e.g. configuration information about the suffixes and databases, so that if you create a backup, then reconfigure the databases and suffixes, then attempt to restore, it will overwrite your new database and suffix configuration with the old, otherwise it might not be able to restore the old database. If you look in the backup directory, there are .ldif files that contain the configuration information. >2. does this backup items in /opt/fedora-ds/alias or should I do that >separately? > > You should do that separately. >3. Is there anything else that I need to back up to get a reasonably >quick 'restore' to previous functionality to guard against my uneducated >bullets to my feet? > > For the directory server, you should save a copy of slapd-host/config/dse.ldif - this is the main server configuration file. >Thanks > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From dyioulos at firstbhph.com Fri Dec 9 15:09:48 2005 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri, 9 Dec 2005 10:09:48 -0500 Subject: [Fedora-directory-users] Sync not updating In-Reply-To: <200512081633.09400.dyioulos@firstbhph.com> References: <1134069137.32035@mail1.firstbhph.com> <200512081522.38063.dyioulos@firstbhph.com> <200512081633.09400.dyioulos@firstbhph.com> Message-ID: <200512091009.49061.dyioulos@firstbhph.com> > > > I think you have hit a problem that hasn't been seen before. > > > Could you please enable verbose replication logging (this can be > > > done in the console or via the start-slapd script, please let > > > us know if you need help with that). Then restart the server > > > and grab the contents of the file logs/errors _before_ the message > > > that you are seeing now (there should be much more windows > > > sync related logging now). Post that log here or a link to > > > somewhere we can see it. > > > > > > Thanks. > > > > David, > > > > Here's the output from with log level 8192: > > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" > (rockland:389): State: wait_for_changes -> wait_for_changes > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" > (rockland:389): State: wait_for_changes -> start > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" > (rockland:389): No linger to cancel on the connection > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Disconnected from the consumer > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: start -> ready_to_acquire_replica > [08/Dec/2005:16:10:37 -0500] - acquire_replica, supplier RUV: > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - supplier: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:10:37 -0500] - acquire_replica, consumer RUV: > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - consumer: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Trying non-secure slapi_ldap_init > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): binddn = > cn=Administrator,cn=Users,dc=Headquarters,dc=firstbhph,dc=com, passwd = {DE > S}LW8hCYz9qRFS0787nlyzPA== > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): No linger to cancel on the connection > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - > windows_acquire_replica returned succe > ss (101) > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: ready_to_acquire_replica -> sending_updates > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Replica has no update vector. It has never been initialized. > [08/Dec/2005:16:10:37 -0500] - Sending dirsync search request > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Beginning linger on the connection > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Linger timeout has expired on the connection > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: sending_updates -> start_backoff > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Disconnected from the consumer > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: start_backoff -> start > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): No linger to cancel on the connection > [08/Dec/2005:16:10:37 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Disconnected from the consumer > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: start -> ready_to_acquire_replica > [08/Dec/2005:16:10:38 -0500] - acquire_replica, supplier RUV: > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - supplier: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:10:38 -0500] - acquire_replica, consumer RUV: > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - consumer: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Trying non-secure slapi_ldap_init > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): binddn = > cn=Administrator,cn=Users,dc=Headquarters,dc=firstbhph,dc=com, passwd = {DE > S}LW8hCYz9qRFS0787nlyzPA== > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): No linger to cancel on the connection > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - > windows_acquire_replica returned succe > ss (101) > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: ready_to_acquire_replica -> sending_updates > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Replica has no update vector. It has never been initialized. > [08/Dec/2005:16:10:38 -0500] - Sending dirsync search request > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Beginning linger on the connection > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Linger timeout has expired on the connection > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Disconnected from the consumer > [08/Dec/2005:16:10:38 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: sending_updates -> start_backoff > [08/Dec/2005:16:10:42 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: start_backoff -> backoff > [08/Dec/2005:16:10:42 -0500] - acquire_replica, supplier RUV: > [08/Dec/2005:16:10:42 -0500] NSMMReplicationPlugin - supplier: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:10:42 -0500] - acquire_replica, consumer RUV: > [08/Dec/2005:16:10:42 -0500] NSMMReplicationPlugin - consumer: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:10:42 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: backoff -> wait_for_changes > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - Running Dirsync > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: wait_for_changes -> wait_for_changes > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: wait_for_changes -> ready_to_acquire_replica > [08/Dec/2005:16:11:02 -0500] - acquire_replica, supplier RUV: > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - supplier: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:11:02 -0500] - acquire_replica, consumer RUV: > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - consumer: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Trying non-secure slapi_ldap_init > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland:389): binddn = > cn=Administrator,cn=Users,dc=Headquarters,dc=firstbhph,dc=com, passwd = > {DE S}LW8hCYz9qRFS0787nlyzPA== > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): No linger to cancel on the connection > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - > windows_acquire_replica returned succe > ss (101) > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: ready_to_acquire_replica -> sending_updates > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Replica has no update vector. It has never been initialized. > [08/Dec/2005:16:11:02 -0500] - Sending dirsync search request > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Beginning linger on the connection > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: sending_updates -> start_backoff > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Linger timeout has expired on the connection > [08/Dec/2005:16:11:02 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): Disconnected from the consumer > [08/Dec/2005:16:11:06 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: start_backoff -> backoff > [08/Dec/2005:16:11:06 -0500] - acquire_replica, supplier RUV: > [08/Dec/2005:16:11:06 -0500] NSMMReplicationPlugin - supplier: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:11:06 -0500] - acquire_replica, consumer RUV: > [08/Dec/2005:16:11:06 -0500] NSMMReplicationPlugin - consumer: > {replicageneration} 4394acf9 > 0000ffff0000 > [08/Dec/2005:16:11:07 -0500] NSMMReplicationPlugin - agmt="cn=Rockland ADS > Sync" (rockland: > 389): State: backoff -> wait_for_changes Have any of the FDS gurus gotten a chance to look at this? Thanks. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From HaneJ at gsicommerce.com Fri Dec 9 16:12:13 2005 From: HaneJ at gsicommerce.com (Jason Hane) Date: Fri, 9 Dec 2005 11:12:13 -0500 Subject: [Fedora-directory-users] Host Access Based on Group Membership Message-ID: Thank you very much!! I briefly looked over the websites and it looks like what I need. I knew there was a solution, but I didn't know what it was called. I'll try it out and let you know how it goes. ________________________________ From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Tay, Gary Sent: Thursday, December 08, 2005 5:37 AM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Host Access Based on Group Membership FDS is very similar to SUN ONE DS5.2, I think netgroup ( + at netgroup XXX in /etc/passwd and /etc/shadow and "compat" keyword in /etc/nsswitch.conf) LDAP maps could be setup to achieve what you want, it has been used by many DS5.2 administrators See: http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20Open LDAP%20for%20RedHat%20Enterprise%20Linux3.htm Step 5Y: Configure "netgroup" to work with RedHat or Solaris Native LDAP Clients (i.e. controlling user access to host using netgroup LDAP maps) Also see: http://swforum.sun.com/jive/thread.jspa?threadID=52764&messageID=223846# 223846 Configuring LDAP netgroups Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Jason Hane Sent: Thursday, December 08, 2005 3:51 AM To: fedora-directory-users at redhat.com Subject: [Fedora-directory-users] Host Access Based on Group Membership I've been searching everywhere for the past week and haven't found a solution. I would like to be able to assign access to servers based upon membership to a group or role. For example, if I create a group/role called "Web Servers", everyone in that group can access all the web servers. Everyone in the group/role "Database Servers" would be allowed to log into the database servers. Users can be part of multiple groups. There has to be a way to do this already. All the clients are running OpenLDAP and can already authenticate to the Directory Server. To implement this solution, would I have to change ldap.conf or system-auth? Thanks, Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From bryan.fransman at gmail.com Fri Dec 9 16:48:58 2005 From: bryan.fransman at gmail.com (Bryan Fransman) Date: Fri, 9 Dec 2005 11:48:58 -0500 Subject: [Fedora-directory-users] WinSync reports "Insufficient Access" Message-ID: <4e8904490512090848l4e59bcd8w691eb872d4c8158d@mail.gmail.com> I'm seeking a little guidance in regard to the Windows Sync configuration. I have the Windows Sync service speaking to the Fedora Directory Server (SSL enabled), but passwords are not updated on the FDS side. Environment is Windows 2000 server, Fedora Core 3 w/ FDS 1.0 w/ the latest PassSync.msi I have configured WinSync to use cn=replication manager,cn=config as the bind user. This user exists in FDS. I enabled logging for the password sync service, and found the following entry in the passsync.log log: 12/09/05 11:17:06: Attempting to sync password for username 12/09/05 11:17:06: Searching for (ntuserdomainid=username) 12/09/05 11:17:06: Ldap error in ModifyPassword 50: Insufficient access 12/09/05 11:17:06: Modify password failed for remote entry: uid=username,ou=People, dc=domain, dc=com 12/09/05 11:17:06: Deferring password change for username 12/09/05 11:17:06: Backing off for 32000ms So, there it is.. the third line of log entry "Insufficient access". I assume that its an ACI problem with the cn=replication manager,cn=config user. I attempted to create an ACI to resolve the issue, but no luck. (targetattr = "*") (target = "ldap:///uid=*,ou=People,dc=domain,dc=com") (version 3.0;acl "WinSync";allow (all,proxy)(userdn = "ldap:///cn=replication manager,cn=config") ;) Some help would be greatly appreciated. Thanks, Bryan -------------- next part -------------- An HTML attachment was scrubbed... URL: From david_list at boreham.org Fri Dec 9 18:33:39 2005 From: david_list at boreham.org (David Boreham) Date: Fri, 09 Dec 2005 11:33:39 -0700 Subject: [Fedora-directory-users] WinSync reports "Insufficient Access" In-Reply-To: <4e8904490512090848l4e59bcd8w691eb872d4c8158d@mail.gmail.com> References: <4e8904490512090848l4e59bcd8w691eb872d4c8158d@mail.gmail.com> Message-ID: <4399CE03.2000303@boreham.org> Bryan Fransman wrote: > I'm seeking a little guidance in regard to the Windows Sync > configuration. I have the Windows Sync service speaking to the Fedora > Directory Server (SSL enabled), but passwords are not updated on the > FDS side. > > Environment is Windows 2000 server, Fedora Core 3 w/ FDS 1.0 w/ the > latest PassSync.msi > > I have configured WinSync to use cn=replication manager,cn=config as > the bind user. This user exists in FDS. > > I enabled logging for the password sync service, and found the > following entry in the passsync.log log: > > 12/09/05 11:17:06: Attempting to sync password for username > 12/09/05 11:17:06: Searching for (ntuserdomainid=username) > 12/09/05 11:17:06: Ldap error in ModifyPassword > 50: Insufficient access > 12/09/05 11:17:06: Modify password failed for remote entry: > uid=username,ou=People, dc=domain, dc=com > 12/09/05 11:17:06: Deferring password change for username > 12/09/05 11:17:06: Backing off for 32000ms > > So, there it is.. the third line of log entry "Insufficient access". > > I assume that its an ACI problem with the cn=replication > manager,cn=config user. I attempted to create an ACI to resolve the > issue, but no luck. > > (targetattr = "*") (target = > "ldap:///uid=*,ou=People,dc=domain,dc=com") (version 3.0;acl > "WinSync";allow (all,proxy)(userdn = "ldap:///cn=replication > manager,cn=config") ;) > > Some help would be greatly appreciated. I think you are on the general right track. However, when you used the replication manager DN to bind that probably led you astray. This is because that DN's special access rights are _only_ enforced on real replication sessions. The passsync app is not making a replication connection, just a regular LDAP connection. And so you will not get any of the magical powers of the replication manager DN. I suspect that your new ACI is not giving the desired result because another one that denies access is preempting it. So...quick and dirty way would be to use cn=Directory Manager for the bind DN. The good but longer solution would be to add another user for passsync to bind as and make sure that user has the necessary access rights to userPassword. -------------- next part -------------- An HTML attachment was scrubbed... URL: From craigwhite at azapple.com Fri Dec 9 19:05:18 2005 From: craigwhite at azapple.com (Craig White) Date: Fri, 09 Dec 2005 12:05:18 -0700 Subject: [Fedora-directory-users] TLS for dummies Message-ID: <1134155119.29271.85.camel@lin-workstation.azapple.com> Just basic stuff...I promise I have been through the wiki and the Administrator's guide (managing SSL and SASL) several times. Using openssl generated CA certificate and used that to sign CSR's from console application and loaded them all into console application. Have restarted FDS and it seems to be happy - but just to confirm... lifted from /opt/fedora-ds/slapd-srv1/logs/errors [09/Dec/2005:08:33:47 -0700] - Fedora-Directory/1.0.1 B2005.342.165 starting up [09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in backend userRoot, attempting to create one... [09/Dec/2005:08:33:47 -0700] - Key for cipher AES successfully generated and stored [09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one... [09/Dec/2005:08:33:47 -0700] - Key for cipher 3DES successfully generated and stored [09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in backend NetscapeRoot, attempting to create one... [09/Dec/2005:08:33:48 -0700] - Key for cipher AES successfully generated and stored [09/Dec/2005:08:33:48 -0700] - No symmetric key found for cipher 3DES in backend NetscapeRoot, attempting to create one... [09/Dec/2005:08:33:48 -0700] - Key for cipher 3DES successfully generated and stored [09/Dec/2005:08:33:48 -0700] - slapd started. Listening on All Interfaces port 389 for LDAP requests [09/Dec/2005:08:33:48 -0700] - Listening on All Interfaces port 636 for LDAPS requests MY PROBLEM # ldapsearch -ZZ '(uid=jim)' ldap_start_tls: Connect error (-11) additional info: Start TLS request accepted.Server willing to negotiate SSL. # tail -n4 /opt/fedora-ds/slapd-srv1/logs/access [09/Dec/2005:11:55:26 -0700] conn=83 op=5 fd=68 closed - U1 [09/Dec/2005:12:00:58 -0700] conn=84 fd=68 slot=68 connection from 127.0.0.1 to 127.0.0.1 [09/Dec/2005:12:00:58 -0700] conn=84 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [09/Dec/2005:12:00:58 -0700] conn=84 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [09/Dec/2005:12:00:58 -0700] conn=84 op=-1 fd=68 closed - Encountered end of file. # tail -n 7 /etc/openldap/ldap.conf URI ldap://srv1.clsurvey.com HOST srv1.clsurvey.com BASE dc=clsurvey,dc=com TLS_CACERTDIR /etc/ssl TLS_CACERT server.crt pam_password md5 TLS_REQCERT allow My thinking is that this somehow has something to do with the TLS_CACERT in /etc/openldap/ldap.conf (the certificate for the client). Would this be the issue? Is there a better method for creating the client certificate from either the CA certificate (generated by openssl) or from the FDS Server Certificate (also generated by openssl)? Craig From rmeggins at redhat.com Fri Dec 9 19:31:15 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 09 Dec 2005 12:31:15 -0700 Subject: [Fedora-directory-users] TLS for dummies In-Reply-To: <1134155119.29271.85.camel@lin-workstation.azapple.com> References: <1134155119.29271.85.camel@lin-workstation.azapple.com> Message-ID: <4399DB83.1050905@redhat.com> Craig White wrote: >Just basic stuff...I promise I have been through the wiki and the >Administrator's guide (managing SSL and SASL) several times. > >Using openssl generated CA certificate and used that to sign CSR's from >console application and loaded them all into console application. Have >restarted FDS and it seems to be happy - but just to confirm... > >lifted from /opt/fedora-ds/slapd-srv1/logs/errors >[09/Dec/2005:08:33:47 -0700] - Fedora-Directory/1.0.1 B2005.342.165 >starting up >[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in >backend userRoot, attempting to create one... >[09/Dec/2005:08:33:47 -0700] - Key for cipher AES successfully generated >and stored >[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher 3DES in >backend userRoot, attempting to create one... >[09/Dec/2005:08:33:47 -0700] - Key for cipher 3DES successfully >generated and stored >[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in >backend NetscapeRoot, attempting to create one... >[09/Dec/2005:08:33:48 -0700] - Key for cipher AES successfully generated >and stored >[09/Dec/2005:08:33:48 -0700] - No symmetric key found for cipher 3DES in >backend NetscapeRoot, attempting to create one... >[09/Dec/2005:08:33:48 -0700] - Key for cipher 3DES successfully >generated and stored >[09/Dec/2005:08:33:48 -0700] - slapd started. Listening on All >Interfaces port 389 for LDAP requests >[09/Dec/2005:08:33:48 -0700] - Listening on All Interfaces port 636 for >LDAPS requests > >MY PROBLEM ># ldapsearch -ZZ '(uid=jim)' >ldap_start_tls: Connect error (-11) > additional info: Start TLS request accepted.Server willing to >negotiate SSL. > > Looks like openldap and FDS are not responding to the startTLS operation the same way. Try ldapsearch -v ... or ldapsearch -d 1 ... ># tail -n4 /opt/fedora-ds/slapd-srv1/logs/access >[09/Dec/2005:11:55:26 -0700] conn=83 op=5 fd=68 closed - U1 >[09/Dec/2005:12:00:58 -0700] conn=84 fd=68 slot=68 connection from >127.0.0.1 to 127.0.0.1 >[09/Dec/2005:12:00:58 -0700] conn=84 op=0 EXT >oid="1.3.6.1.4.1.1466.20037" name="startTLS" >[09/Dec/2005:12:00:58 -0700] conn=84 op=0 RESULT err=0 tag=120 >nentries=0 etime=0 >[09/Dec/2005:12:00:58 -0700] conn=84 op=-1 fd=68 closed - Encountered >end of file. > ># tail -n 7 /etc/openldap/ldap.conf >URI ldap://srv1.clsurvey.com >HOST srv1.clsurvey.com >BASE dc=clsurvey,dc=com >TLS_CACERTDIR /etc/ssl >TLS_CACERT server.crt >pam_password md5 >TLS_REQCERT allow > >My thinking is that this somehow has something to do with the TLS_CACERT >in /etc/openldap/ldap.conf (the certificate for the client). > >Would this be the issue? > >Is there a better method for creating the client certificate from either >the CA certificate (generated by openssl) or from the FDS Server >Certificate (also generated by openssl)? > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Fri Dec 9 19:31:01 2005 From: david_list at boreham.org (David Boreham) Date: Fri, 09 Dec 2005 12:31:01 -0700 Subject: [Fedora-directory-users] TLS for dummies In-Reply-To: <1134155119.29271.85.camel@lin-workstation.azapple.com> References: <1134155119.29271.85.camel@lin-workstation.azapple.com> Message-ID: <4399DB75.4010906@boreham.org> >My thinking is that this somehow has something to do with the TLS_CACERT >in /etc/openldap/ldap.conf (the certificate for the client). > > In general most folk don't need client certs, but AFAIK the openldap ldapsearch _requires_ that you present a client cert. >Would this be the issue? > > Probably yes. Shouldn't you be using a user-specific ldap.conf for your client-side config ? >Is there a better method for creating the client certificate from either >the CA certificate (generated by openssl) or from the FDS Server >Certificate (also generated by openssl)? > > Provided the client cert was signed by the same CA as the server cert, you should be ok. The client cert has no relationship per se with the server cert. From sstrong at crwash.org Fri Dec 9 19:53:30 2005 From: sstrong at crwash.org (sstrong at crwash.org) Date: Fri, 09 Dec 2005 13:53:30 -0600 Subject: [Fedora-directory-users] syntax errors reported when using LdapImport with Fedora Directory Message-ID: <20051209135330.g8zrke1wx0wkc4ww@crwash.org> I'm having trouble importing the flat files on our server into ldap after installing 1.0.1 of Fedora Directory. I downloaded and extracted LdapImport. I also downloaded Delta.pm and placed it in the same directory as LdapImport. Here is what I got back after I executed LdapImport (I've also included a copy of the "offending lines" below the console output. thanks for the help! steve sh LdapImport.pl LdapImport.pl: line 32: use: command not found LdapImport.pl: line 33: use: command not found LdapImport.pl: line 34: use: command not found LdapImport.pl: line 35: use: command not found LdapImport.pl: line 36: use: command not found LdapImport.pl: line 37: use: command not found LdapImport.pl: line 38: use: command not found LdapImport.pl: line 39: use: command not found LdapImport.pl: line 40: use: command not found LdapImport.pl: line 41: use: command not found LdapImport.pl: line 42: use: command not found LdapImport.pl: line 43: use: command not found LdapImport.pl: line 45: syntax error near unexpected token `(' LdapImport.pl: line 45: `use vars qw($VERSION);' lines 32 to 45 from LdapImport.pl: use strict; use warnings; use LdapConnectionManager; use LdapSchemaTools; use LdapEntryTools; use LdapMigration; use Net::LDAP; use Net::LDAP::LDIF; use Net::LDAP::Search; use Net::LDAP::Entry; use Data::Dumper; use debug; use vars qw($VERSION); $VERSION=sprintf("%d.%02d", q$Revision: 1.21 $ =~ /(\d+)\.(\d+)/); From craigwhite at azapple.com Fri Dec 9 20:13:27 2005 From: craigwhite at azapple.com (Craig White) Date: Fri, 09 Dec 2005 13:13:27 -0700 Subject: [Fedora-directory-users] TLS for dummies In-Reply-To: <4399DB83.1050905@redhat.com> References: <1134155119.29271.85.camel@lin-workstation.azapple.com> <4399DB83.1050905@redhat.com> Message-ID: <1134159207.29271.94.camel@lin-workstation.azapple.com> On Fri, 2005-12-09 at 12:31 -0700, Richard Megginson wrote: > Craig White wrote: > > >Just basic stuff...I promise I have been through the wiki and the > >Administrator's guide (managing SSL and SASL) several times. > > > >Using openssl generated CA certificate and used that to sign CSR's from > >console application and loaded them all into console application. Have > >restarted FDS and it seems to be happy - but just to confirm... > > > >lifted from /opt/fedora-ds/slapd-srv1/logs/errors > >[09/Dec/2005:08:33:47 -0700] - Fedora-Directory/1.0.1 B2005.342.165 > >starting up > >[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in > >backend userRoot, attempting to create one... > >[09/Dec/2005:08:33:47 -0700] - Key for cipher AES successfully generated > >and stored > >[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher 3DES in > >backend userRoot, attempting to create one... > >[09/Dec/2005:08:33:47 -0700] - Key for cipher 3DES successfully > >generated and stored > >[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in > >backend NetscapeRoot, attempting to create one... > >[09/Dec/2005:08:33:48 -0700] - Key for cipher AES successfully generated > >and stored > >[09/Dec/2005:08:33:48 -0700] - No symmetric key found for cipher 3DES in > >backend NetscapeRoot, attempting to create one... > >[09/Dec/2005:08:33:48 -0700] - Key for cipher 3DES successfully > >generated and stored > >[09/Dec/2005:08:33:48 -0700] - slapd started. Listening on All > >Interfaces port 389 for LDAP requests > >[09/Dec/2005:08:33:48 -0700] - Listening on All Interfaces port 636 for > >LDAPS requests > > > >MY PROBLEM > ># ldapsearch -ZZ '(uid=jim)' > >ldap_start_tls: Connect error (-11) > > additional info: Start TLS request accepted.Server willing to > >negotiate SSL. > > > > > Looks like openldap and FDS are not responding to the startTLS operation > the same way. Try > ldapsearch -v ... > or > ldapsearch -d 1 ... > ---- OK - instructions don't entirely cover the issue when you use openldap client version of ldapsearch ldapsearch -x -ZZ '(uid=jim)' # no problem the -x was still required for ssl (ldaps://server:636 and ldap://server:389) when not using SASL thanks and thanks David - it helped clarify things Craig From agnaldofreitas at hotmail.com Fri Dec 9 20:14:52 2005 From: agnaldofreitas at hotmail.com (Agnaldo Freitas) Date: Fri, 9 Dec 2005 17:14:52 -0300 Subject: [Fedora-directory-users] Fedora-ds + Samba (PDC) Message-ID: Hello, If somebody got to configure and to use Fedora-ds + Samba (PDC) without problems, I would like to obtain the details. thankful in advance, Agnaldo -------------- next part -------------- An HTML attachment was scrubbed... URL: From bryan.fransman at gmail.com Fri Dec 9 20:42:25 2005 From: bryan.fransman at gmail.com (Bryan Fransman) Date: Fri, 9 Dec 2005 15:42:25 -0500 Subject: [Fedora-directory-users] WinSync reports "Insufficient Access" In-Reply-To: <4399CE03.2000303@boreham.org> References: <4e8904490512090848l4e59bcd8w691eb872d4c8158d@mail.gmail.com> <4399CE03.2000303@boreham.org> Message-ID: <4e8904490512091242l3994cc0co57c117897746651a@mail.gmail.com> David, That did the trick! Thank you for your help. On 12/9/05, David Boreham wrote: > > Bryan Fransman wrote: > > I'm seeking a little guidance in regard to the Windows Sync configuration. > I have the Windows Sync service speaking to the Fedora Directory Server (SSL > enabled), but passwords are not updated on the FDS side. > > Environment is Windows 2000 server, Fedora Core 3 w/ FDS 1.0 w/ the latest > PassSync.msi > > I have configured WinSync to use cn=replication manager,cn=config as the > bind user. This user exists in FDS. > > I enabled logging for the password sync service, and found the following > entry in the passsync.log log: > > 12/09/05 11:17:06: Attempting to sync password for username > 12/09/05 11:17:06: Searching for (ntuserdomainid=username) > 12/09/05 11:17:06: Ldap error in ModifyPassword > 50: Insufficient access > 12/09/05 11:17:06: Modify password failed for remote entry: > uid=username,ou=People, dc=domain, dc=com > 12/09/05 11:17:06: Deferring password change for username > 12/09/05 11:17:06: Backing off for 32000ms > > So, there it is.. the third line of log entry "Insufficient access". > > I assume that its an ACI problem with the cn=replication manager,cn=config > user. I attempted to create an ACI to resolve the issue, but no luck. > > (targetattr = "*") (target = "ldap:///uid=*,ou=People,dc=domain,dc=com") > (version 3.0;acl "WinSync";allow (all,proxy)(userdn = "ldap:///cn=replication > manager,cn=config");) > > Some help would be greatly appreciated. > > I think you are on the general right track. > However, when you used the replication manager DN to bind that > probably led you astray. This is because that DN's special access rights > are _only_ enforced on real replication sessions. The passsync > app is not making a replication connection, just a regular LDAP > connection. > And so you will not get any of the magical powers of the replication > manager DN. > > I suspect that your new ACI is not giving the desired result because > another one that denies access is preempting it. > > So...quick and dirty way would be to use cn=Directory Manager > for the bind DN. The good but longer solution would be to add > another user for passsync to bind as and make sure that user has the > necessary access rights to userPassword. > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ando at sys-net.it Fri Dec 9 21:20:20 2005 From: ando at sys-net.it (Pierangelo Masarati) Date: Fri, 9 Dec 2005 22:20:20 +0100 (CET) Subject: [Fedora-directory-users] TLS for dummies In-Reply-To: <4399DB75.4010906@boreham.org> References: <1134155119.29271.85.camel@lin-workstation.azapple.com> <4399DB75.4010906@boreham.org> Message-ID: <3607.151.24.80.18.1134163220.squirrel@151.24.80.18> > >>My thinking is that this somehow has something to do with the TLS_CACERT >>in /etc/openldap/ldap.conf (the certificate for the client). >> >> > In general most folk don't need client certs, but AFAIK the openldap > ldapsearch > _requires_ that you present a client cert. by default, yes. That's what we call a "safe" default. If you specify "TLS_REQCERT never", as documented in ldap.conf(5), that does the trick. > >>Would this be the issue? >> >> > Probably yes. Shouldn't you be using a user-specific ldap.conf for your > client-side config ? > >>Is there a better method for creating the client certificate from either >>the CA certificate (generated by openssl) or from the FDS Server >>Certificate (also generated by openssl)? >> >> > Provided the client cert was signed by the same CA as the server cert, > you should be ok. The client cert has no relationship per se with the > server cert. If the client's CA is not the same as the server's CA, you need the server to know about the CA's cert, and let it know it's trusted. I don't know the details for FDS, though. Note that if the client is to verify the srrver's CA, the same issue with reversed players arises. p. -- Pierangelo Masarati mailto:pierangelo.masarati at sys-net.it Ing. Pierangelo Masarati Responsabile Open Solution SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati at sys-net.it ------------------------------------------ From mlowrie at vendetta.ca Sat Dec 10 02:10:20 2005 From: mlowrie at vendetta.ca (Mike Lowrie) Date: Fri, 09 Dec 2005 18:10:20 -0800 Subject: [Fedora-directory-users] dsbuild and libadminutil build error os Slackware 10.2 - 2.6.14.3 Message-ID: <439A390C.8050604@vendetta.ca> I'm trying to do a complete build using dsbuild on a freshly installed Slackware 10.2 box with a 2.6.14.3 kernel, but I'm running into problems with the system not finding some header files: ==== Building AdminUtil ========== cd lib/libadminutil; gmake BUILD_OPT=1 NSPR_BASENAME= USE_PTHREADS=1 SECURITY=domestic MOZILLA_SOURCE_ROOT_EXT= ICU_SOURCE_ROOT_EXT= USE_64= gmake[3]: Entering directory `/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/lib/libadminutil' gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE -D_XOPEN_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX -DLinux -O2 -DNET_SSL -DSPAPI20 -DBUILD_NUM=\"2005.344.255\" -I/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include -I/usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6.14_x86_glibc_PTH_OPT.OBJ/include -I/usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss -I/usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap -I/usr/local/src/dsbuild/ds/icu/work/icu-2.4/built/include psetc.c -o /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/built/Linux2.6.14_x86_glibc_PTH_OPT.OBJ/lib/libadminutil/psetc.o In file included from /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/psetc.h:24, from psetc_pvt.h:26, from psetc.c:30: /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:25:21: prtypes.h: No such file or directory /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:26:19: plstr.h: No such file or directory /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:27:19: prprf.h: No such file or directory In file included from /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/psetc.h:24, from psetc_pvt.h:26, from psetc.c:30: /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:78: error: syntax error before "createAttrNameList" /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:78: warning: data definition has no type or storage class /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:80: error: syntax error before "addName" /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:80: warning: data definition has no type or storage class . . . and of course a whole lot of other errors follow. I have found the files it is looking for in the mozilla directory of the dsbuild directory, but its as if it doesn't have the correct include paths. I tried adding a few manually, but there are a lot of different paths - all from the mozilla directory that aren't being found. Does anyone have any suggestions on how to fix this? Appreciate the help! Mike From craigwhite at azapple.com Sat Dec 10 04:34:33 2005 From: craigwhite at azapple.com (Craig White) Date: Fri, 09 Dec 2005 21:34:33 -0700 Subject: [Fedora-directory-users] mail aliases Message-ID: <1134189273.29271.107.camel@lin-workstation.azapple.com> What I used to do in openldap was use an objectclass inetLocalMailRecipient which was defined in the 'misc.schema' and my primary usage was to use an attribute inetLocalMailAddress to stuff additional addresses as aliases because I struggled with multiple values in the mail attribute. Obviously I can import the openldap schema that I was using into FDS but now I am thinking that it is probably a better idea to re-examine my usage. To reduce my questions to basic... - is the mail attribute multi-valued? - How do I determine which attributes are multi-valued? - Is there an attribute better used for mail aliases? Thanks Craig From craigwhite at azapple.com Sat Dec 10 04:36:41 2005 From: craigwhite at azapple.com (Craig White) Date: Fri, 09 Dec 2005 21:36:41 -0700 Subject: [Fedora-directory-users] mozilla-thunderbird address book Message-ID: <1134189402.29271.111.camel@lin-workstation.azapple.com> Can anyone direct me to URL's that suggest methodologies for objectclasses/attributes for use with Thunderbird address book? Thanks Craig From hyc at symas.com Sat Dec 10 05:19:05 2005 From: hyc at symas.com (Howard Chu) Date: Fri, 09 Dec 2005 21:19:05 -0800 Subject: [Fedora-directory-users] TLS for dummies In-Reply-To: <20051210043453.CCAE473092@hormel.redhat.com> References: <20051210043453.CCAE473092@hormel.redhat.com> Message-ID: <439A6549.1070200@symas.com> fedora-directory-users-request at redhat.com wrote: > Date: Fri, 09 Dec 2005 12:31:01 -0700 > From: David Boreham > > >> My thinking is that this somehow has something to do with the TLS_CACERT >> in /etc/openldap/ldap.conf (the certificate for the client). >> >> >> > In general most folk don't need client certs, but AFAIK the openldap > ldapsearch _requires_ that you present a client cert. > Wrong. Client certs are only needed if you want to do certificate-based client authentication, and the default settings do not require them. Of course, the TLS_CACERT directive, as the name suggests, is for setting the path to the CA cert, and by default it *is* required. I think your terminology is imprecise here, so that may be confusing the issue. >> Would this be the issue? >> >> >> > Probably yes. Shouldn't you be using a user-specific ldap.conf for your > client-side config ? > > >> Is there a better method for creating the client certificate from either >> the CA certificate (generated by openssl) or from the FDS Server >> Certificate (also generated by openssl)? >> >> >> > Provided the client cert was signed by the same CA as the server cert, > you should be ok. The client cert has no relationship per se with the > server cert. > Again, the poster was referring to the CA cert on the client, not a "client cert," so dragging that into the discussion is only muddying things. Note that the original poster used TLS_CACERT and TLS_CACERTDIR and the OpenLDAP docs specifically state to use only one or the other, and in general, not to use TLS_CACERTDIR at all. This is the real error; TLS_CACERT must be a fully qualified path to a certificate file. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ From del at babel.com.au Sat Dec 10 06:38:37 2005 From: del at babel.com.au (Del) Date: Sat, 10 Dec 2005 17:38:37 +1100 Subject: [Fedora-directory-users] migrating from flat files to fedora directory... In-Reply-To: <4398B44A.7040007@crwash.org> References: <4398B44A.7040007@crwash.org> Message-ID: <439A77ED.8090604@babel.com.au> Steve Strong wrote: > ... seems harder than I thought. I can't get Ldapimport to do anything > and it doesn't display any errors and the old fedora 4 What do you mean "do anything"? The first question it asks you is "Log file name [LdapImport.log] ?". Do you get that far or does it crash before then? It sounds like you may not have perl installed. What sort of system are you running on? -- Del From hyc at symas.com Sat Dec 10 06:42:29 2005 From: hyc at symas.com (Howard Chu) Date: Fri, 09 Dec 2005 22:42:29 -0800 Subject: [Fedora-directory-users] Re: TLS for dummies In-Reply-To: <20051210043453.CCAE473092@hormel.redhat.com> References: <20051210043453.CCAE473092@hormel.redhat.com> Message-ID: <439A78D5.1080101@symas.com> fedora-directory-users-request at redhat.com wrote: > Date: Fri, 09 Dec 2005 12:05:18 -0700 > From: Craig White > > Just basic stuff...I promise I have been through the wiki and the > Administrator's guide (managing SSL and SASL) several times. > > Using openssl generated CA certificate and used that to sign CSR's from > console application and loaded them all into console application. Have > restarted FDS and it seems to be happy - but just to confirm... > > > > MY PROBLEM > # ldapsearch -ZZ '(uid=jim)' > ldap_start_tls: Connect error (-11) > additional info: Start TLS request accepted.Server willing to > negotiate SSL. > > # tail -n4 /opt/fedora-ds/slapd-srv1/logs/access > [09/Dec/2005:11:55:26 -0700] conn=83 op=5 fd=68 closed - U1 > [09/Dec/2005:12:00:58 -0700] conn=84 fd=68 slot=68 connection from > 127.0.0.1 to 127.0.0.1 > [09/Dec/2005:12:00:58 -0700] conn=84 op=0 EXT > oid="1.3.6.1.4.1.1466.20037" name="startTLS" > [09/Dec/2005:12:00:58 -0700] conn=84 op=0 RESULT err=0 tag=120 > nentries=0 etime=0 > [09/Dec/2005:12:00:58 -0700] conn=84 op=-1 fd=68 closed - Encountered > end of file. > > # tail -n 7 /etc/openldap/ldap.conf > URI ldap://srv1.clsurvey.com > HOST srv1.clsurvey.com > BASE dc=clsurvey,dc=com > TLS_CACERTDIR /etc/ssl > TLS_CACERT server.crt > pam_password md5 > TLS_REQCERT allow > > My thinking is that this somehow has something to do with the TLS_CACERT > in /etc/openldap/ldap.conf (the certificate for the client). > Please re-read http://www.openldap.org/doc/admin23/tls.html; it's quite clear about how to configure the CA cert. Note that "pam_password" is not an OpenLDAP config keyword. > Would this be the issue? > > Is there a better method for creating the client certificate from either > the CA certificate (generated by openssl) or from the FDS Server > Certificate (also generated by openssl)? > Only CA certs may be used to generate other certs. The server cert is just that, nothing more. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ From david_list at boreham.org Sat Dec 10 06:42:33 2005 From: david_list at boreham.org (David Boreham) Date: Fri, 09 Dec 2005 23:42:33 -0700 Subject: [Fedora-directory-users] TLS for dummies In-Reply-To: <439A6549.1070200@symas.com> References: <20051210043453.CCAE473092@hormel.redhat.com> <439A6549.1070200@symas.com> Message-ID: <439A78D9.8080303@boreham.org> Howard Chu wrote: >>> My thinking is that this somehow has something to do with the >>> TLS_CACERT >>> in /etc/openldap/ldap.conf (the certificate for the client). >>> >>> >>> >> >> In general most folk don't need client certs, but AFAIK the openldap >> ldapsearch _requires_ that you present a client cert. >> > > > Wrong. Client certs are only needed if you want to do > certificate-based client authentication, and the default settings do > not require them. That's good to know. I remember spending a few days trying to persuade OL to do a non-cert-based-auth connection and ultimately failing, but I'm pleased to hear that it can. > Of course, the TLS_CACERT directive, as the name suggests, is for > setting the path to the CA cert, and by default it *is* required. I > think your terminology is imprecise here, so that may be confusing the > issue. Yes, I was reading the OP's description: 'certificate for the client', and not the config directive name which as you point out was actually for the CA cert. From del at babel.com.au Sat Dec 10 06:44:48 2005 From: del at babel.com.au (Del) Date: Sat, 10 Dec 2005 17:44:48 +1100 Subject: [Fedora-directory-users] Fedora-ds + Samba (PDC) In-Reply-To: References: Message-ID: <439A7960.3010704@babel.com.au> Agnaldo Freitas wrote: > Hello, > > If somebody got to configure and to use Fedora-ds + Samba (PDC) without > problems, I would like to obtain the details. Yes I have done this but there are many different ways of going about it. You could be setting a new system up from scratch. See here: http://directory.fedora.redhat.com/wiki/Howto:Samba You could be setting up the smbldap tools, see here: http://samba.idealx.org/smbldap-howto.en.html You could be migrating from an NT4 PDC to FDS + Samba, see here: http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html -- Del From mj at sci.fi Sat Dec 10 11:28:17 2005 From: mj at sci.fi (Mike Jackson) Date: Sat, 10 Dec 2005 13:28:17 +0200 Subject: [Fedora-directory-users] mozilla-thunderbird address book In-Reply-To: <1134189402.29271.111.camel@lin-workstation.azapple.com> References: <1134189402.29271.111.camel@lin-workstation.azapple.com> Message-ID: <439ABBD1.1000900@sci.fi> Craig White wrote: > Can anyone direct me to URL's that suggest methodologies for > objectclasses/attributes for use with Thunderbird address book? Thunderbird does this type of search as you type e.g. the name "Mike" into the To: field: "(|(cn=mike*)(mail=mike*)(sn=mike*))" attrs="cn mail" Which translates in english to: "find all entries in which cn or mail or sn start with "mike" and give me a list of the cn and mail attribute values from those entries". So, you can see that it really does not care which object classes you have used to compose entries that contain mail attributes. It is, however, hardcoded to look for the mail and cn attributes. For my accounts, I use at least the following classes: person organizationalPerson inetOrgPerson posixAccount I use uid for the naming attribute, but still include cn in the entry. -- mike From mj at sci.fi Sat Dec 10 11:47:29 2005 From: mj at sci.fi (Mike Jackson) Date: Sat, 10 Dec 2005 13:47:29 +0200 Subject: [Fedora-directory-users] mail aliases In-Reply-To: <1134189273.29271.107.camel@lin-workstation.azapple.com> References: <1134189273.29271.107.camel@lin-workstation.azapple.com> Message-ID: <439AC051.4080300@sci.fi> Craig White wrote: > What I used to do in openldap was use an objectclass > inetLocalMailRecipient which was defined in the 'misc.schema' and my > primary usage was to use an attribute inetLocalMailAddress to stuff > additional addresses as aliases because I struggled with multiple values > in the mail attribute. The mail attribute is not multi-valued. > Obviously I can import the openldap schema that I was using into FDS but > now I am thinking that it is probably a better idea to re-examine my > usage. Why? > To reduce my questions to basic... > > - is the mail attribute multi-valued? No. > - How do I determine which attributes are multi-valued? Attributes are multi-valued by default. If you want them to be single-valued, you must specify it in the schema: attributeTypes: ( 1.3.6.1.4.1.300.1.8.1 NAME 'fooName' DESC 'Foo Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) > - Is there an attribute better used for mail aliases? That depends on the usage. If you are setting up an MTA to do deliveries based on LDAP queries, then the MTA might use multiple attributes. Qmail-LDAP reads "mail" first, and then "mailAlternateAddress" (which is multi-valued) second. So, with Qmail-LDAP, a user's main address is assigned to mail and all subsequent addresses are assigned to mailAlternateAddress. See the following schema for examples: http://www.bayour.com/openldap/schemas/qmail.schema -- mike From ando at sys-net.it Sat Dec 10 12:00:29 2005 From: ando at sys-net.it (Pierangelo Masarati) Date: Sat, 10 Dec 2005 13:00:29 +0100 Subject: [Fedora-directory-users] mail aliases In-Reply-To: <439AC051.4080300@sci.fi> References: <1134189273.29271.107.camel@lin-workstation.azapple.com> <439AC051.4080300@sci.fi> Message-ID: <1134216029.3307.26.camel@ando> On Sat, 2005-12-10 at 13:47 +0200, Mike Jackson wrote: > > - is the mail attribute multi-valued? > > No. ?!? from RFC 2798: ( 0.9.2342.19200300.100.1.3 NAME 'mail' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) p. Ing. Pierangelo Masarati Responsabile Open Solution SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati at sys-net.it ------------------------------------------ From mj at sci.fi Sat Dec 10 11:55:55 2005 From: mj at sci.fi (Mike Jackson) Date: Sat, 10 Dec 2005 13:55:55 +0200 Subject: [Fedora-directory-users] mail aliases In-Reply-To: <1134216029.3307.26.camel@ando> References: <1134189273.29271.107.camel@lin-workstation.azapple.com> <439AC051.4080300@sci.fi> <1134216029.3307.26.camel@ando> Message-ID: <439AC24B.8040907@sci.fi> Pierangelo Masarati wrote: > On Sat, 2005-12-10 at 13:47 +0200, Mike Jackson wrote: > >>>- is the mail attribute multi-valued? >> >>No. > > > ?!? > > from RFC 2798: > > ( 0.9.2342.19200300.100.1.3 > NAME 'mail' > EQUALITY caseIgnoreIA5Match > SUBSTR caseIgnoreIA5SubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) > > Sorry, I contradicted myself :-) -- mike From craigwhite at azapple.com Sat Dec 10 12:15:46 2005 From: craigwhite at azapple.com (Craig White) Date: Sat, 10 Dec 2005 05:15:46 -0700 Subject: [Fedora-directory-users] TLS for dummies In-Reply-To: <439A6549.1070200@symas.com> References: <20051210043453.CCAE473092@hormel.redhat.com> <439A6549.1070200@symas.com> Message-ID: <1134216946.31316.1.camel@lin-workstation.azapple.com> On Fri, 2005-12-09 at 21:19 -0800, Howard Chu wrote: > fedora-directory-users-request at redhat.com wrote: > > Date: Fri, 09 Dec 2005 12:31:01 -0700 > > From: David Boreham > > > > > >> My thinking is that this somehow has something to do with the TLS_CACERT > >> in /etc/openldap/ldap.conf (the certificate for the client). > >> > >> > >> > > In general most folk don't need client certs, but AFAIK the openldap > > ldapsearch _requires_ that you present a client cert. > > > > > Wrong. Client certs are only needed if you want to do certificate-based > client authentication, and the default settings do not require them. Of > course, the TLS_CACERT directive, as the name suggests, is for setting > the path to the CA cert, and by default it *is* required. I think your > terminology is imprecise here, so that may be confusing the issue. ---- indeed - awesome clarification - thanks ---- > > >> Would this be the issue? > >> > >> > >> > > Probably yes. Shouldn't you be using a user-specific ldap.conf for your > > client-side config ? > > > > > >> Is there a better method for creating the client certificate from either > >> the CA certificate (generated by openssl) or from the FDS Server > >> Certificate (also generated by openssl)? > >> > >> > >> > > Provided the client cert was signed by the same CA as the server cert, > > you should be ok. The client cert has no relationship per se with the > > server cert. > > > > Again, the poster was referring to the CA cert on the client, not a > "client cert," so dragging that into the discussion is only muddying things. > > Note that the original poster used TLS_CACERT and TLS_CACERTDIR and the > OpenLDAP docs specifically state to use only one or the other, and in > general, not to use TLS_CACERTDIR at all. This is the real error; > TLS_CACERT must be a fully qualified path to a certificate file. ---- the original poster was completely confused by this and has now learned much from the clarification provided. Thanks Howard Craig From sstrong at crwash.org Sat Dec 10 16:47:20 2005 From: sstrong at crwash.org (Steve Strong) Date: Sat, 10 Dec 2005 10:47:20 -0600 Subject: [Fedora-directory-users] migrating from flat files to fedora directory... In-Reply-To: <439A77ED.8090604@babel.com.au> References: <4398B44A.7040007@crwash.org> <439A77ED.8090604@babel.com.au> Message-ID: <439B0698.9000004@crwash.org> perl is installed on RHEL 4. I have checked all of the requirements, downloaded Delta.pm, created a directory in the LdapImport directory and placed Delta.pm in it, cd'ed to the LdapImport directory and executed this at the command line: perl -w LdapImport.pl here's what I got: [root at stretch LdapImport]# perl -w LdapImport.pl Unquoted string "html" may clash with future reserved word at Log/Delta.pm line 2, line 225. Unquoted string "rel" may clash with future reserved word at Log/Delta.pm line 4, line 225. Bareword found where operator expected at Log/Delta.pm line 4, near ""stylesheet" href" (Missing operator before href?) Unquoted string "href" may clash with future reserved word at Log/Delta.pm line 4, line 225. Bareword found where operator expected at Log/Delta.pm line 4, near ""/s/style.css" type" (Missing operator before type?) Unquoted string "type" may clash with future reserved word at Log/Delta.pm line 4, line 225. Unquoted string "title" may clash with future reserved word at Log/Delta.pm line 6, line 225. Unquoted string "search" may clash with future reserved word at Log/Delta.pm line 6, line 225. Unquoted string "cpan" may clash with future reserved word at Log/Delta.pm line 6, line 225. Unquoted string "org" may clash with future reserved word at Log/Delta.pm line 6, line 225. Unquoted string "information" may clash with future reserved word at Log/Delta.pm line 6, line 225. Bareword found where operator expected at Log/Delta.pm line 7, near " line 225. Unquoted string "center" may clash with future reserved word at Log/Delta.pm line 9, line 225. Bareword found where operator expected at Log/Delta.pm line 9, near "/a> line 225. Bareword found where operator expected at Log/Delta.pm line 11, near "Home" (Missing operator before Home?) Bareword found where operator expected at Log/Delta.pm line 12, near "· line 225. Unquoted string "recent" may clash with future reserved word at Log/Delta.pm line 13, line 225. String found where operator expected at Log/Delta.pm line 14, near "· line 225. Warning: Use of "log" without parentheses is ambiguous at Log/Delta.pm line 14, line 225. Unquoted string "perl" may clash with future reserved word at Log/Delta.pm line 14, line 225. Unquoted string "org" may clash with future reserved word at Log/Delta.pm line 14, line 225. Unquoted string "cpansearch" may clash with future reserved word at Log/Delta.pm line 14, line 225. Unquoted string "mirror" may clash with future reserved word at Log/Delta.pm line 15, line 225. String found where operator expected at Log/Delta.pm line 16, near "· line 225. Unquoted string "html" may clash with future reserved word at Log/Delta.pm line 16, line 225. String found where operator expected at Log/Delta.pm line 17, near "· line 225. String found where operator expected at Log/Delta.pm line 19, near "
line 225. String found where operator expected at Log/Delta.pm line 19, near "get" action="" Unquoted string "search" may clash with future reserved word at Log/Delta.pm line 19, line 225. String found where operator expected at Log/Delta.pm line 19, near "search" name="" Bareword found where operator expected at Log/Delta.pm line 19, near "" name="f" (Missing operator before f?) Unquoted string "f" may clash with future reserved word at Log/Delta.pm line 19, line 225. String found where operator expected at Log/Delta.pm line 19, near "f" class="" Bareword found where operator expected at Log/Delta.pm line 19, near "" class="searchbox" (Missing operator before searchbox?) Unquoted string "searchbox" may clash with future reserved word at Log/Delta.pm line 19, line 225. String found where operator expected at Log/Delta.pm line 20, near " line 225. String found where operator expected at Log/Delta.pm line 20, near "text" name="" Bareword found where operator expected at Log/Delta.pm line 20, near "" name="query" (Missing operator before query?) Unquoted string "query" may clash with future reserved word at Log/Delta.pm line 20, line 225. String found where operator expected at Log/Delta.pm line 20, near "query" value="" String found where operator expected at Log/Delta.pm line 20, near "" value="" size="" (Missing operator before " size="?) Number found where operator expected at Log/Delta.pm line 20, near "" size="35" (Missing operator before 35?) String found where operator expected at Log/Delta.pm line 21, near "
in line 225. String found where operator expected at Log/Delta.pm line 22, near " line 225. Unquoted string "mlawren" may clash with future reserved word at Log/Delta.pm line 34, line 225. Bareword found where operator expected at Log/Delta.pm line 38, near "
line 225. Unquoted string "right" may clash with future reserved word at Log/Delta.pm line 38, line 225. String found where operator expected at Log/Delta.pm line 38, near "right">Download: line 225. Unquoted string "id" may clash with future reserved word at Log/Delta.pm line 38, line 225. Unquoted string "tar" may clash with future reserved word at Log/Delta.pm line 38, line 225. Unquoted string "gz" may clash with future reserved word at Log/Delta.pm line 38, line 225. String found where operator expected at Log/Delta.pm line 39, near "

line 225. Bareword found where operator expected at Log/Delta.pm line 39, near "//www" (Missing operator before www?) Unquoted string "www" may clash with future reserved word at Log/Delta.pm line 39, line 225. Unquoted string "annocpan" may clash with future reserved word at Log/Delta.pm line 39, line 225. Unquoted string "org" may clash with future reserved word at Log/Delta.pm line 39, line 225. Unquoted string "lib" may clash with future reserved word at Log/Delta.pm line 39, line 225. Unquoted string "pm" may clash with future reserved word at Log/Delta.pm line 39, line 225. String found where operator expected at Log/Delta.pm line 42, near " line 225. Unquoted string "lib" may clash with future reserved word at Log/Delta.pm line 42, line 225. Unquoted string "pm" may clash with future reserved word at Log/Delta.pm line 42, line 225. String found where operator expected at Log/Delta.pm line 44, near " line 225. Bareword found where operator expected at Log/Delta.pm line 118, near "3A" (Missing operator before A?) Bareword found where operator expected at Log/Delta.pm line 118, near "3AHiRes" (Missing operator before AHiRes?) String found where operator expected at Log/Delta.pm line 118, near "AHiRes" class="" Bareword found where operator expected at Log/Delta.pm line 118, near "" class="podlinkpod" (Missing operator before podlinkpod?) Unquoted string "podlinkpod" may clash with future reserved word at Log/Delta.pm line 118, line 225. String found where operator expected at Log/Delta.pm line 122, near "name="" (Might be a runaway multi-line "" string starting on line 118) (Missing semicolon on previous line?) Bareword found where operator expected at Log/Delta.pm line 122, near "name="SEE_ALSO" String found where operator expected at Log/Delta.pm line 125, near "

This module was written for the Rekudos framework: This module was written for the Rekudos framework: line 225. Bareword found where operator expected at Log/Delta.pm line 125, near "//rekudos" (Missing operator before rekudos?) Unquoted string "rekudos" may clash with future reserved word at Log/Delta.pm line 125, line 225. Unquoted string "net" may clash with future reserved word at Log/Delta.pm line 125, line 225. Bareword found where operator expected at Log/Delta.pm line 125, near "" class="podlinkurl" (Missing operator before podlinkurl?) Unquoted string "podlinkurl" may clash with future reserved word at Log/Delta.pm line 125, line 225. String found where operator expected at Log/Delta.pm line 129, near "name="" (Might be a runaway multi-line "" string starting on line 125) (Missing semicolon on previous line?) Bareword found where operator expected at Log/Delta.pm line 129, near "name="AUTHOR" String found where operator expected at Log/Delta.pm line 135, near "name="" (Might be a runaway multi-line "" string starting on line 129) (Missing semicolon on previous line?) Possible unintended interpolation of @null in string at Log/Delta.pm line 129, line 225. Bareword found where operator expected at Log/Delta.pm line 135, near "name="COPYRIGHT_AND_LICENSE" String found where operator expected at Log/Delta.pm line 146, near "

line 225. String found where operator expected at Log/Delta.pm line 147, near "hosted by line 225. Bareword found where operator expected at Log/Delta.pm line 147, near "//www" (Missing operator before www?) Unquoted string "www" may clash with future reserved word at Log/Delta.pm line 147, line 225. Unquoted string "perl" may clash with future reserved word at Log/Delta.pm line 147, line 225. Unquoted string "org" may clash with future reserved word at Log/Delta.pm line 147, line 225. Unquoted string "siteinfo" may clash with future reserved word at Log/Delta.pm line 147, line 225. Unquoted string "html" may clash with future reserved word at Log/Delta.pm line 147, line 225. String found where operator expected at Log/Delta.pm line 148, near " line 225. Bareword found where operator expected at Log/Delta.pm line 148, near "//www" (Missing operator before www?) Unquoted string "www" may clash with future reserved word at Log/Delta.pm line 148, line 225. Unquoted string "bizrate" may clash with future reserved word at Log/Delta.pm line 148, line 225. Unquoted string "com" may clash with future reserved word at Log/Delta.pm line 148, line 225. String found where operator expected at Log/Delta.pm line 148, near "com"> line 225. Number found where operator expected at Log/Delta.pm line 150, near "8 21" (Missing operator before 21?) Number found where operator expected at Log/Delta.pm line 150, near "08 2005" (Missing operator before 2005?) Bareword found where operator expected at Log/Delta.pm line 150, near "2005 GMT" (Missing operator before GMT?) Array found where operator expected at Log/Delta.pm line 150, at end of line (Missing operator before ?) Search pattern not terminated at Log/Delta.pm line 152, line 225. Compilation failed in require at LdapConnectionManager.pm line 64, line 225. BEGIN failed--compilation aborted at LdapConnectionManager.pm line 64, line 225. Compilation failed in require at LdapImport.pl line 34, line 225. BEGIN failed--compilation aborted at LdapImport.pl line 34, line 225. Del wrote: > Steve Strong wrote: > >> ... seems harder than I thought. I can't get Ldapimport to do >> anything and it doesn't display any errors and the old fedora 4 > > > What do you mean "do anything"? > > The first question it asks you is "Log file name [LdapImport.log] ?". Do > you get that far or does it crash before then? > > It sounds like you may not have perl installed. What sort of system are > you running on? > -- Steve Strong Math and Computer Science Washington High School 2205 Forest Dr. SE Cedar Rapids, IA 52403 http://crwash.org mailto:sstrong at crwash.org From del at babel.com.au Sun Dec 11 11:45:48 2005 From: del at babel.com.au (Del) Date: Sun, 11 Dec 2005 22:45:48 +1100 Subject: [Fedora-directory-users] migrating from flat files to fedora directory... In-Reply-To: <439B0698.9000004@crwash.org> References: <4398B44A.7040007@crwash.org> <439A77ED.8090604@babel.com.au> <439B0698.9000004@crwash.org> Message-ID: <439C116C.5060100@babel.com.au> Steve Strong wrote: > perl is installed on RHEL 4. > I have checked all of the requirements, downloaded Delta.pm, created a > directory > in the LdapImport directory and placed Delta.pm in it, cd'ed to the > LdapImport > directory and executed this at the command line: > > perl -w LdapImport.pl > > here's what I got: > > [root at stretch > > LdapImport]# perl -w LdapImport.pl > Unquoted string "html" may clash with future reserved word at > Log/Delta.pm line > 2, line 225. It sounds like your Delta.pm file is hosed. Where did you get it from? Have you had a look inside it? It looks like you have an HTML file and not a perl module. -- Del From craigwhite at azapple.com Sun Dec 11 13:35:37 2005 From: craigwhite at azapple.com (Craig White) Date: Sun, 11 Dec 2005 06:35:37 -0700 Subject: [Fedora-directory-users] ACI In-Reply-To: <43937158.7080507@unitedmessaging.com> References: <1133675625.2430.76.camel@lin-workstation.azapple.com> <43937158.7080507@unitedmessaging.com> Message-ID: <1134308137.16783.13.camel@lin-workstation.azapple.com> On Sun, 2005-12-04 at 17:44 -0500, Jeff Clowser wrote: > Craig White wrote: > > >I have personal address books...each user would have one - i.e. > > > >ou=AddressBook,uid=craig,ou=People,dc=azapple,dc=com > >ou=AddressBook,uid=jennifer,ou=People,dc=azapple,dc=com > > > >and my thinking is that each person can read/write/delete/etc. their own > >address book, authenticated users can read and anonymous is denied. > > > > > First, a comment on this: Does user craig really want user jennifer to > see his "personal" addressbooks? Typically, "personal" addressbooks are > only visible by the person that owns them. I know I'm questioning your > requirements rather than telling you how to implement what you want, but > thought I'd ask :) ---- finally got through my initial setup to work on these issues and can reply back. Most of my setups are for my clients and they do have workgroups where they would possibly need to share address books. So I generally have company wide address books and personal address books and permit at least some sharing of the personal address books. In addition, since the typical address book clients that people would use (Outlook/Thunderbird) are incapable of creating/editing entries, it requires some other application that some of the people are less than eager to use which means that the maintenance of them falls to their underlings ---- > > >Thus I created 3 rules and they aren't working because an > >unauthenticated/anonymous bind still can view them... > > > > > My guess is that at the top of your tree, you have an aci that allows > anonymous to see stuff (probably something like anonymous can > read/search all but userpassword, etc). Aci's at the top are inherited > "down the tree", so they are visible because of that, not because of > your new aci's. It's usually hard to create a deny aci for a lower > branch of the tree that works without breaking something else, and I > always try to avoid deny aci's (because they always take precedence and > can never be overridden by any allow aci's, causing some potentially > unexpected results). ---- Yeah you are correct on all these accounts. Obviously the default rule is always to not allow whatever isn't expressly permitted and yes, there was the default anonymous allow rule that played into it. What I did discover was if I attached the following ACI to ou=AddressBook,dc=clsurvey,dc=com it doesn't work but if I attach it to dc=clsurvey,dc=com it does work. (targetattr = "*") (target = "ldap:///*,ou=AddressBook,dc=clsurvey,dc=com") (version 3.0; acl "AddressBook Administrator"; allow (all) (userdn = "ldap:///uid=Administrator,ou=People,ou=Accounts,dc=clsurvey,dc=com") ;) Thanks Craig From rmeggins at redhat.com Sun Dec 11 17:27:38 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Sun, 11 Dec 2005 10:27:38 -0700 Subject: [Fedora-directory-users] dsbuild and libadminutil build error os Slackware 10.2 - 2.6.14.3 In-Reply-To: <439A390C.8050604@vendetta.ca> References: <439A390C.8050604@vendetta.ca> Message-ID: <439C618A.4060601@redhat.com> Does this directory exist: /usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6.14_x86_glibc_PTH_OPT.OBJ/include If not, is there a platform specific directory under ......../mozilla/dist? If so, what is it? Mike Lowrie wrote: > I'm trying to do a complete build using dsbuild on a freshly installed > Slackware 10.2 box with a 2.6.14.3 kernel, but I'm running into > problems with the system not finding some header files: > > ==== Building AdminUtil ========== > > cd lib/libadminutil; gmake BUILD_OPT=1 NSPR_BASENAME= > USE_PTHREADS=1 SECURITY=domestic MOZILLA_SOURCE_ROOT_EXT= > ICU_SOURCE_ROOT_EXT= USE_64= > gmake[3]: Entering directory > `/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/lib/libadminutil' > > gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE > -D_XOPEN_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK > -DXP_UNIX -DLinux -O2 -DNET_SSL -DSPAPI20 -DBUILD_NUM=\"2005.344.255\" > -I/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include > -I/usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6.14_x86_glibc_PTH_OPT.OBJ/include > -I/usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss > -I/usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap > -I/usr/local/src/dsbuild/ds/icu/work/icu-2.4/built/include psetc.c -o > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/built/Linux2.6.14_x86_glibc_PTH_OPT.OBJ/lib/libadminutil/psetc.o > > In file included from > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/psetc.h:24, > > from psetc_pvt.h:26, > from psetc.c:30: > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:25:21: > prtypes.h: No such file or directory > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:26:19: > plstr.h: No such file or directory > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:27:19: > prprf.h: No such file or directory > In file included from > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/psetc.h:24, > > from psetc_pvt.h:26, > from psetc.c:30: > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:78: > error: syntax error before "createAttrNameList" > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:78: > warning: data definition has no type or storage class > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:80: > error: syntax error before "addName" > /usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:80: > warning: data definition has no type or storage class > . > . > . > > and of course a whole lot of other errors follow. > > I have found the files it is looking for in the mozilla directory of > the dsbuild directory, but its as if it doesn't have the correct > include paths. I tried adding a few manually, but there are a lot of > different paths - all from the mozilla directory that aren't being found. > > Does anyone have any suggestions on how to fix this? > > Appreciate the help! > Mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Sun Dec 11 21:11:43 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Sun, 11 Dec 2005 14:11:43 -0700 Subject: [Fedora-directory-users] ACI In-Reply-To: <1134308137.16783.13.camel@lin-workstation.azapple.com> References: <1133675625.2430.76.camel@lin-workstation.azapple.com> <43937158.7080507@unitedmessaging.com> <1134308137.16783.13.camel@lin-workstation.azapple.com> Message-ID: <439C960F.7020303@redhat.com> Craig White wrote: >On Sun, 2005-12-04 at 17:44 -0500, Jeff Clowser wrote: > > >>Craig White wrote: >> >> >> >>>I have personal address books...each user would have one - i.e. >>> >>>ou=AddressBook,uid=craig,ou=People,dc=azapple,dc=com >>>ou=AddressBook,uid=jennifer,ou=People,dc=azapple,dc=com >>> >>>and my thinking is that each person can read/write/delete/etc. their own >>>address book, authenticated users can read and anonymous is denied. >>> >>> >>> >>> >>First, a comment on this: Does user craig really want user jennifer to >>see his "personal" addressbooks? Typically, "personal" addressbooks are >>only visible by the person that owns them. I know I'm questioning your >>requirements rather than telling you how to implement what you want, but >>thought I'd ask :) >> >> >---- >finally got through my initial setup to work on these issues and can >reply back. > >Most of my setups are for my clients and they do have workgroups where >they would possibly need to share address books. So I generally have >company wide address books and personal address books and permit at >least some sharing of the personal address books. In addition, since the >typical address book clients that people would use (Outlook/Thunderbird) >are incapable of creating/editing entries, it requires some other >application that some of the people are less than eager to use which >means that the maintenance of them falls to their underlings >---- > > >>>Thus I created 3 rules and they aren't working because an >>>unauthenticated/anonymous bind still can view them... >>> >>> >>> >>> >>My guess is that at the top of your tree, you have an aci that allows >>anonymous to see stuff (probably something like anonymous can >>read/search all but userpassword, etc). Aci's at the top are inherited >>"down the tree", so they are visible because of that, not because of >>your new aci's. It's usually hard to create a deny aci for a lower >>branch of the tree that works without breaking something else, and I >>always try to avoid deny aci's (because they always take precedence and >>can never be overridden by any allow aci's, causing some potentially >>unexpected results). >> >> >---- >Yeah you are correct on all these accounts. Obviously the default rule >is always to not allow whatever isn't expressly permitted and yes, there >was the default anonymous allow rule that played into it. > >What I did discover was if I attached the following ACI to >ou=AddressBook,dc=clsurvey,dc=com it doesn't work but if I attach it to >dc=clsurvey,dc=com it does work. > > I'm not sure why, but most of the time, the (target = ..) clause is not necessary. acis have subtree scope - they apply to the entry containing the aci and all children and decendents of that entry. So if the following aci is in the entry dc=clsurvey,dc=com, you don't need the (target....) clause. >(targetattr = "*") >(target = "ldap:///*,ou=AddressBook,dc=clsurvey,dc=com") >(version 3.0; >acl "AddressBook Administrator"; >allow (all) >(userdn = >"ldap:///uid=Administrator,ou=People,ou=Accounts,dc=clsurvey,dc=com") >;) > > >Thanks > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Mon Dec 12 00:30:51 2005 From: craigwhite at azapple.com (Craig White) Date: Sun, 11 Dec 2005 17:30:51 -0700 Subject: [Fedora-directory-users] ACI In-Reply-To: <439C960F.7020303@redhat.com> References: <1133675625.2430.76.camel@lin-workstation.azapple.com> <43937158.7080507@unitedmessaging.com> <1134308137.16783.13.camel@lin-workstation.azapple.com> <439C960F.7020303@redhat.com> Message-ID: <1134347451.17190.11.camel@lin-workstation.azapple.com> On Sun, 2005-12-11 at 14:11 -0700, Richard Megginson wrote: > >Yeah you are correct on all these accounts. Obviously the default rule > >is always to not allow whatever isn't expressly permitted and yes, there > >was the default anonymous allow rule that played into it. > > > >What I did discover was if I attached the following ACI to > >ou=AddressBook,dc=clsurvey,dc=com it doesn't work but if I attach it to > >dc=clsurvey,dc=com it does work. > > > > > I'm not sure why, but most of the time, the (target = ..) clause is not > necessary. acis have subtree scope - they apply to the entry containing > the aci and all children and decendents of that entry. So if the > following aci is in the entry dc=clsurvey,dc=com, you don't need the > (target....) clause. > > >(targetattr = "*") > >(target = "ldap:///*,ou=AddressBook,dc=clsurvey,dc=com") > >(version 3.0; > >acl "AddressBook Administrator"; > >allow (all) > >(userdn = > >"ldap:///uid=Administrator,ou=People,ou=Accounts,dc=clsurvey,dc=com") > >;) ---- If I remove the 'target' phrase, the ACI takes on an entirely different meaning - that the dn can read and write anything inside of dc=clsurvey,dc=com and my interest was only that the dn can do anything inside the target itself. My point was simply that if I attached that same ACI to the target itself, it doesn't work. If I attach it to dc=clsurvey,dc=com - it works. Thanks Craig From ds at marco.de Mon Dec 12 07:56:53 2005 From: ds at marco.de (Daniel Spannbauer) Date: Mon, 12 Dec 2005 08:56:53 +0100 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> Message-ID: <439D2D45.4050705@marco.de> Hallo Richard, sorry, I should read your messages :) find /us/lib -name \*curses\* -print: /usr/lib/YaST2/plugin/libpy2ncurses.so.2 /usr/lib/YaST2/plugin/libpy2ncurses.so.2.0.0 /usr/lib/YaST2/plugin/libpy2ncurses.la /usr/lib/YaST2/plugin/libpy2ncurses.so /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesapp.ph /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesf.ph /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesm.ph /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesp.ph /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesw.ph /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses.ph /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/curses.ph /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses_dll.ph /usr/lib/libncurses++w.a /usr/lib/libncurses.so.4 /usr/lib/libncurses.so.4.2 /usr/lib/python2.4/lib-dynload/_curses_panel.so /usr/lib/python2.4/lib-dynload/_curses.so /usr/lib/python2.4/curses /usr/lib/libncurses++.a /usr/lib/libncursesw.so.5 /usr/lib/libncursesw.so /usr/lib/libncurses.so /usr/lib/libncursesw.so.5.4 /usr/lib/libncurses.a ox:~ # So no lcurses. Now I have to look where to find this curses for SuSE. Thank Regards Daniel Richard Megginson wrote: > Ok. Try > find /usr/lib -name \*curses\* -print > > It's failing to find -lcurses, which should be the file /usr/lib/*curses* > > Daniel Spannbauer wrote: > >> Hallo Richard, >> >> the Output is: >> ox:~ # find /usr/include/ -name \*curses\* -print >> /usr/include/cursesapp.h >> /usr/include/curses.h >> /usr/include/ncurses.h >> /usr/include/cursesf.h >> /usr/include/cursesm.h >> /usr/include/cursesp.h >> /usr/include/cursesw.h >> /usr/include/ncurses_dll.h >> >> Thats all. >> >> Regards >> Daniel >> >> >> >> Richard Megginson wrote: >> >>> On my system, the curses libs are provided by the ncurses and >>> ncurses-devel packages. >>> Try this: >>> find /usr/lib -name \*curses\* -print >>> ? >>> >>> Daniel Spannbauer wrote: >>> >>>> Hallo Richard, >>>> >>>> yes, I get an Output. >>>> There was something wrong on the system. Reboot solved it. >>>> Anyway: >>>> A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>> [===== NOW BUILDING: ds-1 =====] >>>> [fetch] complete for ds. >>>> [checksum] complete for ds. >>>> [extract] complete for ds. >>>> [patch] complete for ds. >>>> ==> Building ds/mozilla as a dependency >>>> ==> Building ds/icu as a dependency >>>> ==> Building ds/adminutil as a dependency >>>> ==> Building ds/setuputil as a dependency >>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>> [fetch] complete for fedora-setuputil. >>>> [checksum] complete for fedora-setuputil. >>>> [extract] complete for fedora-setuputil. >>>> [patch] complete for fedora-setuputil. >>>> [configure] complete for fedora-setuputil. >>>> ==> Running make in work/fedora-setuputil-1.0 >>>> cat: /etc/redhat-release: No such file or directory >>>> make[2]: Entering directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>> perl buildnum.pl -p Linux2.6 >>>> perl pumpkin.pl 90 pumpkin.dat >>>> The components are up to date >>>> >>>> ==== Starting Server Installer Build ========== >>>> >>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>> MOZILLA_SOURCE_ROOT_EXT= >>>> BUILD_MODULE=SetupSDK -w installerSDK >>>> cat: /etc/redhat-release: No such file or directory >>>> gmake[3]: Entering directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>> cat: /etc/redhat-release: No such file or directory >>>> cat: /etc/redhat-release: No such file or directory >>>> gmake[4]: Entering directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h uninstall.h >>>> code.h >>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>> >>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>>> NS_PRODUCT= >>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>> cat: /etc/redhat-release: No such file or directory >>>> cat: /etc/redhat-release: No such file or directory >>>> gmake[5]: Entering directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>> >>>> gmake[5]: *** No rule to make target -lcurses', needed by >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >>>> >>>> Stop. >>>> gmake[5]: Leaving directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>> >>>> gmake[4]: *** [all] Error 2 >>>> gmake[4]: Leaving directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>> gmake[3]: *** [installerSDK] Error 2 >>>> gmake[3]: Leaving directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>> make[2]: *** [buildInstaller] Error 2 >>>> make[2]: Leaving directory >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>> make: *** [dep-../../ds/setuputil] Error 2 >>>> >>>> >>>> ------------------- >>>> >>>> Thanks for your help. >>>> >>>> Regards >>>> >>>> Daniel >>>> >>>> ---------------------- >>>> >>>> >>>> Richard Megginson wrote: >>>> >>>>> I'm not sure what needs to be installed. On my Fedora Core 4 >>>>> system, /usr/include/curses.h is provided by the ncurses-devel >>>>> package. >>>>> If you do >>>>> find /usr/include -name curses.h -print >>>>> do you get anything? >>>>> >>>>> Daniel Spannbauer wrote: >>>>> >>>>>> Hallo Richard >>>>>> >>>>>> ncurses und ncurses-devel is installed. >>>>>> >>>>>> greetings >>>>>> >>>>>> Daniel >>>>>> >>>>>> >>>>>> Richard Megginson wrote: >>>>>> >>>>>>> Looks like you need to install curses-devel or ncurses-devel >>>>>>> >>>>>>> Daniel Spannbauer wrote: >>>>>>> >>>>>>>> Hallo, >>>>>>>> >>>>>>>> i Try to install the Directory-Server on SuSE 10.0. While the >>>>>>>> dsbuild I get an Error. >>>>>>>> Here the Complete Log of the dsbuild: >>>>>>>> -------------------------------------------------------------- >>>>>>>> >>>>>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>> [fetch] complete for ds. >>>>>>>> [checksum] complete for ds. >>>>>>>> [extract] complete for ds. >>>>>>>> [patch] complete for ds. >>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>> ==> Building ds/icu as a dependency >>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> make[2]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>> The components are up to date >>>>>>>> >>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>> >>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> gmake[3]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>> SECURITY=domestic >>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> gmake[4]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>> uninstall.h code.h >>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>> >>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= >>>>>>>> USE_PTHREADS=1 NS_PRODUCT= >>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> gmake[5]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>> >>>>>>>> >>>>>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>>>>> -D_XOPEN_SOURCE >>>>>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK >>>>>>>> -DXP_UNIX -DLinux -O2 >>>>>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>>>>> -I../../include >>>>>>>> ux-curse.c -o >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>>>>> >>>>>>>> In file included from ux-curse.c:33: >>>>>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>> (first use in this function) >>>>>>>> ux-curse.c:78: error: (Each undeclared identifier is reported >>>>>>>> only once >>>>>>>> ux-curse.c:78: error: for each function it appears in.) >>>>>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>> (first use in this function) >>>>>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>> (first use in this function) >>>>>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>> (first use in this function) >>>>>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>>>>> ux-curse.c:354: warning: comparison between pointer and integer >>>>>>>> ux-curse.c:356: warning: comparison between pointer and integer >>>>>>>> ux-curse.c:358: warning: comparison between pointer and integer >>>>>>>> gmake[5]: *** >>>>>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>>>>> >>>>>>>> Error 1gmake[5]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>> >>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>> gmake[4]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>> gmake[3]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>> make[2]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>> >>>>>>>> ------------------------------------------------------------------ >>>>>>>> >>>>>>>> Does anybody know why? >>>>>>>> >>>>>>>> Thanks for helping >>>>>>>> >>>>>>>> Daniel >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Fedora-directory-users mailing list >>>>>>>> Fedora-directory-users at redhat.com >>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Daniel Spannbauer EDV Systembetreuung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-66 Auf der Wies 8, D 87727 Babenhausen Fax +49 8333 9233-11 http://www.marco.de/ Email ds at marco.de From ds at marco.de Mon Dec 12 11:33:57 2005 From: ds at marco.de (Daniel Spannbauer) Date: Mon, 12 Dec 2005 12:33:57 +0100 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> Message-ID: <439D6025.70805@marco.de> Ok, I solved the "-lcurses"-Problem with a link from /usr/lib/libncurses.a to libcurses.a Next Problem: The make wont find the termcap: *** No rule to make target -ltermcap', needed by /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PT H_OPT.OBJ/lib/libinstall.a'. Stop. A find obove /usr/lib found:ox:~/dsbuild/meta/ds # find /usr/lib/ -name *termcap* -print /usr/lib/zsh/4.2.5/zsh/termcap.so /usr/lib/libtermcap.so.2.0.8 /usr/lib/perl5/5.8.7/termcap.pl /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/termcap.ph /usr/lib/termcap /usr/lib/termcap/libtermcap.a /usr/lib/termcap/libtermcap.so /usr/lib/libtermcap.so.2 Does anybody know how to solve that? Regards Daniel Daniel Spannbauer wrote: > Hallo Richard, > > sorry, I should read your messages :) > > find /us/lib -name \*curses\* -print: > /usr/lib/YaST2/plugin/libpy2ncurses.so.2 > /usr/lib/YaST2/plugin/libpy2ncurses.so.2.0.0 > /usr/lib/YaST2/plugin/libpy2ncurses.la > /usr/lib/YaST2/plugin/libpy2ncurses.so > /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesapp.ph > /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesf.ph > /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesm.ph > /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesp.ph > /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesw.ph > /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses.ph > /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/curses.ph > /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses_dll.ph > /usr/lib/libncurses++w.a > /usr/lib/libncurses.so.4 > /usr/lib/libncurses.so.4.2 > /usr/lib/python2.4/lib-dynload/_curses_panel.so > /usr/lib/python2.4/lib-dynload/_curses.so > /usr/lib/python2.4/curses > /usr/lib/libncurses++.a > /usr/lib/libncursesw.so.5 > /usr/lib/libncursesw.so > /usr/lib/libncurses.so > /usr/lib/libncursesw.so.5.4 > /usr/lib/libncurses.a > ox:~ # > So no lcurses. Now I have to look where to find this curses for SuSE. > > Thank > > Regards > > Daniel > > > Richard Megginson wrote: > >> Ok. Try >> find /usr/lib -name \*curses\* -print >> >> It's failing to find -lcurses, which should be the file >> /usr/lib/*curses* >> >> Daniel Spannbauer wrote: >> >>> Hallo Richard, >>> >>> the Output is: >>> ox:~ # find /usr/include/ -name \*curses\* -print >>> /usr/include/cursesapp.h >>> /usr/include/curses.h >>> /usr/include/ncurses.h >>> /usr/include/cursesf.h >>> /usr/include/cursesm.h >>> /usr/include/cursesp.h >>> /usr/include/cursesw.h >>> /usr/include/ncurses_dll.h >>> >>> Thats all. >>> >>> Regards >>> Daniel >>> >>> >>> >>> Richard Megginson wrote: >>> >>>> On my system, the curses libs are provided by the ncurses and >>>> ncurses-devel packages. >>>> Try this: >>>> find /usr/lib -name \*curses\* -print >>>> ? >>>> >>>> Daniel Spannbauer wrote: >>>> >>>>> Hallo Richard, >>>>> >>>>> yes, I get an Output. >>>>> There was something wrong on the system. Reboot solved it. >>>>> Anyway: >>>>> A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>> [===== NOW BUILDING: ds-1 =====] >>>>> [fetch] complete for ds. >>>>> [checksum] complete for ds. >>>>> [extract] complete for ds. >>>>> [patch] complete for ds. >>>>> ==> Building ds/mozilla as a dependency >>>>> ==> Building ds/icu as a dependency >>>>> ==> Building ds/adminutil as a dependency >>>>> ==> Building ds/setuputil as a dependency >>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>> [fetch] complete for fedora-setuputil. >>>>> [checksum] complete for fedora-setuputil. >>>>> [extract] complete for fedora-setuputil. >>>>> [patch] complete for fedora-setuputil. >>>>> [configure] complete for fedora-setuputil. >>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>> cat: /etc/redhat-release: No such file or directory >>>>> make[2]: Entering directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>> perl buildnum.pl -p Linux2.6 >>>>> perl pumpkin.pl 90 pumpkin.dat >>>>> The components are up to date >>>>> >>>>> ==== Starting Server Installer Build ========== >>>>> >>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>> cat: /etc/redhat-release: No such file or directory >>>>> gmake[3]: Entering directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>> cat: /etc/redhat-release: No such file or directory >>>>> cat: /etc/redhat-release: No such file or directory >>>>> gmake[4]: Entering directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>> uninstall.h code.h >>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>> >>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>>>> NS_PRODUCT= >>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>> cat: /etc/redhat-release: No such file or directory >>>>> cat: /etc/redhat-release: No such file or directory >>>>> gmake[5]: Entering directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>> >>>>> gmake[5]: *** No rule to make target -lcurses', needed by >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >>>>> >>>>> Stop. >>>>> gmake[5]: Leaving directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>> >>>>> gmake[4]: *** [all] Error 2 >>>>> gmake[4]: Leaving directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>> gmake[3]: *** [installerSDK] Error 2 >>>>> gmake[3]: Leaving directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>> make[2]: *** [buildInstaller] Error 2 >>>>> make[2]: Leaving directory >>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>> >>>>> >>>>> ------------------- >>>>> >>>>> Thanks for your help. >>>>> >>>>> Regards >>>>> >>>>> Daniel >>>>> >>>>> ---------------------- >>>>> >>>>> >>>>> Richard Megginson wrote: >>>>> >>>>>> I'm not sure what needs to be installed. On my Fedora Core 4 >>>>>> system, /usr/include/curses.h is provided by the ncurses-devel >>>>>> package. >>>>>> If you do >>>>>> find /usr/include -name curses.h -print >>>>>> do you get anything? >>>>>> >>>>>> Daniel Spannbauer wrote: >>>>>> >>>>>>> Hallo Richard >>>>>>> >>>>>>> ncurses und ncurses-devel is installed. >>>>>>> >>>>>>> greetings >>>>>>> >>>>>>> Daniel >>>>>>> >>>>>>> >>>>>>> Richard Megginson wrote: >>>>>>> >>>>>>>> Looks like you need to install curses-devel or ncurses-devel >>>>>>>> >>>>>>>> Daniel Spannbauer wrote: >>>>>>>> >>>>>>>>> Hallo, >>>>>>>>> >>>>>>>>> i Try to install the Directory-Server on SuSE 10.0. While the >>>>>>>>> dsbuild I get an Error. >>>>>>>>> Here the Complete Log of the dsbuild: >>>>>>>>> -------------------------------------------------------------- >>>>>>>>> >>>>>>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>>> [fetch] complete for ds. >>>>>>>>> [checksum] complete for ds. >>>>>>>>> [extract] complete for ds. >>>>>>>>> [patch] complete for ds. >>>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>>> ==> Building ds/icu as a dependency >>>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> make[2]: Entering directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>>> The components are up to date >>>>>>>>> >>>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>>> >>>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> gmake[3]: Entering directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>> SECURITY=domestic >>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> gmake[4]: Entering directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>>> uninstall.h code.h >>>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>>> >>>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= >>>>>>>>> USE_PTHREADS=1 NS_PRODUCT= >>>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> gmake[5]: Entering directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>> >>>>>>>>> >>>>>>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>>>>>> -D_XOPEN_SOURCE >>>>>>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK >>>>>>>>> -DXP_UNIX -DLinux -O2 >>>>>>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>>>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>>>>>> -I../../include >>>>>>>>> ux-curse.c -o >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>>>>>> >>>>>>>>> In file included from ux-curse.c:33: >>>>>>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>>>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>>>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>> (first use in this function) >>>>>>>>> ux-curse.c:78: error: (Each undeclared identifier is reported >>>>>>>>> only once >>>>>>>>> ux-curse.c:78: error: for each function it appears in.) >>>>>>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>>>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>> (first use in this function) >>>>>>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>>>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>> (first use in this function) >>>>>>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>>>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>> (first use in this function) >>>>>>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>>>>>> ux-curse.c:354: warning: comparison between pointer and integer >>>>>>>>> ux-curse.c:356: warning: comparison between pointer and integer >>>>>>>>> ux-curse.c:358: warning: comparison between pointer and integer >>>>>>>>> gmake[5]: *** >>>>>>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>>>>>> >>>>>>>>> Error 1gmake[5]: Leaving directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>> >>>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>>> gmake[4]: Leaving directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>>> gmake[3]: Leaving directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>>> make[2]: Leaving directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------ >>>>>>>>> >>>>>>>>> Does anybody know why? >>>>>>>>> >>>>>>>>> Thanks for helping >>>>>>>>> >>>>>>>>> Daniel >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Fedora-directory-users mailing list >>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------ >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Fedora-directory-users mailing list >>>>>>>> Fedora-directory-users at redhat.com >>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>> >>>>>>>> >>>>>>> >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > -- Daniel Spannbauer EDV Systembetreuung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-66 Auf der Wies 8, D 87727 Babenhausen Fax +49 8333 9233-11 http://www.marco.de/ Email ds at marco.de From squid at oranged.to Mon Dec 12 11:53:54 2005 From: squid at oranged.to (Jimmy) Date: Mon, 12 Dec 2005 11:53:54 -0000 (GMT) Subject: [Fedora-directory-users] Public key based authentication with Redhat Directory Server Message-ID: <2561.213.130.32.113.1134388434.squirrel@213.130.32.113> Hello, Is it possible with Redhat Directory Server to use public key authentication for all our Linux based servers?. Currently we have it setup individually for each system. However we would like to go to a centrally managed solution to keep it easy and allow us to scale much more effectivly. Any advice would be great. Regards, Jimmy From sstrong at crwash.org Mon Dec 12 13:34:43 2005 From: sstrong at crwash.org (Steve Strong) Date: Mon, 12 Dec 2005 07:34:43 -0600 Subject: [Fedora-directory-users] migrating from flat files to fedora directory... In-Reply-To: <439C116C.5060100@babel.com.au> References: <4398B44A.7040007@crwash.org> <439A77ED.8090604@babel.com.au> <439B0698.9000004@crwash.org> <439C116C.5060100@babel.com.au> Message-ID: <439D7C73.6030305@crwash.org> yup. i figured this out over the weekend and fedora directory is up and running. really cool. steve Del wrote: > Steve Strong wrote: > >> perl is installed on RHEL 4. >> I have checked all of the requirements, downloaded Delta.pm, created >> a directory >> in the LdapImport directory and placed Delta.pm in it, cd'ed to the >> LdapImport >> directory and executed this at the command line: >> >> perl -w LdapImport.pl >> >> here's what I got: >> >> [root at stretch >> >> LdapImport]# perl -w LdapImport.pl >> Unquoted string "html" may clash with future reserved word at >> Log/Delta.pm line >> 2, line 225. > > > > It sounds like your Delta.pm file is hosed. Where did you get it from? > Have you had a look inside it? It looks like you have an HTML file and > not a perl module. > -- Steve Strong Math and Computer Science Washington High School 2205 Forest Dr. SE Cedar Rapids, IA 52403 http://crwash.org mailto:sstrong at crwash.org From gpt at tirloni.org Mon Dec 12 14:09:36 2005 From: gpt at tirloni.org (Giovanni P. Tirloni) Date: Mon, 12 Dec 2005 12:09:36 -0200 Subject: [Fedora-directory-users] Samba3 and FDS (schema problem and workaround) Message-ID: <439D84A0.2080403@tirloni.org> Hi, I was following the instructions at [1] and I found an error regarding how Samba tries to add its domain to the directory. [12/Dec/2005:11:18:36 -0200] - Entry "sambaDomainName=MYDOMAIN,dc=example,dc=com" -- attribute "objectClass" not allowed It seems like a schema verification problem. Anyway, my fix was to add it manually with the following LDIF: dn: sambaDomainName=MYDOMAIN,dc=example,dc=com objectclass: sambaDomain objectclass: sambaUnixIDPool objectclass: top sambaDomainName: MYDOMAIN sambaSID: S-1-5-21-1803520230-1543781662-649387223 uidNumber: 550 gidNumber: 550 The SID is the one I got from a previous install using OpenLDAP. After forcing the add of MYDOMAIN the command 'net getlocalsid' works and reports another SID which I've altered updated in the directory. Just in case anyone has got the same problem.. I'll repeat the process another time and try to write a small tutorial on it. -- Giovanni P. Tirloni http://blog.tirloni.org From kevin_myer at iu13.org Mon Dec 12 15:02:17 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Mon, 12 Dec 2005 10:02:17 -0500 Subject: [Fedora-directory-users] \x80F\x01\x03\x01 console admin request Message-ID: <20051212100217.x3bq3w0lojk00gos@webapps.iu13.org> On initial console connection attempts, the admin server logs the following entry: XX.XX.XX.XX - - [12/Dec/2005:09:46:59 -0500] "\x80F\x01\x03\x01" 302 291 I did a packet capture and can see the same data coming from the console to the remote server. Is this an expected request? Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From ckannan at redhat.com Mon Dec 12 15:04:44 2005 From: ckannan at redhat.com (Chandrasekar Kannan) Date: Mon, 12 Dec 2005 07:04:44 -0800 Subject: [Fedora-directory-users] Public key based authentication with Redhat Directory Server In-Reply-To: <2561.213.130.32.113.1134388434.squirrel@213.130.32.113> References: <2561.213.130.32.113.1134388434.squirrel@213.130.32.113> Message-ID: <439D918C.5030301@redhat.com> Jimmy wrote: > Hello, > > Is it possible with Redhat Directory Server to use public key > authentication for all our Linux based servers?. sure. have you started reading this ?. http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#996824 --Chandra > Currently we have it > setup individually for each system. However we would like to go to a > centrally managed solution to keep it easy and allow us to scale much more > effectivly. > > Any advice would be great. > > Regards, > > Jimmy > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rcritten at redhat.com Mon Dec 12 15:32:13 2005 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 12 Dec 2005 10:32:13 -0500 Subject: [Fedora-directory-users] \x80F\x01\x03\x01 console admin request In-Reply-To: <20051212100217.x3bq3w0lojk00gos@webapps.iu13.org> References: <20051212100217.x3bq3w0lojk00gos@webapps.iu13.org> Message-ID: <439D97FD.6090005@redhat.com> Check your admin server URL. It could be that the console is sending a secure request (https) to an admin server that is not setup to accept SSL connections. rob Kevin M. Myer wrote: > On initial console connection attempts, the admin server logs the > following entry: > > XX.XX.XX.XX - - [12/Dec/2005:09:46:59 -0500] "\x80F\x01\x03\x01" 302 291 > > I did a packet capture and can see the same data coming from the console > to the remote server. > > Is this an expected request? > > Kevin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Dec 12 15:38:46 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 12 Dec 2005 08:38:46 -0700 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 In-Reply-To: <439D6025.70805@marco.de> References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> Message-ID: <439D9986.2030901@redhat.com> Daniel Spannbauer wrote: > Ok, I solved the "-lcurses"-Problem with a link from > /usr/lib/libncurses.a to libcurses.a > Next Problem: The make wont find the termcap: > > *** No rule to make target -ltermcap', needed by > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PT > > H_OPT.OBJ/lib/libinstall.a'. > Stop. > > A find obove /usr/lib found:ox:~/dsbuild/meta/ds # find /usr/lib/ > -name *termcap* -print > /usr/lib/zsh/4.2.5/zsh/termcap.so > /usr/lib/libtermcap.so.2.0.8 > /usr/lib/perl5/5.8.7/termcap.pl > /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/termcap.ph > /usr/lib/termcap > /usr/lib/termcap/libtermcap.a > /usr/lib/termcap/libtermcap.so > /usr/lib/libtermcap.so.2 > > > Does anybody know how to solve that? It's looking for libtermcap.so in /usr/lib, but on your system it is in /usr/lib/termcap. You can either make a symlink for that, or edit setuputil/nsconfig.mk or setuputil/nsdefs.mk (I can't remember which) and add /usr/lib/termcap to the lib path. > > Regards > > Daniel > > > > Daniel Spannbauer wrote: > >> Hallo Richard, >> >> sorry, I should read your messages :) >> >> find /us/lib -name \*curses\* -print: >> /usr/lib/YaST2/plugin/libpy2ncurses.so.2 >> /usr/lib/YaST2/plugin/libpy2ncurses.so.2.0.0 >> /usr/lib/YaST2/plugin/libpy2ncurses.la >> /usr/lib/YaST2/plugin/libpy2ncurses.so >> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesapp.ph >> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesf.ph >> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesm.ph >> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesp.ph >> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesw.ph >> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses.ph >> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/curses.ph >> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses_dll.ph >> /usr/lib/libncurses++w.a >> /usr/lib/libncurses.so.4 >> /usr/lib/libncurses.so.4.2 >> /usr/lib/python2.4/lib-dynload/_curses_panel.so >> /usr/lib/python2.4/lib-dynload/_curses.so >> /usr/lib/python2.4/curses >> /usr/lib/libncurses++.a >> /usr/lib/libncursesw.so.5 >> /usr/lib/libncursesw.so >> /usr/lib/libncurses.so >> /usr/lib/libncursesw.so.5.4 >> /usr/lib/libncurses.a >> ox:~ # So no lcurses. Now I >> have to look where to find this curses for SuSE. >> >> Thank >> >> Regards >> >> Daniel >> >> >> Richard Megginson wrote: >> >>> Ok. Try >>> find /usr/lib -name \*curses\* -print >>> >>> It's failing to find -lcurses, which should be the file >>> /usr/lib/*curses* >>> >>> Daniel Spannbauer wrote: >>> >>>> Hallo Richard, >>>> >>>> the Output is: >>>> ox:~ # find /usr/include/ -name \*curses\* -print >>>> /usr/include/cursesapp.h >>>> /usr/include/curses.h >>>> /usr/include/ncurses.h >>>> /usr/include/cursesf.h >>>> /usr/include/cursesm.h >>>> /usr/include/cursesp.h >>>> /usr/include/cursesw.h >>>> /usr/include/ncurses_dll.h >>>> >>>> Thats all. >>>> >>>> Regards >>>> Daniel >>>> >>>> >>>> >>>> Richard Megginson wrote: >>>> >>>>> On my system, the curses libs are provided by the ncurses and >>>>> ncurses-devel packages. >>>>> Try this: >>>>> find /usr/lib -name \*curses\* -print >>>>> ? >>>>> >>>>> Daniel Spannbauer wrote: >>>>> >>>>>> Hallo Richard, >>>>>> >>>>>> yes, I get an Output. >>>>>> There was something wrong on the system. Reboot solved it. >>>>>> Anyway: >>>>>> A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>> [fetch] complete for ds. >>>>>> [checksum] complete for ds. >>>>>> [extract] complete for ds. >>>>>> [patch] complete for ds. >>>>>> ==> Building ds/mozilla as a dependency >>>>>> ==> Building ds/icu as a dependency >>>>>> ==> Building ds/adminutil as a dependency >>>>>> ==> Building ds/setuputil as a dependency >>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>> [fetch] complete for fedora-setuputil. >>>>>> [checksum] complete for fedora-setuputil. >>>>>> [extract] complete for fedora-setuputil. >>>>>> [patch] complete for fedora-setuputil. >>>>>> [configure] complete for fedora-setuputil. >>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> make[2]: Entering directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>> perl buildnum.pl -p Linux2.6 >>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>> The components are up to date >>>>>> >>>>>> ==== Starting Server Installer Build ========== >>>>>> >>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> gmake[3]: Entering directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>> SECURITY=domestic >>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> gmake[4]: Entering directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>> uninstall.h code.h >>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>> >>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>>>>> NS_PRODUCT= >>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> cat: /etc/redhat-release: No such file or directory >>>>>> gmake[5]: Entering directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>> >>>>>> gmake[5]: *** No rule to make target -lcurses', needed by >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >>>>>> >>>>>> Stop. >>>>>> gmake[5]: Leaving directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>> >>>>>> gmake[4]: *** [all] Error 2 >>>>>> gmake[4]: Leaving directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>> gmake[3]: Leaving directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>> make[2]: Leaving directory >>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>> >>>>>> >>>>>> ------------------- >>>>>> >>>>>> Thanks for your help. >>>>>> >>>>>> Regards >>>>>> >>>>>> Daniel >>>>>> >>>>>> ---------------------- >>>>>> >>>>>> >>>>>> Richard Megginson wrote: >>>>>> >>>>>>> I'm not sure what needs to be installed. On my Fedora Core 4 >>>>>>> system, /usr/include/curses.h is provided by the ncurses-devel >>>>>>> package. >>>>>>> If you do >>>>>>> find /usr/include -name curses.h -print >>>>>>> do you get anything? >>>>>>> >>>>>>> Daniel Spannbauer wrote: >>>>>>> >>>>>>>> Hallo Richard >>>>>>>> >>>>>>>> ncurses und ncurses-devel is installed. >>>>>>>> >>>>>>>> greetings >>>>>>>> >>>>>>>> Daniel >>>>>>>> >>>>>>>> >>>>>>>> Richard Megginson wrote: >>>>>>>> >>>>>>>>> Looks like you need to install curses-devel or ncurses-devel >>>>>>>>> >>>>>>>>> Daniel Spannbauer wrote: >>>>>>>>> >>>>>>>>>> Hallo, >>>>>>>>>> >>>>>>>>>> i Try to install the Directory-Server on SuSE 10.0. While the >>>>>>>>>> dsbuild I get an Error. >>>>>>>>>> Here the Complete Log of the dsbuild: >>>>>>>>>> -------------------------------------------------------------- >>>>>>>>>> >>>>>>>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>>>> [fetch] complete for ds. >>>>>>>>>> [checksum] complete for ds. >>>>>>>>>> [extract] complete for ds. >>>>>>>>>> [patch] complete for ds. >>>>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>>>> ==> Building ds/icu as a dependency >>>>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>> make[2]: Entering directory >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>>>> The components are up to date >>>>>>>>>> >>>>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>>>> >>>>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>> gmake[3]: Entering directory >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>> SECURITY=domestic >>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>> gmake[4]: Entering directory >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>> >>>>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>>>> uninstall.h code.h >>>>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h >>>>>>>>>> setupnvpair.h >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>>>> >>>>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>> SECURITY=domestic >>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= >>>>>>>>>> USE_PTHREADS=1 NS_PRODUCT= >>>>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>> gmake[5]: Entering directory >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>>>>>>> -D_XOPEN_SOURCE >>>>>>>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK >>>>>>>>>> -DXP_UNIX -DLinux -O2 >>>>>>>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>>>>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>>>>>>> -I../../include >>>>>>>>>> ux-curse.c -o >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>>>>>>> >>>>>>>>>> In file included from ux-curse.c:33: >>>>>>>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>>>>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>>>>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>> (first use in this function) >>>>>>>>>> ux-curse.c:78: error: (Each undeclared identifier is reported >>>>>>>>>> only once >>>>>>>>>> ux-curse.c:78: error: for each function it appears in.) >>>>>>>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>>>>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>> (first use in this function) >>>>>>>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>>>>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>> (first use in this function) >>>>>>>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>>>>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>> (first use in this function) >>>>>>>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>>>>>>> ux-curse.c:354: warning: comparison between pointer and integer >>>>>>>>>> ux-curse.c:356: warning: comparison between pointer and integer >>>>>>>>>> ux-curse.c:358: warning: comparison between pointer and integer >>>>>>>>>> gmake[5]: *** >>>>>>>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>>>>>>> >>>>>>>>>> Error 1gmake[5]: Leaving directory >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>> >>>>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>>>> gmake[4]: Leaving directory >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>> >>>>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>>>> gmake[3]: Leaving directory >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>>>> make[2]: Leaving directory >>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Does anybody know why? >>>>>>>>>> >>>>>>>>>> Thanks for helping >>>>>>>>>> >>>>>>>>>> Daniel >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Fedora-directory-users mailing list >>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From squid at oranged.to Mon Dec 12 17:04:49 2005 From: squid at oranged.to (Jimmy) Date: Mon, 12 Dec 2005 17:04:49 -0000 (GMT) Subject: [Fedora-directory-users] Public key based authentication with Redhat Directory Server In-Reply-To: <439D918C.5030301@redhat.com> References: <2561.213.130.32.113.1134388434.squirrel@213.130.32.113> <439D918C.5030301@redhat.com> Message-ID: <3993.213.130.32.113.1134407089.squirrel@213.130.32.113> > Jimmy wrote: >> Hello, >> >> Is it possible with Redhat Directory Server to use public key >> authentication for all our Linux based servers?. I am looking to setup a central authentication scheme. So that all of the technical staff can use key based authentication from a central location. > > sure. have you started reading this ?. > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#996824 I dont think thats what im trying to do. We want to use public key based authentication with SSH, However that then needs to authenticate against the OS. I was wondering if there was any built in method to do that. It appears as though I will have to patch all of the OpenSSH daemons to make that work. However that still leaves the server to support the keys in the structure. > > --Chandra > >> Currently we have it >> setup individually for each system. However we would like to go to a >> centrally managed solution to keep it easy and allow us to scale much >> more >> effectivly. >> >> Any advice would be great. >> >> Regards, >> >> Jimmy >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From kevin_myer at iu13.org Mon Dec 12 18:18:19 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Mon, 12 Dec 2005 13:18:19 -0500 Subject: [Fedora-directory-users] x80Fx01x03x01 console admin request In-Reply-To: <439D97FD.6090005@redhat.com> References: <20051212100217.x3bq3w0lojk00gos@webapps.iu13.org> <439D97FD.6090005@redhat.com> Message-ID: <20051212131819.2xjf1b9ey13c4k84@webapps.iu13.org> Quoting Rob Crittenden : > Check your admin server URL. It could be that the console is sending > a secure request (https) to an admin server that is not setup to > accept SSL connections. > > rob As usual, after posting to a mailing list, I came to the same conclusion that is generally answered by someone on the mailing list :) It was trying to make an SSL connection to a non-SSL (at the time) admin server. Couldn't get it to work right either way so since this was a test slave replica, I just reinstalled it. Works now. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From craigwhite at azapple.com Mon Dec 12 20:14:11 2005 From: craigwhite at azapple.com (Craig White) Date: Mon, 12 Dec 2005 13:14:11 -0700 Subject: [Fedora-directory-users] mail aliases In-Reply-To: <439AC051.4080300@sci.fi> References: <1134189273.29271.107.camel@lin-workstation.azapple.com> <439AC051.4080300@sci.fi> Message-ID: <1134418452.18896.5.camel@lin-workstation.azapple.com> On Sat, 2005-12-10 at 13:47 +0200, Mike Jackson wrote: > Craig White wrote: > > What I used to do in openldap was use an objectclass > > inetLocalMailRecipient which was defined in the 'misc.schema' and my > > primary usage was to use an attribute inetLocalMailAddress to stuff > > additional addresses as aliases because I struggled with multiple values > > in the mail attribute. > > The mail attribute is not multi-valued. > > > > Obviously I can import the openldap schema that I was using into FDS but > > now I am thinking that it is probably a better idea to re-examine my > > usage. > > Why? > > > > To reduce my questions to basic... > > > > - is the mail attribute multi-valued? > > No. > > > - How do I determine which attributes are multi-valued? > > Attributes are multi-valued by default. If you want them to be > single-valued, you must specify it in the schema: > > attributeTypes: ( > 1.3.6.1.4.1.300.1.8.1 > NAME 'fooName' > DESC 'Foo Name' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 > SINGLE-VALUE > ) > > > - Is there an attribute better used for mail aliases? > > That depends on the usage. If you are setting up an MTA to do deliveries > based on LDAP queries, then the MTA might use multiple attributes. > > Qmail-LDAP reads "mail" first, and then "mailAlternateAddress" (which is > multi-valued) second. So, with Qmail-LDAP, a user's main address is > assigned to mail and all subsequent addresses are assigned to > mailAlternateAddress. > > See the following schema for examples: > > http://www.bayour.com/openldap/schemas/qmail.schema ---- OK - I don't use Qmail and it does require loading an alternate schema which means that I am no better off than just keep doing the things that I've been doing which is the use the 'misc' schema from openldap. I am capable of entering multiple values into 'mail' attribute but have had some issues with delivery when I used them which is when I went the alternative attribute for mail aliases. Thanks Craig From kevin_myer at iu13.org Mon Dec 12 20:34:23 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Mon, 12 Dec 2005 15:34:23 -0500 Subject: [Fedora-directory-users] mail aliases In-Reply-To: <1134418452.18896.5.camel@lin-workstation.azapple.com> References: <1134189273.29271.107.camel@lin-workstation.azapple.com> <439AC051.4080300@sci.fi> <1134418452.18896.5.camel@lin-workstation.azapple.com> Message-ID: <20051212153423.sx8ry2x7wpskwos0@webapps.iu13.org> Craig, I've been using: objectClasses: ( 1.3.6.1.4.1.10147.1 NAME 'inetLocalMailRecipient' SUP inetorg person STRUCTURAL MAY ( mailAlternateAddress $ mailHost $ mailRoutingAddress ) X-ORIGIN 'user defined' ) The attributes already exist with FDS, but I used that objectclass because of some legacy configs that had it (for reasons I forget - maybe because it was what OpenLDAP used at the time, but my Netscape Directory server had the other attributes for NS Messaging services). Works fine for me - aliases go in mailAlternateAddress, final destination mailbox is mailRoutingAddress. The mail attribute is what's displayed publicly for address book type lookups. Postfix checks mailAlternateAddress, if it finds a match, it relays the message to the account at mailRoutingAddress. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From ando at sys-net.it Mon Dec 12 21:32:21 2005 From: ando at sys-net.it (Pierangelo Masarati) Date: Mon, 12 Dec 2005 22:32:21 +0100 Subject: [Fedora-directory-users] mail aliases In-Reply-To: <20051212153423.sx8ry2x7wpskwos0@webapps.iu13.org> References: <1134189273.29271.107.camel@lin-workstation.azapple.com> <439AC051.4080300@sci.fi> <1134418452.18896.5.camel@lin-workstation.azapple.com> <20051212153423.sx8ry2x7wpskwos0@webapps.iu13.org> Message-ID: <1134423141.3334.2.camel@ando> On Mon, 2005-12-12 at 15:34 -0500, Kevin M. Myer wrote: > Craig, > > I've been using: > > objectClasses: ( 1.3.6.1.4.1.10147.1 NAME 'inetLocalMailRecipient' SUP inetorg > person STRUCTURAL MAY ( mailAlternateAddress $ mailHost $ mailRoutingAddress > ) X-ORIGIN 'user defined' ) > > The attributes already exist with FDS, but I used that objectclass > because of some legacy configs that had it (for reasons I forget - > maybe because it was what OpenLDAP used at the time, but my Netscape > Directory server had the other attributes for NS Messaging services). > Works fine for me - aliases go in mailAlternateAddress, final > destination mailbox is mailRoutingAddress. The mail attribute is > what's displayed publicly for address book type lookups. Postfix > checks mailAlternateAddress, if it finds a match, it relays the message > to the account at mailRoutingAddress. That definitely sounds like a personalization of , which expired in 2001 and was initially implemented in sendmail and later replaced by more sophisticated inhouse schemas, while other MTAs directly took their own direction. Only, that draft uses mailLocalAddress instead of mailAlternateAddress (which definitely sounds like a Netscape dfined attribute), and it's AUXILIARY rather than derived from inetOrgPerson. p. Ing. Pierangelo Masarati Responsabile Open Solution SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati at sys-net.it ------------------------------------------ From yproulx at cloudraker.com Mon Dec 12 22:00:43 2005 From: yproulx at cloudraker.com (Yanik Proulx) Date: Mon, 12 Dec 2005 17:00:43 -0500 Subject: [Fedora-directory-users] Setting ACIs Message-ID: <439DF30B.4020100@cloudraker.com> Hi, I'm new to FDS and have a (stupid ?) question about ACI. First : where do I set them ? I looked at the dse.ldif file, but I don't believe it's in there. Second : how would a rule allowing members of "Directory Administrators" to essentially do everything look like ? Thanks for hte help. From del at babel.com.au Mon Dec 12 23:16:18 2005 From: del at babel.com.au (Del) Date: Tue, 13 Dec 2005 10:16:18 +1100 Subject: [Fedora-directory-users] init script failure and ulimit Message-ID: <439E04C2.8020206@babel.com.au> Hi, The first of the init scripts, here: http://directory.fedora.redhat.com/wiki/Howto:SysVInit (URL to script: http://www.directory.fedora.redhat.com/download/FedoraDirectoryServer-init.d) ... does not start the Fedora Directory Server on boot if the system ulimit has been changed before the installation of FDS. If FDS detects a higher ulimit then it will write: (e.g.) nsslapd-maxdescriptors: 8192 to: /opt/fedora-ds/slapd-(servername)/config/dse.ldif So that when the script above is run during bootup, the following message will be generated in the logs, and FDS won't start: dse - The entry cn=config in file /opt/fedora-ds/slapd-fc3-dbw-1/config/dse.ldif is invalid, error code 53 (DSA is unwilling to perform) - nsslapd-maxdescriptors: invalid value 8192, maximum file descriptors must range from 1 to 1024 (the current process limit) To fix this, insert the string: ulimit -n 8192 ... somewhere near the top of the script. e.g.: myName=`basename $0` fdsRoot="/opt/fedora-ds" ulimit -n 8192 This problem is likely to be caused because the /opt/fedora-ds/setup/setup script emits the following messages if it detects a low ulimit: WARNING: There are only 1024 file descriptors (hard limit) available, which limit the number of simultaneous connections. WARNING: There are only 1024 file descriptors (soft limit) available, which limit the number of simultaneous connections. Changing the ulimit to 8192 in /etc/security/limits.conf makes the above setup problem go away but then causes the startup script to fail. -- Del From craigwhite at azapple.com Tue Dec 13 01:09:36 2005 From: craigwhite at azapple.com (Craig White) Date: Mon, 12 Dec 2005 18:09:36 -0700 Subject: [Fedora-directory-users] Setting ACIs In-Reply-To: <439DF30B.4020100@cloudraker.com> References: <439DF30B.4020100@cloudraker.com> Message-ID: <1134436177.19125.1.camel@lin-workstation.azapple.com> On Mon, 2005-12-12 at 17:00 -0500, Yanik Proulx wrote: > Hi, > > I'm new to FDS and have a (stupid ?) question about ACI. > > First : where do I set them ? I looked at the dse.ldif file, but I don't > believe it's in there. > > Second : how would a rule allowing members of "Directory Administrators" > to essentially do everything look like ? ---- Administrator guide http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#997355 Deployment guide... http://www.redhat.com/docs/manuals/dir-server/deploy/7.1/aci.html#30621 Craig From Gary_Tay at platts.com Tue Dec 13 02:51:46 2005 From: Gary_Tay at platts.com (Tay, Gary) Date: Tue, 13 Dec 2005 10:51:46 +0800 Subject: [Fedora-directory-users] Public key based authentication with Redhat Directory Server Message-ID: Pls take a look at: OpenSSH LDAP Public Key Patch http://www.opendarwin.org/projects/openssh-lpk/ If you have success installing and using it, pls share with us later. Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Jimmy Sent: Tuesday, December 13, 2005 1:05 AM To: fedora-directory-users at redhat.com Subject: Re: [Fedora-directory-users] Public key based authentication with Redhat Directory Server > Jimmy wrote: >> Hello, >> >> Is it possible with Redhat Directory Server to use public key >> authentication for all our Linux based servers?. I am looking to setup a central authentication scheme. So that all of the technical staff can use key based authentication from a central location. > > sure. have you started reading this ?. > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#996824 I dont think thats what im trying to do. We want to use public key based authentication with SSH, However that then needs to authenticate against the OS. I was wondering if there was any built in method to do that. It appears as though I will have to patch all of the OpenSSH daemons to make that work. However that still leaves the server to support the keys in the structure. > > --Chandra > >> Currently we have it >> setup individually for each system. However we would like to go to a >> centrally managed solution to keep it easy and allow us to scale much >> more effectivly. >> >> Any advice would be great. >> >> Regards, >> >> Jimmy >> >> -- >> Fedora-directory-users mailing list Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From mj at sci.fi Tue Dec 13 05:25:57 2005 From: mj at sci.fi (Mike Jackson) Date: Tue, 13 Dec 2005 07:25:57 +0200 Subject: [Fedora-directory-users] init script failure and ulimit In-Reply-To: <439E04C2.8020206@babel.com.au> References: <439E04C2.8020206@babel.com.au> Message-ID: <439E5B65.3090606@sci.fi> Del wrote: > > Hi, > > The first of the init scripts, here: > > http://directory.fedora.redhat.com/wiki/Howto:SysVInit > > (URL to script: > http://www.directory.fedora.redhat.com/download/FedoraDirectoryServer-init.d) > > > ... does not start the Fedora Directory Server on boot if the system ulimit > has been changed before the installation of FDS. If FDS detects a higher > ulimit then it will write: > > (e.g.) > nsslapd-maxdescriptors: 8192 > > to: > > /opt/fedora-ds/slapd-(servername)/config/dse.ldif > > So that when the script above is run during bootup, the following message > will be generated in the logs, and FDS won't start: > > dse - The entry cn=config in file > /opt/fedora-ds/slapd-fc3-dbw-1/config/dse.ldif > is invalid, error code 53 (DSA is unwilling to perform) - > nsslapd-maxdescriptors: > invalid value 8192, maximum file descriptors must range from 1 to 1024 > (the > current process limit) > > To fix this, insert the string: > > ulimit -n 8192 On top of that, you also have to put the same ulimit line in any scripts which call ns-slapd (bak2db, db2bak, bak2ldif, ldif2bak, etc). This "feature" caused me major problems several weeks ago when those scripts failed and left some files with wrong permissions, thus causing nearly impossible to debug write deadlocks. I really hope that this is redesigned in an upcoming release. -- mike From minfrin at sharp.fm Tue Dec 13 07:32:49 2005 From: minfrin at sharp.fm (Graham Leggett) Date: Tue, 13 Dec 2005 09:32:49 +0200 Subject: [Fedora-directory-users] Problems building on Solaris 10 Message-ID: <439E7921.5000307@sharp.fm> Hi all, I am trying to build Fedora DS on a Solaris 10/Intel machine, and have run into some trouble with a cyrus-sasl2 dependency. While building ldapserver, I get this: CC -DSOLARIS -L../../../built/SunOS5.10_i86pc_OPT.OBJ/lib -R,../bin/slapd/lib:.:../lib:../../lib:../../../lib:../../../../lib -o ../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server/ns-slapd ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/abandon.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/bind.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/compare.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/config.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/connection.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/daemon.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/sasl_io.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/detach.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/globals.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/house.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/init.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/monitor.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/saslbind.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/search.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/strdup.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/tempnam.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/unbind.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/extendop.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/rootdse.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/configdse.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/pw_mgmt.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/auth.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/psearch.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/conntable.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/stubs.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/protect_db.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/fileio.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/lite_entries.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/getopt_ext.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/start_tls_extop.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/passwd_extop.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/fedse.o ../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/main.o -lmtmalloc -L../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server -lslapd -lldapu -L../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/lib -lssl3 -lnss3 -lsoftokn3 -L../../../../mozilla/dist/lib -lssldap50 -lldap50 -lprldap50 -L../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/lib -lplc4 -lplds4 -lnspr4 -L../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/lib -ldbm -lavl -lldif -llitekey -lresolv -lsocket -lnsl -lgen -ldl -lposix4 -lw -lthread -L../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/lib -lsvrcore -L../../../../cyrus-sasl-2.1.20/lib -lsasl2 -L../../../../db-4.2.52.NC/built/.libs -ldb-4.2 ld: warning: file libucb.so.1: required by ../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server/libslapd.so, not found Undefined first referenced symbol in file gss_inquire_context ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_display_status ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_import_name ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) GSS_C_NT_USER_NAME ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) GSS_C_NT_HOSTBASED_SERVICE ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_accept_sec_context ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_unwrap ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_wrap ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_delete_sec_context ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_release_buffer ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_compare_name ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_display_name ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_acquire_cred ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_wrap_size_limit ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_init_sec_context ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_release_cred ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) gss_release_name ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) ld: fatal: Symbol referencing errors. No output written to ../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server/ns-slapd gmake[3]: *** [../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server/ns-slapd] Error 1 gmake[3]: Leaving directory `/root/src/ldap/ldapserver/ldap/servers/slapd' Cycus-sasl was build with the following options: ./configure --enable-gssapi --enable-static --without-des --without-openssl --disable-shared And yet despite being built statically, cyrus-sasl has left out the code from libgss.so, and ldapserver isn't picking up the code from libgss.so either, even though libgss.so is installed in /usr/lib. Can anyone give me a clue as to what I am doing wrong? Regards, Graham -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3220 bytes Desc: S/MIME Cryptographic Signature URL: From minfrin at sharp.fm Tue Dec 13 09:17:55 2005 From: minfrin at sharp.fm (Graham Leggett) Date: Tue, 13 Dec 2005 11:17:55 +0200 Subject: [Fedora-directory-users] Problems building on Solaris 10 In-Reply-To: <439E7921.5000307@sharp.fm> References: <439E7921.5000307@sharp.fm> Message-ID: <439E91C3.7070607@sharp.fm> Graham Leggett wrote: > not found > Undefined first referenced > symbol in file > gss_inquire_context ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o) I managed to work around this by running make like so: gmake USE_PERL_FROM_PATH=1 BUILD_DEBUG=optimize LDFLAGS=-lgss Adding the library manually via LDFLAGS seems to get it to compile past this point. Regards, Graham -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3220 bytes Desc: S/MIME Cryptographic Signature URL: From minfrin at sharp.fm Tue Dec 13 09:21:13 2005 From: minfrin at sharp.fm (Graham Leggett) Date: Tue, 13 Dec 2005 11:21:13 +0200 Subject: [Fedora-directory-users] More problems building on Solaris 10: icu library ignored Message-ID: <439E9289.1070101@sharp.fm> Hi all, Having got further down the build, it now bombs out as below. It seems that the icu library is not included in the -I parameters. Anyone know what should be done at this point? # new unix installer # passing ../built/SunOS5.10_i86pc_OPT.OBJ as ORIGINAL_OBJDIR since USE_64 info is cleaned up # and lost in cm/newinst cd cm/newinst; gmake BUILD_OPT=1 NO_JAVA=1 -w ORIGINAL_OBJDIR=/root/src/ldap/ldapserver/built/SunOS5.10_i86pc_OPT.OBJ all gmake[2]: Entering directory `/root/src/ldap/ldapserver/ldap/cm/newinst' mkdir -p ../../../built/SunOS5.10_i86pc_OPT.OBJ/dsadmin/obj CC -DSOLARIS -DSVR4 -D__svr4 -D__svr4__ -D_SVID_GETTOD -DOSVERSION=5010 -DNO_NODELOCK -DNO_LIBLCACHE -DXP_UNIX -DSOLARISx86 -xO2 -DMCC_HTTPD -DNS_DOMESTIC -DNET_SSL -DCLIENT_AUTH -DSERVER_BUILD -DNSPR20 -D_PR_NTHREAD -D_REENTRANT -DNS_DS -DSPAPI20 -DBUILD_NUM=\"2005.347.97\" -DOS_solaris -DUPGRADEDB -Dsunos5x86 -D_REENTRANT -DSVR4 -DLDAP_DEBUG -DLDAP_REFERRALS -DLDAP_LDBM -DLDAP_LDIF -DLDBM_USE_DBBTREE -DSLAPD_PASSWD_SHA1 -DLDAP_SSLIO_HOOKS -D__DBINTERFACE_PRIVATE -DNO_LIBLCACHE -DNS_DIRECTORY -O -I../../../ldap/include -I../../../built/SunOS5.10_i86pc_OPT.OBJ/include -I../../../include -I../../../include -I../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/include -I../../../../mozilla/dist/public/dbm -I../../../../mozilla/dist/public/nss -I../../../../mozilla/dist/public/svrcore -I../../../../mozilla/dist/public/ldap -I../../../../cyrus-sasl-2.1.20/include -I../../../../setuputil/built/package/SunOS5.10_i86pc_OPT.OBJ/include -I../../../ldap/admin/include -I../../../ldap/admin/lib -I../../../ldap/admin/src -c ux-dialog.cc -o ../../../built/SunOS5.10_i86pc_OPT.OBJ/dsadmin/obj/ux-dialog.o "ux-dialog.cc", line 68: Error: Could not open include file "utf8.h". "ux-dialog.cc", line 69: Error: Could not open include file "ux-util.h". "ux-dialog.cc", line 70: Error: Could not open include file "dialog.h". "ux-dialog.h", line 42: Error: Could not open include file "dialog.h". "ux-dialog.h", line 43: Error: DialogYesNo is not defined. "ux-dialog.h", line 44: Error: DialogInput is not defined. "ux-dialog.h", line 45: Error: DialogInput is not defined. "ux-dialog.h", line 46: Error: DialogInput is not defined. "ux-dialog.h", line 47: Error: DialogYesNo is not defined. "ux-dialog.h", line 48: Error: DialogInput is not defined. "ux-dialog.h", line 49: Error: DialogInput is not defined. "ux-dialog.h", line 50: Error: DialogInput is not defined. "ux-dialog.h", line 51: Error: DialogYesNo is not defined. "ux-dialog.h", line 52: Error: DialogInput is not defined. "ux-dialog.h", line 53: Error: DialogInput is not defined. "ux-dialog.h", line 54: Error: DialogInput is not defined. "ux-dialog.h", line 55: Error: DialogYesNo is not defined. "ux-dialog.h", line 56: Error: DialogYesNo is not defined. "ux-dialog.h", line 57: Error: DialogYesNo is not defined. "ux-dialog.h", line 58: Error: DialogInput is not defined. "ux-dialog.h", line 59: Error: DialogYesNo is not defined. "ux-dialog.h", line 60: Error: DialogInput is not defined. "ux-dialog.h", line 61: Error: DialogInput is not defined. "ux-dialog.h", line 62: Error: DialogInput is not defined. "ux-dialog.h", line 63: Error: DialogInput is not defined. Compilation aborted, too many Error messages. gmake[2]: *** [../../../built/SunOS5.10_i86pc_OPT.OBJ/dsadmin/obj/ux-dialog.o] Error 1 gmake[2]: Leaving directory `/root/src/ldap/ldapserver/ldap/cm/newinst' gmake[1]: *** [ldapprogs] Error 2 gmake[1]: Leaving directory `/root/src/ldap/ldapserver/ldap' gmake: *** [buildDirectory] Error 2 Regards, Graham -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3220 bytes Desc: S/MIME Cryptographic Signature URL: From 1lnxraider at comcast.net Tue Dec 13 14:33:34 2005 From: 1lnxraider at comcast.net (Marcus O. White) Date: Tue, 13 Dec 2005 09:33:34 -0500 Subject: [Fedora-directory-users] Migrating OpenLDAP with Samba to FDS Message-ID: <1134484414.20315.10.camel@tbird> G'day All, Has anyone used the OpenLDAP to FDS migration script to migrate OpenLDAP with the Samba schema already included into FDS? If so, did you have to get the Samba schema installed first in FDS? Marcus O. From taymour.elerian at tedata.net Tue Dec 13 15:42:19 2005 From: taymour.elerian at tedata.net (Taymour A. El Erian) Date: Tue, 13 Dec 2005 17:42:19 +0200 Subject: [Fedora-directory-users] Unable to import ldif from OpemLDAP Message-ID: <439EEBDB.807@tedata.net> All, I am trying to add an entry exported from OpenLDAP but I keep getting the error Error adding object 'dn: ou=email,o=xyz,c=eg'. The error sent by the server was 'No such object'. The object is: LDAPEntry: ou=email,o=xyz,c=eg; LDAPAttributeSet: LDAPAttribute {type='ou', values='email'} LDAPAttribute {type='objectclass', values='top,organizationalUnit'}. The ldif is: dn: ou=email,o=xyz,c=eg objectClass: top objectClass: organizationalUnit ou: email I already created the suffix o=xyz,c=eg from the admin console. -- Taymour A El Erian System Division Manager RHCE, LPIC, CCNA, MCSE, CNA TE Data E-mail: taymour.elerian at tedata.net Web: www.tedata.net Tel: +(202)-4166600 Fax: +(202)-4166700 Ext: 1101 From craigwhite at azapple.com Tue Dec 13 15:45:18 2005 From: craigwhite at azapple.com (Craig White) Date: Tue, 13 Dec 2005 08:45:18 -0700 Subject: [Fedora-directory-users] Migrating OpenLDAP with Samba to FDS In-Reply-To: <1134484414.20315.10.camel@tbird> References: <1134484414.20315.10.camel@tbird> Message-ID: <1134488719.19893.10.camel@lin-workstation.azapple.com> On Tue, 2005-12-13 at 09:33 -0500, Marcus O. White wrote: > G'day All, > > Has anyone used the OpenLDAP to FDS migration script to migrate OpenLDAP > with the Samba schema already included into FDS? If so, did you have to > get the Samba schema installed first in FDS? ---- presuming that you are talking about... http://directory.fedora.redhat.com/wiki/Howto:Samba and specifically the ol-schema.migrate.pl script then, yes, that was enough to load the samba.schema supplied with samba. In fact, I used it to convert some other schema's that I use (authzldap and rfc2739.schema for Horde/IMP). I also noted that the one entry in my case... dn: sambaDomainName=AZAPPLE,dc=azapple,dc=com objectClass: sambaDomain sambaDomainName: AZAPPLE sambaSID: S-1-5-21-XXXXX etc. sambaAlgorithmicRidBase: 1000 didn't migrate but undoubtedly would have migrated if I had manually added... objectClass: top objectClass: organizationalUnit to this dn Craig From horlacher at belwue.de Tue Dec 13 17:57:52 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Tue, 13 Dec 2005 18:57:52 +0100 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <43985464.4040809@marco.de> References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> Message-ID: <20051213175752.GA8389@belwue.de> On Thu 2005-12-08 (16:42), Daniel Spannbauer wrote: > gmake[5]: Entering directory > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' > gmake[5]: *** No rule to make target -lcurses', needed by > /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. There is a bug in dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib/Makefile (is auto-generate during "make configure"). The Makefile looks for a *target* named "-lcurses" which is nonsense. I have resolved it by: perl -p -i -e 's/ \$\(CURSES\)//' dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib/Makefile which deletes the unnecessary curses taget. -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From HaneJ at gsicommerce.com Tue Dec 13 18:18:27 2005 From: HaneJ at gsicommerce.com (Jason Hane) Date: Tue, 13 Dec 2005 13:18:27 -0500 Subject: [Fedora-directory-users] Problem Uninstalling and Reinstalling Message-ID: I uninstalled and removed /opt/fedora-ds on RHEL 4. I was running 7.2. I installed Sun JDK 1.5.06, made JAVA_HOME=/usr/java/jdk1.5.0_06 and installed Directory Server 1.0.1. Now when I try to go to the console, it hangs on the splash screen and it says "Please log in...". Has anyone had this problem before or know how I can proceed? Thanks, Jason From nkinder at redhat.com Tue Dec 13 18:56:15 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 13 Dec 2005 10:56:15 -0800 Subject: [Fedora-directory-users] Problem Uninstalling and Reinstalling In-Reply-To: References: Message-ID: <439F194F.2090506@redhat.com> Run startconsole with the "-x nologo" option. There is a dialog focus problem when running Console with Java 1.5. -NGK Jason Hane wrote: >I uninstalled and removed /opt/fedora-ds on RHEL 4. I was running 7.2. >I installed Sun JDK 1.5.06, made JAVA_HOME=/usr/java/jdk1.5.0_06 and >installed Directory Server 1.0.1. Now when I try to go to the console, >it hangs on the splash screen and it says "Please log in...". Has >anyone had this problem before or know how I can proceed? > >Thanks, >Jason > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From tony.molloy at ul.ie Tue Dec 13 18:59:46 2005 From: tony.molloy at ul.ie (Tony Molloy) Date: Tue, 13 Dec 2005 18:59:46 +0000 Subject: [Fedora-directory-users] Problem Uninstalling and Reinstalling In-Reply-To: References: Message-ID: <200512131859.46976.tony.molloy@ul.ie> On Tuesday 13 December 2005 18:18, Jason Hane wrote: > I uninstalled and removed /opt/fedora-ds on RHEL 4. I was running 7.2. > I installed Sun JDK 1.5.06, made JAVA_HOME=/usr/java/jdk1.5.0_06 and > installed Directory Server 1.0.1. Now when I try to go to the console, > it hangs on the splash screen and it says "Please log in...". Has > anyone had this problem before or know how I can proceed? > > Thanks, > Jason > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users Try ./startconsole -x nologo The splash screen is hiding the login screen. Tony -- Tony Molloy. Dept. of Comp. Sci. University of Limerick From craigwhite at azapple.com Tue Dec 13 18:34:55 2005 From: craigwhite at azapple.com (Craig White) Date: Tue, 13 Dec 2005 11:34:55 -0700 Subject: [Fedora-directory-users] Problem Uninstalling and Reinstalling In-Reply-To: References: Message-ID: <1134498896.19893.35.camel@lin-workstation.azapple.com> On Tue, 2005-12-13 at 13:18 -0500, Jason Hane wrote: > I uninstalled and removed /opt/fedora-ds on RHEL 4. I was running 7.2. > I installed Sun JDK 1.5.06, made JAVA_HOME=/usr/java/jdk1.5.0_06 and > installed Directory Server 1.0.1. Now when I try to go to the console, > it hangs on the splash screen and it says "Please log in...". Has > anyone had this problem before or know how I can proceed? ---- ./startconsole -x nologo -u admin -a fqdn_your_server:port_number & Craig From HaneJ at gsicommerce.com Tue Dec 13 19:25:27 2005 From: HaneJ at gsicommerce.com (Jason Hane) Date: Tue, 13 Dec 2005 14:25:27 -0500 Subject: [Fedora-directory-users] Problem Uninstalling and Reinstalling Message-ID: You guys rock. Thanks a lot! -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Tony Molloy Sent: Tuesday, December 13, 2005 2:00 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Problem Uninstalling and Reinstalling On Tuesday 13 December 2005 18:18, Jason Hane wrote: > I uninstalled and removed /opt/fedora-ds on RHEL 4. I was running 7.2. > I installed Sun JDK 1.5.06, made JAVA_HOME=/usr/java/jdk1.5.0_06 and > installed Directory Server 1.0.1. Now when I try to go to the > console, it hangs on the splash screen and it says "Please log in...". > Has anyone had this problem before or know how I can proceed? > > Thanks, > Jason > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users Try ./startconsole -x nologo The splash screen is hiding the login screen. Tony -- Tony Molloy. Dept. of Comp. Sci. University of Limerick -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From 1midniterider at comcast.net Tue Dec 13 17:32:30 2005 From: 1midniterider at comcast.net (Marcus White) Date: Tue, 13 Dec 2005 12:32:30 -0500 Subject: [Fedora-directory-users] Migrating OpenLDAP with Samba to FDS In-Reply-To: <1134488719.19893.10.camel@lin-workstation.azapple.com> References: <1134484414.20315.10.camel@tbird> <1134488719.19893.10.camel@lin-workstation.azapple.com> Message-ID: <1134495150.20315.23.camel@tbird> On Tue, 2005-12-13 at 08:45 -0700, Craig White wrote: > On Tue, 2005-12-13 at 09:33 -0500, Marcus O. White wrote: > > G'day All, > > > > Has anyone used the OpenLDAP to FDS migration script to migrate OpenLDAP > > with the Samba schema already included into FDS? If so, did you have to > > get the Samba schema installed first in FDS? > ---- > presuming that you are talking about... > http://directory.fedora.redhat.com/wiki/Howto:Samba > > and specifically the ol-schema.migrate.pl script > > then, yes, that was enough to load the samba.schema supplied with samba. > In fact, I used it to convert some other schema's that I use (authzldap > and rfc2739.schema for Horde/IMP). > > I also noted that the one entry in my case... > > dn: sambaDomainName=AZAPPLE,dc=azapple,dc=com > objectClass: sambaDomain > sambaDomainName: AZAPPLE > sambaSID: S-1-5-21-XXXXX etc. > sambaAlgorithmicRidBase: 1000 > > didn't migrate but undoubtedly would have migrated if I had manually > added... > > objectClass: top > objectClass: organizationalUnit > > to this dn > > Craig > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users Yes that is the script and thanks for the info... Are you using the multiple master feature? If so, how has the worked out? We have OpenLDAP configured with a single master and multiple slave servers. Being able to use the multiple master configuration would probably be the only reason to switch... Marcus O. From rmeggins at redhat.com Tue Dec 13 23:54:21 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 13 Dec 2005 16:54:21 -0700 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <20051213175752.GA8389@belwue.de> References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <20051213175752.GA8389@belwue.de> Message-ID: <439F5F2D.8000708@redhat.com> Can you send me a diff or a patch? Thanks! Ulli Horlacher wrote: >On Thu 2005-12-08 (16:42), Daniel Spannbauer wrote: > > > >>gmake[5]: Entering directory >>/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>gmake[5]: *** No rule to make target -lcurses', needed by >>/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >> >> > >There is a bug in >dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib/Makefile >(is auto-generate during "make configure"). The Makefile looks for a >*target* named "-lcurses" which is nonsense. I have resolved it by: > perl -p -i -e 's/ \$\(CURSES\)//' dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib/Makefile >which deletes the unnecessary curses taget. > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Dec 13 23:59:59 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 13 Dec 2005 16:59:59 -0700 Subject: [Fedora-directory-users] More problems building on Solaris 10: icu library ignored In-Reply-To: <439E9289.1070101@sharp.fm> References: <439E9289.1070101@sharp.fm> Message-ID: <439F607F.2030006@redhat.com> Graham Leggett wrote: > Hi all, > > Having got further down the build, it now bombs out as below. > > It seems that the icu library is not included in the -I parameters. > Anyone know what should be done at this point? > > # new unix installer > # passing ../built/SunOS5.10_i86pc_OPT.OBJ as ORIGINAL_OBJDIR since > USE_64 info is cleaned up > # and lost in cm/newinst > cd cm/newinst; gmake BUILD_OPT=1 NO_JAVA=1 -w > ORIGINAL_OBJDIR=/root/src/ldap/ldapserver/built/SunOS5.10_i86pc_OPT.OBJ > all > gmake[2]: Entering directory `/root/src/ldap/ldapserver/ldap/cm/newinst' > mkdir -p ../../../built/SunOS5.10_i86pc_OPT.OBJ/dsadmin/obj > CC -DSOLARIS -DSVR4 -D__svr4 -D__svr4__ -D_SVID_GETTOD > -DOSVERSION=5010 -DNO_NODELOCK -DNO_LIBLCACHE -DXP_UNIX -DSOLARISx86 > -xO2 -DMCC_HTTPD -DNS_DOMESTIC -DNET_SSL -DCLIENT_AUTH -DSERVER_BUILD > -DNSPR20 -D_PR_NTHREAD -D_REENTRANT -DNS_DS -DSPAPI20 > -DBUILD_NUM=\"2005.347.97\" -DOS_solaris -DUPGRADEDB -Dsunos5x86 > -D_REENTRANT -DSVR4 -DLDAP_DEBUG -DLDAP_REFERRALS -DLDAP_LDBM > -DLDAP_LDIF -DLDBM_USE_DBBTREE -DSLAPD_PASSWD_SHA1 -DLDAP_SSLIO_HOOKS > -D__DBINTERFACE_PRIVATE -DNO_LIBLCACHE -DNS_DIRECTORY -O > -I../../../ldap/include > -I../../../built/SunOS5.10_i86pc_OPT.OBJ/include -I../../../include > -I../../../include > -I../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/include > -I../../../../mozilla/dist/public/dbm > -I../../../../mozilla/dist/public/nss > -I../../../../mozilla/dist/public/svrcore > -I../../../../mozilla/dist/public/ldap > -I../../../../cyrus-sasl-2.1.20/include > -I../../../../setuputil/built/package/SunOS5.10_i86pc_OPT.OBJ/include > -I../../../ldap/admin/include -I../../../ldap/admin/lib > -I../../../ldap/admin/src -c ux-dialog.cc -o > ../../../built/SunOS5.10_i86pc_OPT.OBJ/dsadmin/obj/ux-dialog.o Does the directory /setuptutil/built/package/SunOS5.10_i86pc_OPT.OBJ/include exist? If not, is there a directory with a slightly different name? > "ux-dialog.cc", line 68: Error: Could not open include file "utf8.h". > "ux-dialog.cc", line 69: Error: Could not open include file "ux-util.h". > "ux-dialog.cc", line 70: Error: Could not open include file "dialog.h". > "ux-dialog.h", line 42: Error: Could not open include file "dialog.h". > "ux-dialog.h", line 43: Error: DialogYesNo is not defined. > "ux-dialog.h", line 44: Error: DialogInput is not defined. > "ux-dialog.h", line 45: Error: DialogInput is not defined. > "ux-dialog.h", line 46: Error: DialogInput is not defined. > "ux-dialog.h", line 47: Error: DialogYesNo is not defined. > "ux-dialog.h", line 48: Error: DialogInput is not defined. > "ux-dialog.h", line 49: Error: DialogInput is not defined. > "ux-dialog.h", line 50: Error: DialogInput is not defined. > "ux-dialog.h", line 51: Error: DialogYesNo is not defined. > "ux-dialog.h", line 52: Error: DialogInput is not defined. > "ux-dialog.h", line 53: Error: DialogInput is not defined. > "ux-dialog.h", line 54: Error: DialogInput is not defined. > "ux-dialog.h", line 55: Error: DialogYesNo is not defined. > "ux-dialog.h", line 56: Error: DialogYesNo is not defined. > "ux-dialog.h", line 57: Error: DialogYesNo is not defined. > "ux-dialog.h", line 58: Error: DialogInput is not defined. > "ux-dialog.h", line 59: Error: DialogYesNo is not defined. > "ux-dialog.h", line 60: Error: DialogInput is not defined. > "ux-dialog.h", line 61: Error: DialogInput is not defined. > "ux-dialog.h", line 62: Error: DialogInput is not defined. > "ux-dialog.h", line 63: Error: DialogInput is not defined. > Compilation aborted, too many Error messages. > gmake[2]: *** > [../../../built/SunOS5.10_i86pc_OPT.OBJ/dsadmin/obj/ux-dialog.o] Error 1 > gmake[2]: Leaving directory `/root/src/ldap/ldapserver/ldap/cm/newinst' > gmake[1]: *** [ldapprogs] Error 2 > gmake[1]: Leaving directory `/root/src/ldap/ldapserver/ldap' > gmake: *** [buildDirectory] Error 2 > > Regards, > Graham > -- > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Dec 14 00:01:18 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 13 Dec 2005 17:01:18 -0700 Subject: [Fedora-directory-users] Unable to import ldif from OpemLDAP In-Reply-To: <439EEBDB.807@tedata.net> References: <439EEBDB.807@tedata.net> Message-ID: <439F60CE.3090206@redhat.com> You need to have an entry for o=xyz,c=eg dn: o=xyz,c=eg objectclass: top objectclass: organization o: xyz This entry needs to exist before the entry ou=email,o=xyz,c=eg can be added/imported. Taymour A. El Erian wrote: >All, > > I am trying to add an entry exported from OpenLDAP but I keep >getting the error > >Error adding object 'dn: ou=email,o=xyz,c=eg'. The error sent by the >server was 'No such object'. The object is: LDAPEntry: >ou=email,o=xyz,c=eg; LDAPAttributeSet: LDAPAttribute {type='ou', >values='email'} LDAPAttribute {type='objectclass', >values='top,organizationalUnit'}. > >The ldif is: >dn: ou=email,o=xyz,c=eg >objectClass: top >objectClass: organizationalUnit >ou: email > >I already created the suffix o=xyz,c=eg from the admin console. > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From craigwhite at azapple.com Wed Dec 14 01:04:12 2005 From: craigwhite at azapple.com (Craig White) Date: Tue, 13 Dec 2005 18:04:12 -0700 Subject: [Fedora-directory-users] Migrating OpenLDAP with Samba to FDS In-Reply-To: <1134495150.20315.23.camel@tbird> References: <1134484414.20315.10.camel@tbird> <1134488719.19893.10.camel@lin-workstation.azapple.com> <1134495150.20315.23.camel@tbird> Message-ID: <1134522252.19893.75.camel@lin-workstation.azapple.com> On Tue, 2005-12-13 at 12:32 -0500, Marcus White wrote: > On Tue, 2005-12-13 at 08:45 -0700, Craig White wrote: > > On Tue, 2005-12-13 at 09:33 -0500, Marcus O. White wrote: > > > G'day All, > > > > > > Has anyone used the OpenLDAP to FDS migration script to migrate OpenLDAP > > > with the Samba schema already included into FDS? If so, did you have to > > > get the Samba schema installed first in FDS? > > ---- > > presuming that you are talking about... > > http://directory.fedora.redhat.com/wiki/Howto:Samba > > > > and specifically the ol-schema.migrate.pl script > > > > then, yes, that was enough to load the samba.schema supplied with samba. > > In fact, I used it to convert some other schema's that I use (authzldap > > and rfc2739.schema for Horde/IMP). > > > > I also noted that the one entry in my case... > > > > dn: sambaDomainName=AZAPPLE,dc=azapple,dc=com > > objectClass: sambaDomain > > sambaDomainName: AZAPPLE > > sambaSID: S-1-5-21-XXXXX etc. > > sambaAlgorithmicRidBase: 1000 > > > > didn't migrate but undoubtedly would have migrated if I had manually > > added... > > > > objectClass: top > > objectClass: organizationalUnit > > > > to this dn > > > > Craig > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > Yes that is the script and thanks for the info... Are you using the > multiple master feature? If so, how has the worked out? We have OpenLDAP > configured with a single master and multiple slave servers. Being able > to use the multiple master configuration would probably be the only > reason to switch... ---- I think that you can have multi-master with openldap now too. I don't use it and don't have customers which would demand it. I find that if I have to go through the pain of installing one or the other on a RHEL 4 or clone system, fedora directory server would seem to be easier to install initially and upgrade. I think the password policy is more mature on fedora directory server (though I haven't used it and I do intend to get around to playing with it). Craig From del at babel.com.au Wed Dec 14 01:45:56 2005 From: del at babel.com.au (Del) Date: Wed, 14 Dec 2005 12:45:56 +1100 Subject: [Fedora-directory-users] init script failure and ulimit In-Reply-To: <439E5B65.3090606@sci.fi> References: <439E04C2.8020206@babel.com.au> <439E5B65.3090606@sci.fi> Message-ID: <439F7954.7040209@babel.com.au> >> ulimit -n 8192 > > > On top of that, you also have to put the same ulimit line in any scripts > which call ns-slapd (bak2db, db2bak, bak2ldif, ldif2bak, etc). This > "feature" caused me major problems several weeks ago when those scripts > failed and left some files with wrong permissions, thus causing nearly > impossible to debug write deadlocks. > > I really hope that this is redesigned in an upcoming release. The ideal thing is if you extend the ulimit in /etc/security/limits.conf, put the ulimit command in /etc/profile. Then you don't need to fix any scripts. Some of the system startup scripts won't like it and complain because they aren't all run as root, and don't all read /etc/profile, and some happen before the extension in limits.conf, but generally you'll be happier. -- Del From del at babel.com.au Wed Dec 14 01:47:19 2005 From: del at babel.com.au (Del) Date: Wed, 14 Dec 2005 12:47:19 +1100 Subject: [Fedora-directory-users] Migrating OpenLDAP with Samba to FDS In-Reply-To: <1134484414.20315.10.camel@tbird> References: <1134484414.20315.10.camel@tbird> Message-ID: <439F79A7.3050003@babel.com.au> Marcus O. White wrote: > G'day All, > > Has anyone used the OpenLDAP to FDS migration script Which one? I used LdapImport.pl. to migrate OpenLDAP > with the Samba schema already included into FDS? Yes. If so, did you have to > get the Samba schema installed first in FDS? Yes, but LdapImport.pl does that for you. -- Del From aaronsca at gmail.com Wed Dec 14 04:24:51 2005 From: aaronsca at gmail.com (Aaron Scarisbrick) Date: Tue, 13 Dec 2005 21:24:51 -0700 Subject: [Fedora-directory-users] Legacy Replication Plugin Message-ID: In section 2.10 of the FAQ, there is a Legacy Replication Plug-in mentioned for 4.x Netscape DS. What isn't mentioned, is where this plugin can be had, or how to configure it. Where can I find the plugin and associated documentation? Thanks! Aaron M. Scarisbrick -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Dec 14 04:32:12 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 13 Dec 2005 21:32:12 -0700 Subject: [Fedora-directory-users] Legacy Replication Plugin In-Reply-To: References: Message-ID: <439FA04C.7010005@redhat.com> Aaron Scarisbrick wrote: > In section 2.10 of the FAQ > , > there is a Legacy Replication Plug-in mentioned for 4.x Netscape DS. > What isn't mentioned, is where this plugin can be had, or how to > configure it. Where can I find the plugin and associated documentation? It's also known as the Retro Changelog. http://www.redhat.com/docs/manuals/dir-server/ag/7.1/replicat.html#1107718 > > Thanks! > > Aaron M. Scarisbrick > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From ds at marco.de Wed Dec 14 11:52:29 2005 From: ds at marco.de (Daniel Spannbauer) Date: Wed, 14 Dec 2005 12:52:29 +0100 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> Message-ID: <43A0077D.9020409@marco.de> Ok, some flies linked, a few Steps later: cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_S TRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" -DVERSION=\"1.0\" -DST DC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_S TRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT _H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -I. - I. -I/usr/include/apache2 -I/root/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_ x86_glibc_PTH_OPT.OBJ/include -I/root/dsbuild/ds/mozilla/work/mozilla/dist/publi c/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-bui ld/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 -I/tmp/fedora-ds-build/inc lude -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/ fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-bu ild/lib -O2 -pipe -c mod_nss.c -MT mod_nss.lo -MD -MP -MF .deps/mod_nss.TPlo -f PIC -DPIC -o .libs/mod_nss.lo In file included from mod_nss.c:16: mod_nss.h:30:17: error: mpm.h: No such file or directory make[2]: *** [mod_nss.lo] Error 1 make[2]: Leaving directory /root/dsbuild/ds/mod_nss/work/mod_nss-1.0' make[1]: *** [build-work/mod_nss-1.0/Makefile] Error 2 make[1]: Leaving directory /root/dsbuild/ds/mod_nss' make: *** [dep-../../ds/mod_nss] Error 2 Wheres the Error? Regards Daniel Richard Megginson wrote: > Daniel Spannbauer wrote: > >> Ok, I solved the "-lcurses"-Problem with a link from >> /usr/lib/libncurses.a to libcurses.a >> Next Problem: The make wont find the termcap: >> >> *** No rule to make target -ltermcap', needed by >> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PT >> >> H_OPT.OBJ/lib/libinstall.a'. >> Stop. >> >> A find obove /usr/lib found:ox:~/dsbuild/meta/ds # find /usr/lib/ >> -name *termcap* -print >> /usr/lib/zsh/4.2.5/zsh/termcap.so >> /usr/lib/libtermcap.so.2.0.8 >> /usr/lib/perl5/5.8.7/termcap.pl >> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/termcap.ph >> /usr/lib/termcap >> /usr/lib/termcap/libtermcap.a >> /usr/lib/termcap/libtermcap.so >> /usr/lib/libtermcap.so.2 >> >> >> Does anybody know how to solve that? > > > It's looking for libtermcap.so in /usr/lib, but on your system it is > in /usr/lib/termcap. You can either make a symlink for that, or edit > setuputil/nsconfig.mk or setuputil/nsdefs.mk (I can't remember which) > and add /usr/lib/termcap to the lib path. > >> >> Regards >> >> Daniel >> >> >> >> Daniel Spannbauer wrote: >> >>> Hallo Richard, >>> >>> sorry, I should read your messages :) >>> >>> find /us/lib -name \*curses\* -print: >>> /usr/lib/YaST2/plugin/libpy2ncurses.so.2 >>> /usr/lib/YaST2/plugin/libpy2ncurses.so.2.0.0 >>> /usr/lib/YaST2/plugin/libpy2ncurses.la >>> /usr/lib/YaST2/plugin/libpy2ncurses.so >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesapp.ph >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesf.ph >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesm.ph >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesp.ph >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesw.ph >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses.ph >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/curses.ph >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses_dll.ph >>> /usr/lib/libncurses++w.a >>> /usr/lib/libncurses.so.4 >>> /usr/lib/libncurses.so.4.2 >>> /usr/lib/python2.4/lib-dynload/_curses_panel.so >>> /usr/lib/python2.4/lib-dynload/_curses.so >>> /usr/lib/python2.4/curses >>> /usr/lib/libncurses++.a >>> /usr/lib/libncursesw.so.5 >>> /usr/lib/libncursesw.so >>> /usr/lib/libncurses.so >>> /usr/lib/libncursesw.so.5.4 >>> /usr/lib/libncurses.a >>> ox:~ # So no lcurses. Now I >>> have to look where to find this curses for SuSE. >>> >>> Thank >>> >>> Regards >>> >>> Daniel >>> >>> >>> Richard Megginson wrote: >>> >>>> Ok. Try >>>> find /usr/lib -name \*curses\* -print >>>> >>>> It's failing to find -lcurses, which should be the file >>>> /usr/lib/*curses* >>>> >>>> Daniel Spannbauer wrote: >>>> >>>>> Hallo Richard, >>>>> >>>>> the Output is: >>>>> ox:~ # find /usr/include/ -name \*curses\* -print >>>>> /usr/include/cursesapp.h >>>>> /usr/include/curses.h >>>>> /usr/include/ncurses.h >>>>> /usr/include/cursesf.h >>>>> /usr/include/cursesm.h >>>>> /usr/include/cursesp.h >>>>> /usr/include/cursesw.h >>>>> /usr/include/ncurses_dll.h >>>>> >>>>> Thats all. >>>>> >>>>> Regards >>>>> Daniel >>>>> >>>>> >>>>> >>>>> Richard Megginson wrote: >>>>> >>>>>> On my system, the curses libs are provided by the ncurses and >>>>>> ncurses-devel packages. >>>>>> Try this: >>>>>> find /usr/lib -name \*curses\* -print >>>>>> ? >>>>>> >>>>>> Daniel Spannbauer wrote: >>>>>> >>>>>>> Hallo Richard, >>>>>>> >>>>>>> yes, I get an Output. >>>>>>> There was something wrong on the system. Reboot solved it. >>>>>>> Anyway: >>>>>>> A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>> [fetch] complete for ds. >>>>>>> [checksum] complete for ds. >>>>>>> [extract] complete for ds. >>>>>>> [patch] complete for ds. >>>>>>> ==> Building ds/mozilla as a dependency >>>>>>> ==> Building ds/icu as a dependency >>>>>>> ==> Building ds/adminutil as a dependency >>>>>>> ==> Building ds/setuputil as a dependency >>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>> [fetch] complete for fedora-setuputil. >>>>>>> [checksum] complete for fedora-setuputil. >>>>>>> [extract] complete for fedora-setuputil. >>>>>>> [patch] complete for fedora-setuputil. >>>>>>> [configure] complete for fedora-setuputil. >>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> make[2]: Entering directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>> The components are up to date >>>>>>> >>>>>>> ==== Starting Server Installer Build ========== >>>>>>> >>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> gmake[3]: Entering directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>> SECURITY=domestic >>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> gmake[4]: Entering directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>> uninstall.h code.h >>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>> >>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>>>>>> NS_PRODUCT= >>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>> gmake[5]: Entering directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>> >>>>>>> gmake[5]: *** No rule to make target -lcurses', needed by >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >>>>>>> >>>>>>> Stop. >>>>>>> gmake[5]: Leaving directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>> >>>>>>> gmake[4]: *** [all] Error 2 >>>>>>> gmake[4]: Leaving directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>> gmake[3]: Leaving directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>> make[2]: Leaving directory >>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>> >>>>>>> >>>>>>> ------------------- >>>>>>> >>>>>>> Thanks for your help. >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> Daniel >>>>>>> >>>>>>> ---------------------- >>>>>>> >>>>>>> >>>>>>> Richard Megginson wrote: >>>>>>> >>>>>>>> I'm not sure what needs to be installed. On my Fedora Core 4 >>>>>>>> system, /usr/include/curses.h is provided by the ncurses-devel >>>>>>>> package. >>>>>>>> If you do >>>>>>>> find /usr/include -name curses.h -print >>>>>>>> do you get anything? >>>>>>>> >>>>>>>> Daniel Spannbauer wrote: >>>>>>>> >>>>>>>>> Hallo Richard >>>>>>>>> >>>>>>>>> ncurses und ncurses-devel is installed. >>>>>>>>> >>>>>>>>> greetings >>>>>>>>> >>>>>>>>> Daniel >>>>>>>>> >>>>>>>>> >>>>>>>>> Richard Megginson wrote: >>>>>>>>> >>>>>>>>>> Looks like you need to install curses-devel or ncurses-devel >>>>>>>>>> >>>>>>>>>> Daniel Spannbauer wrote: >>>>>>>>>> >>>>>>>>>>> Hallo, >>>>>>>>>>> >>>>>>>>>>> i Try to install the Directory-Server on SuSE 10.0. While >>>>>>>>>>> the dsbuild I get an Error. >>>>>>>>>>> Here the Complete Log of the dsbuild: >>>>>>>>>>> -------------------------------------------------------------- >>>>>>>>>>> >>>>>>>>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>>>>> [fetch] complete for ds. >>>>>>>>>>> [checksum] complete for ds. >>>>>>>>>>> [extract] complete for ds. >>>>>>>>>>> [patch] complete for ds. >>>>>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>>>>> ==> Building ds/icu as a dependency >>>>>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>> make[2]: Entering directory >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>>>>> The components are up to date >>>>>>>>>>> >>>>>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>>>>> >>>>>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>> gmake[3]: Entering directory >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>>> SECURITY=domestic >>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>> gmake[4]: Entering directory >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>>> >>>>>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>>>>> uninstall.h code.h >>>>>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h >>>>>>>>>>> setupnvpair.h >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>>>>> >>>>>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>>> SECURITY=domestic >>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= >>>>>>>>>>> USE_PTHREADS=1 NS_PRODUCT= >>>>>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>> gmake[5]: Entering directory >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>>>>>>>> -D_XOPEN_SOURCE >>>>>>>>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK >>>>>>>>>>> -DXP_UNIX -DLinux -O2 >>>>>>>>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>>>>>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>>>>>>>> -I../../include >>>>>>>>>>> ux-curse.c -o >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>>>>>>>> >>>>>>>>>>> In file included from ux-curse.c:33: >>>>>>>>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>>>>>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>>>>>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>> (first use in this function) >>>>>>>>>>> ux-curse.c:78: error: (Each undeclared identifier is >>>>>>>>>>> reported only once >>>>>>>>>>> ux-curse.c:78: error: for each function it appears in.) >>>>>>>>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>>>>>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>> (first use in this function) >>>>>>>>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>>>>>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>> (first use in this function) >>>>>>>>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>>>>>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>> (first use in this function) >>>>>>>>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>>>>>>>> ux-curse.c:354: warning: comparison between pointer and integer >>>>>>>>>>> ux-curse.c:356: warning: comparison between pointer and integer >>>>>>>>>>> ux-curse.c:358: warning: comparison between pointer and integer >>>>>>>>>>> gmake[5]: *** >>>>>>>>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>>>>>>>> >>>>>>>>>>> Error 1gmake[5]: Leaving directory >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>>> >>>>>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>>>>> gmake[4]: Leaving directory >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>>> >>>>>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>>>>> gmake[3]: Leaving directory >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>>>>> make[2]: Leaving directory >>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>>>>> >>>>>>>>>>> ------------------------------------------------------------------ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Does anybody know why? >>>>>>>>>>> >>>>>>>>>>> Thanks for helping >>>>>>>>>>> >>>>>>>>>>> Daniel >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> ------------------------------------------------------------------------ >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Fedora-directory-users mailing list >>>>>>>> Fedora-directory-users at redhat.com >>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> >> >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Daniel Spannbauer EDV Systembetreuung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-66 Auf der Wies 8, D 87727 Babenhausen Fax +49 8333 9233-11 http://www.marco.de/ Email ds at marco.de From ds at marco.de Wed Dec 14 13:31:22 2005 From: ds at marco.de (Daniel Spannbauer) Date: Wed, 14 Dec 2005 14:31:22 +0100 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> Message-ID: <43A01EAA.8060904@marco.de> Ok, linked /usr/include/apache2/ap_mpm.h to mpm.h, works. Till the next error: if cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../plugins -I../include -I/tm p/fedora-ds-build/include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/ include -Wall -W -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp /fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -MT ../plugins/sas ldb.o -MD -MP -MF ".deps/../plugins/sasldb.Tpo" \ -c -o ../plugins/sasldb.o ^Test -f '../plugins/sasldb.c' || echo './'../plugin s/sasldb.c; \ then mv ".deps/../plugins/sasldb.Tpo" ".deps/../plugins/sasldb.Po"; \ else rm -f ".deps/../plugins/sasldb.Tpo"; exit 1; \ fi ../plugins/sasldb.c: In function ?<80><98>sasldb_auxprop_lookup?<80><99>: ../plugins/sasldb.c:59: warning: unused parameter ?<80><98>glob_context?<80><99> ../plugins/sasldb.c: In function ?<80><98>sasldb_auxprop_store?<80><99>: ../plugins/sasldb.c:131: warning: unused parameter ?<80><98>glob_context?<80> <99> ../plugins/sasldb.c: In function ?<80><98>sasldb_auxprop_plug_init?<80><99>: ../plugins/sasldb.c:206: warning: unused parameter ?<80><98>plugname?<80><99> ../plugins/sasldb.c: At top level: ../plugins/sasldb.c:223: fatal error: opening dependency file .deps/../plugins/s asldb.Tpo: No such file or directory compilation terminated. make[4]: *** [../plugins/sasldb.o] Error 1 make[4]: Leaving directory /root/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20/li b' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory /root/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20' make[2]: *** [all] Error 2 make[2]: Leaving directory /root/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20' make[1]: *** [build-work/cyrus-sasl-2.1.20/Makefile] Error 2 make[1]: Leaving directory /root/dsbuild/ds/cyrus-sasl' make: *** [dep-../../ds/cyrus-sasl] Error 2 Is the dsbuild tested on other OS than Fedora? Regards Daniel Daniel Spannbauer wrote: > Ok, some flies linked, a few Steps later: > > cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" > -DPACKAGE_S > TRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" > -DVERSION=\"1.0\" -DST > DC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 > -DHAVE_STDLIB_H=1 -DHAVE_S > TRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 > -DHAVE_STDINT > _H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 > -DHAVE_UNISTD_H=1 -I. - > I. -I/usr/include/apache2 > -I/root/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_ > x86_glibc_PTH_OPT.OBJ/include > -I/root/dsbuild/ds/mozilla/work/mozilla/dist/publi > c/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include > -I/tmp/fedora-ds-bui > ld/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 > -I/tmp/fedora-ds-build/inc > lude -L/tmp/fedora-ds-build/lib -O2 -pipe > -I/tmp/fedora-ds-build/include -L/tmp/ > fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include > -L/tmp/fedora-ds-bu > ild/lib -O2 -pipe -c mod_nss.c -MT mod_nss.lo -MD -MP -MF > .deps/mod_nss.TPlo -f > PIC -DPIC -o .libs/mod_nss.lo > In file included from mod_nss.c:16: > mod_nss.h:30:17: error: mpm.h: No such file or directory > make[2]: *** [mod_nss.lo] Error 1 > make[2]: Leaving directory /root/dsbuild/ds/mod_nss/work/mod_nss-1.0' > make[1]: *** [build-work/mod_nss-1.0/Makefile] Error 2 > make[1]: Leaving directory /root/dsbuild/ds/mod_nss' > make: *** [dep-../../ds/mod_nss] Error 2 > > Wheres the Error? > > Regards > Daniel > > > > > Richard Megginson wrote: > >> Daniel Spannbauer wrote: >> >>> Ok, I solved the "-lcurses"-Problem with a link from >>> /usr/lib/libncurses.a to libcurses.a >>> Next Problem: The make wont find the termcap: >>> >>> *** No rule to make target -ltermcap', needed by >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PT >>> >>> H_OPT.OBJ/lib/libinstall.a'. >>> Stop. >>> >>> A find obove /usr/lib found:ox:~/dsbuild/meta/ds # find /usr/lib/ >>> -name *termcap* -print >>> /usr/lib/zsh/4.2.5/zsh/termcap.so >>> /usr/lib/libtermcap.so.2.0.8 >>> /usr/lib/perl5/5.8.7/termcap.pl >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/termcap.ph >>> /usr/lib/termcap >>> /usr/lib/termcap/libtermcap.a >>> /usr/lib/termcap/libtermcap.so >>> /usr/lib/libtermcap.so.2 >>> >>> >>> Does anybody know how to solve that? >> >> >> >> It's looking for libtermcap.so in /usr/lib, but on your system it is >> in /usr/lib/termcap. You can either make a symlink for that, or edit >> setuputil/nsconfig.mk or setuputil/nsdefs.mk (I can't remember which) >> and add /usr/lib/termcap to the lib path. >> >>> >>> Regards >>> >>> Daniel >>> >>> >>> >>> Daniel Spannbauer wrote: >>> >>>> Hallo Richard, >>>> >>>> sorry, I should read your messages :) >>>> >>>> find /us/lib -name \*curses\* -print: >>>> /usr/lib/YaST2/plugin/libpy2ncurses.so.2 >>>> /usr/lib/YaST2/plugin/libpy2ncurses.so.2.0.0 >>>> /usr/lib/YaST2/plugin/libpy2ncurses.la >>>> /usr/lib/YaST2/plugin/libpy2ncurses.so >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesapp.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesf.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesm.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesp.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesw.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/curses.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses_dll.ph >>>> /usr/lib/libncurses++w.a >>>> /usr/lib/libncurses.so.4 >>>> /usr/lib/libncurses.so.4.2 >>>> /usr/lib/python2.4/lib-dynload/_curses_panel.so >>>> /usr/lib/python2.4/lib-dynload/_curses.so >>>> /usr/lib/python2.4/curses >>>> /usr/lib/libncurses++.a >>>> /usr/lib/libncursesw.so.5 >>>> /usr/lib/libncursesw.so >>>> /usr/lib/libncurses.so >>>> /usr/lib/libncursesw.so.5.4 >>>> /usr/lib/libncurses.a >>>> ox:~ # So no lcurses. Now I >>>> have to look where to find this curses for SuSE. >>>> >>>> Thank >>>> >>>> Regards >>>> >>>> Daniel >>>> >>>> >>>> Richard Megginson wrote: >>>> >>>>> Ok. Try >>>>> find /usr/lib -name \*curses\* -print >>>>> >>>>> It's failing to find -lcurses, which should be the file >>>>> /usr/lib/*curses* >>>>> >>>>> Daniel Spannbauer wrote: >>>>> >>>>>> Hallo Richard, >>>>>> >>>>>> the Output is: >>>>>> ox:~ # find /usr/include/ -name \*curses\* -print >>>>>> /usr/include/cursesapp.h >>>>>> /usr/include/curses.h >>>>>> /usr/include/ncurses.h >>>>>> /usr/include/cursesf.h >>>>>> /usr/include/cursesm.h >>>>>> /usr/include/cursesp.h >>>>>> /usr/include/cursesw.h >>>>>> /usr/include/ncurses_dll.h >>>>>> >>>>>> Thats all. >>>>>> >>>>>> Regards >>>>>> Daniel >>>>>> >>>>>> >>>>>> >>>>>> Richard Megginson wrote: >>>>>> >>>>>>> On my system, the curses libs are provided by the ncurses and >>>>>>> ncurses-devel packages. >>>>>>> Try this: >>>>>>> find /usr/lib -name \*curses\* -print >>>>>>> ? >>>>>>> >>>>>>> Daniel Spannbauer wrote: >>>>>>> >>>>>>>> Hallo Richard, >>>>>>>> >>>>>>>> yes, I get an Output. >>>>>>>> There was something wrong on the system. Reboot solved it. >>>>>>>> Anyway: >>>>>>>> A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>> [fetch] complete for ds. >>>>>>>> [checksum] complete for ds. >>>>>>>> [extract] complete for ds. >>>>>>>> [patch] complete for ds. >>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>> ==> Building ds/icu as a dependency >>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> make[2]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>> The components are up to date >>>>>>>> >>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>> >>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> gmake[3]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>> SECURITY=domestic >>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> gmake[4]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>> uninstall.h code.h >>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>> >>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= >>>>>>>> USE_PTHREADS=1 NS_PRODUCT= >>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> gmake[5]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>> >>>>>>>> gmake[5]: *** No rule to make target -lcurses', needed by >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >>>>>>>> >>>>>>>> Stop. >>>>>>>> gmake[5]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>> >>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>> gmake[4]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>> gmake[3]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>> make[2]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>> >>>>>>>> >>>>>>>> ------------------- >>>>>>>> >>>>>>>> Thanks for your help. >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> Daniel >>>>>>>> >>>>>>>> ---------------------- >>>>>>>> >>>>>>>> >>>>>>>> Richard Megginson wrote: >>>>>>>> >>>>>>>>> I'm not sure what needs to be installed. On my Fedora Core 4 >>>>>>>>> system, /usr/include/curses.h is provided by the ncurses-devel >>>>>>>>> package. >>>>>>>>> If you do >>>>>>>>> find /usr/include -name curses.h -print >>>>>>>>> do you get anything? >>>>>>>>> >>>>>>>>> Daniel Spannbauer wrote: >>>>>>>>> >>>>>>>>>> Hallo Richard >>>>>>>>>> >>>>>>>>>> ncurses und ncurses-devel is installed. >>>>>>>>>> >>>>>>>>>> greetings >>>>>>>>>> >>>>>>>>>> Daniel >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Richard Megginson wrote: >>>>>>>>>> >>>>>>>>>>> Looks like you need to install curses-devel or ncurses-devel >>>>>>>>>>> >>>>>>>>>>> Daniel Spannbauer wrote: >>>>>>>>>>> >>>>>>>>>>>> Hallo, >>>>>>>>>>>> >>>>>>>>>>>> i Try to install the Directory-Server on SuSE 10.0. While >>>>>>>>>>>> the dsbuild I get an Error. >>>>>>>>>>>> Here the Complete Log of the dsbuild: >>>>>>>>>>>> -------------------------------------------------------------- >>>>>>>>>>>> >>>>>>>>>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>>>>>> [fetch] complete for ds. >>>>>>>>>>>> [checksum] complete for ds. >>>>>>>>>>>> [extract] complete for ds. >>>>>>>>>>>> [patch] complete for ds. >>>>>>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>>>>>> ==> Building ds/icu as a dependency >>>>>>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> make[2]: Entering directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>>>>>> The components are up to date >>>>>>>>>>>> >>>>>>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>>>>>> >>>>>>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> gmake[3]: Entering directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>>>> SECURITY=domestic >>>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> gmake[4]: Entering directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>>>> >>>>>>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>>>>>> uninstall.h code.h >>>>>>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h >>>>>>>>>>>> setupnvpair.h >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>>>>>> >>>>>>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>>>> SECURITY=domestic >>>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= >>>>>>>>>>>> USE_PTHREADS=1 NS_PRODUCT= >>>>>>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> gmake[5]: Entering directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>>>>>>>>> -D_XOPEN_SOURCE >>>>>>>>>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK >>>>>>>>>>>> -DXP_UNIX -DLinux -O2 >>>>>>>>>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>>>>>>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>>>>>>>>> -I../../include >>>>>>>>>>>> ux-curse.c -o >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>>>>>>>>> >>>>>>>>>>>> In file included from ux-curse.c:33: >>>>>>>>>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>>>>>>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>>>>>>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>> (first use in this function) >>>>>>>>>>>> ux-curse.c:78: error: (Each undeclared identifier is >>>>>>>>>>>> reported only once >>>>>>>>>>>> ux-curse.c:78: error: for each function it appears in.) >>>>>>>>>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>>>>>>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>> (first use in this function) >>>>>>>>>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>>>>>>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>> (first use in this function) >>>>>>>>>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>>>>>>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>> (first use in this function) >>>>>>>>>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>>>>>>>>> ux-curse.c:354: warning: comparison between pointer and integer >>>>>>>>>>>> ux-curse.c:356: warning: comparison between pointer and integer >>>>>>>>>>>> ux-curse.c:358: warning: comparison between pointer and integer >>>>>>>>>>>> gmake[5]: *** >>>>>>>>>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>>>>>>>>> >>>>>>>>>>>> Error 1gmake[5]: Leaving directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>>>> >>>>>>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>>>>>> gmake[4]: Leaving directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>>>> >>>>>>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>>>>>> gmake[3]: Leaving directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>>>>>> make[2]: Leaving directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------------------ >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Does anybody know why? >>>>>>>>>>>> >>>>>>>>>>>> Thanks for helping >>>>>>>>>>>> >>>>>>>>>>>> Daniel >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Fedora-directory-users mailing list >>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Fedora-directory-users mailing list >>>>>>>> Fedora-directory-users at redhat.com >>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>> >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > -- Daniel Spannbauer EDV Systembetreuung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-66 Auf der Wies 8, D 87727 Babenhausen Fax +49 8333 9233-11 http://www.marco.de/ Email ds at marco.de From horlacher at belwue.de Wed Dec 14 14:04:58 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Wed, 14 Dec 2005 15:04:58 +0100 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <43A0077D.9020409@marco.de> References: <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> Message-ID: <20051214140458.GB24848@belwue.de> On Wed 2005-12-14 (12:52), Daniel Spannbauer wrote: (your make-log is hard to read, due to its wrong new lines) > Ok, some flies linked, a few Steps later: > > cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" > -DPACKAGE_S > TRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" > -DVERSION=\"1.0\" -DST > DC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 > -DHAVE_S > TRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 > -DHAVE_STDINT > _H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 > -DHAVE_UNISTD_H=1 -I. - > I. -I/usr/include/apache2 > -I/root/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_ > x86_glibc_PTH_OPT.OBJ/include > -I/root/dsbuild/ds/mozilla/work/mozilla/dist/publi > c/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include > -I/tmp/fedora-ds-bui > ld/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 > -I/tmp/fedora-ds-build/inc > lude -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include > -L/tmp/ > fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include > -L/tmp/fedora-ds-bu > ild/lib -O2 -pipe -c mod_nss.c -MT mod_nss.lo -MD -MP -MF > .deps/mod_nss.TPlo -f > PIC -DPIC -o .libs/mod_nss.lo > In file included from mod_nss.c:16: > mod_nss.h:30:17: error: mpm.h: No such file or directory You do not have mpm.h in the INCLUDE-Path. See (I have SELS 9.3): lanldap2:~# find /usr/include -name mpm.h /usr/include/apache2-metuxmpm/mpm.h /usr/include/apache2-leader/mpm.h /usr/include/apache2-prefork/mpm.h /usr/include/apache2-worker/mpm.h The dsbuild-process uses "-I/usr/include/apache2", see above. A symbolic link from /usr/include/apache2-worker to /usr/include/apache2 might help you. -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From rcritten at redhat.com Wed Dec 14 14:09:13 2005 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 14 Dec 2005 09:09:13 -0500 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 In-Reply-To: <43A0077D.9020409@marco.de> References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> Message-ID: <43A02789.3030800@redhat.com> Missing mpm.h is really strange. That is provided in a default Apache 2.0 install. Can you do: find /usr/include -name mpm.h -print? thanks rob Daniel Spannbauer wrote: > Ok, some flies linked, a few Steps later: > > cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" > -DPACKAGE_S > TRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" > -DVERSION=\"1.0\" -DST > DC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 > -DHAVE_S > TRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 > -DHAVE_STDINT > _H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 > -DHAVE_UNISTD_H=1 -I. - > I. -I/usr/include/apache2 > -I/root/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_ > x86_glibc_PTH_OPT.OBJ/include > -I/root/dsbuild/ds/mozilla/work/mozilla/dist/publi > c/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include > -I/tmp/fedora-ds-bui > ld/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 > -I/tmp/fedora-ds-build/inc > lude -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include > -L/tmp/ > fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include > -L/tmp/fedora-ds-bu > ild/lib -O2 -pipe -c mod_nss.c -MT mod_nss.lo -MD -MP -MF > .deps/mod_nss.TPlo -f > PIC -DPIC -o .libs/mod_nss.lo > In file included from mod_nss.c:16: > mod_nss.h:30:17: error: mpm.h: No such file or directory > make[2]: *** [mod_nss.lo] Error 1 > make[2]: Leaving directory /root/dsbuild/ds/mod_nss/work/mod_nss-1.0' > make[1]: *** [build-work/mod_nss-1.0/Makefile] Error 2 > make[1]: Leaving directory /root/dsbuild/ds/mod_nss' > make: *** [dep-../../ds/mod_nss] Error 2 > > Wheres the Error? > > Regards > Daniel > > > > > Richard Megginson wrote: > >> Daniel Spannbauer wrote: >> >>> Ok, I solved the "-lcurses"-Problem with a link from >>> /usr/lib/libncurses.a to libcurses.a >>> Next Problem: The make wont find the termcap: >>> >>> *** No rule to make target -ltermcap', needed by >>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PT >>> >>> H_OPT.OBJ/lib/libinstall.a'. >>> Stop. >>> >>> A find obove /usr/lib found:ox:~/dsbuild/meta/ds # find /usr/lib/ >>> -name *termcap* -print >>> /usr/lib/zsh/4.2.5/zsh/termcap.so >>> /usr/lib/libtermcap.so.2.0.8 >>> /usr/lib/perl5/5.8.7/termcap.pl >>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/termcap.ph >>> /usr/lib/termcap >>> /usr/lib/termcap/libtermcap.a >>> /usr/lib/termcap/libtermcap.so >>> /usr/lib/libtermcap.so.2 >>> >>> >>> Does anybody know how to solve that? >> >> >> >> It's looking for libtermcap.so in /usr/lib, but on your system it is >> in /usr/lib/termcap. You can either make a symlink for that, or edit >> setuputil/nsconfig.mk or setuputil/nsdefs.mk (I can't remember which) >> and add /usr/lib/termcap to the lib path. >> >>> >>> Regards >>> >>> Daniel >>> >>> >>> >>> Daniel Spannbauer wrote: >>> >>>> Hallo Richard, >>>> >>>> sorry, I should read your messages :) >>>> >>>> find /us/lib -name \*curses\* -print: >>>> /usr/lib/YaST2/plugin/libpy2ncurses.so.2 >>>> /usr/lib/YaST2/plugin/libpy2ncurses.so.2.0.0 >>>> /usr/lib/YaST2/plugin/libpy2ncurses.la >>>> /usr/lib/YaST2/plugin/libpy2ncurses.so >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesapp.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesf.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesm.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesp.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesw.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/curses.ph >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses_dll.ph >>>> /usr/lib/libncurses++w.a >>>> /usr/lib/libncurses.so.4 >>>> /usr/lib/libncurses.so.4.2 >>>> /usr/lib/python2.4/lib-dynload/_curses_panel.so >>>> /usr/lib/python2.4/lib-dynload/_curses.so >>>> /usr/lib/python2.4/curses >>>> /usr/lib/libncurses++.a >>>> /usr/lib/libncursesw.so.5 >>>> /usr/lib/libncursesw.so >>>> /usr/lib/libncurses.so >>>> /usr/lib/libncursesw.so.5.4 >>>> /usr/lib/libncurses.a >>>> ox:~ # So no lcurses. Now I >>>> have to look where to find this curses for SuSE. >>>> >>>> Thank >>>> >>>> Regards >>>> >>>> Daniel >>>> >>>> >>>> Richard Megginson wrote: >>>> >>>>> Ok. Try >>>>> find /usr/lib -name \*curses\* -print >>>>> >>>>> It's failing to find -lcurses, which should be the file >>>>> /usr/lib/*curses* >>>>> >>>>> Daniel Spannbauer wrote: >>>>> >>>>>> Hallo Richard, >>>>>> >>>>>> the Output is: >>>>>> ox:~ # find /usr/include/ -name \*curses\* -print >>>>>> /usr/include/cursesapp.h >>>>>> /usr/include/curses.h >>>>>> /usr/include/ncurses.h >>>>>> /usr/include/cursesf.h >>>>>> /usr/include/cursesm.h >>>>>> /usr/include/cursesp.h >>>>>> /usr/include/cursesw.h >>>>>> /usr/include/ncurses_dll.h >>>>>> >>>>>> Thats all. >>>>>> >>>>>> Regards >>>>>> Daniel >>>>>> >>>>>> >>>>>> >>>>>> Richard Megginson wrote: >>>>>> >>>>>>> On my system, the curses libs are provided by the ncurses and >>>>>>> ncurses-devel packages. >>>>>>> Try this: >>>>>>> find /usr/lib -name \*curses\* -print >>>>>>> ? >>>>>>> >>>>>>> Daniel Spannbauer wrote: >>>>>>> >>>>>>>> Hallo Richard, >>>>>>>> >>>>>>>> yes, I get an Output. >>>>>>>> There was something wrong on the system. Reboot solved it. >>>>>>>> Anyway: >>>>>>>> A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>> [fetch] complete for ds. >>>>>>>> [checksum] complete for ds. >>>>>>>> [extract] complete for ds. >>>>>>>> [patch] complete for ds. >>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>> ==> Building ds/icu as a dependency >>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> make[2]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>> The components are up to date >>>>>>>> >>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>> >>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> gmake[3]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>> SECURITY=domestic >>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> gmake[4]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>> uninstall.h code.h >>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>> >>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= USE_PTHREADS=1 >>>>>>>> NS_PRODUCT= >>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>> gmake[5]: Entering directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>> >>>>>>>> gmake[5]: *** No rule to make target -lcurses', needed by >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >>>>>>>> >>>>>>>> Stop. >>>>>>>> gmake[5]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>> >>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>> gmake[4]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>> gmake[3]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>> make[2]: Leaving directory >>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>> >>>>>>>> >>>>>>>> ------------------- >>>>>>>> >>>>>>>> Thanks for your help. >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> Daniel >>>>>>>> >>>>>>>> ---------------------- >>>>>>>> >>>>>>>> >>>>>>>> Richard Megginson wrote: >>>>>>>> >>>>>>>>> I'm not sure what needs to be installed. On my Fedora Core 4 >>>>>>>>> system, /usr/include/curses.h is provided by the ncurses-devel >>>>>>>>> package. >>>>>>>>> If you do >>>>>>>>> find /usr/include -name curses.h -print >>>>>>>>> do you get anything? >>>>>>>>> >>>>>>>>> Daniel Spannbauer wrote: >>>>>>>>> >>>>>>>>>> Hallo Richard >>>>>>>>>> >>>>>>>>>> ncurses und ncurses-devel is installed. >>>>>>>>>> >>>>>>>>>> greetings >>>>>>>>>> >>>>>>>>>> Daniel >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Richard Megginson wrote: >>>>>>>>>> >>>>>>>>>>> Looks like you need to install curses-devel or ncurses-devel >>>>>>>>>>> >>>>>>>>>>> Daniel Spannbauer wrote: >>>>>>>>>>> >>>>>>>>>>>> Hallo, >>>>>>>>>>>> >>>>>>>>>>>> i Try to install the Directory-Server on SuSE 10.0. While >>>>>>>>>>>> the dsbuild I get an Error. >>>>>>>>>>>> Here the Complete Log of the dsbuild: >>>>>>>>>>>> -------------------------------------------------------------- >>>>>>>>>>>> >>>>>>>>>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>>>>>> [fetch] complete for ds. >>>>>>>>>>>> [checksum] complete for ds. >>>>>>>>>>>> [extract] complete for ds. >>>>>>>>>>>> [patch] complete for ds. >>>>>>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>>>>>> ==> Building ds/icu as a dependency >>>>>>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> make[2]: Entering directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>>>>>> The components are up to date >>>>>>>>>>>> >>>>>>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>>>>>> >>>>>>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> gmake[3]: Entering directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>>>> SECURITY=domestic >>>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> gmake[4]: Entering directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>>>> >>>>>>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>>>>>> uninstall.h code.h >>>>>>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h >>>>>>>>>>>> setupnvpair.h >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>>>>>> >>>>>>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>>>> SECURITY=domestic >>>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= >>>>>>>>>>>> USE_PTHREADS=1 NS_PRODUCT= >>>>>>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>> gmake[5]: Entering directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>>>>>>>>> -D_XOPEN_SOURCE >>>>>>>>>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK >>>>>>>>>>>> -DXP_UNIX -DLinux -O2 >>>>>>>>>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>>>>>>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>>>>>>>>> -I../../include >>>>>>>>>>>> ux-curse.c -o >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>>>>>>>>> >>>>>>>>>>>> In file included from ux-curse.c:33: >>>>>>>>>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>>>>>>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>>>>>>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>> (first use in this function) >>>>>>>>>>>> ux-curse.c:78: error: (Each undeclared identifier is >>>>>>>>>>>> reported only once >>>>>>>>>>>> ux-curse.c:78: error: for each function it appears in.) >>>>>>>>>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>>>>>>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>> (first use in this function) >>>>>>>>>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>>>>>>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>> (first use in this function) >>>>>>>>>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>>>>>>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>> (first use in this function) >>>>>>>>>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>>>>>>>>> ux-curse.c:354: warning: comparison between pointer and integer >>>>>>>>>>>> ux-curse.c:356: warning: comparison between pointer and integer >>>>>>>>>>>> ux-curse.c:358: warning: comparison between pointer and integer >>>>>>>>>>>> gmake[5]: *** >>>>>>>>>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>>>>>>>>> >>>>>>>>>>>> Error 1gmake[5]: Leaving directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>>>> >>>>>>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>>>>>> gmake[4]: Leaving directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>>>> >>>>>>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>>>>>> gmake[3]: Leaving directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>>>>>> make[2]: Leaving directory >>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------------------ >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Does anybody know why? >>>>>>>>>>>> >>>>>>>>>>>> Thanks for helping >>>>>>>>>>>> >>>>>>>>>>>> Daniel >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Fedora-directory-users mailing list >>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Fedora-directory-users mailing list >>>>>>>> Fedora-directory-users at redhat.com >>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>> >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rcritten at redhat.com Wed Dec 14 14:16:18 2005 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 14 Dec 2005 09:16:18 -0500 Subject: [Fedora-directory-users] Installing FDS on SuSE 10.0 In-Reply-To: <43A01EAA.8060904@marco.de> References: <43983428.6080908@marco.de> <4398437F.8080208@redhat.com> <43984BFC.5080007@marco.de> <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A01EAA.8060904@marco.de> Message-ID: <43A02932.1070100@redhat.com> Daniel Spannbauer wrote: > Ok, linked /usr/include/apache2/ap_mpm.h to mpm.h, works. Till the next > error: > > > if cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../plugins > -I../include -I/tm > p/fedora-ds-build/include -I/tmp/fedora-ds-build/include > -I/tmp/fedora-ds-build/ > include -Wall -W -I/tmp/fedora-ds-build/include > -L/tmp/fedora-ds-build/lib -O2 > -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 > -pipe -I/tmp > /fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -MT > ../plugins/sas > ldb.o -MD -MP -MF ".deps/../plugins/sasldb.Tpo" \ > -c -o ../plugins/sasldb.o ^Test -f '../plugins/sasldb.c' || echo > './'../plugin > s/sasldb.c; \ > then mv ".deps/../plugins/sasldb.Tpo" ".deps/../plugins/sasldb.Po"; \ > else rm -f ".deps/../plugins/sasldb.Tpo"; exit 1; \ > fi > ../plugins/sasldb.c: In function ?<80><98>sasldb_auxprop_lookup?<80><99>: > ../plugins/sasldb.c:59: warning: unused parameter > ?<80><98>glob_context?<80><99> > ../plugins/sasldb.c: In function ?<80><98>sasldb_auxprop_store?<80><99>: > ../plugins/sasldb.c:131: warning: unused parameter > ?<80><98>glob_context?<80> > <99> > ../plugins/sasldb.c: In function > ?<80><98>sasldb_auxprop_plug_init?<80><99>: > ../plugins/sasldb.c:206: warning: unused parameter > ?<80><98>plugname?<80><99> > ../plugins/sasldb.c: At top level: > ../plugins/sasldb.c:223: fatal error: opening dependency file > .deps/../plugins/s > asldb.Tpo: No such file or directory > compilation terminated. > make[4]: *** [../plugins/sasldb.o] Error 1 > make[4]: Leaving directory > /root/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20/li > b' > make[3]: *** [all-recursive] Error 1 > make[3]: Leaving directory > /root/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20' > make[2]: *** [all] Error 2 > make[2]: Leaving directory > /root/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20' > make[1]: *** [build-work/cyrus-sasl-2.1.20/Makefile] Error 2 > make[1]: Leaving directory /root/dsbuild/ds/cyrus-sasl' > make: *** [dep-../../ds/cyrus-sasl] Error 2 > > > Is the dsbuild tested on other OS than Fedora? Yes. It also builds on HP/ux and Solaris. Some of the problems you've had are environmental (differences in libraries, locations, etc). All of the library requirements are documented at http://directory.fedora.redhat.com/wiki/Building I'd swear this error sounds familiar. Can you ensure that you have the development package of db4 installed? I know I worked with another user on a sasl build problem and posted the output to my configure, can you compare your output to that? rob > > Regards > > Daniel > > > > Daniel Spannbauer wrote: > >> Ok, some flies linked, a few Steps later: >> >> cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" >> -DPACKAGE_S >> TRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" >> -DVERSION=\"1.0\" -DST >> DC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 >> -DHAVE_STDLIB_H=1 -DHAVE_S >> TRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 >> -DHAVE_STDINT >> _H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 >> -DHAVE_UNISTD_H=1 -I. - >> I. -I/usr/include/apache2 >> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_ >> x86_glibc_PTH_OPT.OBJ/include >> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/publi >> c/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include >> -I/tmp/fedora-ds-bui >> ld/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 >> -I/tmp/fedora-ds-build/inc >> lude -L/tmp/fedora-ds-build/lib -O2 -pipe >> -I/tmp/fedora-ds-build/include -L/tmp/ >> fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include >> -L/tmp/fedora-ds-bu >> ild/lib -O2 -pipe -c mod_nss.c -MT mod_nss.lo -MD -MP -MF >> .deps/mod_nss.TPlo -f >> PIC -DPIC -o .libs/mod_nss.lo >> In file included from mod_nss.c:16: >> mod_nss.h:30:17: error: mpm.h: No such file or directory >> make[2]: *** [mod_nss.lo] Error 1 >> make[2]: Leaving directory /root/dsbuild/ds/mod_nss/work/mod_nss-1.0' >> make[1]: *** [build-work/mod_nss-1.0/Makefile] Error 2 >> make[1]: Leaving directory /root/dsbuild/ds/mod_nss' >> make: *** [dep-../../ds/mod_nss] Error 2 >> >> Wheres the Error? >> >> Regards >> Daniel >> >> >> >> >> Richard Megginson wrote: >> >>> Daniel Spannbauer wrote: >>> >>>> Ok, I solved the "-lcurses"-Problem with a link from >>>> /usr/lib/libncurses.a to libcurses.a >>>> Next Problem: The make wont find the termcap: >>>> >>>> *** No rule to make target -ltermcap', needed by >>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PT >>>> >>>> H_OPT.OBJ/lib/libinstall.a'. >>>> Stop. >>>> >>>> A find obove /usr/lib found:ox:~/dsbuild/meta/ds # find /usr/lib/ >>>> -name *termcap* -print >>>> /usr/lib/zsh/4.2.5/zsh/termcap.so >>>> /usr/lib/libtermcap.so.2.0.8 >>>> /usr/lib/perl5/5.8.7/termcap.pl >>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/termcap.ph >>>> /usr/lib/termcap >>>> /usr/lib/termcap/libtermcap.a >>>> /usr/lib/termcap/libtermcap.so >>>> /usr/lib/libtermcap.so.2 >>>> >>>> >>>> Does anybody know how to solve that? >>> >>> >>> >>> >>> It's looking for libtermcap.so in /usr/lib, but on your system it is >>> in /usr/lib/termcap. You can either make a symlink for that, or edit >>> setuputil/nsconfig.mk or setuputil/nsdefs.mk (I can't remember which) >>> and add /usr/lib/termcap to the lib path. >>> >>>> >>>> Regards >>>> >>>> Daniel >>>> >>>> >>>> >>>> Daniel Spannbauer wrote: >>>> >>>>> Hallo Richard, >>>>> >>>>> sorry, I should read your messages :) >>>>> >>>>> find /us/lib -name \*curses\* -print: >>>>> /usr/lib/YaST2/plugin/libpy2ncurses.so.2 >>>>> /usr/lib/YaST2/plugin/libpy2ncurses.so.2.0.0 >>>>> /usr/lib/YaST2/plugin/libpy2ncurses.la >>>>> /usr/lib/YaST2/plugin/libpy2ncurses.so >>>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesapp.ph >>>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesf.ph >>>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesm.ph >>>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesp.ph >>>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/cursesw.ph >>>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses.ph >>>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/curses.ph >>>>> /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ncurses_dll.ph >>>>> >>>>> /usr/lib/libncurses++w.a >>>>> /usr/lib/libncurses.so.4 >>>>> /usr/lib/libncurses.so.4.2 >>>>> /usr/lib/python2.4/lib-dynload/_curses_panel.so >>>>> /usr/lib/python2.4/lib-dynload/_curses.so >>>>> /usr/lib/python2.4/curses >>>>> /usr/lib/libncurses++.a >>>>> /usr/lib/libncursesw.so.5 >>>>> /usr/lib/libncursesw.so >>>>> /usr/lib/libncurses.so >>>>> /usr/lib/libncursesw.so.5.4 >>>>> /usr/lib/libncurses.a >>>>> ox:~ # So no lcurses. Now I >>>>> have to look where to find this curses for SuSE. >>>>> >>>>> Thank >>>>> >>>>> Regards >>>>> >>>>> Daniel >>>>> >>>>> >>>>> Richard Megginson wrote: >>>>> >>>>>> Ok. Try >>>>>> find /usr/lib -name \*curses\* -print >>>>>> >>>>>> It's failing to find -lcurses, which should be the file >>>>>> /usr/lib/*curses* >>>>>> >>>>>> Daniel Spannbauer wrote: >>>>>> >>>>>>> Hallo Richard, >>>>>>> >>>>>>> the Output is: >>>>>>> ox:~ # find /usr/include/ -name \*curses\* -print >>>>>>> /usr/include/cursesapp.h >>>>>>> /usr/include/curses.h >>>>>>> /usr/include/ncurses.h >>>>>>> /usr/include/cursesf.h >>>>>>> /usr/include/cursesm.h >>>>>>> /usr/include/cursesp.h >>>>>>> /usr/include/cursesw.h >>>>>>> /usr/include/ncurses_dll.h >>>>>>> >>>>>>> Thats all. >>>>>>> >>>>>>> Regards >>>>>>> Daniel >>>>>>> >>>>>>> >>>>>>> >>>>>>> Richard Megginson wrote: >>>>>>> >>>>>>>> On my system, the curses libs are provided by the ncurses and >>>>>>>> ncurses-devel packages. >>>>>>>> Try this: >>>>>>>> find /usr/lib -name \*curses\* -print >>>>>>>> ? >>>>>>>> >>>>>>>> Daniel Spannbauer wrote: >>>>>>>> >>>>>>>>> Hallo Richard, >>>>>>>>> >>>>>>>>> yes, I get an Output. >>>>>>>>> There was something wrong on the system. Reboot solved it. >>>>>>>>> Anyway: >>>>>>>>> A new failure:ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>>> [fetch] complete for ds. >>>>>>>>> [checksum] complete for ds. >>>>>>>>> [extract] complete for ds. >>>>>>>>> [patch] complete for ds. >>>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>>> ==> Building ds/icu as a dependency >>>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> make[2]: Entering directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>>> The components are up to date >>>>>>>>> >>>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>>> >>>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> gmake[3]: Entering directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>> SECURITY=domestic >>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> gmake[4]: Entering directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>> >>>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>>> uninstall.h code.h >>>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h setupnvpair.h >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>>> >>>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= >>>>>>>>> USE_PTHREADS=1 NS_PRODUCT= >>>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>> gmake[5]: Entering directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>> >>>>>>>>> gmake[5]: *** No rule to make target -lcurses', needed by >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall.a'. >>>>>>>>> >>>>>>>>> Stop. >>>>>>>>> gmake[5]: Leaving directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>> >>>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>>> gmake[4]: Leaving directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>> >>>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>>> gmake[3]: Leaving directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>>> make[2]: Leaving directory >>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] Error 2 >>>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------- >>>>>>>>> >>>>>>>>> Thanks for your help. >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> >>>>>>>>> Daniel >>>>>>>>> >>>>>>>>> ---------------------- >>>>>>>>> >>>>>>>>> >>>>>>>>> Richard Megginson wrote: >>>>>>>>> >>>>>>>>>> I'm not sure what needs to be installed. On my Fedora Core 4 >>>>>>>>>> system, /usr/include/curses.h is provided by the ncurses-devel >>>>>>>>>> package. >>>>>>>>>> If you do >>>>>>>>>> find /usr/include -name curses.h -print >>>>>>>>>> do you get anything? >>>>>>>>>> >>>>>>>>>> Daniel Spannbauer wrote: >>>>>>>>>> >>>>>>>>>>> Hallo Richard >>>>>>>>>>> >>>>>>>>>>> ncurses und ncurses-devel is installed. >>>>>>>>>>> >>>>>>>>>>> greetings >>>>>>>>>>> >>>>>>>>>>> Daniel >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Richard Megginson wrote: >>>>>>>>>>> >>>>>>>>>>>> Looks like you need to install curses-devel or ncurses-devel >>>>>>>>>>>> >>>>>>>>>>>> Daniel Spannbauer wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hallo, >>>>>>>>>>>>> >>>>>>>>>>>>> i Try to install the Directory-Server on SuSE 10.0. While >>>>>>>>>>>>> the dsbuild I get an Error. >>>>>>>>>>>>> Here the Complete Log of the dsbuild: >>>>>>>>>>>>> -------------------------------------------------------------- >>>>>>>>>>>>> >>>>>>>>>>>>> ox:~/dsbuild/meta/ds # make [BUILD_RPM=1] >>>>>>>>>>>>> [===== NOW BUILDING: ds-1 =====] >>>>>>>>>>>>> [fetch] complete for ds. >>>>>>>>>>>>> [checksum] complete for ds. >>>>>>>>>>>>> [extract] complete for ds. >>>>>>>>>>>>> [patch] complete for ds. >>>>>>>>>>>>> ==> Building ds/mozilla as a dependency >>>>>>>>>>>>> ==> Building ds/icu as a dependency >>>>>>>>>>>>> ==> Building ds/adminutil as a dependency >>>>>>>>>>>>> ==> Building ds/setuputil as a dependency >>>>>>>>>>>>> make[1]: Entering directory /root/dsbuild/ds/setuputil' >>>>>>>>>>>>> [===== NOW BUILDING: fedora-setuputil-1.0 =====] >>>>>>>>>>>>> [fetch] complete for fedora-setuputil. >>>>>>>>>>>>> [checksum] complete for fedora-setuputil. >>>>>>>>>>>>> [extract] complete for fedora-setuputil. >>>>>>>>>>>>> [patch] complete for fedora-setuputil. >>>>>>>>>>>>> [configure] complete for fedora-setuputil. >>>>>>>>>>>>> ==> Running make in work/fedora-setuputil-1.0 >>>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>>> make[2]: Entering directory >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>>> if test ! -d Linux2.6; then mkdir Linux2.6; fi; >>>>>>>>>>>>> perl buildnum.pl -p Linux2.6 >>>>>>>>>>>>> perl pumpkin.pl 90 pumpkin.dat >>>>>>>>>>>>> The components are up to date >>>>>>>>>>>>> >>>>>>>>>>>>> ==== Starting Server Installer Build ========== >>>>>>>>>>>>> >>>>>>>>>>>>> gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic >>>>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= >>>>>>>>>>>>> BUILD_MODULE=SetupSDK -w installerSDK >>>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>>> gmake[3]: Entering directory >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>>> cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>>>>> SECURITY=domestic >>>>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl >>>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>>> gmake[4]: Entering directory >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>>>>> >>>>>>>>>>>>> cd ../include; cp nsdefs.h setupldap.h ldapu.h global.h >>>>>>>>>>>>> uninstall.h code.h >>>>>>>>>>>>> utf8.h nsutils.h setupapi.h setupdefs.h setupinst.h >>>>>>>>>>>>> setupnvpair.h >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/include >>>>>>>>>>>>> >>>>>>>>>>>>> cd ../unix/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 >>>>>>>>>>>>> SECURITY=domestic >>>>>>>>>>>>> MOZILLA_SOURCE_ROOT_EXT= SERVER_BUILD=1 XCFLAGS= >>>>>>>>>>>>> USE_PTHREADS=1 NS_PRODUCT= >>>>>>>>>>>>> VERSION= NS_USE_NATIVE= NSPR_BASENAME= -w >>>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>>> cat: /etc/redhat-release: No such file or directory >>>>>>>>>>>>> gmake[5]: Entering directory >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE >>>>>>>>>>>>> -D_XOPEN_SOURCE >>>>>>>>>>>>> -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK >>>>>>>>>>>>> -DXP_UNIX -DLinux -O2 >>>>>>>>>>>>> -DSPAPI20 -DBUILD_NUM=\"2005.342.1316\" >>>>>>>>>>>>> -I/root/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap >>>>>>>>>>>>> -I../../include >>>>>>>>>>>>> ux-curse.c -o >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o >>>>>>>>>>>>> >>>>>>>>>>>>> In file included from ux-curse.c:33: >>>>>>>>>>>>> ux-curse.h:52:38: error: curses.h: No such file or directory >>>>>>>>>>>>> ux-curse.c: In function ?<80><98>exit_message?<80><99>: >>>>>>>>>>>>> ux-curse.c:78: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>>> (first use in this function) >>>>>>>>>>>>> ux-curse.c:78: error: (Each undeclared identifier is >>>>>>>>>>>>> reported only once >>>>>>>>>>>>> ux-curse.c:78: error: for each function it appears in.) >>>>>>>>>>>>> ux-curse.c: In function ?<80><98>grab_string_generic?<80><99>: >>>>>>>>>>>>> ux-curse.c:217: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>>> (first use in this function) >>>>>>>>>>>>> ux-curse.c: In function ?<80><98>print_oneplace?<80><99>: >>>>>>>>>>>>> ux-curse.c:313: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>>> (first use in this function) >>>>>>>>>>>>> ux-curse.c: In function ?<80><98>new_page?<80><99>: >>>>>>>>>>>>> ux-curse.c:325: error: ?<80><98>stdscr?<80><99> undeclared >>>>>>>>>>>>> (first use in this function) >>>>>>>>>>>>> ux-curse.c: In function ?<80><98>w_initscr?<80><99>: >>>>>>>>>>>>> ux-curse.c:354: warning: comparison between pointer and >>>>>>>>>>>>> integer >>>>>>>>>>>>> ux-curse.c:356: warning: comparison between pointer and >>>>>>>>>>>>> integer >>>>>>>>>>>>> ux-curse.c:358: warning: comparison between pointer and >>>>>>>>>>>>> integer >>>>>>>>>>>>> gmake[5]: *** >>>>>>>>>>>>> [/root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/built/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib/libinstall/ux-curse.o] >>>>>>>>>>>>> >>>>>>>>>>>>> Error 1gmake[5]: Leaving directory >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/unix/lib' >>>>>>>>>>>>> >>>>>>>>>>>>> gmake[4]: *** [all] Error 2 >>>>>>>>>>>>> gmake[4]: Leaving directory >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0/installer/lib' >>>>>>>>>>>>> >>>>>>>>>>>>> gmake[3]: *** [installerSDK] Error 2 >>>>>>>>>>>>> gmake[3]: Leaving directory >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>>> make[2]: *** [buildInstaller] Error 2 >>>>>>>>>>>>> make[2]: Leaving directory >>>>>>>>>>>>> /root/dsbuild/ds/setuputil/work/fedora-setuputil-1.0' >>>>>>>>>>>>> make[1]: *** [build-work/fedora-setuputil-1.0/Makefile] >>>>>>>>>>>>> Error 2 >>>>>>>>>>>>> make[1]: Leaving directory /root/dsbuild/ds/setuputil' >>>>>>>>>>>>> make: *** [dep-../../ds/setuputil] Error 2 >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------------------------------------------------ >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Does anybody know why? >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks for helping >>>>>>>>>>>>> >>>>>>>>>>>>> Daniel >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Fedora-directory-users mailing list >>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------ >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Fedora-directory-users mailing list >>>>>>>> Fedora-directory-users at redhat.com >>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>> >>>> >>> ------------------------------------------------------------------------ >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From horlacher at belwue.de Wed Dec 14 14:35:24 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Wed, 14 Dec 2005 15:35:24 +0100 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <43A02789.3030800@redhat.com> References: <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A02789.3030800@redhat.com> Message-ID: <20051214143524.GC24848@belwue.de> On Wed 2005-12-14 (09:09), Rob Crittenden wrote: > Missing mpm.h is really strange. That is provided in a default Apache > 2.0 install. I run into a similar problem: SuSEs apache2 comes with apxs2 but not with apxs as searched by dsbuild: make[1]: Entering directory `/opt/src/dsbuild/ds/mod_nss' [===== NOW BUILDING: mod_nss-1.0 =====] [fetch] complete for mod_nss. [checksum] complete for mod_nss. [extract] complete for mod_nss. [patch] complete for mod_nss. ==> Running configure in work/mod_nss-1.0 (...) configure: checking for apxs... checking for --with-apxs... no checking for apxs in /usr/local/apache/sbin and /usr/sbin... no checking for apxs in your PATH... checking for apxs... no configure: error: apxs was not found. use --with-apxs to specifiy it. make[1]: *** [configure-work/mod_nss-1.0/configure] Error 1 make[1]: Leaving directory `/opt/src/dsbuild/ds/mod_nss' make: *** [dep-../../ds/mod_nss] Error 2 My workaround then was: lanldap2:/usr/local/bin# ln -s /usr/sbin/apxs2 apxs but now the dsbuild terminates with: make[2]: Entering directory `/opt/src/dsbuild/ds/mod_nss/work/mod_nss-1.0' source='mod_nss.c' object='mod_nss.lo' libtool=yes \ depfile='.deps/mod_nss.Plo' tmpdepfile='.deps/mod_nss.TPlo' \ depmode=gcc3 /bin/sh ./depcomp \ /bin/sh ./libtool --mode=compile cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" -DVERSION=\"1.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -I. -I. -I -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/include -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -c -o mod_nss.lo `test -f 'mod_nss.c' || echo './'`mod_nss.c rm -f .libs/mod_nss.lo cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" -DVERSION=\"1.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -I. -I. -I -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/include -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -c mod_nss.c -MT mod_nss.lo -MD -MP -MF .deps/mod_nss.TPlo -fPIC -DPIC -o .libs/mod_nss.lo In file included from mod_nss.c:16: mod_nss.h:48:18: nspr.h: No such file or directory mod_nss.h:49:21: prerror.h: No such file or directory mod_nss.h:50:21: prnetdb.h: No such file or directory In file included from mod_nss.h:54, from mod_nss.c:16: /opt/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss/pk11func.h:39:21: plarena.h: No such file or directory the missing include-files are in /opt/src/dsbuild/ds/mozilla/work/mozilla/nsprpub/pr/include/ but I do not know why dsbuild cannot locate them. -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From horlacher at belwue.de Wed Dec 14 14:48:44 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Wed, 14 Dec 2005 15:48:44 +0100 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <20051214143524.GC24848@belwue.de> References: <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A02789.3030800@redhat.com> <20051214143524.GC24848@belwue.de> Message-ID: <20051214144844.GD24848@belwue.de> On Wed 2005-12-14 (15:35), Ulli Horlacher wrote: > the missing include-files are in > /opt/src/dsbuild/ds/mozilla/work/mozilla/nsprpub/pr/include/ > but I do not know why dsbuild cannot locate them. I found another workaround: export C_INCLUDE_PATH=/opt/src/dsbuild/ds/mozilla/work/mozilla/nsprpub/pr/include/ dsbuild runs now a little further, but stops with: cd work/fedora-console-1.0 && ant -Dimports.file=imports.FC3 Buildfile: build.xml prepare_build: [mkdir] Created dir: /opt/src/dsbuild/ds/console/work/built/classes [mkdir] Created dir: /opt/src/dsbuild/ds/console/work/imports [input] skipping input as property imports.file has already been set. BUILD FAILED /opt/src/dsbuild/ds/console/work/fedora-console-1.0/build.xml:50: The type doesn't support the nested "condition" element. Total time: 1 second make[1]: *** [build-custom] Error 1 make[1]: Leaving directory `/opt/src/dsbuild/ds/console' make: *** [dep-../../ds/console] Error 2 And this time I have NO IDEA what happend and what to do. -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From horlacher at belwue.de Wed Dec 14 15:51:32 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Wed, 14 Dec 2005 16:51:32 +0100 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <20051214144844.GD24848@belwue.de> References: <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A02789.3030800@redhat.com> <20051214143524.GC24848@belwue.de> <20051214144844.GD24848@belwue.de> Message-ID: <20051214155132.GC25650@belwue.de> On Wed 2005-12-14 (15:48), Ulli Horlacher wrote: > BUILD FAILED > /opt/src/dsbuild/ds/console/work/fedora-console-1.0/build.xml:50: The type doesn't support the nested "condition" element. > > Total time: 1 second > make[1]: *** [build-custom] Error 1 > make[1]: Leaving directory `/opt/src/dsbuild/ds/console' > make: *** [dep-../../ds/console] Error 2 > > > And this time I have NO IDEA what happend and what to do. RTFM helps :-) http://directory.fedora.redhat.com/wiki/Building says: Tools you need (...) ant (1.6.1 or later) SLES 9.3 has ant-1.6.0-177 which is not sufficient. Upgrading to ant-1.6.5 helped. Next problem with dsbuild now is: make[4]: Entering directory `/opt/src/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20/lib' if cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../plugins -I../include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -Wall -W -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -MT ../plugins/sasldb.o -MD -MP -MF ".deps/../plugins/sasldb.Tpo" \ -c -o ../plugins/sasldb.o `test -f '../plugins/sasldb.c' || echo './'`../plugins/sasldb.c; \ then mv ".deps/../plugins/sasldb.Tpo" ".deps/../plugins/sasldb.Po"; \ else rm -f ".deps/../plugins/sasldb.Tpo"; exit 1; \ fi cc1: No such file or directory: opening dependency file .deps/../plugins/sasldb.Tpo make[4]: *** [../plugins/sasldb.o] Error 1 -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From rmeggins at redhat.com Wed Dec 14 15:48:31 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 14 Dec 2005 08:48:31 -0700 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <20051214144844.GD24848@belwue.de> References: <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A02789.3030800@redhat.com> <20051214143524.GC24848@belwue.de> <20051214144844.GD24848@belwue.de> Message-ID: <43A03ECF.1050607@redhat.com> Ulli Horlacher wrote: >On Wed 2005-12-14 (15:35), Ulli Horlacher wrote: > > > >>the missing include-files are in >>/opt/src/dsbuild/ds/mozilla/work/mozilla/nsprpub/pr/include/ >>but I do not know why dsbuild cannot locate them. >> >> Because it's looking for them under mozilla/work/mozilla/dist/ directory, and that directory has a slightly different name than the one it is expecting. What is that name of that directory on your system? > >I found another workaround: > >export C_INCLUDE_PATH=/opt/src/dsbuild/ds/mozilla/work/mozilla/nsprpub/pr/include/ > >dsbuild runs now a little further, but stops with: > >cd work/fedora-console-1.0 && ant -Dimports.file=imports.FC3 >Buildfile: build.xml > >prepare_build: > [mkdir] Created dir: /opt/src/dsbuild/ds/console/work/built/classes > [mkdir] Created dir: /opt/src/dsbuild/ds/console/work/imports > [input] skipping input as property imports.file has already been set. > >BUILD FAILED >/opt/src/dsbuild/ds/console/work/fedora-console-1.0/build.xml:50: The type doesn't support the nested "condition" element. > >Total time: 1 second >make[1]: *** [build-custom] Error 1 >make[1]: Leaving directory `/opt/src/dsbuild/ds/console' >make: *** [dep-../../ds/console] Error 2 > > >And this time I have NO IDEA what happend and what to do. > > It looks as though you have java installed but not the correct version of ant. Does "yum" work on SuSE? If so, perhaps "yum install ant" will work. Also, you need to have javac version 1.4.2 - note that the java included by default in most linux systems is gcc/gcj which will not work (yet) with the console. You must download and install either the IBM or SUN JDK. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Dec 14 15:50:50 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 14 Dec 2005 08:50:50 -0700 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <20051214143524.GC24848@belwue.de> References: <43984DED.5000304@redhat.com> <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A02789.3030800@redhat.com> <20051214143524.GC24848@belwue.de> Message-ID: <43A03F5A.1060001@redhat.com> The best way to solve these apxs/apr-config problems is to edit the Makefile in ds/mod_* to use --with-apxs=/path/to/apxs2 and --with-apr-config=/path/to/apr-config or apr-config2 or whatever it's called on your system. Ulli Horlacher wrote: >On Wed 2005-12-14 (09:09), Rob Crittenden wrote: > > >>Missing mpm.h is really strange. That is provided in a default Apache >>2.0 install. >> >> > >I run into a similar problem: >SuSEs apache2 comes with apxs2 but not with apxs as searched by dsbuild: > >make[1]: Entering directory `/opt/src/dsbuild/ds/mod_nss' >[===== NOW BUILDING: mod_nss-1.0 =====] > [fetch] complete for mod_nss. > [checksum] complete for mod_nss. > [extract] complete for mod_nss. > [patch] complete for mod_nss. > ==> Running configure in work/mod_nss-1.0 >(...) >configure: checking for apxs... >checking for --with-apxs... no >checking for apxs in /usr/local/apache/sbin and /usr/sbin... no >checking for apxs in your PATH... checking for apxs... no >configure: error: apxs was not found. use --with-apxs to specifiy it. >make[1]: *** [configure-work/mod_nss-1.0/configure] Error 1 >make[1]: Leaving directory `/opt/src/dsbuild/ds/mod_nss' >make: *** [dep-../../ds/mod_nss] Error 2 > > >My workaround then was: > >lanldap2:/usr/local/bin# ln -s /usr/sbin/apxs2 apxs > >but now the dsbuild terminates with: > >make[2]: Entering directory `/opt/src/dsbuild/ds/mod_nss/work/mod_nss-1.0' >source='mod_nss.c' object='mod_nss.lo' libtool=yes \ >depfile='.deps/mod_nss.Plo' tmpdepfile='.deps/mod_nss.TPlo' \ >depmode=gcc3 /bin/sh ./depcomp \ >/bin/sh ./libtool --mode=compile cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" -DVERSION=\"1.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -I. -I. -I -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/include -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -c -o mod_nss.lo `test -f 'mod_nss.c' || echo './'`mod_nss.c >rm -f .libs/mod_nss.lo >cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" -DVERSION=\"1.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -I. -I. -I -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/include > Does this last directory exist? If not, is there a directory with a similar but slightly different name? >-I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -c mod_nss.c -MT mod_nss.lo -MD -MP -MF .deps/mod_nss.TPlo -fPIC -DPIC -o .libs/mod_nss.lo >In file included from mod_nss.c:16: >mod_nss.h:48:18: nspr.h: No such file or directory >mod_nss.h:49:21: prerror.h: No such file or directory >mod_nss.h:50:21: prnetdb.h: No such file or directory >In file included from mod_nss.h:54, > from mod_nss.c:16: >/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss/pk11func.h:39:21: plarena.h: No such file or directory > > >the missing include-files are in >/opt/src/dsbuild/ds/mozilla/work/mozilla/nsprpub/pr/include/ >but I do not know why dsbuild cannot locate them. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From ds at marco.de Wed Dec 14 16:04:21 2005 From: ds at marco.de (Daniel Spannbauer) Date: Wed, 14 Dec 2005 17:04:21 +0100 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 References: <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A02789.3030800@redhat.com> <20051214143524.GC24848@belwue.de> <20051214144844.GD24848@belwue.de> <20051214155132.GC25650@belwue.de> Message-ID: <43A04285.1010503@marco.de> I raunned into the same probn (see my post on the listing). Installed DB40 and db40-devel, went to the cyrus-sasl-Directory in the dsbuild and made a make distclean, then ./configure and make Then start the dsbuild The it works fine, my fds is fully build, now I#m working on the Install. Regards Daniel Ulli Horlacher wrote: >On Wed 2005-12-14 (15:48), Ulli Horlacher wrote: > > > >>BUILD FAILED >>/opt/src/dsbuild/ds/console/work/fedora-console-1.0/build.xml:50: The type doesn't support the nested "condition" element. >> >>Total time: 1 second >>make[1]: *** [build-custom] Error 1 >>make[1]: Leaving directory `/opt/src/dsbuild/ds/console' >>make: *** [dep-../../ds/console] Error 2 >> >> >>And this time I have NO IDEA what happend and what to do. >> >> > >RTFM helps :-) > >http://directory.fedora.redhat.com/wiki/Building says: > Tools you need > (...) > ant (1.6.1 or later) > >SLES 9.3 has ant-1.6.0-177 which is not sufficient. Upgrading to ant-1.6.5 helped. > >Next problem with dsbuild now is: > >make[4]: Entering directory `/opt/src/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20/lib' >if cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../plugins -I../include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -Wall -W -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -MT ../plugins/sasldb.o -MD -MP -MF ".deps/../plugins/sasldb.Tpo" \ > -c -o ../plugins/sasldb.o `test -f '../plugins/sasldb.c' || echo './'`../plugins/sasldb.c; \ >then mv ".deps/../plugins/sasldb.Tpo" ".deps/../plugins/sasldb.Po"; \ >else rm -f ".deps/../plugins/sasldb.Tpo"; exit 1; \ >fi >cc1: No such file or directory: opening dependency file .deps/../plugins/sasldb.Tpo >make[4]: *** [../plugins/sasldb.o] Error 1 > > > > -- Daniel Spannbauer EDV Systembetreuung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-66 Auf der Wies 8, D 87727 Babenhausen Fax +49 8333 9233-11 http://www.marco.de/ Email ds at marco.de From horlacher at belwue.de Wed Dec 14 16:22:58 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Wed, 14 Dec 2005 17:22:58 +0100 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <43A03F5A.1060001@redhat.com> References: <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A02789.3030800@redhat.com> <20051214143524.GC24848@belwue.de> <43A03F5A.1060001@redhat.com> Message-ID: <20051214162258.GD25650@belwue.de> On Wed 2005-12-14 (08:50), Richard Megginson wrote: > The best way to solve these apxs/apr-config problems is to edit the > Makefile in ds/mod_* to use > --with-apxs=/path/to/apxs2 and --with-apr-config=/path/to/apr-config or > apr-config2 or whatever it's called on your system. Thanks for the tip! I will try it next time. > >make[2]: Entering directory `/opt/src/dsbuild/ds/mod_nss/work/mod_nss-1.0' > >source='mod_nss.c' object='mod_nss.lo' libtool=yes \ > >depfile='.deps/mod_nss.Plo' tmpdepfile='.deps/mod_nss.TPlo' \ > >depmode=gcc3 /bin/sh ./depcomp \ > >/bin/sh ./libtool --mode=compile cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" -DVERSION=\"1.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -I. -I. -I -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/include -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss -I/usr/include/apache2 -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -DWANT_SSL2 -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -c -o mod_nss.lo `test -f 'mod_nss.c' || echo './'`mod_nss.c > >rm -f .libs/mod_nss.lo > >cc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" -DVERSION=\"1.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -I. -I. -I -I/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/include > > > > Does this last directory exist? Yes, it is there: lanldap2: find /opt/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/include | wc -l 133 Strange. Ok, with my C_INCLUDE_PATH hack dsbuild can go on. -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From jsummers at bachman.cs.ou.edu Wed Dec 14 15:08:47 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Wed, 14 Dec 2005 09:08:47 -0600 Subject: [Fedora-directory-users] Admin Console Message-ID: <43A0357F.4020504@cs.ou.edu> Hello List, New to the list here and just beginning to evaluate the fedora-directory server. I have been running Sun's iplanet DS5.1 for a couple of years now and would like to migrate away from that platform. Installed Sun Java 1.5.0.4 I installed the 1.0.1 binary and then ran setup. Then when attempting to start the admin console, the blue Fedora Directory Server / Please Login logo box is displayed. But the next window where login info can be entered is never displayed. It hangs until I go back a do a Ctrl-C. Ideas or suggestions on what I may have overlooked? TIA -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From HaneJ at gsicommerce.com Wed Dec 14 16:44:32 2005 From: HaneJ at gsicommerce.com (Jason Hane) Date: Wed, 14 Dec 2005 11:44:32 -0500 Subject: [Fedora-directory-users] Admin Console Message-ID: A quote from Tony Molloy (I had this same problem yesterday): Try ./startconsole -x nologo The splash screen is hiding the login screen. -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Jim Summers Sent: Wednesday, December 14, 2005 10:09 AM To: fedora-directory-users Subject: [Fedora-directory-users] Admin Console Hello List, New to the list here and just beginning to evaluate the fedora-directory server. I have been running Sun's iplanet DS5.1 for a couple of years now and would like to migrate away from that platform. Installed Sun Java 1.5.0.4 I installed the 1.0.1 binary and then ran setup. Then when attempting to start the admin console, the blue Fedora Directory Server / Please Login logo box is displayed. But the next window where login info can be entered is never displayed. It hangs until I go back a do a Ctrl-C. Ideas or suggestions on what I may have overlooked? TIA -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From dyioulos at firstbhph.com Wed Dec 14 16:47:44 2005 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed, 14 Dec 2005 11:47:44 -0500 Subject: [Fedora-directory-users] Admin Console In-Reply-To: <43A0357F.4020504@cs.ou.edu> References: <43A0357F.4020504@cs.ou.edu> Message-ID: <200512141147.44706.dyioulos@firstbhph.com> On Wednesday December 14 2005 10:08 am, Jim Summers wrote: > Hello List, > > New to the list here and just beginning to evaluate the fedora-directory > server. I have been running Sun's iplanet DS5.1 for a couple of years > now and would like to migrate away from that platform. > > Installed Sun Java 1.5.0.4 > > I installed the 1.0.1 binary and then ran setup. > > Then when attempting to start the admin console, the blue Fedora > Directory Server / Please Login logo box is displayed. But the next > window where login info can be entered is never displayed. It hangs > until I go back a do a Ctrl-C. > > Ideas or suggestions on what I may have overlooked? > I don't remember the fix, but check the archive. This was answered in the last few days. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rmeggins at redhat.com Wed Dec 14 16:46:18 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 14 Dec 2005 09:46:18 -0700 Subject: [Fedora-directory-users] Admin Console In-Reply-To: <43A0357F.4020504@cs.ou.edu> References: <43A0357F.4020504@cs.ou.edu> Message-ID: <43A04C5A.8090400@redhat.com> short answer - use startconsole -x nologo long answer: http://directory.fedora.redhat.com/wiki/Install_Guide Scroll down to where it talks about using java 1.5 Jim Summers wrote: > Hello List, > > New to the list here and just beginning to evaluate the > fedora-directory server. I have been running Sun's iplanet DS5.1 for > a couple of years now and would like to migrate away from that platform. > > Installed Sun Java 1.5.0.4 > > I installed the 1.0.1 binary and then ran setup. > > Then when attempting to start the admin console, the blue Fedora > Directory Server / Please Login logo box is displayed. But the next > window where login info can be entered is never displayed. It hangs > until I go back a do a Ctrl-C. > > Ideas or suggestions on what I may have overlooked? > > TIA -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From kmurphy at herzumsoftware.com Thu Dec 15 00:02:30 2005 From: kmurphy at herzumsoftware.com (Kieran Murphy) Date: Wed, 14 Dec 2005 18:02:30 -0600 Subject: [Fedora-directory-users] Admin Console - RHEL3 Taroon Update 6 In-Reply-To: <43A0357F.4020504@cs.ou.edu> References: <43A0357F.4020504@cs.ou.edu> Message-ID: <43A0B296.4050207@herzumsoftware.com> Hello. We are running RHEL3 with update 6. When we install FDS 7.1, the server installs and runs fine, but the Admin Console will not connect. Below is the initial output after installation: >[slapd-dbdev]: starting up server ... >[slapd-dbdev]: Fedora-Directory/7.1 B2005.146.1918 >[slapd-dbdev]: dbdev.alleanzasalute.it:4000 (/opt/fedora-ds/slapd-dbdev) >[slapd-dbdev]: >[slapd-dbdev]: [14/Dec/2005:12:21:22 +0100] - Fedora-Directory/7.1 >B2005.146.1918 starting up >[slapd-dbdev]: [14/Dec/2005:12:21:22 +0100] - slapd started. Listening on >All Interfaces port 4000 for LDAP requests >Your new directory server has been started. >Created new Directory Server >Start Slapd Starting Slapd server configuration. >Success Slapd Added Directory Server information to Configuration Server. >Configuring Administration Server... >Setting up Administration Server Instance... >Configuring Administration Tasks in Directory Server... >Configuring Global Parameters in Directory Server... >Can't start Admin server [/opt/fedora-ds/start-admin > /tmp/filegUZhF7 2>&1] >(error: No such file or directory)INFO Finished with setup, logfile is >setup/setup.log > > > If I run start-admin the output is normal, "...ready to accept requests". If I then run startconsole, I get the login panel, enter my information, and get back a message that either the server is not running or the URL is incorrect. I've repeated the installation, verified URL, etc. Any thoughts? Thanks - Kieran From horlacher at belwue.de Wed Dec 14 17:12:23 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Wed, 14 Dec 2005 18:12:23 +0100 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <43A04285.1010503@marco.de> References: <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A02789.3030800@redhat.com> <20051214143524.GC24848@belwue.de> <20051214144844.GD24848@belwue.de> <20051214155132.GC25650@belwue.de> <43A04285.1010503@marco.de> Message-ID: <20051214171223.GE25650@belwue.de> On Wed 2005-12-14 (17:04), Daniel Spannbauer wrote: > I raunned into the same probn (see my post on the listing). Not exactly the same problem, I have another error. > Installed DB40 and db40-devel This is an old Version which is not required, see http://directory.fedora.redhat.com/wiki/Building#Berkeley_DB > went to the cyrus-sasl-Directory in the > dsbuild and made a make distclean, > then ./configure and make You run configure without any options. Though you can compile cyrus-sasl in this way, your settings (paths, etc) will probaly not work, because dsbuild runs configure with some command-line options. It's a pity that dsbuild does not show them. -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From mj at sci.fi Wed Dec 14 17:11:39 2005 From: mj at sci.fi (Mike Jackson) Date: Wed, 14 Dec 2005 19:11:39 +0200 Subject: [Fedora-directory-users] Admin Console In-Reply-To: <43A04C5A.8090400@redhat.com> References: <43A0357F.4020504@cs.ou.edu> <43A04C5A.8090400@redhat.com> Message-ID: <43A0524B.5080507@sci.fi> Richard Megginson wrote: > short answer - use startconsole -x nologo Rich, Do you think that maybe the splash screen could be disabled by default (or just removed altogether) in a future release? That thing has bothered me for years, and a lot of folks seem to have problems with it as we have seen recently. I think that it can be categorized as a usability flaw. BR, Mike From rmeggins at redhat.com Wed Dec 14 17:19:39 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 14 Dec 2005 10:19:39 -0700 Subject: [Fedora-directory-users] Admin Console - RHEL3 Taroon Update 6 In-Reply-To: <43A0B296.4050207@herzumsoftware.com> References: <43A0357F.4020504@cs.ou.edu> <43A0B296.4050207@herzumsoftware.com> Message-ID: <43A0542B.3090700@redhat.com> I recommend trying Fedora DS 1.0.1 instead - http://directory.fedora.redhat.com/wiki/Download Kieran Murphy wrote: > Hello. > > We are running RHEL3 with update 6. When we install FDS 7.1, the > server installs and runs fine, but the Admin Console will not > connect. Below is the initial output after installation: > >> [slapd-dbdev]: starting up server ... >> [slapd-dbdev]: Fedora-Directory/7.1 B2005.146.1918 >> [slapd-dbdev]: dbdev.alleanzasalute.it:4000 >> (/opt/fedora-ds/slapd-dbdev) >> [slapd-dbdev]: >> [slapd-dbdev]: [14/Dec/2005:12:21:22 +0100] - Fedora-Directory/7.1 >> B2005.146.1918 starting up >> [slapd-dbdev]: [14/Dec/2005:12:21:22 +0100] - slapd started. >> Listening on >> All Interfaces port 4000 for LDAP requests >> Your new directory server has been started. >> Created new Directory Server >> Start Slapd Starting Slapd server configuration. >> Success Slapd Added Directory Server information to Configuration >> Server. >> Configuring Administration Server... >> Setting up Administration Server Instance... >> Configuring Administration Tasks in Directory Server... >> Configuring Global Parameters in Directory Server... >> Can't start Admin server [/opt/fedora-ds/start-admin > >> /tmp/filegUZhF7 2>&1] >> (error: No such file or directory)INFO Finished with setup, logfile is >> setup/setup.log >> >> >> > If I run start-admin the output is normal, "...ready to accept > requests". If I then run startconsole, I get the login panel, enter > my information, and get back a message that either the server is not > running or the URL is incorrect. I've repeated the installation, > verified URL, etc. > > Any thoughts? > > Thanks - Kieran > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Wed Dec 14 17:52:03 2005 From: mj at sci.fi (Mike Jackson) Date: Wed, 14 Dec 2005 19:52:03 +0200 Subject: [Fedora-directory-users] init script failure and ulimit In-Reply-To: <439F7954.7040209@babel.com.au> References: <439E04C2.8020206@babel.com.au> <439E5B65.3090606@sci.fi> <439F7954.7040209@babel.com.au> Message-ID: <43A05BC3.2080206@sci.fi> Del wrote: > >>> ulimit -n 8192 >> >> >> >> On top of that, you also have to put the same ulimit line in any >> scripts which call ns-slapd (bak2db, db2bak, bak2ldif, ldif2bak, etc). >> This "feature" caused me major problems several weeks ago when those >> scripts failed and left some files with wrong permissions, thus >> causing nearly impossible to debug write deadlocks. >> >> I really hope that this is redesigned in an upcoming release. > > > The ideal thing is if you extend the ulimit in /etc/security/limits.conf, > put the ulimit command in /etc/profile. Then you don't need to fix any > scripts. This is a linux thing, and maybe only a redhat linux thing (I don't know, because I only use RHEL and FC as far as linux goes). It doesn't exist on e.g. FreeBSD. -- mike From jsummers at bachman.cs.ou.edu Wed Dec 14 17:18:58 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Wed, 14 Dec 2005 11:18:58 -0600 Subject: [Fedora-directory-users] Admin Console In-Reply-To: <43A04C5A.8090400@redhat.com> References: <43A0357F.4020504@cs.ou.edu> <43A04C5A.8090400@redhat.com> Message-ID: <43A05402.9080609@cs.ou.edu> Richard Megginson wrote: > short answer - use startconsole -x nologo > > long answer: > http://directory.fedora.redhat.com/wiki/Install_Guide > > Scroll down to where it talks about using java 1.5 Doohhh! Many Thanks. > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From jsummers at bachman.cs.ou.edu Wed Dec 14 17:55:21 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Wed, 14 Dec 2005 11:55:21 -0600 Subject: [Fedora-directory-users] Console Login Problem Message-ID: <43A05C89.7030406@cs.ou.edu> Hello List, Now that I have cleaned my glasses and gotten a login prompt for the console, I am unable to get logged in. I keep getting an error box stating that the Admin server is not running or the URL is not correct. I am using the startconsole command given at the end of the install. I tried to manully start the server with: /opt/fedora-ds/start-admin and got: Syntax error on line 35 of /opt/fedora-ds/admin-serv/config/console.conf: Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n I then edited: ./admin-serv/config/console.conf and added the User and Group lines with apache as the user. Then start-admin does not give any errors but I still can not connect. Also I do not see any associated running process other than the ns-slapd Lost again, ideas or suggestions? I have installed: fedora-ds-1.0.1-1.FC4.i386.opt.rpm on a fully updated FC4 OS. TIA -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From rmeggins at redhat.com Wed Dec 14 18:03:06 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 14 Dec 2005 11:03:06 -0700 Subject: [Fedora-directory-users] Console Login Problem In-Reply-To: <43A05C89.7030406@cs.ou.edu> References: <43A05C89.7030406@cs.ou.edu> Message-ID: <43A05E5A.2020503@redhat.com> It sounds like the initial setup failed. I think the easiest way to get going will be to rpm -e fedora-ds to uninstall everything, then reinstall and run setup again, using the apache (or ldap) user and group instead of root. Fedora DS (currently) uses the same UID for the directory server and the admin server, because some CGIs invoked by the admin server need access to files owned by the directory server UID. You can probably use the (standard) "ldap" user if you do not want to use the default "nobody". Jim Summers wrote: > Hello List, > > Now that I have cleaned my glasses and gotten a login prompt for the > console, I am unable to get logged in. > > I keep getting an error box stating that the Admin server is not > running or the URL is not correct. > > I am using the startconsole command given at the end of the install. > > I tried to manully start the server with: > /opt/fedora-ds/start-admin > > and got: > > Syntax error on line 35 of /opt/fedora-ds/admin-serv/config/console.conf: > Error:\tApache has not been designed to serve pages while\n\trunning > as root. There are known race conditions that\n\twill allow any local > user to read any file on the system.\n\tIf you still desire to serve > pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env > variable\n\tand then rebuild the server.\n\tIt is strongly suggested > that you instead modify the User\n\tdirective in your httpd.conf file > to list a non-root\n\tuser.\n > > I then edited: > > ./admin-serv/config/console.conf > > and added the User and Group lines with apache as the user. > > Then start-admin does not give any errors but I still can not connect. > Also I do not see any associated running process other than the ns-slapd > > Lost again, ideas or suggestions? > > I have installed: fedora-ds-1.0.1-1.FC4.i386.opt.rpm on a fully > updated FC4 OS. > > TIA > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Steve.Saady at DSS.Virginia.gov Wed Dec 14 22:09:12 2005 From: Steve.Saady at DSS.Virginia.gov (Steve Saady) Date: Wed, 14 Dec 2005 17:09:12 -0500 Subject: [Fedora-directory-users] startup script for FDS In-Reply-To: <20051214143531.D5E5F72F49@hormel.redhat.com> References: <20051214143531.D5E5F72F49@hormel.redhat.com> Message-ID: <1134598152.20539.16.camel@fast.dss.state.va.us> Could someone point me to a startup script or some guidance on how to roll my own so FDS starts up on re-boot? -------------- next part -------------- An HTML attachment was scrubbed... URL: From nhosoi at redhat.com Wed Dec 14 22:17:38 2005 From: nhosoi at redhat.com (Noriko Hosoi) Date: Wed, 14 Dec 2005 14:17:38 -0800 Subject: [Fedora-directory-users] startup script for FDS In-Reply-To: <1134598152.20539.16.camel@fast.dss.state.va.us> References: <20051214143531.D5E5F72F49@hormel.redhat.com> <1134598152.20539.16.camel@fast.dss.state.va.us> Message-ID: <43A09A02.5050009@redhat.com> An HTML attachment was scrubbed... URL: From mmontgomery at theplanet.com Wed Dec 14 22:29:34 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Wed, 14 Dec 2005 16:29:34 -0600 Subject: [Fedora-directory-users] admserv_host_ip_check Message-ID: <1134599374.26753.6.camel@localhost> [root@**************** logs]# pwd /opt/fedora-ds/admin-serv/logs [root@**************** logs]# tail -n 2 error [Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202 [Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler Does anyone know how to turn the admserv_host_ip_check off? I've searched through the documentation, and the mailing lists, to no avail. It's becoming terribly annoying when trying to administrate the server from external machines, using a local install of the fedora console. Thanks. From rmeggins at redhat.com Thu Dec 15 03:24:29 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 14 Dec 2005 20:24:29 -0700 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134599374.26753.6.camel@localhost> References: <1134599374.26753.6.camel@localhost> Message-ID: <43A0E1ED.406@redhat.com> Michael Montgomery wrote: >[root@**************** logs]# pwd >/opt/fedora-ds/admin-serv/logs >[root@**************** logs]# tail -n 2 error >[Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202 >[Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler > >Does anyone know how to turn the admserv_host_ip_check off? I've >searched through the documentation, and the mailing lists, to no avail. >It's becoming terribly annoying when trying to administrate the server >from external machines, using a local install of the fedora console. > > http://www.redhat.com/docs/manuals/dir-server/pdf/console60.pdf Chapter 7 - Administration Server Configuration >Thanks. > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From horlacher at belwue.de Thu Dec 15 15:31:09 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Thu, 15 Dec 2005 16:31:09 +0100 Subject: [Fedora-directory-users] Re: Installing FDS on SuSE 10.0 In-Reply-To: <43A02932.1070100@redhat.com> References: <43985464.4040809@marco.de> <43985990.4000805@redhat.com> <43992FE5.4080706@marco.de> <43998AE2.5010409@redhat.com> <439D2D45.4050705@marco.de> <439D6025.70805@marco.de> <439D9986.2030901@redhat.com> <43A0077D.9020409@marco.de> <43A01EAA.8060904@marco.de> <43A02932.1070100@redhat.com> Message-ID: <20051215153109.GA14151@belwue.de> On Wed 2005-12-14 (09:16), Rob Crittenden wrote: (sasl build problem) > I'd swear this error sounds familiar. Can you ensure that you have the > development package of db4 installed? I know I worked with another user > on a sasl build problem and posted the output to my configure, can you > compare your output to that? I searched in the mailinglist archives and found: Message-ID: <433C11B9.9030306 at redhat.com> Message-ID: <433C2487.4030703 at redhat.com> and the link to http://directory.fedora.redhat.com/wiki/FAQ#Failure_building_cyrus-sasl My error was the missing package db-devel. After installing db-devel-4.2.52-86.3 (SLES 9.3), dsbuild is now able to compile sasl. The next errors by dsbuild: bind.c:62:18: sasl.h: No such file or directory workaround: export C_INCLUDE_PATH=/usr/include/apache2-worker:/opt/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/include:/opt/src/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20/include /usr/lib/gcc-lib/i586-suse-linux/3.3.3/../../../../i586-suse-linux/bin/ld: cannot find -lsasl2 workaround: cd /usr/local/lib && ln -s /usr/lib/libsasl2.so.2 libsasl2.so /usr/lib/gcc-lib/i586-suse-linux/3.3.3/../../../../i586-suse-linux/bin/ld: cannot find -lgssapi_krb5 I have no fix for this problem. libgssapi_krb5 is missing on SLES, the free kerberos implementation heimdal does not contain a libgssapi_krb5 What now? -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From mmontgomery at theplanet.com Thu Dec 15 16:03:26 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Thu, 15 Dec 2005 10:03:26 -0600 Subject: [Fedora-directory-users] admserv_host_ip_check Message-ID: <1134662606.26753.11.camel@localhost> Thanks for the information, and sorry I missed that before. I believe this will likely solve some other questions I had about the admin console. > http://www.redhat.com/docs/manuals/dir-server/pdf/console60.pdf > Chapter 7 - Administration Server Configuration From mmontgomery at theplanet.com Thu Dec 15 16:48:54 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Thu, 15 Dec 2005 10:48:54 -0600 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134662606.26753.11.camel@localhost> References: <1134662606.26753.11.camel@localhost> Message-ID: <1134665334.26753.17.camel@localhost> Ok, I've tried for the "Host Names to allow", * and *.*, neither work. I've tried for the "Ips to allow", * and 10.*.*.* Neither work again with the same error message: [Wed Dec 14 15:20:14 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202 [Wed Dec 14 15:20:14 2005] [notice] [client 10.5.1.202] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202 [Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Thu Dec 15 09:12:08 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202 [Thu Dec 15 09:12:08 2005] [notice] [client 10.5.1.202] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler Using Version 1.0.2 on a fresh RHEL4 install. What am I missing here? Thanks again. On Thu, 2005-12-15 at 10:03 -0600, Michael Montgomery wrote: > Thanks for the information, and sorry I missed that before. I believe > this will likely solve some other questions I had about the admin > console. > > > http://www.redhat.com/docs/manuals/dir-server/pdf/console60.pdf > > Chapter 7 - Administration Server Configuration > From rmeggins at redhat.com Thu Dec 15 16:49:36 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 15 Dec 2005 09:49:36 -0700 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134665334.26753.17.camel@localhost> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> Message-ID: <43A19EA0.7010807@redhat.com> I'm not sure, but it's really just an annoyance, assuming your console works fine otherwise. You can probably change the default log level to "warn" to make these messages go away. It looks like your log level is set to "notice" or higher. This is the LogLevel setting in admin-serv/config/httpd.conf. If you change this, you will have to restart-admin. Michael Montgomery wrote: >Ok, I've tried for the "Host Names to allow", * and *.*, neither work. >I've tried for the "Ips to allow", * and 10.*.*.* >Neither work again with the same error message: > >[Wed Dec 14 15:20:14 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202 >[Wed Dec 14 15:20:14 2005] [notice] [client 10.5.1.202] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler >[Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202 >[Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler >[Thu Dec 15 09:12:08 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202 >[Thu Dec 15 09:12:08 2005] [notice] [client 10.5.1.202] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler > >Using Version 1.0.2 on a fresh RHEL4 install. > >What am I missing here? > >Thanks again. > >On Thu, 2005-12-15 at 10:03 -0600, Michael Montgomery wrote: > > >>Thanks for the information, and sorry I missed that before. I believe >>this will likely solve some other questions I had about the admin >>console. >> >> >> >>>http://www.redhat.com/docs/manuals/dir-server/pdf/console60.pdf >>>Chapter 7 - Administration Server Configuration >>> >>> > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mmontgomery at theplanet.com Thu Dec 15 19:57:17 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Thu, 15 Dec 2005 13:57:17 -0600 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134665334.26753.17.camel@localhost> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> Message-ID: <1134676638.28465.8.camel@localhost> Actually, I'll clarify, it's still not allowing a remote admin client instance to connect to it, and these are the errors it's spitting out. The error from 'startconsole' is this: "Cannot logon because of an incorrect User ID, Incorrect password, or Directory problem. HttpException: Response HTTP/1.1 401 Authorization Required Status: 401 URL: http://ldap02:43845/admin-serv/authenticate" I've gotten this error before, and it seems quite generic, and I've found it to be a sign of dns issues, among other things. These are the last lines in any of the log files for slapd, or admin. [Thu Dec 15 13:52:56 2005] [warn] [client 10.5.1.202] admserv_host_ip_check: failed to get host by ip addr [10.5.1.202] - check your host and DNS configuration [Thu Dec 15 13:52:56 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: Unauthorized host ip=10.5.1.202, connection rejected Any help would certainly be greatly appreciated. On Thu, 2005-12-15 at 10:48 -0600, Michael Montgomery wrote: > Ok, I've tried for the "Host Names to allow", * and *.*, neither work. > I've tried for the "Ips to allow", * and 10.*.*.* From jsummers at bachman.cs.ou.edu Thu Dec 15 17:37:45 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Thu, 15 Dec 2005 11:37:45 -0600 Subject: [Fedora-directory-users] SambaDomain Message-ID: <43A1A9E9.6070404@cs.ou.edu> Hello List, Everything going well with the evaluation / migration of FDS. I did hit one snag this morning that I have not been able to debug yet. 1. I used the LdapImport tool to migrate settings/schema from my running iplanet5.1 ldap. 2. On my existing ldapserver I generated an ldif using db2ldif. 3. Then through the console imported that database. All went well here except it would not add an entry to my ou=samba that had: objectClass: sambaDomain 4. Looked through the 99user.ldif and it looks complete. 5. If I try to add the entry without an objectclass it, naturally says it can't add without an object class. Here is a ldif I am using: dn: sambaDomainName=CSN,ou=samba,dc=cs,dc=ou,dc=edu sambaSID: S-1-5-21-81879834-2421259029-2731548829 sambaAlgorithmicRidBase: 1000 objectClass: sambadomain sambaNextUserRid: 67109862 sambaNextGroupRid: 67109863 sambaDomainName: CSN I messed around with caps and stuff but no diff. Any ideas what I have overlooked? TIA -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From Steve.Saady at DSS.Virginia.gov Thu Dec 15 20:56:43 2005 From: Steve.Saady at DSS.Virginia.gov (Steve Saady) Date: Thu, 15 Dec 2005 15:56:43 -0500 Subject: [Fedora-directory-users] ldapimport anonymous bind... In-Reply-To: <20051215170005.71A42737C0@hormel.redhat.com> References: <20051215170005.71A42737C0@hormel.redhat.com> Message-ID: <1134680203.20539.44.camel@fast.dss.state.va.us> So.. I am trying to transfer my OpenLDAP schema and data into an FDS host... and have gotten pretty frustrated.. The LDAPimport utility looks very promising, but it seems to only use anonymous binds, or at least unable for some reason to bing w/ privileges, which is unsuccessful, not for lack of trying. Has anyone been able to get LDAPimport to bing w/ specific credentials? http://wiki.babel.com.au/index.php?area=Linux_Projects&page=LdapImport "LdapConnectionManager: Currently connected -- searching. LdapConnectionManager: We have a search error. LdapConnectionManager: Error = I/O Error LdapConnectionManager: Error Name = LDAP_OPERATIONS_ERROR LdapConnectionManager: Error Text = Server encountered an internal error LdapConnectionManager: Sleeping for 1 seconds. LdapConnectionManager: Reconnect to $VAR1 = '10.10.10.35'; LdapConnectionManager: Reconnection OK LdapConnectionManager: Binding anonymously LdapConnectionManager: Bind complete. LdapConnectionManager: Currently disconnected -- attempting to reconnect. LdapConnectionManager: Sleeping for 1 seconds. LdapConnectionManager: Reconnect to $VAR1 = '10.10.10.35';" -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Dec 15 21:20:14 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 15 Dec 2005 14:20:14 -0700 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134676638.28465.8.camel@localhost> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> <1134676638.28465.8.camel@localhost> Message-ID: <43A1DE0E.6090506@redhat.com> Michael Montgomery wrote: >Actually, I'll clarify, it's still not allowing a remote admin client >instance to connect to it, and these are the errors it's spitting out. > >The error from 'startconsole' is this: > >"Cannot logon because of an incorrect User ID, Incorrect password, or >Directory problem. >HttpException: >Response HTTP/1.1 401 Authorization Required >Status: 401 >URL: http://ldap02:43845/admin-serv/authenticate" > >I've gotten this error before, and it seems quite generic, and I've >found it to be a sign of dns issues, among other things. These are the >last lines in any of the log files for slapd, or admin. > >[Thu Dec 15 13:52:56 2005] [warn] [client 10.5.1.202] admserv_host_ip_check: failed to get host by ip addr [10.5.1.202] - check your host and DNS configuration >[Thu Dec 15 13:52:56 2005] [notice] [client 10.5.1.202] admserv_host_ip_check: Unauthorized host ip=10.5.1.202, connection rejected > >Any help would certainly be greatly appreciated. > >On Thu, 2005-12-15 at 10:48 -0600, Michael Montgomery wrote: > > >>Ok, I've tried for the "Host Names to allow", * and *.*, neither work. >> >> You need to set hostnames to allow to NULL or empty - if there is anything there, it will assume you want to do access based on host/domain name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration. >>I've tried for the "Ips to allow", * and 10.*.*.* >> >> This should work if you're not using Host Names to allow. > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From del at babel.com.au Thu Dec 15 21:34:26 2005 From: del at babel.com.au (Del) Date: Fri, 16 Dec 2005 08:34:26 +1100 Subject: [Fedora-directory-users] SambaDomain In-Reply-To: <43A1A9E9.6070404@cs.ou.edu> References: <43A1A9E9.6070404@cs.ou.edu> Message-ID: <43A1E162.101@babel.com.au> Jim Summers wrote: > Hello List, > > Everything going well with the evaluation / migration of FDS. I did hit > one snag this morning that I have not been able to debug yet. > > 1. I used the LdapImport tool to migrate settings/schema from my running > iplanet5.1 ldap. > > 2. On my existing ldapserver I generated an ldif using db2ldif. > > 3. Then through the console imported that database. All went well here > except it would not add an entry to my ou=samba that had: > > objectClass: sambaDomain You need to add: objectClass: top ... to that object. -- Del From del at babel.com.au Thu Dec 15 21:37:09 2005 From: del at babel.com.au (Del) Date: Fri, 16 Dec 2005 08:37:09 +1100 Subject: [Fedora-directory-users] ldapimport anonymous bind... In-Reply-To: <1134680203.20539.44.camel@fast.dss.state.va.us> References: <20051215170005.71A42737C0@hormel.redhat.com> <1134680203.20539.44.camel@fast.dss.state.va.us> Message-ID: <43A1E205.7030205@babel.com.au> Steve Saady wrote: > So.. I am trying to transfer > my OpenLDAP schema and data into an FDS host... and have gotten pretty > frustrated.. The LDAPimport utility looks very promising, but it seems > to only use anonymous binds, or at least unable for some reason to bing > w/ privileges, which is unsuccessful, not for lack of trying. Has > anyone been able to get LDAPimport to bing w/ specific credentials? It works for me. LdapImport does an anonymous bind first, to check that the server is up, before attempting a normal bind. > "LdapConnectionManager: Currently connected -- searching. > LdapConnectionManager: We have a search error. > LdapConnectionManager: Error = I/O Error > LdapConnectionManager: Error Name = LDAP_OPERATIONS_ERROR > LdapConnectionManager: Error Text = Server encountered an > internal error This looks bad. Go check your server error log, or turn error logging on if it's not on already and check there. It could be that the bind is failing on a bad SSL certificate or something, and the LdapImport.log file doesn't give you enough information when the server just returns "internal error". -- Del From jsummers at bachman.cs.ou.edu Thu Dec 15 21:44:27 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Thu, 15 Dec 2005 15:44:27 -0600 Subject: [Fedora-directory-users] ldapimport anonymous bind... In-Reply-To: <43A1E205.7030205@babel.com.au> References: <20051215170005.71A42737C0@hormel.redhat.com> <1134680203.20539.44.camel@fast.dss.state.va.us> <43A1E205.7030205@babel.com.au> Message-ID: <43A1E3BB.3090707@cs.ou.edu> Del wrote: > Steve Saady wrote: > >> So.. I am trying to >> transfer my OpenLDAP schema and data into an FDS host... and have >> gotten pretty frustrated.. The LDAPimport utility looks very >> promising, but it seems to only use anonymous binds, or at least >> unable for some reason to bing w/ privileges, which is unsuccessful, >> not for lack of trying. Has anyone been able to get LDAPimport to >> bing w/ specific credentials? > > > It works for me. Works here. The cn= and password were all that was needed. > > LdapImport does an anonymous bind first, to check that the server is up, > before attempting a normal bind. > >> "LdapConnectionManager: Currently connected -- searching. >> LdapConnectionManager: We have a search error. >> LdapConnectionManager: Error = I/O Error >> LdapConnectionManager: Error Name = LDAP_OPERATIONS_ERROR >> LdapConnectionManager: Error Text = Server encountered an >> internal error > > > This looks bad. Go check your server error log, or turn error logging > on if it's not on already and check there. It could be that the bind > is failing on a bad SSL certificate or something, and the LdapImport.log > file doesn't give you enough information when the server just returns > "internal error". > -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From jsummers at bachman.cs.ou.edu Thu Dec 15 21:47:41 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Thu, 15 Dec 2005 15:47:41 -0600 Subject: [Fedora-directory-users] SambaDomain In-Reply-To: <43A1E162.101@babel.com.au> References: <43A1A9E9.6070404@cs.ou.edu> <43A1E162.101@babel.com.au> Message-ID: <43A1E47D.8090407@cs.ou.edu> Del wrote: > Jim Summers wrote: > >> Hello List, >> >> Everything going well with the evaluation / migration of FDS. I did >> hit one snag this morning that I have not been able to debug yet. >> >> 1. I used the LdapImport tool to migrate settings/schema from my >> running iplanet5.1 ldap. >> >> 2. On my existing ldapserver I generated an ldif using db2ldif. >> >> 3. Then through the console imported that database. All went well >> here except it would not add an entry to my ou=samba that had: >> >> objectClass: sambaDomain > > > You need to add: > > objectClass: top > > ... to that object. Very cool. Worked. I wonder why the 5.1 instance didn't require it? I guess possibly LdapImport could have mis-fired somehow. I am pretty sure I have schema checking=on in the 5.1 instance. Thanks Again! > -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From minfrin at sharp.fm Thu Dec 15 22:54:58 2005 From: minfrin at sharp.fm (Graham Leggett) Date: Fri, 16 Dec 2005 00:54:58 +0200 Subject: [Fedora-directory-users] PATCH: fedora-directoryconsole builds clean on JDK v1.5 Message-ID: <43A1F442.8020203@sharp.fm> Hi all, The attached patch fixes errors compiling on JDK v1.5, caused by the use of the now reserved word "enum". Regards, Graham -- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: fedora-directoryconsole-jdk15.patch URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3220 bytes Desc: S/MIME Cryptographic Signature URL: From minfrin at sharp.fm Fri Dec 16 09:45:27 2005 From: minfrin at sharp.fm (Graham Leggett) Date: Fri, 16 Dec 2005 11:45:27 +0200 Subject: [Fedora-directory-users] ERROR: Can't find component: base Message-ID: <43A28CB7.2010905@sharp.fm> Hi all, Having managed to get the build to run all the way to the end on Solaris 10, I am now having problems with the setup program. During the setup, the screen asks what to install like so: Fedora components: Components with a number in () contain additional subcomponents which you can select using subsequent screens. 1. Fedora Directory Server 2. Fedora Directory Server Console Selecting anything bombs out the setup program like so: ERROR: Can't find component: base Press any key to continue. Does anybody know what the "base" component is, and why it might be missing? Regards, Graham -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3220 bytes Desc: S/MIME Cryptographic Signature URL: From admin at hostyle.it Fri Dec 16 12:07:04 2005 From: admin at hostyle.it (Enrico Valsecchi) Date: Fri, 16 Dec 2005 13:07:04 +0100 Subject: [Fedora-directory-users] Probably very stupid problem .... Message-ID: <200512161307.04243.admin@hostyle.it> Hi All, I have a problem. My Users, stored correctly into Fedora-DS, can't login into my Linux System. (With OpenLdap did not have this problem) I don't understand where is MY error! :( There are my system settings.... Many Thanks! Bye, Enrico /etc/pam.d/system-auth auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_localuser.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap /etc/ldap.conf AND /etc/openldap.conf suffix "dc=chiccomara,dc=org" uri ldap://centos.chiccomara.org/ ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid pam_password ssha nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org # nss_base_hosts ou=Host,ou=Mizar Solutions,dc=chiccomara,dc=org scope one From craigwhite at azapple.com Fri Dec 16 13:23:12 2005 From: craigwhite at azapple.com (Craig White) Date: Fri, 16 Dec 2005 06:23:12 -0700 Subject: [Fedora-directory-users] Probably very stupid problem .... In-Reply-To: <200512161307.04243.admin@hostyle.it> References: <200512161307.04243.admin@hostyle.it> Message-ID: <1134739392.24693.7.camel@lin-workstation.azapple.com> On Fri, 2005-12-16 at 13:07 +0100, Enrico Valsecchi wrote: > Hi All, > > I have a problem. > My Users, stored correctly into Fedora-DS, > can't login into my Linux System. > (With OpenLdap did not have this problem) > I don't understand where is MY error! > :( > > There are my system settings.... > > Many Thanks! > > Bye, > > Enrico > > /etc/pam.d/system-auth > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > auth required /lib/security/$ISA/pam_deny.so > > account required /lib/security/$ISA/pam_unix.so broken_shadow > account sufficient /lib/security/$ISA/pam_localuser.so > account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet > account [default=bad success=ok > user_unknown=ignore] /lib/security/$ISA/pam_ldap.so > account required /lib/security/$ISA/pam_permit.so > > password requisite /lib/security/$ISA/pam_cracklib.so retry=3 > password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok > md5 shadow > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok > password required /lib/security/$ISA/pam_deny.so > > session required /lib/security/$ISA/pam_limits.so > session required /lib/security/$ISA/pam_unix.so > session optional /lib/security/$ISA/pam_ldap.so > > /etc/nsswitch.conf > passwd: files ldap > shadow: files ldap > group: files ldap > > /etc/ldap.conf AND /etc/openldap.conf > suffix "dc=chiccomara,dc=org" ---- should have /etc/openldap/ldap.conf with at least... BASE: dc=chiccomara,dc=org HOST: 127.0.0.1 ---- > > uri ldap://centos.chiccomara.org/ > ldap_version 3 > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute memberuid > pam_password ssha > nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org > nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org > nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org > # nss_base_hosts ou=Host,ou=Mizar Solutions,dc=chiccomara,dc=org > scope one ----- probably need here... base: dc=chiccomara,dc=org host: 127.0.0.1 rootbinddn: cn=Directory Manager #or whatever bind dn you choose and I am not all knowing on PADL tools but I would have... nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org?one and then /etc/ldap.secret with your rootbinddn password chmod 600 and you should be able to simply test it by doing... getent passwd getent group and get your users/groups listed Craig From admin at hostyle.it Fri Dec 16 13:36:49 2005 From: admin at hostyle.it (Enrico Valsecchi) Date: Fri, 16 Dec 2005 14:36:49 +0100 Subject: [Fedora-directory-users] Probably very stupid problem .... In-Reply-To: <1134739392.24693.7.camel@lin-workstation.azapple.com> References: <200512161307.04243.admin@hostyle.it> <1134739392.24693.7.camel@lin-workstation.azapple.com> Message-ID: <200512161436.49368.admin@hostyle.it> > should have /etc/openldap/ldap.conf with at least... > > BASE: dc=chiccomara,dc=org > HOST: 127.0.0.1 [.... cut ....] > > # nss_base_hosts ou=Host,ou=Mizar Solutions,dc=chiccomara,dc=org > > scope one > probably need here... > > base: dc=chiccomara,dc=org > host: 127.0.0.1 > rootbinddn: cn=Directory Manager #or whatever bind dn you choose > and I am not all knowing on PADL tools but I would have... > nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one > nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one > nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org?one > > and then /etc/ldap.secret with your rootbinddn password chmod 600 > > and you should be able to simply test it by doing... > > getent passwd > getent group Mumble mumble, if if run getent passwd and getent group, I have a complete list of users and group. Only problem is user authentication! I have saved my users (with posixAccount) under ou called "Users". During last hour I have search into the net a solution, without result. After, I have thought to replace ou "Users" with ou "People", and I have saved a new user under this new ou. Magically all it works. Question: to this point, it's necessary have one ou called "People" in order to guarantee the authentication under Linux with Fedora-DS? Bye, Enrico From rmeggins at redhat.com Fri Dec 16 16:11:16 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 16 Dec 2005 09:11:16 -0700 Subject: [Fedora-directory-users] Probably very stupid problem .... In-Reply-To: <200512161436.49368.admin@hostyle.it> References: <200512161307.04243.admin@hostyle.it> <1134739392.24693.7.camel@lin-workstation.azapple.com> <200512161436.49368.admin@hostyle.it> Message-ID: <43A2E724.8040005@redhat.com> Enrico Valsecchi wrote: >>should have /etc/openldap/ldap.conf with at least... >> >>BASE: dc=chiccomara,dc=org >>HOST: 127.0.0.1 >> >> > >[.... cut ....] > > >>># nss_base_hosts ou=Host,ou=Mizar Solutions,dc=chiccomara,dc=org >>>scope one >>> >>> >>probably need here... >> >>base: dc=chiccomara,dc=org >>host: 127.0.0.1 >>rootbinddn: cn=Directory Manager #or whatever bind dn you choose >>and I am not all knowing on PADL tools but I would have... >>nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one >>nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one >>nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org?one >> >>and then /etc/ldap.secret with your rootbinddn password chmod 600 >> >>and you should be able to simply test it by doing... >> >>getent passwd >>getent group >> >> > >Mumble mumble, if if run getent passwd and getent group, >I have a complete list of users and group. >Only problem is user authentication! >I have saved my users (with posixAccount) under ou called "Users". >During last hour I have search into the net a solution, without result. > >After, I have thought to replace ou "Users" with ou "People", and I have saved >a new user under this new ou. >Magically all it works. >Question: to this point, it's necessary have one ou called "People" >in order to guarantee the authentication under Linux with Fedora-DS? > > No. You can use any naming convention you want. By default, FDS uses ou=People, and perhaps some of the openldap/nis/nss/pam stuff uses ou=Users by default. It was probably just some lingering config file somewhere. >Bye, > >Enrico > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mmontgomery at theplanet.com Fri Dec 16 17:29:31 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Fri, 16 Dec 2005 11:29:31 -0600 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134676638.28465.8.camel@localhost> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> <1134676638.28465.8.camel@localhost> Message-ID: <1134754171.29613.7.camel@localhost> >You need to set hostnames to allow to NULL or empty - if there is anything there, it will assume you want to do access based on host/domain name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration. Thank you, Thank you. When it mentions that you can use wildcards, it simply causes confusion. From mmontgomery at theplanet.com Fri Dec 16 18:02:24 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Fri, 16 Dec 2005 12:02:24 -0600 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134754171.29613.7.camel@localhost> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> <1134676638.28465.8.camel@localhost> <1134754171.29613.7.camel@localhost> Message-ID: <1134756144.29613.16.camel@localhost> Ok, this is just great. I've locked myself out of the admin server now, and no ips can connect. So... I'll try the admconfig tool mentioned in the console.pdf file... oh great, that doesn't work either: [root at corporate-ds admin]# ./admconfig --h ./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or directory ./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot execute: No such file or directory [root at corporate-ds admin]# ls -l /opt/fedora-ds/bin/ admin/ slapd/ user/ Can I manually edit some config files somewhere to allow this to work? Also, I come in today to find the replication server's admin console doing this: [Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.******.com, ou=inside.*******.com, o=NetscapeRoot] [Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389] [Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202] admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks, cn=admin-serv-ldap02, cn=fedora administration server, cn=server group, cn=ldap02.inside.*************.com, ou=inside.*********************.com, o=netscaperoot] not found for user [uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or the user was not authorized And the admin console server won't start with this error: [Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN Anybody got any clues what is going on? I seem to be having some pretty bad luck here. Thanks again. On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote: > >You need to set hostnames to allow to NULL or empty - if there is anything there, it will assume you want to do access based on host/domain name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration. > > Thank you, > Thank you. > > When it mentions that you can use wildcards, it simply causes confusion. From nhosoi at redhat.com Fri Dec 16 18:08:37 2005 From: nhosoi at redhat.com (Noriko Hosoi) Date: Fri, 16 Dec 2005 10:08:37 -0800 Subject: [Fedora-directory-users] ERROR: Can't find component: base In-Reply-To: <43A28CB7.2010905@sharp.fm> References: <43A28CB7.2010905@sharp.fm> Message-ID: <43A302A5.6010102@redhat.com> An HTML attachment was scrubbed... URL: From craigwhite at azapple.com Fri Dec 16 18:22:06 2005 From: craigwhite at azapple.com (Craig White) Date: Fri, 16 Dec 2005 11:22:06 -0700 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134756144.29613.16.camel@localhost> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> <1134676638.28465.8.camel@localhost> <1134754171.29613.7.camel@localhost> <1134756144.29613.16.camel@localhost> Message-ID: <1134757326.24693.23.camel@lin-workstation.azapple.com> On Fri, 2005-12-16 at 12:02 -0600, Michael Montgomery wrote: > Ok, this is just great. I've locked myself out of the admin server now, > and no ips can connect. So... I'll try the admconfig tool mentioned in > the console.pdf file... oh great, that doesn't work either: > > [root at corporate-ds admin]# ./admconfig --h > ./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or directory > ./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot execute: No such file or directory > > [root at corporate-ds admin]# ls -l /opt/fedora-ds/bin/ > admin/ slapd/ user/ > > Can I manually edit some config files somewhere to allow this to work? > > Also, I come in today to find the replication server's admin console doing this: > > [Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.******.com, ou=inside.*******.com, o=NetscapeRoot] > [Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389] > [Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202] admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks, cn=admin-serv-ldap02, cn=fedora administration server, cn=server group, cn=ldap02.inside.*************.com, ou=inside.*********************.com, o=netscaperoot] not found for user [uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or the user was not authorized > > And the admin console server won't start with this error: > > [Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN > > Anybody got any clues what is going on? I seem to be having some pretty bad luck here. > > Thanks again. > > On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote: > > >You need to set hostnames to allow to NULL or empty - if there is anything there, it will assume you want to do access based on host/domain name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration. > > > > Thank you, > > Thank you. > > > > When it mentions that you can use wildcards, it simply causes confusion. ---- ls -l /opt/fedora-ds/admin-serv/config Craig From rmeggins at redhat.com Fri Dec 16 18:27:45 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 16 Dec 2005 11:27:45 -0700 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134756144.29613.16.camel@localhost> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> <1134676638.28465.8.camel@localhost> <1134754171.29613.7.camel@localhost> <1134756144.29613.16.camel@localhost> Message-ID: <43A30721.30704@redhat.com> http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt Michael Montgomery wrote: >Ok, this is just great. I've locked myself out of the admin server now, >and no ips can connect. So... I'll try the admconfig tool mentioned in >the console.pdf file... oh great, that doesn't work either: > >[root at corporate-ds admin]# ./admconfig --h >./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or directory >./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot execute: No such file or directory > >[root at corporate-ds admin]# ls -l /opt/fedora-ds/bin/ >admin/ slapd/ user/ > >Can I manually edit some config files somewhere to allow this to work? > >Also, I come in today to find the replication server's admin console doing this: > >[Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.******.com, ou=inside.*******.com, o=NetscapeRoot] >[Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389] >[Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202] admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks, cn=admin-serv-ldap02, cn=fedora administration server, cn=server group, cn=ldap02.inside.*************.com, ou=inside.*********************.com, o=netscaperoot] not found for user [uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or the user was not authorized > >And the admin console server won't start with this error: > >[Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN > >Anybody got any clues what is going on? I seem to be having some pretty bad luck here. > >Thanks again. > >On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote: > > >>>You need to set hostnames to allow to NULL or empty - if there is anything there, it will assume you want to do access based on host/domain name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration. >>> >>> >>Thank you, >>Thank you. >> >>When it mentions that you can use wildcards, it simply causes confusion. >> >> > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mmontgomery at theplanet.com Fri Dec 16 18:37:10 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Fri, 16 Dec 2005 12:37:10 -0600 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134757326.24693.23.camel@lin-workstation.azapple.com> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> <1134676638.28465.8.camel@localhost> <1134754171.29613.7.camel@localhost> <1134756144.29613.16.camel@localhost> <1134757326.24693.23.camel@lin-workstation.azapple.com> Message-ID: <1134758230.30059.5.camel@localhost> On Fri, 2005-12-16 at 11:22 -0700, Craig White wrote: > On Fri, 2005-12-16 at 12:02 -0600, Michael Montgomery wrote: > > Ok, this is just great. I've locked myself out of the admin server now, > > and no ips can connect. So... I'll try the admconfig tool mentioned in > > the console.pdf file... oh great, that doesn't work either: > > > > [root at corporate-ds admin]# ./admconfig --h > > ./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or directory > > ./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot execute: No such file or directory > > > > [root at corporate-ds admin]# ls -l /opt/fedora-ds/bin/ > > admin/ slapd/ user/ > > > > Can I manually edit some config files somewhere to allow this to work? > > > > Also, I come in today to find the replication server's admin console doing this: > > > > [Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.******.com, ou=inside.*******.com, o=NetscapeRoot] > > [Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389] > > [Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202] admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks, cn=admin-serv-ldap02, cn=fedora administration server, cn=server group, cn=ldap02.inside.*************.com, ou=inside.*********************.com, o=netscaperoot] not found for user [uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or the user was not authorized > > > > And the admin console server won't start with this error: > > > > [Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN > > > > Anybody got any clues what is going on? I seem to be having some pretty bad luck here. > > > > Thanks again. > > > > On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote: > > > >You need to set hostnames to allow to NULL or empty - if there is anything there, it will assume you want to do access based on host/domain name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration. > > > > > > Thank you, > > > Thank you. > > > > > > When it mentions that you can use wildcards, it simply causes confusion. > ---- > ls -l /opt/fedora-ds/admin-serv/config > > Craig Thank you Strangely, any changes made in the local.conf file, specifically the below field, seem to get overwritten when the admin server starts again, so this also will not allow me to connect. local.conf:configuration.nsAdminAccessAddresses: * > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From nkinder at redhat.com Fri Dec 16 18:54:56 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Fri, 16 Dec 2005 10:54:56 -0800 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <1134758230.30059.5.camel@localhost> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> <1134676638.28465.8.camel@localhost> <1134754171.29613.7.camel@localhost> <1134756144.29613.16.camel@localhost> <1134757326.24693.23.camel@lin-workstation.azapple.com> <1134758230.30059.5.camel@localhost> Message-ID: <43A30D80.4040600@redhat.com> Michael Montgomery wrote: >On Fri, 2005-12-16 at 11:22 -0700, Craig White wrote: > > >>On Fri, 2005-12-16 at 12:02 -0600, Michael Montgomery wrote: >> >> >>>Ok, this is just great. I've locked myself out of the admin server now, >>>and no ips can connect. So... I'll try the admconfig tool mentioned in >>>the console.pdf file... oh great, that doesn't work either: >>> >>>[root at corporate-ds admin]# ./admconfig --h >>>./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or directory >>>./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot execute: No such file or directory >>> >>>[root at corporate-ds admin]# ls -l /opt/fedora-ds/bin/ >>>admin/ slapd/ user/ >>> >>>Can I manually edit some config files somewhere to allow this to work? >>> >>>Also, I come in today to find the replication server's admin console doing this: >>> >>>[Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.******.com, ou=inside.*******.com, o=NetscapeRoot] >>>[Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389] >>>[Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202] admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks, cn=admin-serv-ldap02, cn=fedora administration server, cn=server group, cn=ldap02.inside.*************.com, ou=inside.*********************.com, o=netscaperoot] not found for user [uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or the user was not authorized >>> >>>And the admin console server won't start with this error: >>> >>>[Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN >>> >>>Anybody got any clues what is going on? I seem to be having some pretty bad luck here. >>> >>>Thanks again. >>> >>>On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote: >>> >>> >>>>>You need to set hostnames to allow to NULL or empty - if there is anything there, it will assume you want to do access based on host/domain name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration. >>>>> >>>>> >>>>Thank you, >>>>Thank you. >>>> >>>>When it mentions that you can use wildcards, it simply causes confusion. >>>> >>>> >>---- >>ls -l /opt/fedora-ds/admin-serv/config >> >>Craig >> >> > >Thank you > >Strangely, any changes made in the local.conf file, specifically the >below field, seem to get overwritten when the admin server starts again, >so this also will not allow me to connect. > >local.conf:configuration.nsAdminAccessAddresses: * > > That file is simply a bootstrap config file. The real configuration lives in the Directory Server. The admin server config entry is "cn=configuration, cn=admin-serv-, cn=Fedora Administration Server, cn=Server Group, cn=, ou=, o=NetscapeRoot". You can modify the config with ldapmodify. -NGK > > >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From mmontgomery at theplanet.com Fri Dec 16 19:22:21 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Fri, 16 Dec 2005 13:22:21 -0600 Subject: [Fedora-directory-users] admserv_host_ip_check In-Reply-To: <43A30721.30704@redhat.com> References: <1134662606.26753.11.camel@localhost> <1134665334.26753.17.camel@localhost> <1134676638.28465.8.camel@localhost> <1134754171.29613.7.camel@localhost> <1134756144.29613.16.camel@localhost> <43A30721.30704@redhat.com> Message-ID: <1134760942.30058.7.camel@localhost> Thank you There's just so many different wiki posts, pdfs, documents, webpages, that I guess I've just missed a couple of relevant articles. Thanks again for being so understanding. On Fri, 2005-12-16 at 11:27 -0700, Richard Megginson wrote: > http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt > > Michael Montgomery wrote: > > >Ok, this is just great. I've locked myself out of the admin server now, > >and no ips can connect. So... I'll try the admconfig tool mentioned in > >the console.pdf file... oh great, that doesn't work either: > > > >[root at corporate-ds admin]# ./admconfig --h > >./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or directory > >./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot execute: No such file or directory > > > >[root at corporate-ds admin]# ls -l /opt/fedora-ds/bin/ > >admin/ slapd/ user/ > > > >Can I manually edit some config files somewhere to allow this to work? > > > >Also, I come in today to find the replication server's admin console doing this: > > > >[Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.******.com, ou=inside.*******.com, o=NetscapeRoot] > >[Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389] > >[Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202] admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks, cn=admin-serv-ldap02, cn=fedora administration server, cn=server group, cn=ldap02.inside.*************.com, ou=inside.*********************.com, o=netscaperoot] not found for user [uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or the user was not authorized > > > >And the admin console server won't start with this error: > > > >[Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN > > > >Anybody got any clues what is going on? I seem to be having some pretty bad luck here. > > > >Thanks again. > > > >On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote: > > > > > >>>You need to set hostnames to allow to NULL or empty - if there is anything there, it will assume you want to do access based on host/domain name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration. > >>> > >>> > >>Thank you, > >>Thank you. > >> > >>When it mentions that you can use wildcards, it simply causes confusion. > >> > >> > > > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From jsummers at bachman.cs.ou.edu Fri Dec 16 21:06:02 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Fri, 16 Dec 2005 15:06:02 -0600 Subject: [Fedora-directory-users] ShadowPassword / ShadowExpire Message-ID: <43A32C3A.7070700@cs.ou.edu> Hello List, Being in the midst of evaluating and hopefully migrating to FDS soon. I have stumbled onto a odd problem. My user information is kept in the People container. We have been using shadowExpire / shadowLastChange fields. This all seems to work except when a user's account is ready to expire and is prompted to change their password. Using passwd, the user can change the password, but the system continues to prompt for a new password upon each successive login. Looking at the data, the shadowExpire / LastChange never get updated. I am also not seeing any errors being generated in the logs. I can manually update those fields and the problem goes away. But I guess I thought passwd / nss_ldap / pam would update those fields as needed. Looking in the docs, all I see is configuring a password policy. But that seems to be directed at users actually connecting to the directory via console / ldapsearch, etc.... Initially I thought I was having some ACI issues but I am really not sure. It could be that I need to drop the shadow stuff and configure the password policy? Advice or suggestions on what I am missing or where I have gone wrong? TIA -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From kevin_myer at iu13.org Sat Dec 17 16:05:07 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Sat, 17 Dec 2005 11:05:07 -0500 Subject: [Fedora-directory-users] Replication - consumer failed to replay change Message-ID: <20051217110507.9rg64da05vusco0g@webapps.iu13.org> Hello, I have three instances of FDS running - two are in a multimaster config (directory1 and directory2), with all subtrees replicated and one is a dedicated slave (garnet), with half a dozen subtrees replicated. directory1 and directory2 are running FDS 7.1, garnet is running FDS 1.0.1. Most of the writes go to directory1, and although I have not tested writing to every subtree from directory1 -> directory2 and directory2 -> directory1, replication seems to be working fine for the most part. However, I noticed yesterday morning the following entry: [16/Dec/2005:09:06:16 -0500] NSMMReplicationPlugin - agmt="cn=IU13" (directory2:636): Consumer failed to replay change (uniqueid 6a76611a-1dd211b2-8027b642-689d0000, CSN 43a2c9d8000000010000): Operations error. Will retry later. This is repeated every five minutes to the present time. Is there a way to look at the changelog entries to see what modification caused this problem? And if not, whats the best way to go about clearing up the error? Also, is FDS smart enough so that if you have a two-server multimaster replication setup, and you use one master to initialize the other, which has an existing replication setup with the master, that it won't send the changes back? In other words, if I have directory1 and directory2, and they are setup in multimaster, with replication agreements in place for a subtree, and there's a problem in the subtree on directory2, can I use directory1 to initialize directory2, or will directory2 then turn around and try to initialize directory1? Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From david_list at boreham.org Sat Dec 17 17:40:13 2005 From: david_list at boreham.org (David Boreham) Date: Sat, 17 Dec 2005 10:40:13 -0700 Subject: [Fedora-directory-users] Replication - consumer failed to replay change In-Reply-To: <20051217110507.9rg64da05vusco0g@webapps.iu13.org> References: <20051217110507.9rg64da05vusco0g@webapps.iu13.org> Message-ID: <43A44D7D.5040607@boreham.org> Kevin M. Myer wrote: > [16/Dec/2005:09:06:16 -0500] NSMMReplicationPlugin - agmt="cn=IU13" > (directory2:636): Consumer failed to replay change (uniqueid > 6a76611a-1dd211b2-8027b642-689d0000, CSN 43a2c9d8000000010000): > Operations error. Will retry later. > > This is repeated every five minutes to the present time. Is there a > way to look at the changelog entries to see what modification caused > this problem? And if not, whats the best way to go about clearing up > the error? Try looking in the access and error logs on the replica server (the server that is receiving this update). That should tell us which operation is failing. Exactly what is going on I'm not sure, I've not seen a problem like this before. Perhaps someone else on the list has. > Also, is FDS smart enough so that if you have a two-server multimaster > replication setup, and you use one master to initialize the other, > which has an existing replication setup with the master, that it won't > send the changes back? In other words, if I have directory1 and > directory2, and they are setup in multimaster, with replication > agreements in place for a subtree, and there's a problem in the > subtree on directory2, can I use directory1 to initialize directory2, > or will directory2 then turn around and try to initialize directory1? No, it's smart enough to not do that. From kevin_myer at iu13.org Sat Dec 17 18:57:01 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Sat, 17 Dec 2005 13:57:01 -0500 Subject: [Fedora-directory-users] Replication - consumer failed to replay change In-Reply-To: <43A44D7D.5040607@boreham.org> References: <20051217110507.9rg64da05vusco0g@webapps.iu13.org> <43A44D7D.5040607@boreham.org> Message-ID: <20051217135701.waik0g2fp8pww8ss@webapps.iu13.org> Quoting David Boreham : > Try looking in the access and error logs on the replica server (the > server that is receiving this update). > That should tell us which operation is failing. Exactly what is going > on I'm not sure, I've not seen a > problem like this before. Perhaps someone else on the list has. Here's the action its trying to perform: [16/Dec/2005:09:06:16 -0500] conn=900959 op=3 EXT oid="2.16.840.1.113730.3.5.3" name="Netscape Replication Start Session" [16/Dec/2005:09:06:16 -0500] conn=900959 op=3 RESULT err=0 tag=120 nentries=0 etime=0 [16/Dec/2005:09:06:16 -0500] conn=900959 op=4 DEL dn="uid=,ou=people,dc=base" [16/Dec/2005:09:06:16 -0500] conn=900959 op=4 RESULT err=1 tag=107 nentries=0 etime=0 csn=43a2c9d8000000010000 [16/Dec/2005:09:06:18 -0500] conn=900959 op=5 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" The replication to the slave (garnet) did occur properly for the account that was being deleted. Its also not inhibiting other changes from occuring in the the same replication session. I just made a minor modification to my account and it replicated while the deletion of the account giving errors failed. I restarted the server that was receiving the changes, and now the deletion operation that was failing isn't occuring at all :/ So I guess I'll just manually delete the account, since the one master seems to be convinced that the change went through. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From minfrin at sharp.fm Sat Dec 17 20:13:13 2005 From: minfrin at sharp.fm (Graham Leggett) Date: Sat, 17 Dec 2005 22:13:13 +0200 Subject: [Fedora-directory-users] SSL: importing a cert and key - howto anywhere? Message-ID: <43A47159.2090904@sharp.fm> Hi all, I have got a basic fedora DS running, and I now need to switch on SSL. I have found the SSL docs, which describe in some detail how to create a CSR, etc etc. The missing detail is how to import a certificate and key you already have - the admin console seems quite happy to import certs, but it seems to be oblivious to the importing of keys. Anyone know what incantation you have to chant to get DS to import a key or a p12 file? Regards, Graham -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3220 bytes Desc: S/MIME Cryptographic Signature URL: From minfrin at sharp.fm Sat Dec 17 21:02:06 2005 From: minfrin at sharp.fm (Graham Leggett) Date: Sat, 17 Dec 2005 23:02:06 +0200 Subject: [Fedora-directory-users] Changing IP of the admin server - is this possible? Message-ID: <43A47CCE.6040009@sharp.fm> Hi all, I have just gone through the setup process to install an instance of Fedora DS. Nowhere in the setup process is SSL or TLS mentioned, at the end of the config process I have an insecure LDAP server. My next task is to try and switch on SSL/TLS for both the admin console, and the LDAP server itself. I figure out how to add my certs to the alias directory using certutil and pk12util. My next task is to move the admin server port from my default 1390 to a secure version at 1637. A recursive grep finds the port 1390 in a whole host of config files. Changing the config files to 1637 causes me to end up with a broken admin server to which startconsole cannot connect. Just to clarify - is it worth me trying to fix the admin server port in my config files, or is this too complicated to be worth while? Should I just delete the fedora-ds installation and start again from scratch? It seems one of the most basic things that need to be fixed in the directory is to simplify the configuration. Some of the config is in Windows INI format, some of the config is in XML, some of the config is in name: value format, it's very difficult as a new user of the software to be able to figure out what is going on. Regards, Graham -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3220 bytes Desc: S/MIME Cryptographic Signature URL: From minfrin at sharp.fm Sat Dec 17 21:04:41 2005 From: minfrin at sharp.fm (Graham Leggett) Date: Sat, 17 Dec 2005 23:04:41 +0200 Subject: [Fedora-directory-users] SSL: importing a cert and key - howto anywhere? In-Reply-To: <43A47159.2090904@sharp.fm> References: <43A47159.2090904@sharp.fm> Message-ID: <43A47D69.5020000@sharp.fm> Graham Leggett wrote: > Anyone know what incantation you have to chant to get DS to import a key > or a p12 file? On a hunch, I tried the pk12util program to import the pk12 file, and it worked. It didn't however import the CA certificate that was included in the pk12 file for some reason, the admin server refused to start until "EnforceValidCerts off" was added to magnus.conf. Even importing the CA cert manually using certutil made no difference. Regards, Graham -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3220 bytes Desc: S/MIME Cryptographic Signature URL: From gerhard.dejager at vcontractor.co.za Mon Dec 19 14:55:18 2005 From: gerhard.dejager at vcontractor.co.za (Gerhard de Jager) Date: Mon, 19 Dec 2005 16:55:18 +0200 Subject: [Fedora-directory-users] log files not cleaned up Message-ID: <1135004118.13764.82.camel@BusinessConnGdJ.vodacom.co.za> Hi. We are running Fedora Directory server v. 7.1 It has about 24 million records in the directory, and runs fine for about a week. Then suddenly the log files written to /slapd/db/ are not removed. They start to build up, and are not deleted. More log fiels aer added (example log.0000011701, log.0000011702 etc). Does anybody know what can be done and if those files can be removed, or is there a command that can be run to make fedora-ds process those files? Any help would be greatly appreciated. Thank you, Gerhard ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx " From craigwhite at azapple.com Mon Dec 19 15:03:11 2005 From: craigwhite at azapple.com (Craig White) Date: Mon, 19 Dec 2005 08:03:11 -0700 Subject: [Fedora-directory-users] log files not cleaned up In-Reply-To: <1135004118.13764.82.camel@BusinessConnGdJ.vodacom.co.za> References: <1135004118.13764.82.camel@BusinessConnGdJ.vodacom.co.za> Message-ID: <1135004591.16493.26.camel@lin-workstation.azapple.com> On Mon, 2005-12-19 at 16:55 +0200, Gerhard de Jager wrote: > Hi. > > We are running Fedora Directory server v. 7.1 > > It has about 24 million records in the directory, and runs fine for > about a week. > > Then suddenly the log files written to /slapd/db/ are not > removed. > > They start to build up, and are not deleted. > > More log fiels aer added (example log.0000011701, log.0000011702 etc). > > Does anybody know what can be done and if those files can be removed, or > is there a command that can be run to make fedora-ds process those > files? > > Any help would be greatly appreciated. ---- I was just fooling around with this yesterday... http://www.redhat.com/docs/manuals/dir- server/ag/7.1/dsstats.html#1057137 Craig -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Dec 19 15:24:44 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Dec 2005 08:24:44 -0700 Subject: [Fedora-directory-users] log files not cleaned up In-Reply-To: <1135004591.16493.26.camel@lin-workstation.azapple.com> References: <1135004118.13764.82.camel@BusinessConnGdJ.vodacom.co.za> <1135004591.16493.26.camel@lin-workstation.azapple.com> Message-ID: <43A6D0BC.5090403@redhat.com> Craig White wrote: > On Mon, 2005-12-19 at 16:55 +0200, Gerhard de Jager wrote: > >>Hi. >> >>We are running Fedora Directory server v. 7.1 >> >>It has about 24 million records in the directory, and runs fine for >>about a week. >> >>Then suddenly the log files written to /slapd/db/ are not >>removed. >> >>They start to build up, and are not deleted. >> >>More log fiels aer added (example log.0000011701, log.0000011702 etc). >> >>Does anybody know what can be done and if those files can be removed, or >>is there a command that can be run to make fedora-ds process those >>files? >> >> Are there any error messages in the error log? >>Any help would be greatly appreciated. >> >> > ---- > I was just fooling around with this yesterday... > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/dsstats.html#1057137 > > Craig There is some confusion because the word "log" is overloaded. I think the original poster was referring to database transaction logs http://www.redhat.com/docs/manuals/dir-server/ag/7.1/dsmanage.html#996824 >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Dec 19 15:25:26 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Dec 2005 08:25:26 -0700 Subject: [Fedora-directory-users] SSL: importing a cert and key - howto anywhere? In-Reply-To: <43A47D69.5020000@sharp.fm> References: <43A47159.2090904@sharp.fm> <43A47D69.5020000@sharp.fm> Message-ID: <43A6D0E6.1050605@redhat.com> Graham Leggett wrote: > Graham Leggett wrote: > >> Anyone know what incantation you have to chant to get DS to import a >> key or a p12 file? > > > On a hunch, I tried the pk12util program to import the pk12 file, and > it worked. > > It didn't however import the CA certificate that was included in the > pk12 file for some reason, the admin server refused to start until > "EnforceValidCerts off" was added to magnus.conf. Even importing the > CA cert manually using certutil made no difference. Into which certdb did you manually import it? > > Regards, > Graham > -- > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Dec 19 15:26:52 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Dec 2005 08:26:52 -0700 Subject: [Fedora-directory-users] Changing IP of the admin server - is this possible? In-Reply-To: <43A47CCE.6040009@sharp.fm> References: <43A47CCE.6040009@sharp.fm> Message-ID: <43A6D13C.6040705@redhat.com> Graham Leggett wrote: > Hi all, > > I have just gone through the setup process to install an instance of > Fedora DS. Nowhere in the setup process is SSL or TLS mentioned, at > the end of the config process I have an insecure LDAP server. > > My next task is to try and switch on SSL/TLS for both the admin > console, and the LDAP server itself. I figure out how to add my certs > to the alias directory using certutil and pk12util. > > My next task is to move the admin server port from my default 1390 to > a secure version at 1637. A recursive grep finds the port 1390 in a > whole host of config files. Changing the config files to 1637 causes > me to end up with a broken admin server to which startconsole cannot > connect. Do you have to move it? I don't think the admin server can listen to both a secure port and an unsecure port - do you need it to do that? > > Just to clarify - is it worth me trying to fix the admin server port > in my config files, or is this too complicated to be worth while? > Should I just delete the fedora-ds installation and start again from > scratch? > > It seems one of the most basic things that need to be fixed in the > directory is to simplify the configuration. Some of the config is in > Windows INI format, some of the config is in XML, some of the config > is in name: value format, it's very difficult as a new user of the > software to be able to figure out what is going on. You are correct. FDS 1.0 simplifies this slightly, especially if you are familiar with Apache configuration. > > Regards, > Graham > -- > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Dec 19 15:27:35 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Dec 2005 08:27:35 -0700 Subject: [Fedora-directory-users] SSL: importing a cert and key - howto anywhere? In-Reply-To: <43A47159.2090904@sharp.fm> References: <43A47159.2090904@sharp.fm> Message-ID: <43A6D167.7070004@redhat.com> Graham Leggett wrote: > Hi all, > > I have got a basic fedora DS running, and I now need to switch on SSL. > I have found the SSL docs, which describe in some detail how to create > a CSR, etc etc. > > The missing detail is how to import a certificate and key you already > have - the admin console seems quite happy to import certs, but it > seems to be oblivious to the importing of keys. You need the .p12 file and the pk12util, which you have already found. > > Anyone know what incantation you have to chant to get DS to import a > key or a p12 file? > > Regards, > Graham > -- > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Dec 19 15:31:30 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Dec 2005 08:31:30 -0700 Subject: [Fedora-directory-users] Replication - consumer failed to replay change In-Reply-To: <20051217135701.waik0g2fp8pww8ss@webapps.iu13.org> References: <20051217110507.9rg64da05vusco0g@webapps.iu13.org> <43A44D7D.5040607@boreham.org> <20051217135701.waik0g2fp8pww8ss@webapps.iu13.org> Message-ID: <43A6D252.6050406@redhat.com> Kevin M. Myer wrote: > Quoting David Boreham : > >> Try looking in the access and error logs on the replica server (the >> server that is receiving this update). >> That should tell us which operation is failing. Exactly what is going >> on I'm not sure, I've not seen a >> problem like this before. Perhaps someone else on the list has. > > > Here's the action its trying to perform: > > [16/Dec/2005:09:06:16 -0500] conn=900959 op=3 EXT > oid="2.16.840.1.113730.3.5.3" name="Netscape Replication Start Session" > [16/Dec/2005:09:06:16 -0500] conn=900959 op=3 RESULT err=0 tag=120 > nentries=0 etime=0 > [16/Dec/2005:09:06:16 -0500] conn=900959 op=4 DEL > dn="uid=,ou=people,dc=base" > [16/Dec/2005:09:06:16 -0500] conn=900959 op=4 RESULT err=1 tag=107 > nentries=0 etime=0 csn=43a2c9d8000000010000 > [16/Dec/2005:09:06:18 -0500] conn=900959 op=5 EXT > oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > > The replication to the slave (garnet) did occur properly for the > account that was being deleted. Is this the access log from one of the masters? > Its also not inhibiting other changes from occuring in the the same > replication session. I just made a minor modification to my account > and it replicated while the deletion of the account giving errors > failed. I restarted the server that was receiving the changes, and > now the deletion operation that was failing isn't occuring at all :/ > So I guess I'll just manually delete the account, since the one master > seems to be convinced that the change went through. So after the restart, everything is ok? > > Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Mon Dec 19 15:54:34 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 19 Dec 2005 17:54:34 +0200 Subject: [Fedora-directory-users] log files not cleaned up In-Reply-To: <1135004118.13764.82.camel@BusinessConnGdJ.vodacom.co.za> References: <1135004118.13764.82.camel@BusinessConnGdJ.vodacom.co.za> Message-ID: <43A6D7BA.8050906@sci.fi> Gerhard de Jager wrote: > Hi. > > We are running Fedora Directory server v. 7.1 > > It has about 24 million records in the directory, and runs fine for > about a week. > > Then suddenly the log files written to /slapd/db/ are not > removed. Those are berkeley database transaction logfiles. They are the first entry point for new records, and are flushed (fifo) into the userRoot db indexes when the ns-slapd transactions slow down enough. With your size of database, and I'm guessing that it's not mostly static yet, you likely need to do some fine tuning to your transaction logging. > They start to build up, and are not deleted. This probably means that you are continuously adding, modifying, or deleting entries, and they don't have time to commit to the userRoot db files. > More log fiels aer added (example log.0000011701, log.0000011702 etc). This is normal. > Does anybody know what can be done and if those files can be removed, or > is there a command that can be run to make fedora-ds process those > files? You should check the following docs: "Configuring Transaction Logs for Frequent Database Updates" http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#34668 "Tuning Transaction Logging" "Changing the Database Checkpoint Interval" "Specifying Transaction Batching" http://www.redhat.com/docs/manuals/dir-server/ag/7.1/dsmanage.html#1066324 BR, -- mike From jsummers at bachman.cs.ou.edu Mon Dec 19 15:49:39 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Mon, 19 Dec 2005 09:49:39 -0600 Subject: [Fedora-directory-users] ShadowPassword / ShadowExpire In-Reply-To: References: <43A32C3A.7070700@cs.ou.edu> Message-ID: <43A6D693.3030909@cs.ou.edu> Jeff Medcalf wrote: > Jim, > > I haven't tried this on FDS, but given that it has the same base as > SunONE and the old iPlanet, I would assume it works the same as those > directory servers. In that case, and assuming that you are using > pam_ldap, go ahead and use the password policy: pam_ldap knows about it > and works correctly with it. I am a little confused on what is actually being used. I see the following entries in machines here: ========================================= Dec 19 09:34:22 XXXXXX sshd[14463]: PAM rejected by account configuration[13]: User account has expired Dec 19 09:36:21 XXXXXX sshd[14515]: nss_ldap: reconnecting to LDAP server... Dec 19 09:36:21 XXXXXX sshd[14515]: nss_ldap: reconnected to LDAP server after 1 attempt(s) ========================================= So I am not sure as to whether pam_ldap or nss_ldap is in use. I guess they could be one in the same? and system-auth has: ====================================== auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so ====================================== So I would think it is pam_ldap. I am going to double-check the pam config to make sure it is still following recommendations. > > Oh, and if you are using the pam_ldap that comes with Solaris, you > might try switching to the open source version: the Sun version is > terribly buggy and horrible. Will do. The majority are linux clients. > > On Dec 16, 2005, at 3:06 PM, Jim Summers wrote: > >> Hello List, >> >> Being in the midst of evaluating and hopefully migrating to FDS >> soon. I have stumbled onto a odd problem. >> >> My user information is kept in the People container. We have been >> using shadowExpire / shadowLastChange fields. >> >> This all seems to work except when a user's account is ready to >> expire and is prompted to change their password. Using passwd, the >> user can change the password, but the system continues to prompt for >> a new password upon each successive login. >> >> Looking at the data, the shadowExpire / LastChange never get >> updated. I am also not seeing any errors being generated in the >> logs. I can manually update those fields and the problem goes away. >> But I guess I thought passwd / nss_ldap / pam would update those >> fields as needed. >> >> Looking in the docs, all I see is configuring a password policy. But >> that seems to be directed at users actually connecting to the >> directory via console / ldapsearch, etc.... >> >> Initially I thought I was having some ACI issues but I am really not >> sure. It could be that I need to drop the shadow stuff and configure >> the password policy? >> >> Advice or suggestions on what I am missing or where I have gone wrong? >> >> >> TIA >> -- >> Jim Summers >> School of Computer Science-University of Oklahoma >> ------------------------------------------------- >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Jeff Medcalf > jeff at caerdroia.org > > -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From jsummers at bachman.cs.ou.edu Mon Dec 19 16:16:53 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Mon, 19 Dec 2005 10:16:53 -0600 Subject: [Fedora-directory-users] ShadowPassword / ShadowExpire In-Reply-To: <43A6D693.3030909@cs.ou.edu> References: <43A32C3A.7070700@cs.ou.edu> <43A6D693.3030909@cs.ou.edu> Message-ID: <43A6DCF5.7070603@cs.ou.edu> I am pretty sure I found the solution here: http://directory.fedora.redhat.com/wiki/Howto:PAM Towards the bottom it mentions a couple of ldap.conf entries that are necessary along with activating the pw policy. Will post if any oddness is discovered. Thanks! --jim Jim Summers wrote: > > > Jeff Medcalf wrote: > >> Jim, >> >> I haven't tried this on FDS, but given that it has the same base as >> SunONE and the old iPlanet, I would assume it works the same as those >> directory servers. In that case, and assuming that you are using >> pam_ldap, go ahead and use the password policy: pam_ldap knows about >> it and works correctly with it. > > > I am a little confused on what is actually being used. I see the > following entries in machines here: > ========================================= > Dec 19 09:34:22 XXXXXX sshd[14463]: PAM rejected by account > configuration[13]: User account has expired > Dec 19 09:36:21 XXXXXX sshd[14515]: nss_ldap: reconnecting to LDAP > server... > Dec 19 09:36:21 XXXXXX sshd[14515]: nss_ldap: reconnected to LDAP server > after 1 attempt(s) > ========================================= > > So I am not sure as to whether pam_ldap or nss_ldap is in use. I guess > they could be one in the same? > > and system-auth has: > ====================================== > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > auth required /lib/security/$ISA/pam_deny.so > ====================================== > > So I would think it is pam_ldap. > > I am going to double-check the pam config to make sure it is still > following recommendations. > >> >> Oh, and if you are using the pam_ldap that comes with Solaris, you >> might try switching to the open source version: the Sun version is >> terribly buggy and horrible. > > > Will do. The majority are linux clients. > >> >> On Dec 16, 2005, at 3:06 PM, Jim Summers wrote: >> >>> Hello List, >>> >>> Being in the midst of evaluating and hopefully migrating to FDS >>> soon. I have stumbled onto a odd problem. >>> >>> My user information is kept in the People container. We have been >>> using shadowExpire / shadowLastChange fields. >>> >>> This all seems to work except when a user's account is ready to >>> expire and is prompted to change their password. Using passwd, the >>> user can change the password, but the system continues to prompt for >>> a new password upon each successive login. >>> >>> Looking at the data, the shadowExpire / LastChange never get >>> updated. I am also not seeing any errors being generated in the >>> logs. I can manually update those fields and the problem goes >>> away. But I guess I thought passwd / nss_ldap / pam would update >>> those fields as needed. >>> >>> Looking in the docs, all I see is configuring a password policy. >>> But that seems to be directed at users actually connecting to the >>> directory via console / ldapsearch, etc.... >>> >>> Initially I thought I was having some ACI issues but I am really not >>> sure. It could be that I need to drop the shadow stuff and >>> configure the password policy? >>> >>> Advice or suggestions on what I am missing or where I have gone wrong? >>> >>> >>> TIA >>> -- >>> Jim Summers >>> School of Computer Science-University of Oklahoma >>> ------------------------------------------------- >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> -- >> Jeff Medcalf >> jeff at caerdroia.org >> >> > -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From kmurphy at herzumsoftware.com Tue Dec 20 00:10:02 2005 From: kmurphy at herzumsoftware.com (Kieran Murphy) Date: Mon, 19 Dec 2005 18:10:02 -0600 Subject: [Fedora-directory-users] Admin Console - RHEL3 Taroon Update 6 In-Reply-To: <43A0542B.3090700@redhat.com> References: <43A0357F.4020504@cs.ou.edu> <43A0B296.4050207@herzumsoftware.com> <43A0542B.3090700@redhat.com> Message-ID: <43A74BDA.4080404@herzumsoftware.com> That did it!! Thanks. Richard Megginson wrote: > I recommend trying Fedora DS 1.0.1 instead - > http://directory.fedora.redhat.com/wiki/Download > > Kieran Murphy wrote: > >> Hello. >> >> We are running RHEL3 with update 6. When we install FDS 7.1, the >> server installs and runs fine, but the Admin Console will not >> connect. Below is the initial output after installation: >> >>> [slapd-dbdev]: starting up server ... >>> [slapd-dbdev]: Fedora-Directory/7.1 B2005.146.1918 >>> [slapd-dbdev]: dbdev.alleanzasalute.it:4000 >>> (/opt/fedora-ds/slapd-dbdev) >>> [slapd-dbdev]: >>> [slapd-dbdev]: [14/Dec/2005:12:21:22 +0100] - Fedora-Directory/7.1 >>> B2005.146.1918 starting up >>> [slapd-dbdev]: [14/Dec/2005:12:21:22 +0100] - slapd started. >>> Listening on >>> All Interfaces port 4000 for LDAP requests >>> Your new directory server has been started. >>> Created new Directory Server >>> Start Slapd Starting Slapd server configuration. >>> Success Slapd Added Directory Server information to Configuration >>> Server. >>> Configuring Administration Server... >>> Setting up Administration Server Instance... >>> Configuring Administration Tasks in Directory Server... >>> Configuring Global Parameters in Directory Server... >>> Can't start Admin server [/opt/fedora-ds/start-admin > >>> /tmp/filegUZhF7 2>&1] >>> (error: No such file or directory)INFO Finished with setup, logfile is >>> setup/setup.log >>> >>> >>> >> If I run start-admin the output is normal, "...ready to accept >> requests". If I then run startconsole, I get the login panel, enter >> my information, and get back a message that either the server is not >> running or the URL is incorrect. I've repeated the installation, >> verified URL, etc. >> >> Any thoughts? >> >> Thanks - Kieran >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From kevin_myer at iu13.org Mon Dec 19 19:54:38 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Mon, 19 Dec 2005 14:54:38 -0500 Subject: [Fedora-directory-users] Replication - consumer failed to replay change In-Reply-To: <43A6D252.6050406@redhat.com> References: <20051217110507.9rg64da05vusco0g@webapps.iu13.org> <43A44D7D.5040607@boreham.org> <20051217135701.waik0g2fp8pww8ss@webapps.iu13.org> <43A6D252.6050406@redhat.com> Message-ID: <20051219145438.0opi7nbgs148w4cs@webapps.iu13.org> Quoting Richard Megginson : > Kevin M. Myer wrote: > >> Quoting David Boreham : >> >>> Try looking in the access and error logs on the replica server (the >>> server that is receiving this update). >>> That should tell us which operation is failing. Exactly what is >>> going on I'm not sure, I've not seen a >>> problem like this before. Perhaps someone else on the list has. >> >> >> Here's the action its trying to perform: >> >> [16/Dec/2005:09:06:16 -0500] conn=900959 op=3 EXT >> oid="2.16.840.1.113730.3.5.3" name="Netscape Replication Start >> Session" >> [16/Dec/2005:09:06:16 -0500] conn=900959 op=3 RESULT err=0 tag=120 >> nentries=0 etime=0 >> [16/Dec/2005:09:06:16 -0500] conn=900959 op=4 DEL >> dn="uid=,ou=people,dc=base" >> [16/Dec/2005:09:06:16 -0500] conn=900959 op=4 RESULT err=1 tag=107 >> nentries=0 etime=0 csn=43a2c9d8000000010000 >> [16/Dec/2005:09:06:18 -0500] conn=900959 op=5 EXT >> oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> >> The replication to the slave (garnet) did occur properly for the >> account that was being deleted. > > Is this the access log from one of the masters? Yes, its from the master that the changes were sent to. >> Its also not inhibiting other changes from occuring in the the same >> replication session. I just made a minor modification to my account >> and it replicated while the deletion of the account giving errors >> failed. I restarted the server that was receiving the changes, and >> now the deletion operation that was failing isn't occuring at all :/ >> So I guess I'll just manually delete the account, since the one >> master seems to be convinced that the change went through. > > So after the restart, everything is ok? Unfortunately, no. What has stopped is the attempt to do the replication from the master where the initial change was committed. Further, if I try to manually delete the entry from the master the changes were to be replicated to, I get the same operation error. [17/Dec/2005:14:07:41 -0500] conn=471 fd=210 slot=210 connection from XX.XX.XX.XX to XX.XX.XX.XX [17/Dec/2005:14:07:41 -0500] conn=471 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [17/Dec/2005:14:07:41 -0500] conn=471 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [17/Dec/2005:14:07:41 -0500] conn=471 op=1 DEL dn="uid=,ou=People,dc=base" [17/Dec/2005:14:07:41 -0500] conn=471 op=1 RESULT err=1 tag=107 nentries=0 etime=0 csn=43a461fe000000650000 [17/Dec/2005:14:07:41 -0500] conn=471 op=2 UNBIND [17/Dec/2005:14:07:41 -0500] conn=471 op=2 fd=210 closed - U1 Now to the best of my knowledge, this server has not gone down uncleanly, and its only this one entry that is causing problems. So ideas on what to try next, or how I might fix it? Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From rmeggins at redhat.com Mon Dec 19 20:27:37 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Dec 2005 13:27:37 -0700 Subject: [Fedora-directory-users] Replication - consumer failed to replay change In-Reply-To: <20051219145438.0opi7nbgs148w4cs@webapps.iu13.org> References: <20051217110507.9rg64da05vusco0g@webapps.iu13.org> <43A44D7D.5040607@boreham.org> <20051217135701.waik0g2fp8pww8ss@webapps.iu13.org> <43A6D252.6050406@redhat.com> <20051219145438.0opi7nbgs148w4cs@webapps.iu13.org> Message-ID: <43A717B9.80304@redhat.com> Kevin M. Myer wrote: > Quoting Richard Megginson : > >> Kevin M. Myer wrote: >> >>> Quoting David Boreham : >>> >>>> Try looking in the access and error logs on the replica server (the >>>> server that is receiving this update). >>>> That should tell us which operation is failing. Exactly what is >>>> going on I'm not sure, I've not seen a >>>> problem like this before. Perhaps someone else on the list has. >>> >>> >>> >>> Here's the action its trying to perform: >>> >>> [16/Dec/2005:09:06:16 -0500] conn=900959 op=3 EXT >>> oid="2.16.840.1.113730.3.5.3" name="Netscape Replication Start Session" >>> [16/Dec/2005:09:06:16 -0500] conn=900959 op=3 RESULT err=0 tag=120 >>> nentries=0 etime=0 >>> [16/Dec/2005:09:06:16 -0500] conn=900959 op=4 DEL >>> dn="uid=,ou=people,dc=base" >>> [16/Dec/2005:09:06:16 -0500] conn=900959 op=4 RESULT err=1 tag=107 >>> nentries=0 etime=0 csn=43a2c9d8000000010000 >>> [16/Dec/2005:09:06:18 -0500] conn=900959 op=5 EXT >>> oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> >>> The replication to the slave (garnet) did occur properly for the >>> account that was being deleted. >> >> >> Is this the access log from one of the masters? > > > Yes, its from the master that the changes were sent to. > >>> Its also not inhibiting other changes from occuring in the the same >>> replication session. I just made a minor modification to my account >>> and it replicated while the deletion of the account giving errors >>> failed. I restarted the server that was receiving the changes, and >>> now the deletion operation that was failing isn't occuring at all :/ >>> So I guess I'll just manually delete the account, since the one >>> master seems to be convinced that the change went through. >> >> >> So after the restart, everything is ok? > > > Unfortunately, no. What has stopped is the attempt to do the > replication from the master where the initial change was committed. > Further, if I try to manually delete the entry from the master the > changes were to be replicated to, I get the same operation error. > > [17/Dec/2005:14:07:41 -0500] conn=471 fd=210 slot=210 connection from > XX.XX.XX.XX to XX.XX.XX.XX > [17/Dec/2005:14:07:41 -0500] conn=471 op=0 BIND dn="cn=Directory > Manager" method=128 version=3 > [17/Dec/2005:14:07:41 -0500] conn=471 op=0 RESULT err=0 tag=97 > nentries=0 etime=0 dn="cn=directory manager" > [17/Dec/2005:14:07:41 -0500] conn=471 op=1 DEL > dn="uid=,ou=People,dc=base" > [17/Dec/2005:14:07:41 -0500] conn=471 op=1 RESULT err=1 tag=107 > nentries=0 etime=0 csn=43a461fe000000650000 > [17/Dec/2005:14:07:41 -0500] conn=471 op=2 UNBIND > [17/Dec/2005:14:07:41 -0500] conn=471 op=2 fd=210 closed - U1 > > Now to the best of my knowledge, this server has not gone down > uncleanly, and its only this one entry that is causing problems. So > ideas on what to try next, or how I might fix it? I think you should just re-initialize it e.g. reinit this master from the other master. > > Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From avaalak at yahoo.com Tue Dec 20 13:08:24 2005 From: avaalak at yahoo.com (Doug) Date: Tue, 20 Dec 2005 16:08:24 +0300 Subject: [Fedora-directory-users] user password management Message-ID: <9B1AD563-4432-4494-9949-41473DC70D36@yahoo.com> Has anyone used Password Management Servlet (PWM) v1.2.0 with Fedora Directory Server? (It works with eDirectory) Or could someone recommend either a servlet or web based tool that my users could use (login) to change their passwords. I don't want to write something if someone already has. Thanks for the help cheers Doug From Steve.Saady at DSS.Virginia.gov Tue Dec 20 15:12:14 2005 From: Steve.Saady at DSS.Virginia.gov (Steve Saady) Date: Tue, 20 Dec 2005 10:12:14 -0500 Subject: [Fedora-directory-users] (no subject) Message-ID: <1135091534.21559.47.camel@fast.dss.state.va.us> I am trying to migrate from OpenLDAP to Fedora-DS. The LDAPImport utility seems like the fastest and easiest way to do it. Unfortunately, for me, it fails. At the command line, it reports: "Can't call method "get_value" on an undefined value at LdapConnectionManager.pm line 486, line 9." The log file reports: "LdapConnectionManager: Currently connected -- searching." TCPdump, indicates that the base DN of my search is null. I do not think this is relative, but when the script asks for the "email domain", suggesting "netscaperoot", is that my normal e-mail domain? The example confuses me. Any ideas or suggestions would be appreciated. Which brings me to my current dilemma... Unable to use LDAPImport, I try the ol-schema-migrate.pl script, re-dir to a new file (i.e., perl ./ol-schema-migrate.pl inetorgperson.schema > XXinetorgperson.ldif). What should I call those resulting files? I assume I should call them *.ldif, but how do I determine what numeric prefix to give them? The highest numbers I have currently are 60 (60pam-plugin.ldif), and then 99 (99user.ldif). Should I just number mine counting up from 61? From rmeggins at redhat.com Tue Dec 20 15:21:14 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 20 Dec 2005 08:21:14 -0700 Subject: [Fedora-directory-users] (no subject) In-Reply-To: <1135091534.21559.47.camel@fast.dss.state.va.us> References: <1135091534.21559.47.camel@fast.dss.state.va.us> Message-ID: <43A8216A.4030802@redhat.com> Steve Saady wrote: >I am trying to migrate from OpenLDAP to Fedora-DS. The LDAPImport utility seems like the fastest and easiest way to do it. Unfortunately, for me, it fails. At the command line, it reports: >"Can't call method "get_value" on an undefined value at >LdapConnectionManager.pm line 486, line 9." > >The log file reports: >"LdapConnectionManager: Currently connected -- searching." > >TCPdump, indicates that the base DN of my search is null. I do not >think this is relative, but when the script asks for the "email domain", >suggesting "netscaperoot", is that my normal e-mail domain? The example >confuses me. Any ideas or suggestions would be appreciated. > > I haven't looked at the script, but it sounds like it first does a search like this: ldapsearch -s base -b "" objectclass=* namingContexts to get a list of naming contexts on your server. When you setup Fedora DS, it should have created a suffix like dc=host,dc=domain,dc=tld You should probably use this one for your e-mail suffix, or domain.tld for your e-mail domain. NetscapeRoot is only used for internal operations (console, admin server) - it's not meant to be used by other applications. >Which brings me to my current dilemma... Unable to use LDAPImport, I try >the ol-schema-migrate.pl script, re-dir to a new file (i.e., >perl ./ol-schema-migrate.pl inetorgperson.schema > >XXinetorgperson.ldif). What should I call those resulting files? I >assume I should call them *.ldif, but how do I determine what numeric >prefix to give them? The highest numbers I have currently are 60 >(60pam-plugin.ldif), and then 99 (99user.ldif). Should I just number >mine counting up from 61? > > You should not need to migrate standard schema files like inetorgperson.schema or core.schema - Fedora DS should already have those - unless you modified those schema files (but you wouldn't do that). You should only have to migrate things like samba.schema (which is not yet included with Fedora DS) or custom schema. >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From horlacher at belwue.de Tue Dec 20 17:09:15 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Tue, 20 Dec 2005 18:09:15 +0100 Subject: [Fedora-directory-users] setup fails, cannot start server (slapd) Message-ID: <20051220170915.GA19923@belwue.de> After successfully building (with dsbuild) and installing FDS on a SLES 9 system, the startup script hangs. I have run /opt/fedora-ds/setup/setup with default-answers to all questions (besides the password ;-) ). The problems are: Fedora Directory Server system tuning analysis version 04-APRIL-2005. NOTICE : System is i686-unknown-linux2.6.5-7.201-smp (2 processors). ERROR: We support kernel version 2.4.7 and higher. Continue? (yes/no) Looks like a string compare bug to me. I typed "yes". Then, some questions later, I got the infinitive loop: [slapd-lanldap2]: starting up server ... [slapd-lanldap2]: Attempting to obtain server status . . . [slapd-lanldap2]: Attempting to obtain server status . . . [slapd-lanldap2]: Attempting to obtain server status . . . ... I terminated setup and rerun it. Now I got: In order to reconfigure your installation, the Configuration Directory Administrator password is required. Here is your current information: Configuration Directory: Configuration Administrator ID: At the prompt, please enter the password for the Configuration Administrator. Fedora configuration directory server administrator ID: admin Password: xxxxxxxx Could not connect to f8/LC_CTYPE Press any key to continue. What now? I found no hint in http://directory.fedora.redhat.com/wiki/FAQ or http://directory.fedora.redhat.com/wiki/Install_Guide -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From rmeggins at redhat.com Tue Dec 20 17:15:27 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 20 Dec 2005 10:15:27 -0700 Subject: [Fedora-directory-users] setup fails, cannot start server (slapd) In-Reply-To: <20051220170915.GA19923@belwue.de> References: <20051220170915.GA19923@belwue.de> Message-ID: <43A83C2F.7000507@redhat.com> Ulli Horlacher wrote: >After successfully building (with dsbuild) and installing FDS on a SLES 9 >system, the startup script hangs. > > Earlier you posted that you were having problems building on SLES 10: >I have no fix for this problem. libgssapi_krb5 is missing on SLES, the >free kerberos implementation heimdal does not contain a libgssapi_krb5 > >What now? > I guess SLES 9 has the correct kerberos/gssapi packages, but not SLES 10? >I have run /opt/fedora-ds/setup/setup with default-answers to all >questions (besides the password ;-) ). The problems are: > > Fedora Directory Server system tuning analysis version 04-APRIL-2005. > > NOTICE : System is i686-unknown-linux2.6.5-7.201-smp (2 processors). > > ERROR: We support kernel version 2.4.7 and higher. > > Continue? (yes/no) > >Looks like a string compare bug to me. I typed "yes". > > Yes. There is no support in dsktune for SLES, so you can just ignore that. >Then, some questions later, I got the infinitive loop: > > [slapd-lanldap2]: starting up server ... > [slapd-lanldap2]: Attempting to obtain server status . . . > [slapd-lanldap2]: Attempting to obtain server status . . . > [slapd-lanldap2]: Attempting to obtain server status . . . > > You will need to look at slapd-lanldap2/logs/errors - there should be some clue there. > ... > >I terminated setup and rerun it. Now I got: > > This doesn't work. setup is not idempotent. You will have to remove your installation and reinstall. But the real key is to find out why the server did not start. Also look for core files in slapd-lanldap2/logs or bin/slapd/server > In order to reconfigure your installation, the Configuration Directory > Administrator password is required. Here is your current information: > > Configuration Directory: > Configuration Administrator ID: > > At the prompt, please enter the password for the Configuration Administrator. > > Fedora configuration directory server > administrator ID: admin > Password: xxxxxxxx > > > Could not connect to f8/LC_CTYPE > Press any key to continue. > > >What now? >I found no hint in http://directory.fedora.redhat.com/wiki/FAQ or >http://directory.fedora.redhat.com/wiki/Install_Guide > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mmontgomery at theplanet.com Tue Dec 20 17:31:30 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Tue, 20 Dec 2005 11:31:30 -0600 Subject: [Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.) Message-ID: <1135099890.10591.17.camel@localhost> I have successfully gotten solaris 9 (patched with recommended patches) to work without using ssl/tls, but can't seem to get ssl/tls working. I've read the following: http://directory.fedora.redhat.com/wiki/Howto:SolarisClient and this http://forum.sun.com/thread.jspa?threadID=12811&tstart=30 And multiple other links to getting this working, but can't seem to get it to initialize the database. Everything in my ldap directory appears to be setup, being that redhat and freebsd with ssl work without issues, and solaris 9 works without tls/ssl, so the issue, I assume, is with the *.db files in /var/ldap. bash-3.00# pwd /var/ldap bash-3.00# ls -l *.db -r--r--r-- 1 root other 65536 Dec 20 11:07 cert8.db -r--r--r-- 1 root other 16384 Dec 20 11:07 key3.db -r--r--r-- 1 root other 32768 Dec 20 10:26 secmod.db bash-3.00# id mmontgomery Dec 20 11:15:47 solarisldap nscd[1774]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:15:47 solarisldap last message repeated 1 time Dec 20 11:15:47 solarisldap nscd[1774]: libsldap: Status: 7 Mesg: Session error no available conn. id: invalid user name: "mmontgomery" bash-3.00# ldapclient -v manual -a authenticationMethod=tls:simple -a credentia lLevel=proxy -a defaultSearchBase="dc=*****,dc=*********,dc=***" -a domainNa me=********** -a followReferrals=false -a preferredServerList=10.5.1.18 -a serviceAuthenticationMethod=pam_ldap:tls:simple -a proxyPassword=******* -a proxyDn=cn=proxyagent,ou=profile,dc=******,dc=*****,dc=**** Everything works fine up until this point: start: /usr/lib/ldap/ldap_cachemgr... success Dec 20 11:13:21 solarisldap automount[1770]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:21 solarisldap last message repeated 1 time Dec 20 11:13:21 solarisldap automount[1770]: libsldap: Status: 7 Mesg: Session error no available conn. start: /etc/init.d/autofs start... success start: /etc/init.d/nscd start... success Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:21 solarisldap last message repeated 1 time Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no available conn. Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:21 solarisldap last message repeated 1 time Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no available conn. Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:21 solarisldap last message repeated 1 time Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no available conn. Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:21 solarisldap last message repeated 1 time Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no available conn. Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:21 solarisldap last message repeated 1 time Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 7 Mesg: Session error no available conn. Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:21 solarisldap last message repeated 1 time Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 7 Mesg: Session error no available conn. Dec 20 11:13:22 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:22 solarisldap last message repeated 1 time Dec 20 11:13:22 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no available conn. Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:22 solarisldap last message repeated 1 time Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 7 Mesg: Session error no available conn. Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) Dec 20 11:13:22 solarisldap last message repeated 1 time Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 7 Mesg: Session error no available conn. start: /etc/init.d/sendmail start... success System successfully configured I've used a netscape browser to get my Cert from the FDS, and scp'd the key3.db, and cert8.db files to the solaris client. From what I can tell, it can read these files: bash-3.00# /usr/local/bin/certutil -L -d . server-cert P,, bash-3.00# /usr/local/bin/certutil -L -d . -n "server-cert" Certificate: Data: Version: 3 (0x2) Serial Number: 1001 (0x3e9) Signature Algorithm: PKCS #1 MD5 With RSA Encryption Issuer: CN=CAcert Validity: Not Before: Mon Dec 19 20:33:04 2005 Not After: Sat Mar 19 20:33:04 2016 Subject: CN=server-cert Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:07:1a:32:33:38:c9:22:53:30:13:07:15:a6:2e:74: b3:c8:26:bd:84:1f:97:57:b6:3d:56:13:5c:90:a2:56: ff:52:ce:4c:d3:54:c5:7a:ab:94:2e:fc:17:7c:18:69: d1:df:e4:88:68:c6:aa:c2:14:21:a7:27:c7:4b:45:19: 89:c3:9f:8f:2b:22:69:b6:9e:3b:0b:84:b4:78:66:d7: 84:f5:17:f0:12:bc:56:d4:20:34:86:49:02:2a:9f:22: 9c:c2:3b:c2:48:5c:c1:df:7d:22:19:8f:3d:9b:c2:83: 1b:0f:f1:92:be:70:d2:95:15:cf:f0:0c:3e:74:78:4b Exponent: 65537 (0x10001) Fingerprint (MD5): D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E Fingerprint (SHA1): DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 Signature Algorithm: PKCS #1 MD5 With RSA Encryption Signature: 2c:5c:60:05:f0:97:30:9c:57:a3:87:69:75:26:71:b2: e7:7d:c8:eb:36:35:bd:e6:9f:db:4d:0f:23:75:e0:bc: 76:4d:aa:ae:7f:9c:ac:e4:c0:35:7d:5f:22:4e:52:40: fb:3f:bf:a8:8d:50:b3:00:9b:73:bf:2b:54:84:14:8a: c1:00:52:95:e6:47:98:78:5d:cb:ff:76:50:cc:94:09: 53:13:b9:11:4e:eb:c8:1a:88:dd:42:76:dd:6c:32:7d: 1a:17:c1:a2:fd:03:e2:47:12:84:c3:72:da:b1:05:61: 3b:d6:26:99:1d:e6:b9:48:7a:ca:96:98:22:ce:bc:70 Certificate Trust Flags: SSL Flags: Valid Peer Trusted Email Flags: Object Signing Flags: Anybody have any ideas what I may be missing here? Thanks again. From warthog at warthogsolutions.com Tue Dec 20 17:40:27 2005 From: warthog at warthogsolutions.com (Jamie McKnight) Date: Tue, 20 Dec 2005 12:40:27 -0500 Subject: [Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.) In-Reply-To: <1135099890.10591.17.camel@localhost> References: <1135099890.10591.17.camel@localhost> Message-ID: <1135100427.3037.2.camel@portahog> On Tue, 2005-12-20 at 11:31 -0600, Michael Montgomery wrote: > I have successfully gotten solaris 9 (patched with recommended patches) > to work without using ssl/tls, but can't seem to get ssl/tls working. > I've read the following: > > http://directory.fedora.redhat.com/wiki/Howto:SolarisClient > and this > http://forum.sun.com/thread.jspa?threadID=12811&tstart=30 > > And multiple other links to getting this working, but can't seem to get > it to initialize the database. Everything in my ldap directory appears > to be setup, being that redhat and freebsd with ssl work without issues, > and solaris 9 works without tls/ssl, so the issue, I assume, is with the > *.db files in /var/ldap. > > bash-3.00# pwd > /var/ldap > bash-3.00# ls -l *.db > -r--r--r-- 1 root other 65536 Dec 20 11:07 cert8.db > -r--r--r-- 1 root other 16384 Dec 20 11:07 key3.db > -r--r--r-- 1 root other 32768 Dec 20 10:26 secmod.db Solaris 8 and Solaris 9 look for cert7.db, not cert8.db. http://docs.sun.com/app/docs/doc/817-4843/6mkbebdd2? a=view#clientsetup-57 Jamie From gholbert at broadcom.com Tue Dec 20 18:03:29 2005 From: gholbert at broadcom.com (George Holbert) Date: Tue, 20 Dec 2005 10:03:29 -0800 Subject: [Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.) In-Reply-To: <1135100427.3037.2.camel@portahog> References: <1135099890.10591.17.camel@localhost> <1135100427.3037.2.camel@portahog> Message-ID: <43A84771.8020506@broadcom.com> > > Solaris 8 and Solaris 9 look for cert7.db, not cert8.db. Furthermore, Some versions of certutil will generate a certificate DB called cert7.db, but Solaris still won't like it. I've found that certutil as bundled in the Sun DSRK works well for generating Solaris client cert DBs: http://www.sun.com/download/products.xml?id=3f74a0db NSS 3.3.2 should also work: http://www.mozilla.org/projects/security/pki/nss/release_notes_332.html Jamie McKnight wrote: > On Tue, 2005-12-20 at 11:31 -0600, Michael Montgomery wrote: > >> I have successfully gotten solaris 9 (patched with recommended patches) >> to work without using ssl/tls, but can't seem to get ssl/tls working. >> I've read the following: >> >> http://directory.fedora.redhat.com/wiki/Howto:SolarisClient >> and this >> http://forum.sun.com/thread.jspa?threadID=12811&tstart=30 >> >> And multiple other links to getting this working, but can't seem to get >> it to initialize the database. Everything in my ldap directory appears >> to be setup, being that redhat and freebsd with ssl work without issues, >> and solaris 9 works without tls/ssl, so the issue, I assume, is with the >> *.db files in /var/ldap. >> >> bash-3.00# pwd >> /var/ldap >> bash-3.00# ls -l *.db >> -r--r--r-- 1 root other 65536 Dec 20 11:07 cert8.db >> -r--r--r-- 1 root other 16384 Dec 20 11:07 key3.db >> -r--r--r-- 1 root other 32768 Dec 20 10:26 secmod.db >> > > Solaris 8 and Solaris 9 look for cert7.db, not cert8.db. > > http://docs.sun.com/app/docs/doc/817-4843/6mkbebdd2? > a=view#clientsetup-57 > > Jamie > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From mmontgomery at theplanet.com Tue Dec 20 18:06:10 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Tue, 20 Dec 2005 12:06:10 -0600 Subject: [Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.) In-Reply-To: <1135100427.3037.2.camel@portahog> References: <1135099890.10591.17.camel@localhost> <1135100427.3037.2.camel@portahog> Message-ID: <1135101970.10591.34.camel@localhost> Thanks for the info... but I don't have netscape installed on this solaris server, so i can't use it to create the db. I found a certutil package that seems to create old db files here: http://www.gurulabs.com/goodies/downloads.php I guess I could install a really old version of netscape on my desktop machine, and use it, but is there an easier way to go about this, as trying to import the server cert gives this: bash-3.00# /usr/local/bin/certutil -A -n "CA certificate" -i /root/cert.crt -t "CTu,u,u" certutil: could not obtain certificate from file: Failure to load dynamic library. Thanks again for any help you can offer. On Tue, 2005-12-20 at 12:40 -0500, Jamie McKnight wrote: > On Tue, 2005-12-20 at 11:31 -0600, Michael Montgomery wrote: > > I have successfully gotten solaris 9 (patched with recommended patches) > > to work without using ssl/tls, but can't seem to get ssl/tls working. > > I've read the following: > > > > http://directory.fedora.redhat.com/wiki/Howto:SolarisClient > > and this > > http://forum.sun.com/thread.jspa?threadID=12811&tstart=30 > > > > And multiple other links to getting this working, but can't seem to get > > it to initialize the database. Everything in my ldap directory appears > > to be setup, being that redhat and freebsd with ssl work without issues, > > and solaris 9 works without tls/ssl, so the issue, I assume, is with the > > *.db files in /var/ldap. > > > > bash-3.00# pwd > > /var/ldap > > bash-3.00# ls -l *.db > > -r--r--r-- 1 root other 65536 Dec 20 11:07 cert8.db > > -r--r--r-- 1 root other 16384 Dec 20 11:07 key3.db > > -r--r--r-- 1 root other 32768 Dec 20 10:26 secmod.db > > Solaris 8 and Solaris 9 look for cert7.db, not cert8.db. > > http://docs.sun.com/app/docs/doc/817-4843/6mkbebdd2? > a=view#clientsetup-57 > > Jamie > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Michael Montgomery Systems Administrator http://theplanet.com From mmontgomery at theplanet.com Tue Dec 20 18:09:28 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Tue, 20 Dec 2005 12:09:28 -0600 Subject: [Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.) In-Reply-To: <43A84771.8020506@broadcom.com> References: <1135099890.10591.17.camel@localhost> <1135100427.3037.2.camel@portahog> <43A84771.8020506@broadcom.com> Message-ID: <1135102169.10596.36.camel@localhost> Thanks, I'll give these a shot... On Tue, 2005-12-20 at 10:03 -0800, George Holbert wrote: > > > > Solaris 8 and Solaris 9 look for cert7.db, not cert8.db. > > Furthermore, > Some versions of certutil will generate a certificate DB called > cert7.db, but Solaris still won't like it. > > I've found that certutil as bundled in the Sun DSRK works well for > generating Solaris client cert DBs: > http://www.sun.com/download/products.xml?id=3f74a0db > > NSS 3.3.2 should also work: > http://www.mozilla.org/projects/security/pki/nss/release_notes_332.html > > -- Michael Montgomery Systems Administrator http://theplanet.com From mmontgomery at theplanet.com Tue Dec 20 18:14:49 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Tue, 20 Dec 2005 12:14:49 -0600 Subject: [Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.) In-Reply-To: <1135102169.10596.36.camel@localhost> References: <1135099890.10591.17.camel@localhost> <1135100427.3037.2.camel@portahog> <43A84771.8020506@broadcom.com> <1135102169.10596.36.camel@localhost> Message-ID: <1135102489.10591.39.camel@localhost> I was installing old netscape-communicator when I posted last, and the db's it created got me further: Dec 20 12:07:02 solarisldap nscd[2100]: libldap: CERT_VerifyCertName: cert server name 'server-cert' does not match 'ldapserver': SSL connection denied Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 85 Mesg: openConnection: simple bind failed - Timed out Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 7 Mesg: Session error no available conn. So at least I got here... I'll look around some more to try and disable this verifycertname crap, or re-create the cert correctly. Thanks again. On Tue, 2005-12-20 at 12:09 -0600, Michael Montgomery wrote: > Thanks, I'll give these a shot... > > On Tue, 2005-12-20 at 10:03 -0800, George Holbert wrote: > > > > > > Solaris 8 and Solaris 9 look for cert7.db, not cert8.db. > > > > Furthermore, > > Some versions of certutil will generate a certificate DB called > > cert7.db, but Solaris still won't like it. > > > > I've found that certutil as bundled in the Sun DSRK works well for > > generating Solaris client cert DBs: > > http://www.sun.com/download/products.xml?id=3f74a0db > > > > NSS 3.3.2 should also work: > > http://www.mozilla.org/projects/security/pki/nss/release_notes_332.html > > > > > From warthog at warthogsolutions.com Tue Dec 20 18:27:59 2005 From: warthog at warthogsolutions.com (Jamie McKnight) Date: Tue, 20 Dec 2005 13:27:59 -0500 Subject: [Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.) In-Reply-To: <1135101970.10591.34.camel@localhost> References: <1135099890.10591.17.camel@localhost> <1135100427.3037.2.camel@portahog> <1135101970.10591.34.camel@localhost> Message-ID: <1135103280.3037.18.camel@portahog> On Tue, 2005-12-20 at 12:06 -0600, Michael Montgomery wrote: > Thanks for the info... but > > I don't have netscape installed on this solaris server, so i can't use > it to create the db. I found a certutil package that seems to create > old db files here: > > http://www.gurulabs.com/goodies/downloads.php > > I guess I could install a really old version of netscape on my desktop > machine, and use it, but is there an easier way to go about this, as > trying to import the server cert gives this: > > bash-3.00# /usr/local/bin/certutil -A -n "CA certificate" > -i /root/cert.crt -t > "CTu,u,u" > certutil: could not obtain certificate from file: Failure to load > dynamic library. George Holbert's reply has some links you might try. I think that if you use the "Install Everything + OEM" aka SUNWCXall installation option for Solaris 9, you should also have the sunone directory server software installed. It might (can't remember for sure at the moment) have a certutil you can use. grep certutil /var/sadm/install/contents would tell you for sure. I have also noticed that certutil is picky about where it runs, and needs a library in cwd when you run it in some instances (seen this with SunOne Directory Server 5.2 running under linux, look at the ~dsroot/alias dir as it has a .so lib there for certutil IIRC). Good luck. If you have any issues once getting it in cert7.db format with your SSL connections just shout. At my day job, I currently have 300+ Solaris 8/Solaris 9 servers running in tls:simple mode. > > Thanks again for any help you can offer. No problem. Sorry for being short on the first email (and thanks George for covering my lack of additional info), was short on time, and wanted to get the info about cert7.db out. Jamie From mmontgomery at theplanet.com Tue Dec 20 18:35:27 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Tue, 20 Dec 2005 12:35:27 -0600 Subject: [Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.) In-Reply-To: <1135103280.3037.18.camel@portahog> References: <1135099890.10591.17.camel@localhost> <1135100427.3037.2.camel@portahog> <1135101970.10591.34.camel@localhost> <1135103280.3037.18.camel@portahog> Message-ID: <1135103727.10591.46.camel@localhost> Thanks everyone for all of your help. I just got it working, and the : Dec 20 12:22:17 solarisldap nscd[2377]: libldap: CERT_VerifyCertName: cert server name 'server-cert' does not match 'ldapserver': SSL connection denied Issue was simply an /etc/hosts problem. Once I looked closely at the CA, and server cert, and didn't notice "ldapserver", I though it must be nsswitch/hosts issues. I found the problem in /etc/hosts, corrected it, re-ran ldapclient, and hallelujah, it works: # id mmontgomery uid=1000(mmontgomery) gid=10000(UnixIS) Thanks, once again, for all of your help in getting this working. Have a good day. On Tue, 2005-12-20 at 13:27 -0500, Jamie McKnight wrote: > On Tue, 2005-12-20 at 12:06 -0600, Michael Montgomery wrote: > > Thanks for the info... but > > > > I don't have netscape installed on this solaris server, so i can't use > > it to create the db. I found a certutil package that seems to create > > old db files here: > > > > http://www.gurulabs.com/goodies/downloads.php > > > > I guess I could install a really old version of netscape on my desktop > > machine, and use it, but is there an easier way to go about this, as > > trying to import the server cert gives this: > > > > bash-3.00# /usr/local/bin/certutil -A -n "CA certificate" > > -i /root/cert.crt -t > > "CTu,u,u" > > certutil: could not obtain certificate from file: Failure to load > > dynamic library. > > George Holbert's reply has some links you might try. I think that if > you use the "Install Everything + OEM" aka SUNWCXall installation option > for Solaris 9, you should also have the sunone directory server software > installed. It might (can't remember for sure at the moment) have a > certutil you can use. grep certutil /var/sadm/install/contents would > tell you for sure. > > I have also noticed that certutil is picky about where it runs, and > needs a library in cwd when you run it in some instances (seen this with > SunOne Directory Server 5.2 running under linux, look at the > ~dsroot/alias dir as it has a .so lib there for certutil IIRC). > > Good luck. If you have any issues once getting it in cert7.db format > with your SSL connections just shout. At my day job, I currently have > 300+ Solaris 8/Solaris 9 servers running in tls:simple mode. > > > > > > Thanks again for any help you can offer. > > No problem. Sorry for being short on the first email (and thanks George > for covering my lack of additional info), was short on time, and wanted > to get the info about cert7.db out. > > Jamie > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Michael Montgomery Systems Administrator http://theplanet.com From warthog at warthogsolutions.com Tue Dec 20 18:35:40 2005 From: warthog at warthogsolutions.com (Jamie McKnight) Date: Tue, 20 Dec 2005 13:35:40 -0500 Subject: [Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.) In-Reply-To: <1135102489.10591.39.camel@localhost> References: <1135099890.10591.17.camel@localhost> <1135100427.3037.2.camel@portahog> <43A84771.8020506@broadcom.com> <1135102169.10596.36.camel@localhost> <1135102489.10591.39.camel@localhost> Message-ID: <1135103740.3037.26.camel@portahog> On Tue, 2005-12-20 at 12:14 -0600, Michael Montgomery wrote: > I was installing old netscape-communicator when I posted last, and the db's it created got me further: > > Dec 20 12:07:02 solarisldap nscd[2100]: libldap: CERT_VerifyCertName: cert server name 'server-cert' does not match 'ldapserver': SSL connection denied > Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 85 Mesg: openConnection: simple bind failed - Timed out > Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 7 Mesg: Session error no available conn. > > So at least I got here... I'll look around some more to try and disable this verifycertname crap, or re-create the cert correctly. > > Thanks again. I almost mentioned this in my last reply 8-) I have not seen a way to turn off the cert name verification. I fix this with a local entry on each Solaris client in /etc/hosts that lists the fqdn of the ldap server first (matches the cert name). If your internal dns has the correct name, make sure the hosts line in /etc/nsswitch.conf points to files and then dns (or which ever order you prefer). The key is to make sure the first name returned while looking up the ip addr of your ldap server matches the name on the cert. Jamie From del at babel.com.au Tue Dec 20 20:19:30 2005 From: del at babel.com.au (Del) Date: Wed, 21 Dec 2005 07:19:30 +1100 Subject: [Fedora-directory-users] (no subject) In-Reply-To: <1135091534.21559.47.camel@fast.dss.state.va.us> References: <1135091534.21559.47.camel@fast.dss.state.va.us> Message-ID: <43A86752.2030400@babel.com.au> Steve Saady wrote: > I am trying to migrate from OpenLDAP to Fedora-DS. The LDAPImport utility seems like the fastest and easiest way to do it. Unfortunately, for me, it fails. At the command line, it reports: > "Can't call method "get_value" on an undefined value at > LdapConnectionManager.pm line 486, line 9." Send me some more information on this, including what you have input to the various questions asked by LdapImport up to that point. Send to del at babel.com.au rather than the list. -- Del From minfrin at sharp.fm Tue Dec 20 22:15:18 2005 From: minfrin at sharp.fm (Graham Leggett) Date: Wed, 21 Dec 2005 00:15:18 +0200 Subject: [Fedora-directory-users] DS equivalent of "access to": setting permissions for writing Message-ID: <43A88276.5000002@sharp.fm> Hi all, In openldap, the "access to" directive allows you to set the permissions on writing to attributes. Is there a howto on how to configure the same thing within Fedora DS? Regards, Graham -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3220 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Dec 20 22:46:29 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 20 Dec 2005 15:46:29 -0700 Subject: [Fedora-directory-users] DS equivalent of "access to": setting permissions for writing In-Reply-To: <43A88276.5000002@sharp.fm> References: <43A88276.5000002@sharp.fm> Message-ID: <43A889C5.90001@redhat.com> Graham Leggett wrote: > Hi all, > > In openldap, the "access to" directive allows you to set the > permissions on writing to attributes. Is there a howto on how to > configure the same thing within Fedora DS? Fedora DS access control is very powerful and flexible. You should probably start with this: http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#997355 Also, look at the acis in the Example.ldif file under /opt/fedora-ds/slapd-yourhost/ldif > > Regards, > Graham > -- > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From aaron at theblissfamily.org Wed Dec 21 01:21:48 2005 From: aaron at theblissfamily.org (Aaron Bliss) Date: Tue, 20 Dec 2005 20:21:48 -0500 Subject: [Fedora-directory-users] need help with ldap and sshd Message-ID: <43A8AE2C.70506@theblissfamily.org> Things seem to be working well the directory server, however I've ran into 2 problems. 1. I can't figure out how to configure sshd to authenticate to the ldap server. 2. This may acutally not be a problem at all when I address number 1, however ldap home directories are not being created despite having this line in my /etc/pam.d/login file session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 I've only verified that number 2. is an issue over ssh, as such may not be an acutal issue at all. Any thoughts? thanks again. -------------- next part -------------- An HTML attachment was scrubbed... URL: From prowley at redhat.com Wed Dec 21 01:52:56 2005 From: prowley at redhat.com (Pete Rowley) Date: Tue, 20 Dec 2005 17:52:56 -0800 Subject: [Fedora-directory-users] need help with ldap and sshd In-Reply-To: <43A8AE2C.70506@theblissfamily.org> References: <43A8AE2C.70506@theblissfamily.org> Message-ID: <43A8B578.8010001@redhat.com> Aaron Bliss wrote: > > Things seem to be working well the directory server, however I've ran > into 2 problems. > 1. I can't figure out how to configure sshd to authenticate to the ldap > server. See below: > 2. This may acutally not be a problem at all when I address number 1, > however ldap home directories are not being created despite having this > line in my /etc/pam.d/login file > session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 You need it in your /etc/pam.d/sshd file. Which from 1), sounds like you don't have one :) -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From aaron at theblissfamily.org Wed Dec 21 02:50:24 2005 From: aaron at theblissfamily.org (Aaron Bliss) Date: Tue, 20 Dec 2005 21:50:24 -0500 Subject: [Fedora-directory-users] need help with ldap and sshd In-Reply-To: <43A8B578.8010001@redhat.com> References: <43A8AE2C.70506@theblissfamily.org> <43A8B578.8010001@redhat.com> Message-ID: <43A8C2F0.3080603@theblissfamily.org> Pete Rowley wrote: > Aaron Bliss wrote: > >> >> Things seem to be working well the directory server, however I've ran >> into 2 problems. >> 1. I can't figure out how to configure sshd to authenticate to the ldap >> server. > > > See below: > >> 2. This may acutally not be a problem at all when I address number 1, >> however ldap home directories are not being created despite having this >> line in my /etc/pam.d/login file >> session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 > > > You need it in your /etc/pam.d/sshd file. Which from 1), sounds like > you don't have one :) > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > Thanks for getting back to me; what should a properly formatted /etc/pam.d/sshd file for rhel4 or rhel3 look like? Aaron -------------- next part -------------- An HTML attachment was scrubbed... URL: From Shocque at verspieren.com Wed Dec 21 09:02:58 2005 From: Shocque at verspieren.com (HOCQUE Steve) Date: Wed, 21 Dec 2005 10:02:58 +0100 Subject: [Fedora-directory-users] REPLICA HAS NO UPDATE VECTOR ... Message-ID: <4CEBBC49B0EAF8408B51BD5E3B164DB5AC0061@vnrxad03.verspieren.com> Hi, I'm trying to configure FDS 1.0.1 with Active Directory. I configure the Sync Agreement and the 'Full Re-Synchronization' works well. When i want to make an update : Send and Receive Updates Now, the message "Replica has no update vector. It has never been initialized" is displayed. What i have to do to solve this issue ? Many thanks for your help. Regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: From horlacher at belwue.de Wed Dec 21 10:46:49 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Wed, 21 Dec 2005 11:46:49 +0100 Subject: [Fedora-directory-users] Re: setup fails, cannot start server (slapd) In-Reply-To: <43A83C2F.7000507@redhat.com> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> Message-ID: <20051221104649.GA6143@belwue.de> On Tue 2005-12-20 (10:15), Richard Megginson wrote: > >After successfully building (with dsbuild) and installing FDS on a SLES 9 > >system, the startup script hangs. > > Earlier you posted that you were having problems building on SLES 10: No, Daniel Spannbauer has problems with SuSE 10.0. I am using SLES 9. > >I have no fix for this problem. libgssapi_krb5 is missing on SLES, the > >free kerberos implementation heimdal does not contain a libgssapi_krb5 > > > >What now? > > I guess SLES 9 has the correct kerberos/gssapi packages, but not SLES 10? I solved this problem by copying the libgssapi_krb5 and companion libs from SuSE 3.3 to my SLES 9 into /usr/local/lib (a rpm-based installation was not possible due to version conflicts with other packages). With this I was able to run dsbuild sucessfully. I have now FDS RPMs for SLES 9: -rw-r--r-- framstag users 28.833.422 2005-12-19 12:59:53 dsbuild/ds/ldapserver/work/fedora-ds-1.0.1-1.Linux.i586.opt.rpm -rw-r--r-- framstag users 793.310 2005-12-19 11:58:52 dsbuild/ds/setuputil/work/12.19/fedora-setuputil-devel-1.0-1.Linux2.6.i586.opt.rpm > >Then, some questions later, I got the infinitive loop: > > > > [slapd-lanldap2]: starting up server ... > > [slapd-lanldap2]: Attempting to obtain server status . . . > > [slapd-lanldap2]: Attempting to obtain server status . . . > > [slapd-lanldap2]: Attempting to obtain server status . . . > > > > > > You will need to look at slapd-lanldap2/logs/errors - there should be > some clue there. The directory /opt/fedora-ds/slapd-lanldap2/logs exists, but is empty. > >I terminated setup and rerun it. Now I got: > > This doesn't work. setup is not idempotent. You will have to remove > your installation and reinstall. Good to know :-) One should add this to the FAQ or Installation Guide. > But the real key is to find out why the server did not start. Also look > for core files in slapd-lanldap2/logs or bin/slapd/server No core-dumps: lanldap2:/opt/fedora-ds# find . | grep core ./bin/slapd/install/schema/00core.ldif ./setup/svrcore ./setup/svrcore/svrcore.inf ./slapd-lanldap2/config/schema/00core.ldif lanldap2:/opt/fedora-ds# -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From rmeggins at redhat.com Wed Dec 21 14:44:27 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 21 Dec 2005 07:44:27 -0700 Subject: [Fedora-directory-users] Re: setup fails, cannot start server (slapd) In-Reply-To: <20051221104649.GA6143@belwue.de> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> <20051221104649.GA6143@belwue.de> Message-ID: <43A96A4B.3040204@redhat.com> Ulli Horlacher wrote: >On Tue 2005-12-20 (10:15), Richard Megginson wrote: > > > >>>After successfully building (with dsbuild) and installing FDS on a SLES 9 >>>system, the startup script hangs. >>> >>> >>Earlier you posted that you were having problems building on SLES 10: >> >> > >No, Daniel Spannbauer has problems with SuSE 10.0. >I am using SLES 9. > > Oh, sorry. > > > >>>I have no fix for this problem. libgssapi_krb5 is missing on SLES, the >>>free kerberos implementation heimdal does not contain a libgssapi_krb5 >>> >>>What now? >>> >>> >>I guess SLES 9 has the correct kerberos/gssapi packages, but not SLES 10? >> >> > >I solved this problem by copying the libgssapi_krb5 and companion libs >from SuSE 3.3 to my SLES 9 into /usr/local/lib (a rpm-based installation >was not possible due to version conflicts with other packages). > >With this I was able to run dsbuild sucessfully. I have now FDS RPMs for >SLES 9: >-rw-r--r-- framstag users 28.833.422 2005-12-19 12:59:53 dsbuild/ds/ldapserver/work/fedora-ds-1.0.1-1.Linux.i586.opt.rpm >-rw-r--r-- framstag users 793.310 2005-12-19 11:58:52 dsbuild/ds/setuputil/work/12.19/fedora-setuputil-devel-1.0-1.Linux2.6.i586.opt.rpm > > Ok. > > > > >>>Then, some questions later, I got the infinitive loop: >>> >>> [slapd-lanldap2]: starting up server ... >>> [slapd-lanldap2]: Attempting to obtain server status . . . >>> [slapd-lanldap2]: Attempting to obtain server status . . . >>> [slapd-lanldap2]: Attempting to obtain server status . . . >>> >>> >>> >>> >>You will need to look at slapd-lanldap2/logs/errors - there should be >>some clue there. >> >> > >The directory /opt/fedora-ds/slapd-lanldap2/logs exists, but is empty. > > So, no server, and no core. I guess the next thing to do is when you get to this point, go ahead and break setup (just Ctrl-C). Then, run start-setup with a high debug level e.g. start-slapd -d 1 If you don't get any useful information from level 1, you can use -d 131071 to get an enormous amount of output. That should give us some clues as to why the server is not starting. > > > >>>I terminated setup and rerun it. Now I got: >>> >>> >>This doesn't work. setup is not idempotent. You will have to remove >>your installation and reinstall. >> >> > >Good to know :-) >One should add this to the FAQ or Installation Guide. > > Ok. > > > > >>But the real key is to find out why the server did not start. Also look >>for core files in slapd-lanldap2/logs or bin/slapd/server >> >> > >No core-dumps: > >lanldap2:/opt/fedora-ds# find . | grep core >./bin/slapd/install/schema/00core.ldif >./setup/svrcore >./setup/svrcore/svrcore.inf >./slapd-lanldap2/config/schema/00core.ldif >lanldap2:/opt/fedora-ds# > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jsummers at bachman.cs.ou.edu Wed Dec 21 15:08:44 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Wed, 21 Dec 2005 09:08:44 -0600 Subject: [Fedora-directory-users] Account Expiration Warning Message-ID: <43A96FFC.7070600@cs.ou.edu> Hello List, Having been troubled in the past with account expiration on an iplanet5.1 server with linux clients, I wanted to get this working during my evaluation / testing of FDS. I have enabled the password policy on the FDS and set the ldap.conf entries necessary to get this working. Upon doing this and then logging in and out, new fields appear in the people container for that account. Such as passwordexpirationtime, passwordretrycount, etc... All is working, such as, a passwd change will update the necessary fields for the correct length of time reset counts, etc... When testing the password expiration warning I stumbled onto the issue, that I do not get an actual "Your password will expire in XX days" message. I do see where the field, passwordexpwarned is set to "1", but I do not ever get an actual message. The way I am testing is to set the policy to warn the user, 3 days in advance. Then I set the passwordexpiratontime to a date less than three days away. Then attempt to log in. Login is ok, but no warning of the impending doom about to strike the account. If I actually set the expirationtime to a time less than the current, then I can login until passwordusergracetime is GE the allowed number of logins after the password expiration. At which time I get a message that the password expired and it must be changed immediately, at which time the connection immediately closes and the password cannot be changed! No log entries in error, so I am not sure what I have overlooked? Any advice or suggestions? Also when doing an ldapsearch and binding as an admin user I can not see the entries for the passwordXXXXXXX fields. Is there a certain ldapsearch switch to see those? Possibly an ACI missing on my part? TIA -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From vestrum at msi.umn.edu Wed Dec 21 15:15:34 2005 From: vestrum at msi.umn.edu (John A Vestrum) Date: Wed, 21 Dec 2005 09:15:34 -0600 Subject: [Fedora-directory-users] need help with ldap and sshd In-Reply-To: <43A8C2F0.3080603@theblissfamily.org> References: <43A8AE2C.70506@theblissfamily.org> <43A8B578.8010001@redhat.com> <43A8C2F0.3080603@theblissfamily.org> Message-ID: <20051221151534.GD28991@tsunami.msi.umn.edu> > > Thanks for getting back to me; what should a properly formatted > /etc/pam.d/sshd file for rhel4 or rhel3 look like? > > Aaron You might try using authconfig to get a working set of pam files, and then tweak from there. On my rhel4 machine, /etc/pam.d/sshd and many other services just uses pam_stack to inherit the config from /etc/pam.d/system-auth. /etc/pam.d/sshd: auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_loginuid.so It sould like you have a working /etc/pam.d/login, so use that as a guide for editing your system-auth. Also make sure you have "UsePAM yes" in your sshd_config. -- John Vestrum From rhds at caerdroia.org Wed Dec 21 15:47:23 2005 From: rhds at caerdroia.org (Jeff Medcalf) Date: Wed, 21 Dec 2005 09:47:23 -0600 Subject: [Fedora-directory-users] Account Expiration Warning In-Reply-To: <43A96FFC.7070600@cs.ou.edu> References: <43A96FFC.7070600@cs.ou.edu> Message-ID: <8D1AC818-432E-41FB-845E-09BF542313F7@caerdroia.org> On Dec 21, 2005, at 9:08 AM, Jim Summers wrote > Also when doing an ldapsearch and binding as an admin user I can > not see the entries for the passwordXXXXXXX fields. Is there a > certain ldapsearch switch to see those? Possibly an ACI missing on > my part? This is by design. The intent is that certain fields should not be returned unless they are explicitly specified. If you do your search like this: ldapsearch -D admin_user_dn -w admin_user_pw -b base filter * passwordexpirationtime You should get the normal fields plus the passwordexpirationtime. -jeff -- Jeff Medcalf jeff at caerdroia.org From horlacher at belwue.de Wed Dec 21 16:07:27 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Wed, 21 Dec 2005 17:07:27 +0100 Subject: [Fedora-directory-users] Re: setup fails, cannot start server (slapd) In-Reply-To: <43A96A4B.3040204@redhat.com> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> <20051221104649.GA6143@belwue.de> <43A96A4B.3040204@redhat.com> Message-ID: <20051221160727.GA8603@belwue.de> On Wed 2005-12-21 (07:44), Richard Megginson wrote: > So, no server, and no core. I guess the next thing to do is when you > get to this point, go ahead and break setup (just Ctrl-C). Ok. > Then, run start-setup with a high debug level e.g. start-slapd -d 1 Sorry, but there is neither start-setup nor start-slapd: lanldap2:/opt/src# find /opt/fedora-ds/ | grep start-setup lanldap2:/opt/src# find /opt/fedora-ds/ | grep start-slapd lanldap2:/opt/src# find /opt/fedora-ds/ | grep start- /opt/fedora-ds/java/html/en/start-console.html /opt/fedora-ds/java/html/start-console.html /opt/fedora-ds/setup/adminserver-start-admin.patch /opt/fedora-ds/shared/config/template/restart-admin.tmpl /opt/fedora-ds/shared/config/template/start-admin.tmpl -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Computing Centre Universitaet Stuttgart (RUS) Allmandring 30, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From warthog at warthogsolutions.com Wed Dec 21 16:32:46 2005 From: warthog at warthogsolutions.com (Jamie McKnight) Date: Wed, 21 Dec 2005 11:32:46 -0500 Subject: [Fedora-directory-users] Account Expiration Warning In-Reply-To: <43A96FFC.7070600@cs.ou.edu> References: <43A96FFC.7070600@cs.ou.edu> Message-ID: <1135182766.7331.20.camel@ra> On Wed, 2005-12-21 at 09:08 -0600, Jim Summers wrote: > Hello List, > > Having been troubled in the past with account expiration on an > iplanet5.1 server with linux clients, I wanted to get this working > during my evaluation / testing of FDS. > > I have enabled the password policy on the FDS and set the ldap.conf > entries necessary to get this working. Upon doing this and then > logging in and out, new fields appear in the people container for that > account. Such as passwordexpirationtime, passwordretrycount, etc... All > is working, such as, a passwd change will update the necessary fields > for the correct length of time reset counts, etc... > > When testing the password expiration warning I stumbled onto the issue, > that I do not get an actual "Your password will expire in XX days" > message. I do see where the field, passwordexpwarned is set to "1", but > I do not ever get an actual message. > > The way I am testing is to set the policy to warn the user, 3 days in > advance. Then I set the passwordexpiratontime to a date less than three > days away. Then attempt to log in. Login is ok, but no warning of the > impending doom about to strike the account. > > If I actually set the expirationtime to a time less than the current, > then I can login until passwordusergracetime is GE the allowed number of > logins after the password expiration. At which time I get a message > that the password expired and it must be changed immediately, at which > time the connection immediately closes and the password cannot be changed! > > No log entries in error, so I am not sure what I have overlooked? > I just tested this against FDS 1.0.1 with CentOS 4.2 as the client. I can get it to spit out the "Your LDAP password will expire in blah days" message. How is your /etc/ldap.conf and /etc/pam.d/system-auth and /etc/pam.d/sshd files set up? Make sure you have pam_lookup_policy yes in /etc/ldap.conf, and that your pam stack is set up for pam_ldap authentication. Also, if you are using a proxy agent, the proxy agent must not be able to see the userPassword attribute, or you will end up authenticating via pam_unix, and not pam_ldap. If you have all of this setup this way already, I am not sure why you don't see the warning. In my testing however, I did notice something happening that should not be. I set the time in passwordexpirationtime to tomorrow, and the password policy is set to warn 14 days before the password expires. On my first login I get the message: Your LDAP password will expire in 14 days. Which is not correct, it should have said '1 day'. After this message is sent, my next login shows this: Your LDAP password will expire in 13 days. Which is still not correct. Looking at the entry at this point shows that it reset the passwordexpirationtime to something in the future (roughly looks like 14 days, which matches what I put in for warn days), which is also not something that should be done. passwordexpirationtime attribute should only be modified when the user actually modifies/changes their password. Not sure how to start helping with getting info to the right folks to help troubleshoot/fix this, but I am willing to help out as much as I can. I know this works in SunOne Directory Server 5.2 with RHEL3/4 and Solaris 8/9 clients so I am pretty certain this is not an issue on the client end (although I have been know to be wrong on occasion 8-). Jamie From rmeggins at redhat.com Wed Dec 21 17:58:22 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 21 Dec 2005 10:58:22 -0700 Subject: [Fedora-directory-users] Re: setup fails, cannot start server (slapd) In-Reply-To: <20051221160727.GA8603@belwue.de> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> <20051221104649.GA6143@belwue.de> <43A96A4B.3040204@redhat.com> <20051221160727.GA8603@belwue.de> Message-ID: <43A997BE.8050304@redhat.com> Strange. That means setup is failing pretty early in the post install process. I assume you are installing from RPM. Take a look at the setup log file. If you break setup, it should be in /tmp/logXXXXX where XXXXX are some random chars. If that still shows nothing, then I'm not really sure what else to do, except debug postinstall. If you take a look at line 509 in the /opt/fedora-ds/setup/setup shell script, that's the command that runs the ns-update shell script. You can probably do a set -xv in that shell script. That shell script in turn runs ds_create which creates and starts the initial directory server instance. You will need to edit ns-update to run ds_create under strace, or possibly even gdb. Ulli Horlacher wrote: >On Wed 2005-12-21 (07:44), Richard Megginson wrote: > > > >>So, no server, and no core. I guess the next thing to do is when you >>get to this point, go ahead and break setup (just Ctrl-C). >> >> > >Ok. > > > > >>Then, run start-setup with a high debug level e.g. start-slapd -d 1 >> >> > >Sorry, but there is neither start-setup nor start-slapd: > >lanldap2:/opt/src# find /opt/fedora-ds/ | grep start-setup >lanldap2:/opt/src# find /opt/fedora-ds/ | grep start-slapd >lanldap2:/opt/src# find /opt/fedora-ds/ | grep start- >/opt/fedora-ds/java/html/en/start-console.html >/opt/fedora-ds/java/html/start-console.html >/opt/fedora-ds/setup/adminserver-start-admin.patch >/opt/fedora-ds/shared/config/template/restart-admin.tmpl >/opt/fedora-ds/shared/config/template/start-admin.tmpl > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jsummers at bachman.cs.ou.edu Wed Dec 21 18:27:04 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Wed, 21 Dec 2005 12:27:04 -0600 Subject: [Fedora-directory-users] Account Expiration Warning In-Reply-To: <1135182766.7331.20.camel@ra> References: <43A96FFC.7070600@cs.ou.edu> <1135182766.7331.20.camel@ra> Message-ID: <43A99E78.3090305@cs.ou.edu> Jamie McKnight wrote: > On Wed, 2005-12-21 at 09:08 -0600, Jim Summers wrote: > >>Hello List, >> >>Having been troubled in the past with account expiration on an >>iplanet5.1 server with linux clients, I wanted to get this working >>during my evaluation / testing of FDS. >> >>I have enabled the password policy on the FDS and set the ldap.conf >>entries necessary to get this working. Upon doing this and then >>logging in and out, new fields appear in the people container for that >>account. Such as passwordexpirationtime, passwordretrycount, etc... All >>is working, such as, a passwd change will update the necessary fields >>for the correct length of time reset counts, etc... >> >>When testing the password expiration warning I stumbled onto the issue, >>that I do not get an actual "Your password will expire in XX days" >>message. I do see where the field, passwordexpwarned is set to "1", but >>I do not ever get an actual message. >> >>The way I am testing is to set the policy to warn the user, 3 days in >>advance. Then I set the passwordexpiratontime to a date less than three >>days away. Then attempt to log in. Login is ok, but no warning of the >>impending doom about to strike the account. >> >>If I actually set the expirationtime to a time less than the current, >>then I can login until passwordusergracetime is GE the allowed number of >>logins after the password expiration. At which time I get a message >>that the password expired and it must be changed immediately, at which >>time the connection immediately closes and the password cannot be changed! >> >>No log entries in error, so I am not sure what I have overlooked? >> > > > I just tested this against FDS 1.0.1 with CentOS 4.2 as the client. I > can get it to spit out the "Your LDAP password will expire in blah days" > message. How is your /etc/ldap.conf and /etc/pam.d/system-auth =SYSTEM_AUTH= #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so ============= > and /etc/pam.d/sshd files set up? =SSHD= #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_selinux.so session required pam_stack.so service=system-auth session required pam_limits.so session optional pam_console.so ============= Make sure you have > > pam_lookup_policy yes Verified. > > in /etc/ldap.conf, and that your pam stack is set up for pam_ldap > authentication. Also, if you are using a proxy agent, the proxy agent > must not be able to see the userPassword attribute, or you will end up > authenticating via pam_unix, and not pam_ldap. This could be the problem. I am using a proxy and not sure how to test what you are saying. If I do an ldasearch such as: ldapsearch -x -ZZ '(uid=tulsa)' then that should bind via the entries in ldap.conf hence use the config'd proxy, correct? Then if that search shows a userPassword then that would confirm pam_unix usage? Not sure how to stop it if it is using pam_unix? Thanks, jim If you have all of this > setup this way already, I am not sure why you don't see the warning. > > In my testing however, I did notice something happening that should not > be. I set the time in passwordexpirationtime to tomorrow, and the > password policy is set to warn 14 days before the password expires. On > my first login I get the message: > > Your LDAP password will expire in 14 days. > > Which is not correct, it should have said '1 day'. After this message > is sent, my next login shows this: > > Your LDAP password will expire in 13 days. > > Which is still not correct. Looking at the entry at this point shows > that it reset the passwordexpirationtime to something in the future > (roughly looks like 14 days, which matches what I put in for warn days), > which is also not something that should be done. passwordexpirationtime > attribute should only be modified when the user actually > modifies/changes their password. > > Not sure how to start helping with getting info to the right folks to > help troubleshoot/fix this, but I am willing to help out as much as I > can. > > I know this works in SunOne Directory Server 5.2 with RHEL3/4 and > Solaris 8/9 clients so I am pretty certain this is not an issue on the > client end (although I have been know to be wrong on occasion 8-). > > Jamie > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From warthog at warthogsolutions.com Wed Dec 21 19:09:59 2005 From: warthog at warthogsolutions.com (Jamie McKnight) Date: Wed, 21 Dec 2005 14:09:59 -0500 Subject: [Fedora-directory-users] Account Expiration Warning In-Reply-To: <43A99E78.3090305@cs.ou.edu> References: <43A96FFC.7070600@cs.ou.edu> <1135182766.7331.20.camel@ra> <43A99E78.3090305@cs.ou.edu> Message-ID: <1135192199.8022.6.camel@ra> > > > > > in /etc/ldap.conf, and that your pam stack is set up for pam_ldap > > authentication. Also, if you are using a proxy agent, the proxy agent > > must not be able to see the userPassword attribute, or you will end up > > authenticating via pam_unix, and not pam_ldap. > > This could be the problem. I am using a proxy and not sure how to test > what you are saying. If I do an ldasearch such as: > > ldapsearch -x -ZZ '(uid=tulsa)' > > then that should bind via the entries in ldap.conf hence use the > config'd proxy, correct? Then if that search shows a userPassword then > that would confirm pam_unix usage? Not sure how to stop it if it is > using pam_unix? > That's correct, if you can do a ldapsearch and bind as the proxyagent and you see the userPassword attribute returned, then the directory server has an ACI that allows read for your proxy agent of the userPassword attribute. You can just remove that ACI and it should at that point not return the userPassword field, and pam_ldap authentication would take place then. For example: ldapsearch -x -h ldapsrv -D "cn=proxyid,dc=blah" -W -b "ou=people,dc=blah" uid=tulsa Where -D is the id listed as proxyagent in ldap.conf, and the password supplied is for that id. If userPassword is returned then you know what is going on. If this is not what is happening, check and make sure you don't have rootbinddn and /etc/ldap.secret set up. If it is actually binding as your rootdn then that is what it could be as well. Jamie From dshackel at arbor.edu Wed Dec 21 20:02:10 2005 From: dshackel at arbor.edu (Daniel Shackelford) Date: Wed, 21 Dec 2005 15:02:10 -0500 Subject: [Fedora-directory-users] Multiple sync agreements Message-ID: <43A9B4C2.3090404@arbor.edu> Howdy, I am running FDS 1.0.1 and am syncing with AD on Win2003. All is well. I have a question about the way that 2 sync agreements would work. We are syncing the People OU, but our groups are in a sibling OU in AD, and are not synced. If I setup a second agreement for the groups, with the group membership be synchronized correctly? I guesss I am asking if the group membership needs to be synced using the same agreement that syncs the users. -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 From sboggs at TrustedCS.com Wed Dec 21 20:53:34 2005 From: sboggs at TrustedCS.com (Scott Boggs) Date: Wed, 21 Dec 2005 15:53:34 -0500 Subject: [Fedora-directory-users] PassSync/WinSync Message-ID: <36282A1733C57546BE392885C0618592F1B72B@chaos.tcs.tcs-sec.com> I think I almost have my PassSync working for AD interaction. However, I am getting the following error, which appears to be stopping the population of user accounts information. The groups come across fine. conn=0 op=7 SRCH base="cn=MCC ou=People dc=client dc=TestSvr, cn=userRoot, cn=ldbm database, cn=plugins, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="dn" [21/Dec/2005:14:37:57 -0600] conn=0 op=7 RESULT err=32 tag=101 nentries=0 etime=0 This is the only error I can find in the access log, the error log is complaining about the "sn" attribute being missing for the Guest account but that is it. My SSL seems to be working (that is I don't see any errors). Can anyone help me over this last hurdle? Thanks in Advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Dec 21 20:54:15 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 21 Dec 2005 13:54:15 -0700 Subject: [Fedora-directory-users] PassSync/WinSync In-Reply-To: <36282A1733C57546BE392885C0618592F1B72B@chaos.tcs.tcs-sec.com> References: <36282A1733C57546BE392885C0618592F1B72B@chaos.tcs.tcs-sec.com> Message-ID: <43A9C0F7.4010403@redhat.com> Scott Boggs wrote: > I think I almost have my PassSync working for AD interaction. > > However, I am getting the following error, which appears to be > stopping the population of user accounts information. The groups come > across fine. > > conn=0 op=7 SRCH base="cn=MCC ou=People dc=client dc=TestSvr, > cn=userRoot, cn=ldbm database, cn=plugins, cn=config" scope=0 > filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="dn" > > [21/Dec/2005:14:37:57 -0600] conn=0 op=7 RESULT err=32 tag=101 > nentries=0 etime=0 > This is just a normal event when using the console, if you don't have a browsing index (VLV index) configured. You can ignore this. It has nothing to do with winsync. > This is the only error I can find in the access log, the error log is > complaining about the ?sn? attribute being missing for the Guest > account but that is it. My SSL seems to be working (that is I don?t > see any errors). > > Can anyone help me over this last hurdle? Thanks in Advance. > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From aaron at theblissfamily.org Wed Dec 21 20:59:36 2005 From: aaron at theblissfamily.org (Aaron Bliss) Date: Wed, 21 Dec 2005 15:59:36 -0500 (EST) Subject: [Fedora-directory-users] need help with ldap and sshd In-Reply-To: <20051221151534.GD28991@tsunami.msi.umn.edu> References: <43A8AE2C.70506@theblissfamily.org> <43A8B578.8010001@redhat.com> <43A8C2F0.3080603@theblissfamily.org> <20051221151534.GD28991@tsunami.msi.umn.edu> Message-ID: <37120.70.98.203.225.1135198776.squirrel@www.theblissfamily.org> >> >> Thanks for getting back to me; what should a properly formatted >> /etc/pam.d/sshd file for rhel4 or rhel3 look like? >> >> Aaron > > You might try using authconfig to get a working set of pam files, and then > tweak from there. On my rhel4 machine, /etc/pam.d/sshd and many other > services just uses pam_stack to inherit the config from > /etc/pam.d/system-auth. > > /etc/pam.d/sshd: > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > account required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > session required pam_stack.so service=system-auth > session required pam_loginuid.so > > It sould like you have a working /etc/pam.d/login, so use that as a guide > for editing your system-auth. Also make sure you have "UsePAM yes" in your > sshd_config. > > -- > John Vestrum > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > I was missing UsePAM yes; all is working now From rmeggins at redhat.com Wed Dec 21 21:04:47 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 21 Dec 2005 14:04:47 -0700 Subject: [Fedora-directory-users] need help with ldap and sshd In-Reply-To: <37120.70.98.203.225.1135198776.squirrel@www.theblissfamily.org> References: <43A8AE2C.70506@theblissfamily.org> <43A8B578.8010001@redhat.com> <43A8C2F0.3080603@theblissfamily.org> <20051221151534.GD28991@tsunami.msi.umn.edu> <37120.70.98.203.225.1135198776.squirrel@www.theblissfamily.org> Message-ID: <43A9C36F.60102@redhat.com> So, what do we need to add to http://directory.fedora.redhat.com/wiki/Howto:PAM to incorporate this information? Aaron Bliss wrote: >>>Thanks for getting back to me; what should a properly formatted >>>/etc/pam.d/sshd file for rhel4 or rhel3 look like? >>> >>>Aaron >>> >>> >>You might try using authconfig to get a working set of pam files, and then >>tweak from there. On my rhel4 machine, /etc/pam.d/sshd and many other >>services just uses pam_stack to inherit the config from >>/etc/pam.d/system-auth. >> >>/etc/pam.d/sshd: >>auth required pam_stack.so service=system-auth >>auth required pam_nologin.so >>account required pam_stack.so service=system-auth >>password required pam_stack.so service=system-auth >>session required pam_stack.so service=system-auth >>session required pam_loginuid.so >> >>It sould like you have a working /etc/pam.d/login, so use that as a guide >>for editing your system-auth. Also make sure you have "UsePAM yes" in your >>sshd_config. >> >>-- >>John Vestrum >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> >I was missing UsePAM yes; all is working now > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From aaron at theblissfamily.org Wed Dec 21 21:10:36 2005 From: aaron at theblissfamily.org (Aaron Bliss) Date: Wed, 21 Dec 2005 16:10:36 -0500 (EST) Subject: [Fedora-directory-users] auto increment/track uid and gid's In-Reply-To: <43A997BE.8050304@redhat.com> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> <20051221104649.GA6143@belwue.de> <43A96A4B.3040204@redhat.com> <20051221160727.GA8603@belwue.de> <43A997BE.8050304@redhat.com> Message-ID: <44742.70.98.203.225.1135199436.squirrel@www.theblissfamily.org> I'm looking for a way for fds to do 1 of a couple of things; 1. auto increment uid's and gid's (I saw this on the wish list, but wasn't sure if this has been implemented yet) 2. If number 1 isn't yet possible, is there an easy way to display a list of used uid and gid's? I will need to maintain this list myself, as I don't want any duplication here; It would most ideal if it were possible to view this info from the users and groups tab view from the console; if this isn't possible, perhaps someone can tell me what syntax to use from the command line to generate this list? Thanks very much. Aaron From rmeggins at redhat.com Wed Dec 21 21:23:14 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 21 Dec 2005 14:23:14 -0700 Subject: [Fedora-directory-users] auto increment/track uid and gid's In-Reply-To: <44742.70.98.203.225.1135199436.squirrel@www.theblissfamily.org> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> <20051221104649.GA6143@belwue.de> <43A96A4B.3040204@redhat.com> <20051221160727.GA8603@belwue.de> <43A997BE.8050304@redhat.com> <44742.70.98.203.225.1135199436.squirrel@www.theblissfamily.org> Message-ID: <43A9C7C2.8050408@redhat.com> Aaron Bliss wrote: >I'm looking for a way for fds to do 1 of a couple of things; >1. auto increment uid's and gid's (I saw this on the wish list, but wasn't >sure if this has been implemented yet) > > No, not yet. Would be pretty easy if you didn't care what the uid and gid were and you were using single master replication. >2. If number 1 isn't yet possible, is there an easy way to display a list >of used uid and gid's? I will need to maintain this list myself, as I >don't want any duplication here; It would most ideal if it were possible >to view this info from the users and groups tab view from the console; if >this isn't possible, perhaps someone can tell me what syntax to use from >the command line to generate this list? Thanks very much. Aaron > > ldapsearch -b dc=your,dc=suffix "objectclass=posixAccount" uidNumber | grep -v \^dn | grep -v \^\$ | sed -e 's/uidNumber: //g' | sort -n | tail >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jsummers at bachman.cs.ou.edu Wed Dec 21 21:29:45 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Wed, 21 Dec 2005 15:29:45 -0600 Subject: [Fedora-directory-users] Account Expiration Warning In-Reply-To: <1135192199.8022.6.camel@ra> References: <43A96FFC.7070600@cs.ou.edu> <1135182766.7331.20.camel@ra> <43A99E78.3090305@cs.ou.edu> <1135192199.8022.6.camel@ra> Message-ID: <43A9C949.5060708@cs.ou.edu> Jamie McKnight wrote: >>>in /etc/ldap.conf, and that your pam stack is set up for pam_ldap >>>authentication. Also, if you are using a proxy agent, the proxy agent >>>must not be able to see the userPassword attribute, or you will end up >>>authenticating via pam_unix, and not pam_ldap. >> >>This could be the problem. I am using a proxy and not sure how to test >>what you are saying. If I do an ldasearch such as: >> >>ldapsearch -x -ZZ '(uid=tulsa)' >> >>then that should bind via the entries in ldap.conf hence use the >>config'd proxy, correct? Then if that search shows a userPassword then >>that would confirm pam_unix usage? Not sure how to stop it if it is >>using pam_unix? >> > > > That's correct, if you can do a ldapsearch and bind as the proxyagent > and you see the userPassword attribute returned, then the directory > server has an ACI that allows read for your proxy agent of the > userPassword attribute. You can just remove that ACI and it should at > that point not return the userPassword field, and pam_ldap > authentication would take place then. > > For example: > > ldapsearch -x -h ldapsrv -D "cn=proxyid,dc=blah" -W -b > "ou=people,dc=blah" uid=tulsa > > Where -D is the id listed as proxyagent in ldap.conf, and the password > supplied is for that id. If userPassword is returned then you know what > is going on. > > If this is not what is happening, check and make sure you don't have > rootbinddn and /etc/ldap.secret set up. If it is actually binding as > your rootdn then that is what it could be as well. Welp, I am stumped. Running various ldapsearchs I got the results as they should be. Binding as the proxy, no userPassword, binding as an admin then I get the userPassword. I looked in /etc/ and there is not an ldap.secret file, so I guess I do not have the rootbinddn setup. I was thinking of removing the shadowExpire attributes but I am afraid if I do that then cron may stop working. Not sure at this point. Thanks, jim > > > Jamie > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From horlacher at belwue.de Thu Dec 22 07:52:43 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Thu, 22 Dec 2005 08:52:43 +0100 Subject: [Fedora-directory-users] Re: setup fails, cannot start server (slapd) In-Reply-To: <43A997BE.8050304@redhat.com> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> <20051221104649.GA6143@belwue.de> <43A96A4B.3040204@redhat.com> <20051221160727.GA8603@belwue.de> <43A997BE.8050304@redhat.com> Message-ID: <20051222075243.GB25315@belwue.de> On Wed 2005-12-21 (10:58), Richard Megginson wrote: > Strange. That means setup is failing pretty early in the post install > process. If I understand you correctly, start-setup and start-slapd are scripts which will be generated by startup/startup? > I assume you are installing from RPM. Yes, I have installed dsbuild/ds/ldapserver/work/fedora-ds-1.0.1-1.Linux.i586.opt.rpm which was generated by my dsbuild-run. BTW: do I need dsbuild/ds/setuputil/work/12.19/fedora-setuputil-devel-1.0-1.Linux2.6.i586.opt.rpm too? I have not installed it yet. > Take a look at the setup log file. If you break setup, it should be in > /tmp/logXXXXX where XXXXX are some random chars. Yes, I saw them already. I am afraid it contains no usefull info: (skipping license text) Do you accept the license terms? (yes/no) y ======================================================================= Fedora Directory Server 1.0 ======================================================================= The Fedora Directory Server is subject to the terms detailed in the license agreement file called LICENSE.txt. Late-breaking news and information on the Fedora Directory Server is available at the following location: http://directory.fedora.redhat.com Continue? (yes/no) y Fedora Directory Server system tuning analysis version 04-APRIL-2005. NOTICE : System is i686-unknown-linux2.6.5-7.201-smp (2 processors). ERROR: We support kernel version 2.4.7 and higher. NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120 minutes). This may cause temporary server congestion from lost client connections. ERROR : The above errors MUST be corrected before proceeding. Continue? (yes/no) y Please select 1, 2, or 3 (default: 2) getFQDN: hostname = lanldap2 getFQDN: host lanldap2 = lanldap2.rus.uni-stuttgart.de getFQDN: host lanldap2 has length 9 getFQDN: new max host lanldap2 has length 9 getFQDN: host lanldap2.rus.uni-stuttgart.de has length 30 getFQDN: new max host lanldap2.rus.uni-stuttgart.de has length 30 getFQDN: host lanldap2.rus.uni-stuttgart.de has length 30 getFQDN: host lanldap2 has length 9 Hostname to use (default: lanldap2.rus.uni-stuttgart.de) Server user ID to use (default: nobody) Server group ID to use (default: nobody) [slapd-lanldap2]: starting up server ... [slapd-lanldap2]: Attempting to obtain server status . . . [slapd-lanldap2]: Attempting to obtain server status . . . [slapd-lanldap2]: Attempting to obtain server status . . . [slapd-lanldap2]: Attempting to obtain server status . . . -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Universitaet Stuttgart Allmandring 3a, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From richter at ecos.de Thu Dec 22 05:23:16 2005 From: richter at ecos.de (Gerald Richter) Date: Thu, 22 Dec 2005 06:23:16 +0100 Subject: [Fedora-directory-users] reducing memory footprint? Message-ID: <200512220623.16355.richter@ecos.de> Hi, I just made a test installation of FDS and saw that a ns-slapd without any user data takes about 120MB of (virtual) memory on my system. I would like to run it on a system which limited memory resources, so I am looking for a way to use less memory. I don't have high load on that system and never more than one or two quries in parallel, so it would be quite ok to reduce the number of threads and things like this, but beside reducing the cache size of the backend DB I didn't find any hints what can be done in this direction. Any ideas? Thanks Gerald ** Virus checked by BB-5000 Mailfilter ** From jsummers at bachman.cs.ou.edu Thu Dec 22 14:07:34 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Thu, 22 Dec 2005 08:07:34 -0600 Subject: [Fedora-directory-users] Account Expiration Warning In-Reply-To: <43A9C949.5060708@cs.ou.edu> References: <43A96FFC.7070600@cs.ou.edu> <1135182766.7331.20.camel@ra> <43A99E78.3090305@cs.ou.edu> <1135192199.8022.6.camel@ra> <43A9C949.5060708@cs.ou.edu> Message-ID: <43AAB326.4080000@cs.ou.edu> Jim Summers wrote: >> Where -D is the id listed as proxyagent in ldap.conf, and the password >> supplied is for that id. If userPassword is returned then you know what >> is going on. >> >> If this is not what is happening, check and make sure you don't have >> rootbinddn and /etc/ldap.secret set up. If it is actually binding as >> your rootdn then that is what it could be as well. > > > Welp, I am stumped. Running various ldapsearchs I got the results as > they should be. Binding as the proxy, no userPassword, binding as an > admin then I get the userPassword. > > I looked in /etc/ and there is not an ldap.secret file, so I guess I do > not have the rootbinddn setup. > > I was thinking of removing the shadowExpire attributes but I am afraid > if I do that then cron may stop working. > > Not sure at this point. Was doing some more testing this morning. Following along in my messages file, I noticed that when the testuser logs in, messages are being logged with pam_unix as the service, for example: Dec 22 07:56:03 xxxxxxx sshd(pam_unix)[18339]: check pass; user unknown Dec 22 07:56:03 xxxxxxx sshd(pam_unix)[18339]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=karp.cs.ou.edu Dec 22 07:56:03 xxxxxxx sshd(pam_unix)[18342]: session opened for user tulsa by (uid=9018) I did set the following in sshd_config: PAMAuthenticationViaKbdInt yes Ideas / Suggestions? Thanks, jim > > Thanks, > jim > > >> >> >> Jamie >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From rmeggins at redhat.com Thu Dec 22 15:04:10 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Dec 2005 08:04:10 -0700 Subject: [Fedora-directory-users] Re: setup fails, cannot start server (slapd) In-Reply-To: <20051222075243.GB25315@belwue.de> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> <20051221104649.GA6143@belwue.de> <43A96A4B.3040204@redhat.com> <20051221160727.GA8603@belwue.de> <43A997BE.8050304@redhat.com> <20051222075243.GB25315@belwue.de> Message-ID: <43AAC06A.7050406@redhat.com> Ulli Horlacher wrote: >On Wed 2005-12-21 (10:58), Richard Megginson wrote: > > >>Strange. That means setup is failing pretty early in the post install >>process. >> >> > >If I understand you correctly, start-setup and start-slapd are scripts >which will be generated by startup/startup? > > Yes. > > > > >>I assume you are installing from RPM. >> >> > >Yes, I have installed >dsbuild/ds/ldapserver/work/fedora-ds-1.0.1-1.Linux.i586.opt.rpm >which was generated by my dsbuild-run. >BTW: do I need >dsbuild/ds/setuputil/work/12.19/fedora-setuputil-devel-1.0-1.Linux2.6.i586.opt.rpm >too? I have not installed it yet. > > No. You need only fedora-ds-1.0.1-1.Linux.i586.opt.rpm > > > >>Take a look at the setup log file. If you break setup, it should be in >>/tmp/logXXXXX where XXXXX are some random chars. >> >> > >Yes, I saw them already. I am afraid it contains no usefull info: > >(skipping license text) >Do you accept the license terms? (yes/no) y >======================================================================= > Fedora Directory Server 1.0 >======================================================================= > >The Fedora Directory Server is subject to the terms detailed in the >license agreement file called LICENSE.txt. > >Late-breaking news and information on the Fedora Directory Server is >available at the following location: > > http://directory.fedora.redhat.com >Continue? (yes/no) y >Fedora Directory Server system tuning analysis version 04-APRIL-2005. > >NOTICE : System is i686-unknown-linux2.6.5-7.201-smp (2 processors). > >ERROR: We support kernel version 2.4.7 and higher. > >NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds >(120 minutes). This may cause temporary server congestion from lost >client connections. > >ERROR : The above errors MUST be corrected before proceeding. > >Continue? (yes/no) y >Please select 1, 2, or 3 (default: 2) >getFQDN: hostname = lanldap2 >getFQDN: host lanldap2 = lanldap2.rus.uni-stuttgart.de >getFQDN: host lanldap2 has length 9 >getFQDN: new max host lanldap2 has length 9 >getFQDN: host lanldap2.rus.uni-stuttgart.de has length 30 >getFQDN: new max host lanldap2.rus.uni-stuttgart.de has length 30 >getFQDN: host lanldap2.rus.uni-stuttgart.de has length 30 >getFQDN: host lanldap2 has length 9 > >Hostname to use (default: lanldap2.rus.uni-stuttgart.de) >Server user ID to use (default: nobody) >Server group ID to use (default: nobody) > > It should have asked you many more questions here - about other aspects of server configuration. If it didn't, then something is really wrong - it's skipping all of the configuration steps, which would cause many problems. Are you starting from scratch when you attempt to run setup again? That is, do you rpm -e fedora-ds then rm -rf /opt/fedora-ds ? Or are you just doing rpm -U fedora-ds-1.0.1 ..., then running setup again? That would cause setup to think you are trying to reconfigure or upgrade an existing instance rather than trying to setup your initial instance. But that wouldn't explain why it failed the very first time, when /opt/fedora-ds did not exist. >[slapd-lanldap2]: starting up server ... >[slapd-lanldap2]: Attempting to obtain server status . . . >[slapd-lanldap2]: Attempting to obtain server status . . . >[slapd-lanldap2]: Attempting to obtain server status . . . >[slapd-lanldap2]: Attempting to obtain server status . . . > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From warthog at warthogsolutions.com Thu Dec 22 15:08:07 2005 From: warthog at warthogsolutions.com (Jamie McKnight) Date: Thu, 22 Dec 2005 10:08:07 -0500 Subject: [Fedora-directory-users] Account Expiration Warning In-Reply-To: <43AAB326.4080000@cs.ou.edu> References: <43A96FFC.7070600@cs.ou.edu> <1135182766.7331.20.camel@ra> <43A99E78.3090305@cs.ou.edu> <1135192199.8022.6.camel@ra> <43A9C949.5060708@cs.ou.edu> <43AAB326.4080000@cs.ou.edu> Message-ID: <1135264087.2986.11.camel@portahog> On Thu, 2005-12-22 at 08:07 -0600, Jim Summers wrote: > Jim Summers wrote: > >> Where -D is the id listed as proxyagent in ldap.conf, and the password > >> supplied is for that id. If userPassword is returned then you know what > >> is going on. > >> > >> If this is not what is happening, check and make sure you don't have > >> rootbinddn and /etc/ldap.secret set up. If it is actually binding as > >> your rootdn then that is what it could be as well. > > > > > > Welp, I am stumped. Running various ldapsearchs I got the results as > > they should be. Binding as the proxy, no userPassword, binding as an > > admin then I get the userPassword. > > > > I looked in /etc/ and there is not an ldap.secret file, so I guess I do > > not have the rootbinddn setup. > > > > I was thinking of removing the shadowExpire attributes but I am afraid > > if I do that then cron may stop working. > > > > Not sure at this point. > > Was doing some more testing this morning. Following along in my > messages file, I noticed that when the testuser logs in, messages are > being logged with pam_unix as the service, for example: > > Dec 22 07:56:03 xxxxxxx sshd(pam_unix)[18339]: check pass; user unknown > Dec 22 07:56:03 xxxxxxx sshd(pam_unix)[18339]: authentication failure; > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=karp.cs.ou.edu > Dec 22 07:56:03 xxxxxxx sshd(pam_unix)[18342]: session opened for user > tulsa by (uid=9018) > That means it has to be getting the user's encrypted password string some how. This is what I would do: 1. Check the access log and see who the binddn of the connection that looks up the user is (find the SRCH filter that is looking up the user id, then grep conn= to see the full connection. Find the bind associated). This will verify the proxy account, even though we have verified that already. 2. Get a tcpdump of the traffic (tcpdump -i eth0 -s 1500 host ldapsrv and port ldap ) while you are logging in. The 'port ldap' assumes this is going over 389 unencrypted. If you are using TLS, you will need to disable it so you can get a good tcpdump of the LDAP session. Once you have this, load it up in ethereal, and start looking at the LDAP packets. You will be able to expand out the searches, and results. The important thing here is to make sure that when userPassword is requested (will be several times) that a response is never given in the search result. 3. In the console, right-click on the tulsa user, and select "Set Access Permissions". When that box comes up, select the "Show Inherited ACIs" Review all those to make sure that some place along the way read access was not granted to the userPassword attribute. If we get this far without figuring it out I will be at a loss.... I am running out of ideas 8-) Jamie From looneyg at otc.edu Thu Dec 22 15:16:51 2005 From: looneyg at otc.edu (Greg Looney) Date: Thu, 22 Dec 2005 09:16:51 -0600 Subject: [Fedora-directory-users] Admin limit exceeded Message-ID: <43AAC363.8060704@otc.edu> While trying to setup admin users that are allowed to only change certian fields for users we keep getting the "administrator limit exceeded" when doing searches. The only user that is able to do those searches is the "Directoy Manager" Any ideas? Greg Looney Ozarks Technical Community College From warthog at warthogsolutions.com Thu Dec 22 15:48:18 2005 From: warthog at warthogsolutions.com (Jamie McKnight) Date: Thu, 22 Dec 2005 10:48:18 -0500 Subject: [Fedora-directory-users] Admin limit exceeded In-Reply-To: <43AAC363.8060704@otc.edu> References: <43AAC363.8060704@otc.edu> Message-ID: <1135266498.2986.18.camel@portahog> On Thu, 2005-12-22 at 09:16 -0600, Greg Looney wrote: > While trying to setup admin users that are allowed to only change > certian fields for users we keep getting the "administrator limit > exceeded" when doing searches. The only user that is able to do those > searches is the "Directoy Manager" > Any ideas? It looks like that error is reported when the number of entries to sort exceeds the look-through limit for the ldbm plugin settings. Looks like the default is 5k entries. Are your searches returning more than 5k entries? I am looking at the source file fedora-ds-1.0/ldap/servers/slapd/back- ldbm/sort.c if anybody wants to double check what I am seeing (search for LDAP_ADMINLIMIT_EXCEEDED). You can view/set the look-through limit in the console under the configuration tab -> data -> database settings -> LDBM Plug-in Settings tab. Jamie From rspencer at auspicecorp.com Thu Dec 22 15:55:24 2005 From: rspencer at auspicecorp.com (Roger Spencer) Date: Thu, 22 Dec 2005 10:55:24 -0500 Subject: [Fedora-directory-users] FreeRadius LDAP Extensions Message-ID: <43AACC6C.8060506@auspicecorp.com> Has anyone had any luck getting the FreeRadius LDAP extensions into DS? I've modified the RADIUS-LDAPv3.schema file that comes with FreeRadius (as of version 1.0.5) to what seems to match the format DS is expecting and placed it in the slapd config/schema directory as 75radius.ldif (see attached). When I restart slapd, the file loads fine and I see it in the schema. But when I try to add RadiusProfile to the Object class section of a user account (using the advanced settings), I get "Unknown error with naming attribute." Any ideas? -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 75radius.ldif URL: From rmeggins at redhat.com Thu Dec 22 15:59:27 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Dec 2005 08:59:27 -0700 Subject: [Fedora-directory-users] Admin limit exceeded In-Reply-To: <1135266498.2986.18.camel@portahog> References: <43AAC363.8060704@otc.edu> <1135266498.2986.18.camel@portahog> Message-ID: <43AACD5F.2080809@redhat.com> You can also use the console to change per-user administrative limits. 1) Open the directory console 2) Go to the Directory tab 3) Use the browser to find your entry 4) Edit the entry 5) On the left hand side of the User editor window, select "account" You should then see a "Resource Limits" group with several fields for the resource limits. Set these however you need and press OK. See also http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1085603 If you want to create an administrative Role and be able to set limits for all members of this role, then this might be helpful http://www.redhat.com/docs/manuals/dir-server/ag/7.1/roles.html#1118810 you would have the class of service template provide the attributes listed in the table at http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1085622 Jamie McKnight wrote: >On Thu, 2005-12-22 at 09:16 -0600, Greg Looney wrote: > > >>While trying to setup admin users that are allowed to only change >>certian fields for users we keep getting the "administrator limit >>exceeded" when doing searches. The only user that is able to do those >>searches is the "Directoy Manager" >>Any ideas? >> >> > >It looks like that error is reported when the number of entries to sort >exceeds the look-through limit for the ldbm plugin settings. Looks like >the default is 5k entries. Are your searches returning more than 5k >entries? > >I am looking at the source file fedora-ds-1.0/ldap/servers/slapd/back- >ldbm/sort.c if anybody wants to double check what I am seeing (search >for LDAP_ADMINLIMIT_EXCEEDED). > >You can view/set the look-through limit in the console under the >configuration tab -> data -> database settings -> LDBM Plug-in Settings >tab. > > >Jamie > > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From sboggs at TrustedCS.com Thu Dec 22 16:18:05 2005 From: sboggs at TrustedCS.com (Scott Boggs) Date: Thu, 22 Dec 2005 11:18:05 -0500 Subject: [Fedora-directory-users] Strange problem with replication Message-ID: <36282A1733C57546BE392885C0618592F1B7E2@chaos.tcs.tcs-sec.com> I have a strange problem, which I hope someone can help me with. I have my FDS configured to PassSync with AD which was working without issue, and I am now getting this error: NSMMReplicationPlugin - agmt="cn=Thursday1" (txad:636): Replication bind to cn=sync manager on consumer failed: 49 (80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 525, vece) I am successful at getting the user information and password to sync, but it is not reliable, I have to reinitialize a full resync a number of times before it takes. I am also getting the following error: NSMMReplicationPlugin - agmt="cn=Thursday1" (txad:636): Replica has no update vector. It has never been initialized error! I am unsure why this is showing up now, I created a user on the FDS refreshed and even rebooted. Any words of wisdom from the FDS vets out there would be much appreciated. tks -------------- next part -------------- An HTML attachment was scrubbed... URL: From rspencer at auspicecorp.com Thu Dec 22 16:32:53 2005 From: rspencer at auspicecorp.com (Roger Spencer) Date: Thu, 22 Dec 2005 11:32:53 -0500 Subject: [Fedora-directory-users] FreeRadius LDAP Extensions In-Reply-To: <43AACC6C.8060506@auspicecorp.com> References: <43AACC6C.8060506@auspicecorp.com> Message-ID: <43AAD535.90108@auspicecorp.com> Well, I added a description to the RadiusProfile object. Still can't add it to a user, but I can to a group, which is probably what I want anyway. I suspect user error on my part. I'll go back to reading. Roger Spencer wrote: > Has anyone had any luck getting the FreeRadius LDAP extensions into DS? > > I've modified the RADIUS-LDAPv3.schema file that comes with FreeRadius > (as of version 1.0.5) to what seems to match the format DS is > expecting and placed it in the slapd config/schema directory as > 75radius.ldif (see attached). When I restart slapd, the file loads > fine and I see it in the schema. But when I try to add RadiusProfile > to the Object class section of a user account (using the advanced > settings), I get "Unknown error with naming attribute." > > Any ideas? > >------------------------------------------------------------------------ > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From horlacher at belwue.de Thu Dec 22 17:36:15 2005 From: horlacher at belwue.de (Ulli Horlacher) Date: Thu, 22 Dec 2005 18:36:15 +0100 Subject: [Fedora-directory-users] Re: setup fails, cannot start server (slapd) In-Reply-To: <43AAC06A.7050406@redhat.com> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> <20051221104649.GA6143@belwue.de> <43A96A4B.3040204@redhat.com> <20051221160727.GA8603@belwue.de> <43A997BE.8050304@redhat.com> <20051222075243.GB25315@belwue.de> <43AAC06A.7050406@redhat.com> Message-ID: <20051222173615.GA29564@belwue.de> On Thu 2005-12-22 (08:04), Richard Megginson wrote: > >If I understand you correctly, start-setup and start-slapd are scripts > >which will be generated by startup/startup? > > Yes. Nice to know that I have understood at least SOMETHING :-) > >Continue? (yes/no) y > >Please select 1, 2, or 3 (default: 2) > >getFQDN: hostname = lanldap2 > >getFQDN: host lanldap2 = lanldap2.rus.uni-stuttgart.de > >getFQDN: host lanldap2 has length 9 > >getFQDN: new max host lanldap2 has length 9 > >getFQDN: host lanldap2.rus.uni-stuttgart.de has length 30 > >getFQDN: new max host lanldap2.rus.uni-stuttgart.de has length 30 > >getFQDN: host lanldap2.rus.uni-stuttgart.de has length 30 > >getFQDN: host lanldap2 has length 9 > > > >Hostname to use (default: lanldap2.rus.uni-stuttgart.de) > >Server user ID to use (default: nobody) > >Server group ID to use (default: nobody) > > > > > > It should have asked you many more questions here - about other aspects > of server configuration. Yes I was asked many more questions: Fedora configuration directory server? [No]: Do you want to use another directory to store your data? [No]: Directory server network port [389]: Directory server identifier [lanldap2]: administrator ID [admin]: Suffix [dc=rus, dc=uni-stuttgart, dc=de]: Directory Manager DN [cn=Directory Manager]: Administration Domain [rus.uni-stuttgart.de]: Administration port [47328]: Run Administration Server as [root]: Apache Directory [/usr/sbin/]: I confirmed all defaults (besides the password, of course) and then I got: [slapd-lanldap2]: starting up server ... [slapd-lanldap2]: Attempting to obtain server status . . . [slapd-lanldap2]: Attempting to obtain server status . . . [slapd-lanldap2]: Attempting to obtain server status . . . [slapd-lanldap2]: Attempting to obtain server status . . . These other questions from above are not found in the log-file. > problems. Are you starting from scratch when you attempt to run setup > again? That is, do you > rpm -e fedora-ds > then > rm -rf /opt/fedora-ds > ? Yes. I could now have a closer look (sh -x) at the setup-script, but I will use another approach: I have now installed fedora core 4 in vmware. I will later go back debugging FDS on SLES 9. My boss wants a running LDAP server NOW :-} -- -- Ullrich Horlacher, BelWue Coordination ------- mailto:framstag at belwue.de -- Universitaet Stuttgart Allmandring 3a, 70550 Stuttgart, Germany fax: +49 711 678 8363 -- saft://saft.belwue.de/framstag ----------------- http://www.belwue.de/ ---- From rmeggins at redhat.com Thu Dec 22 17:48:17 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Dec 2005 10:48:17 -0700 Subject: [Fedora-directory-users] Re: setup fails, cannot start server (slapd) In-Reply-To: <20051222173615.GA29564@belwue.de> References: <20051220170915.GA19923@belwue.de> <43A83C2F.7000507@redhat.com> <20051221104649.GA6143@belwue.de> <43A96A4B.3040204@redhat.com> <20051221160727.GA8603@belwue.de> <43A997BE.8050304@redhat.com> <20051222075243.GB25315@belwue.de> <43AAC06A.7050406@redhat.com> <20051222173615.GA29564@belwue.de> Message-ID: <43AAE6E1.6070707@redhat.com> Ulli Horlacher wrote: >On Thu 2005-12-22 (08:04), Richard Megginson wrote: > > > >>>If I understand you correctly, start-setup and start-slapd are scripts >>>which will be generated by startup/startup? >>> >>> >>Yes. >> >> > >Nice to know that I have understood at least SOMETHING :-) > > Yes. It's not intuitive if you are familiar setting up OpenLDAP and other FOSS server software. >>>Continue? (yes/no) y >>>Please select 1, 2, or 3 (default: 2) >>>getFQDN: hostname = lanldap2 >>>getFQDN: host lanldap2 = lanldap2.rus.uni-stuttgart.de >>>getFQDN: host lanldap2 has length 9 >>>getFQDN: new max host lanldap2 has length 9 >>>getFQDN: host lanldap2.rus.uni-stuttgart.de has length 30 >>>getFQDN: new max host lanldap2.rus.uni-stuttgart.de has length 30 >>>getFQDN: host lanldap2.rus.uni-stuttgart.de has length 30 >>>getFQDN: host lanldap2 has length 9 >>> >>>Hostname to use (default: lanldap2.rus.uni-stuttgart.de) >>>Server user ID to use (default: nobody) >>>Server group ID to use (default: nobody) >>> >>> >>> >>> >>It should have asked you many more questions here - about other aspects >>of server configuration. >> >> > >Yes I was asked many more questions: > >Fedora configuration directory server? [No]: >Do you want to use another directory to store your data? [No]: >Directory server network port [389]: >Directory server identifier [lanldap2]: >administrator ID [admin]: >Suffix [dc=rus, dc=uni-stuttgart, dc=de]: >Directory Manager DN [cn=Directory Manager]: >Administration Domain [rus.uni-stuttgart.de]: >Administration port [47328]: >Run Administration Server as [root]: >Apache Directory [/usr/sbin/]: > >I confirmed all defaults (besides the password, of course) and then I got: > >[slapd-lanldap2]: starting up server ... >[slapd-lanldap2]: Attempting to obtain server status . . . >[slapd-lanldap2]: Attempting to obtain server status . . . >[slapd-lanldap2]: Attempting to obtain server status . . . >[slapd-lanldap2]: Attempting to obtain server status . . . > > >These other questions from above are not found in the log-file. > > Ok. I just wanted to make sure that was not a problem. > > > >>problems. Are you starting from scratch when you attempt to run setup >>again? That is, do you >>rpm -e fedora-ds >>then >>rm -rf /opt/fedora-ds >>? >> >> > >Yes. > > >I could now have a closer look (sh -x) at the setup-script, but I will use >another approach: I have now installed fedora core 4 in vmware. >I will later go back debugging FDS on SLES 9. >My boss wants a running LDAP server NOW :-} > > Sorry about that. It's just that we've never tried to build or run it on SLES. I'm afraid you are the first person to step up and actually try it. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From gholbert at broadcom.com Thu Dec 22 18:48:46 2005 From: gholbert at broadcom.com (George Holbert) Date: Thu, 22 Dec 2005 10:48:46 -0800 Subject: [Fedora-directory-users] reducing memory footprint? In-Reply-To: <200512220623.16355.richter@ecos.de> References: <200512220623.16355.richter@ecos.de> Message-ID: <43AAF50E.6040103@broadcom.com> Hi Gerald, HP has a tuning guide for their bundled Netscape DS, which may be somewhat useful to you for this: http://docs.hp.com/en/7152/nds621_tuning_sizing_13.pdf Of course, Fedora DS and HP's DS are not the same product, but they have common heritage. Excerpt: > The Netscape Directory Server for HP-UX caches entry and indexing > information in memory. HP-UX requires at > least 256 MB of memory for a small deployment. But for large directory > servers, 512MB to 4GB RAM is needed for > best performance. To estimate how much RAM needed for Directory Server > on a system, please use the following > formula: > Total_NDS_RAM = 1.2 * (base_RAM_need_for_slapd_process + caches) > Where > base_RAM_needed_for_slapd_process = 32MB + nsslapd-threadnumber * 1MB > caches = dbcache + SUM(all entry caches) + import_cache > Explanation: > ? 1.2: 20% additional RAM needed for slapd process to handle incoming > LDAP operations. 20% is an > estimated number, and it should be sufficient. However, testing is > needed to ensure that it is enough before > going into production. > ? 32MB: is the size of the slapd process. > ? nsslapd-threadnumber *1MB: each thread needs about 1MB of memory. > ? dbcache: specified as nsslapd-dbcachesize. > ? All entry caches: specified as nsslapd-cachememsize. Gerald Richter wrote: > Hi, > > I just made a test installation of FDS and saw that a ns-slapd without any > user data takes about 120MB of (virtual) memory on my system. > > I would like to run it on a system which limited memory resources, so I am > looking for a way to use less memory. > > I don't have high load on that system and never more than one or two quries in > parallel, so it would be quite ok to reduce the number of threads and things > like this, but beside reducing the cache size of the backend DB I didn't find > any hints what can be done in this direction. > > Any ideas? > > Thanks > > Gerald > > > > > ** Virus checked by BB-5000 Mailfilter ** > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > From prowley at redhat.com Thu Dec 22 18:50:12 2005 From: prowley at redhat.com (Pete Rowley) Date: Thu, 22 Dec 2005 10:50:12 -0800 Subject: [Fedora-directory-users] reducing memory footprint? In-Reply-To: <200512220623.16355.richter@ecos.de> References: <200512220623.16355.richter@ecos.de> Message-ID: <43AAF564.1040004@redhat.com> Gerald Richter wrote: >Hi, > >I just made a test installation of FDS and saw that a ns-slapd without any >user data takes about 120MB of (virtual) memory on my system. > >I would like to run it on a system which limited memory resources, so I am >looking for a way to use less memory. > > This has very much not been the typical deployment for this server. That is not to say that it cannot be made to run in a small space - just that not much effort has been put into finding out. >I don't have high load on that system and never more than one or two quries in >parallel, so it would be quite ok to reduce the number of threads and things >like this, but beside reducing the cache size of the backend DB I didn't find >any hints what can be done in this direction. > >Any ideas? > > In general turn things off that that you don't need /e.g./ disable plugins that provide features you do not need. Reduce the size of or turn off the entry cache, in the default case it makes a reasonable guess at what useful a cache size would be for good performance. If you are seriously hard up for ram you might consider removing schema files you do not need. Let us know how lean you get it and what you did :) -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From ulf.weltman at hp.com Thu Dec 22 19:18:52 2005 From: ulf.weltman at hp.com (Ulf Weltman) Date: Thu, 22 Dec 2005 11:18:52 -0800 Subject: [Fedora-directory-users] reducing memory footprint? In-Reply-To: <43AAF50E.6040103@broadcom.com> References: <200512220623.16355.richter@ecos.de> <43AAF50E.6040103@broadcom.com> Message-ID: <43AAFC1C.60002@hp.com> Hello George and Gerald. I'm afraid the tuning guide wont help much with reducing memory footprint, it focuses on increasing performance which involves using more memory among other things! :) There is a document for the NSDS 7.0 which is not far from the FDS 1.0 codebase if you're still interested, but the measurements and tuning suggestions are meant for DS running on HP-UX. It does answer one of Gerald's questions: worker threads can be reduced with nsslapd-threadnumber, the default is 30. I don't know that this will save you significant memory on Linux. Ulf George Holbert wrote: > Hi Gerald, > > HP has a tuning guide for their bundled Netscape DS, which may be > somewhat useful to you for this: > > http://docs.hp.com/en/7152/nds621_tuning_sizing_13.pdf > > Of course, Fedora DS and HP's DS are not the same product, but they > have common heritage. > > Excerpt: > >> The Netscape Directory Server for HP-UX caches entry and indexing >> information in memory. HP-UX requires at >> least 256 MB of memory for a small deployment. But for large >> directory servers, 512MB to 4GB RAM is needed for >> best performance. To estimate how much RAM needed for Directory >> Server on a system, please use the following >> formula: >> Total_NDS_RAM = 1.2 * (base_RAM_need_for_slapd_process + caches) >> Where >> base_RAM_needed_for_slapd_process = 32MB + nsslapd-threadnumber * 1MB >> caches = dbcache + SUM(all entry caches) + import_cache >> Explanation: >> ? 1.2: 20% additional RAM needed for slapd process to handle incoming >> LDAP operations. 20% is an >> estimated number, and it should be sufficient. However, testing is >> needed to ensure that it is enough before >> going into production. >> ? 32MB: is the size of the slapd process. >> ? nsslapd-threadnumber *1MB: each thread needs about 1MB of memory. >> ? dbcache: specified as nsslapd-dbcachesize. >> ? All entry caches: specified as nsslapd-cachememsize. > > > > Gerald Richter wrote: > >> Hi, >> >> I just made a test installation of FDS and saw that a ns-slapd >> without any user data takes about 120MB of (virtual) memory on my >> system. >> >> I would like to run it on a system which limited memory resources, so >> I am looking for a way to use less memory. >> >> I don't have high load on that system and never more than one or two >> quries in parallel, so it would be quite ok to reduce the number of >> threads and things like this, but beside reducing the cache size of >> the backend DB I didn't find any hints what can be done in this >> direction. >> >> Any ideas? >> >> Thanks >> >> Gerald >> >> >> >> >> ** Virus checked by BB-5000 Mailfilter ** >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From gholbert at broadcom.com Thu Dec 22 19:30:07 2005 From: gholbert at broadcom.com (George Holbert) Date: Thu, 22 Dec 2005 11:30:07 -0800 Subject: [Fedora-directory-users] reducing memory footprint? In-Reply-To: <43AAFC1C.60002@hp.com> References: <200512220623.16355.richter@ecos.de> <43AAF50E.6040103@broadcom.com> <43AAFC1C.60002@hp.com> Message-ID: <43AAFEBF.7060606@broadcom.com> Ulf, thanks for the clarification. Gerald, I should have mentioned, the HP tuning guide is not explicitly a guide for reducing memory usage. But, some of the text (such as the excerpt I pasted) may be of use to you. Good luck, -- George Ulf Weltman wrote: > Hello George and Gerald. I'm afraid the tuning guide wont help much > with reducing memory footprint, it focuses on increasing performance > which involves using more memory among other things! :) There is a > document for the NSDS 7.0 which is not far from the FDS 1.0 codebase > if you're still interested, but the measurements and tuning > suggestions are meant for DS running on HP-UX. > > It does answer one of Gerald's questions: worker threads can be > reduced with nsslapd-threadnumber, the default is 30. I don't know > that this will save you significant memory on Linux. > > Ulf > > George Holbert wrote: > >> Hi Gerald, >> >> HP has a tuning guide for their bundled Netscape DS, which may be >> somewhat useful to you for this: >> >> http://docs.hp.com/en/7152/nds621_tuning_sizing_13.pdf >> >> Of course, Fedora DS and HP's DS are not the same product, but they >> have common heritage. >> >> Excerpt: >> >>> The Netscape Directory Server for HP-UX caches entry and indexing >>> information in memory. HP-UX requires at >>> least 256 MB of memory for a small deployment. But for large >>> directory servers, 512MB to 4GB RAM is needed for >>> best performance. To estimate how much RAM needed for Directory >>> Server on a system, please use the following >>> formula: >>> Total_NDS_RAM = 1.2 * (base_RAM_need_for_slapd_process + caches) >>> Where >>> base_RAM_needed_for_slapd_process = 32MB + nsslapd-threadnumber * 1MB >>> caches = dbcache + SUM(all entry caches) + import_cache >>> Explanation: >>> ? 1.2: 20% additional RAM needed for slapd process to handle >>> incoming LDAP operations. 20% is an >>> estimated number, and it should be sufficient. However, testing is >>> needed to ensure that it is enough before >>> going into production. >>> ? 32MB: is the size of the slapd process. >>> ? nsslapd-threadnumber *1MB: each thread needs about 1MB of memory. >>> ? dbcache: specified as nsslapd-dbcachesize. >>> ? All entry caches: specified as nsslapd-cachememsize. >> >> >> >> Gerald Richter wrote: >> >>> Hi, >>> >>> I just made a test installation of FDS and saw that a ns-slapd >>> without any user data takes about 120MB of (virtual) memory on my >>> system. >>> >>> I would like to run it on a system which limited memory resources, >>> so I am looking for a way to use less memory. >>> >>> I don't have high load on that system and never more than one or two >>> quries in parallel, so it would be quite ok to reduce the number of >>> threads and things like this, but beside reducing the cache size of >>> the backend DB I didn't find any hints what can be done in this >>> direction. >>> >>> Any ideas? >>> >>> Thanks >>> >>> Gerald >>> >>> >>> >>> >>> ** Virus checked by BB-5000 Mailfilter ** >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> >> >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From aaron at theblissfamily.org Thu Dec 22 19:45:06 2005 From: aaron at theblissfamily.org (Aaron Bliss) Date: Thu, 22 Dec 2005 14:45:06 -0500 (EST) Subject: [Fedora-directory-users] script to change uid's, gid's, and files they use to own In-Reply-To: <37120.70.98.203.225.1135198776.squirrel@www.theblissfamily.org> References: <43A8AE2C.70506@theblissfamily.org> <43A8B578.8010001@redhat.com> <43A8C2F0.3080603@theblissfamily.org> <20051221151534.GD28991@tsunami.msi.umn.edu> <37120.70.98.203.225.1135198776.squirrel@www.theblissfamily.org> Message-ID: <49614.70.98.203.225.1135280706.squirrel@www.theblissfamily.org> Others may find this useful; in getting prepared to migrate to fds, I had to first address the issue that the same users have different uid's and gid's on our servers (for example, Johnny may be uid 500 on server A, but may have uid of 501 on server b); as such, I put togeather this script that will change a user's uid, gid, as well as change ownership of files and folders to their new uid and gid; #!/bin/bash #this script expects user to pass an argument for user to process pass1=$1 new_uid=$2 new_gid=$3 #check to see if user entered anything if [ ! $# == 3 ] ; then echo "Usage is pass me 3 parameters, user to change, new uid to use, and new gid to use exiting" exit fi #parse /etc/passwd and /etc/group for groups to change myname=`cat /etc/passwd | grep -w $pass1 |awk -F: '{ print $1 }'` myuid=`cat /etc/passwd | grep -w $pass1 |awk -F: '{ print $3 }'` mygid1=`cat /etc/passwd | grep -w $pass1 |awk -F: '{ print $4 }'` mygid=`cat /etc/group | grep -w $pass1 |awk -F: '{ print $3 }'` #check and make sure the user's primary group is also their private group if [ ! $mygid1 == $mygid ] ; then echo "There is a mismatch between the user's primary group and their private group" echo "I'm exiting as their primary group is likely a shared group and should be fixed" exit fi echo "User to change is $myname with uid of $myuid and gid of $mygid and assign user new uid of $new_uid and new gid of $new_gid" echo "Do you want me to continue? [y/n]" read lastchance case "$lastchance" in y) echo "I'm going to continue with user, group and file system changes" #change private group id /usr/sbin/groupmod -g $new_gid $myname /usr/sbin/usermod $myname -g $myname #change uid /usr/sbin/usermod -u $new_uid $myname #find files they use to own and give them ownership again my_ufind=`find / -uid $myuid` my_gfind=`find / -gid $mygid` for i in $my_ufind do chown $myname $i done for m in $my_gfind do chgrp $myname $m done ;; n) echo "I'm aborting all changes" exit ;; *) echo "You entered something I don't understand...aborting" exit ;; esac From prowley at redhat.com Fri Dec 23 02:01:53 2005 From: prowley at redhat.com (Pete Rowley) Date: Thu, 22 Dec 2005 18:01:53 -0800 Subject: [Fedora-directory-users] script to change uid's, gid's, and files they use to own In-Reply-To: <49614.70.98.203.225.1135280706.squirrel@www.theblissfamily.org> References: <43A8AE2C.70506@theblissfamily.org> <43A8B578.8010001@redhat.com> <43A8C2F0.3080603@theblissfamily.org> <20051221151534.GD28991@tsunami.msi.umn.edu> <37120.70.98.203.225.1135198776.squirrel@www.theblissfamily.org> <49614.70.98.203.225.1135280706.squirrel@www.theblissfamily.org> Message-ID: <43AB5A91.8050504@redhat.com> Aaron Bliss wrote: >Others may find this useful... > Thanks! I have added this to the wiki: http://directory.fedora.redhat.com/wiki/UidFixup -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Fri Dec 23 15:12:04 2005 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Fri, 23 Dec 2005 10:12:04 -0500 Subject: [Fedora-directory-users] Problem with password warning from fds Message-ID: I know this has been talked about, but I'm still having problem with this; I'm not receiving a password warning from the directory server; in testing, I have accounts set to expire after 9 days with a password warning set to 8 days; below are my client config files; I'm running fds 1.0.1. any thoughts? Thanks very much. /etc/pam.d/system-auth # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_mkhomedir.so skel=/etc/skel/ umask=0007 session required pam_stack.so service=system-auth session required pam_loginuid.so /etc/pam.d/sshd #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_mkhomedir.so skel=/etc/skel/ umask=0007 session required pam_stack.so service=system-auth session required pam_loginuid.so /etc/ldap.conf file has this entry pam_lookup_policy yes www.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jsummers at bachman.cs.ou.edu Fri Dec 23 15:21:51 2005 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Fri, 23 Dec 2005 09:21:51 -0600 Subject: [Fedora-directory-users] Problem with password warning from fds In-Reply-To: References: Message-ID: <43AC160F.8090202@cs.ou.edu> Bliss, Aaron wrote: > I know this has been talked about, but I'm still having problem with this; > I'm not receiving a password warning from the directory server; in testing, > I have accounts set to expire after 9 days with a password warning set to 8 > days; below are my client config files; I'm running fds 1.0.1. any > thoughts? Working on the same issue here. For the sake of comparison, what log entries appear in /var/log/messages (assuming a RH/FC os) when you log in with the account you are testing with? Mine shows to be logging in with pam_unix, which is not correct, and I have not found out why it is not logging in with pam_ldap. You might want to peruse the archives for this month to see the thread I have going with Jamie. You might check things such as proxy access, rootbind, etc... Sorry I can't be more help, but I am in the same boat as you for the moment. --jim Thanks very much. > > /etc/pam.d/system-auth > # User changes will be destroyed the next time authconfig is run. > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > auth required /lib/security/$ISA/pam_deny.so > > account required /lib/security/$ISA/pam_unix.so broken_shadow > account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 > quiet > account [default=bad success=ok user_unknown=ignore] > /lib/security/$ISA/pam_ldap.so > account required /lib/security/$ISA/pam_permit.so > > password requisite /lib/security/$ISA/pam_cracklib.so retry=3 > password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok > md5 shadow > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok > password required /lib/security/$ISA/pam_deny.so > > session required /lib/security/$ISA/pam_limits.so > session required /lib/security/$ISA/pam_unix.so > session optional /lib/security/$ISA/pam_ldap.so > > #%PAM-1.0 > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > account required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > session required pam_mkhomedir.so skel=/etc/skel/ umask=0007 > session required pam_stack.so service=system-auth > session required pam_loginuid.so > > /etc/pam.d/sshd > #%PAM-1.0 > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > account required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > session required pam_mkhomedir.so skel=/etc/skel/ umask=0007 > session required pam_stack.so service=system-auth > session required pam_loginuid.so > > /etc/ldap.conf file has this entry > pam_lookup_policy yes > > > www.preferredcare.org > "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates > > Confidentiality Notice: > The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From taymour.elerian at tedata.net Sun Dec 25 15:07:51 2005 From: taymour.elerian at tedata.net (Taymour A. El Erian) Date: Sun, 25 Dec 2005 17:07:51 +0200 Subject: [Fedora-directory-users] FreeRadius LDAP Extensions In-Reply-To: <43AAD535.90108@auspicecorp.com> References: <43AACC6C.8060506@auspicecorp.com> <43AAD535.90108@auspicecorp.com> Message-ID: <43AEB5C7.6030307@tedata.net> Roger Spencer wrote: > Well, I added a description to the RadiusProfile object. Still can't > add it to a user, but I can to a group, which is probably what I want > anyway. > > I suspect user error on my part. I'll go back to reading. > > Roger Spencer wrote: > >> Has anyone had any luck getting the FreeRadius LDAP extensions into DS? >> >> I've modified the RADIUS-LDAPv3.schema file that comes with >> FreeRadius (as of version 1.0.5) to what seems to match the format DS >> is expecting and placed it in the slapd config/schema directory as >> 75radius.ldif (see attached). When I restart slapd, the file loads >> fine and I see it in the schema. But when I try to add RadiusProfile >> to the Object class section of a user account (using the advanced >> settings), I get "Unknown error with naming attribute." >> >> Any ideas? >> >>------------------------------------------------------------------------ >> >> >> I am not an expert on FDS but I managed to convert the schema from FreeRADIUS. I had to move the objectClass block from the end of the file to the top and used the perl script to convert it. The result is attached (am not sure if the name is correct or not) -- Taymour A El Erian System Division Manager RHCE, LPIC, CCNA, MCSE, CNA TE Data E-mail: taymour.elerian at tedata.net Web: www.tedata.net Tel: +(202)-4166600 Fax: +(202)-4166700 Ext: 1101 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 55ns-RADIUS.ldif URL: From danney.jarman at gmail.com Mon Dec 26 22:54:27 2005 From: danney.jarman at gmail.com (ILoveJython) Date: Mon, 26 Dec 2005 16:54:27 -0600 Subject: [Fedora-directory-users] Chain On Update problem Message-ID: <43B074A3.6010704@gmail.com> I have read the document: Howto:ChainOnUpdate - Fedora Directory Server and have been unable to get it to work. When I attempt a write to the consumer it makes the change on the consumer and does not update the master. With the next change on the master of any kind, the mapping tree entry for this suffix changes from "nsslapd-state: backend" to "nsslapd-state: referral on update". Once this state changes, my client complains that it cannot update, since it cannot follow referrals. In addition, there are no log entries on the master to indicate any activity back from the consumer to the master, i.e. a proxy login. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kmurphy at herzumsoftware.com Tue Dec 27 17:28:32 2005 From: kmurphy at herzumsoftware.com (Kieran Murphy) Date: Tue, 27 Dec 2005 11:28:32 -0600 Subject: [Fedora-directory-users] error installing FDS 1.0.1 from rpm In-Reply-To: <43B074A3.6010704@gmail.com> References: <43B074A3.6010704@gmail.com> Message-ID: <43B179C0.2040107@herzumsoftware.com> Trying to install FDS 1.0.1 from rpm on Fedora Core 4, I get the following error: > [root at localhost kieran]# rpm -ivh fedora-ds-1.0.1-1.FC4.i386.opt.rpm > Preparing... > ########################################### [100%] > /var/tmp/rpm-tmp.3816: line 19: /opt/fedora-ds/stop-admin: No such > file or directory > error: %pre(fedora-ds-1.0.1-1.Linux.i386) scriptlet failed, exit > status 127 > error: install: %pre scriptlet failed (2), skipping > fedora-ds-1.0.1-1.Linux I get the same response trying to install v. 1.0. I can install 7.1 without issue. Any thoughts? Thanks in advance - Kieran From richter at ecos.de Wed Dec 28 05:14:38 2005 From: richter at ecos.de (Gerald Richter) Date: Wed, 28 Dec 2005 06:14:38 +0100 Subject: [Fedora-directory-users] RE: reducing memory footprint? In-Reply-To: <200512220623.16355.richter@ecos.de> Message-ID: <20051228051505.9AB3F1F86D@lnx1.i.ecos.de> Hi all, Thanks for your suggestions. I tried it out and here is the result (everything is after startup and without any load or work. The numbers are the virtual memory that ps shows): - default configuration ~ 122MB - reduce db cache from 10MB to 1 MB ~ 113MB - reduce number of threads from 30 to 3 ~ 57MB - disable unneeded plugins ~ 55MB BTW This is still a factor of 5 higher than OpenLdap, which takes about 10MB >From what you wrote and from what I read and what my tests shows: It really seems that FDS is good for huge databases with high load, but not for the small ones with limited computer resources. Gerald > -----Original Message----- > From: Gerald Richter [mailto:richter at ecos.de] > Sent: Thursday, December 22, 2005 6:23 AM > To: fedora-directory-users at redhat.com > Subject: reducing memory footprint? > > Hi, > > I just made a test installation of FDS and saw that a > ns-slapd without any user data takes about 120MB of (virtual) > memory on my system. > > I would like to run it on a system which limited memory > resources, so I am looking for a way to use less memory. > > I don't have high load on that system and never more than one > or two quries in parallel, so it would be quite ok to reduce > the number of threads and things like this, but beside > reducing the cache size of the backend DB I didn't find any > hints what can be done in this direction. > > Any ideas? > > Thanks > > Gerald > > > ** Virus checked by BB-5000 Mailfilter ** From mmontgomery at theplanet.com Wed Dec 28 17:07:27 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Wed, 28 Dec 2005 11:07:27 -0600 Subject: [Fedora-directory-users] Server-Side ACLs for pam_ldap logins. In-Reply-To: <43B074A3.6010704@gmail.com> References: <43B074A3.6010704@gmail.com> Message-ID: <1135789647.3537.11.camel@localhost> I've been searching through both the openldap, and this mailing list for any reference to defining server-side ACLs to allow/restrict access to certain computers, or groups of computers based on the group that the user is associated with. One reference I found was this: http://www.openldap.org/lists/openldap-software/200408/msg00280.html But there are no responses to this query. Neither the OReilly, or the "Understanding and Deploying Ldap Directory Services" books I have make any solid mention of this either, and online searching has uncovered little, at best. Does anyone have any ideas if this is even possible, and if it is, are there any references I can use as a template to begin implementation and testing of this? Thanks for any help you can offer. From mj at sci.fi Wed Dec 28 19:12:55 2005 From: mj at sci.fi (Mike Jackson) Date: Wed, 28 Dec 2005 21:12:55 +0200 Subject: [Fedora-directory-users] RE: reducing memory footprint? In-Reply-To: <20051228051505.9AB3F1F86D@lnx1.i.ecos.de> References: <20051228051505.9AB3F1F86D@lnx1.i.ecos.de> Message-ID: <43B2E3B7.4000401@sci.fi> Gerald Richter wrote: > I tried it out and here is the result (everything is after startup and > without any load or work. The numbers are the virtual memory that ps shows): > > - default configuration ~ 122MB > > - reduce db cache from 10MB to 1 MB ~ 113MB > > - reduce number of threads from 30 to 3 ~ 57MB > > - disable unneeded plugins ~ 55MB > > BTW This is still a factor of 5 higher than OpenLdap, which takes about 10MB And OpenLDAP is still ~100 times bigger than: http://www.fefe.de/tinyldap/ - 11k > From what you wrote and from what I read and what my tests shows: It really > seems that FDS is good for huge databases with high load, but not for the > small ones with limited computer resources. That is not IMO a logical assumption or something which can be proven, as you have not defined "huge", "small ones", or "limited computer resources". BR, -- mike From david_list at boreham.org Thu Dec 29 05:26:18 2005 From: david_list at boreham.org (David Boreham) Date: Wed, 28 Dec 2005 22:26:18 -0700 Subject: [Fedora-directory-users] RE: reducing memory footprint? In-Reply-To: <20051228051505.9AB3F1F86D@lnx1.i.ecos.de> References: <20051228051505.9AB3F1F86D@lnx1.i.ecos.de> Message-ID: <43B3737A.1040509@boreham.org> Gerald Richter wrote: >Hi all, > >Thanks for your suggestions. > >I tried it out and here is the result (everything is after startup and >without any load or work. The numbers are the virtual memory that ps shows): > >- default configuration ~ 122MB > >- reduce db cache from 10MB to 1 MB ~ 113MB > >- reduce number of threads from 30 to 3 ~ 57MB > >- disable unneeded plugins ~ 55MB > >BTW This is still a factor of 5 higher than OpenLdap, which takes about 10MB > > Can you explain a little more about your goal here ? Trying to reduce the VM footprint for an application seems (to me) to be a fruitless exercise. It'd be the working set size that one would typically want to reduce. VM size is an (almost) meaningless number. For example when you reduced the number of threads, the VM size went down because you removed N * (thread stack size) from the process address space. However, in reality you didn't change the application's use of system resources significantly at all because almost none of the pages would have been comitted. OpenLDAP probably uses a smaller stack size. I would be interested in hearing if the WSS is too large. I don't have a running slapd to check to hand, but I don't remember it being terribly large last time I checked (20 meg from memory). From avaalak at yahoo.com Thu Dec 29 08:43:32 2005 From: avaalak at yahoo.com (Douglas Hussey) Date: Thu, 29 Dec 2005 11:43:32 +0300 Subject: [Fedora-directory-users] Error start-admin Message-ID: I have made a fresh install of the latest DS version. I get the following error when I attempt to start the admin server, what is strange is the previous version runs fine on this machine 7.1-2. We are running Redhat V4 AMD_64. JDK 1.5.0_05 ERROR: ld.so: object '/opt/fedora-ds/bin/admin/lib/libssl3.so' from LD_PRELOAD cannot be preloaded: ignored. ERROR: ld.so: object '/opt/fedora-ds/bin/admin/lib/libldap50.so' from LD_PRELOAD cannot be preloaded: ignored. Syntax error on line 150 of /opt/fedora-ds/admin-serv/config/httpd.conf: Cannot load /opt/fedora-ds/bin/admin/lib/libmodrestartd.so into server: /opt/fedora-ds/bin/admin/lib/libmodrestartd.so: cannot open shared object file: No such file or directory Thanks Doug From marciok at celepar.pr.gov.br Thu Dec 29 13:01:31 2005 From: marciok at celepar.pr.gov.br (Marcio Kabke Pinheiro) Date: Thu, 29 Dec 2005 11:01:31 -0200 Subject: [Fedora-directory-users] Problem starting Management Console Message-ID: <6f3e2199ea786d19869046fa0ae9cbc3@expresso.pr.gov.br> An HTML attachment was scrubbed... URL: From ABliss at preferredcare.org Thu Dec 29 15:29:50 2005 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Thu, 29 Dec 2005 10:29:50 -0500 Subject: [Fedora-directory-users] Problem starting Management Console Message-ID: I had the exact same problem; this wiki helped me out http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt _____ From: Marcio Kabke Pinheiro [mailto:marciok at celepar.pr.gov.br] Sent: Thursday, December 29, 2005 8:02 AM To: fedora-directory-users at redhat.com Subject: [Fedora-directory-users] Problem starting Management Console I?ve made a fresh install of FDS 1.0.1 in the machine that I was previsouly testing FDS 7.1. The setup was ok, the slapd and admin server started. But when I try to use the Management Console in my Windows machine (which was working ok), appears an error window: "Cannot logon because an incorrect UserID, incorrect password or Directory problem HttpException: Response: HTTP/1.1 401 Autorization required Status: 401 URL: http://10.15.20.128:4616 /admin-serv/autenthicate" The admin port (4616), login and password are the ones chosen in setup. I?ve gone through the /opt/fedora-ds/admin-serv/log directory and found that in the "error" file: [Thu Dec 29 10:52:52 2005] [notice] [client 10.15.20.9] admserv_host_ip_check: ap_get_remote_host could not resolve 10.15.20.9 [Thu Dec 29 10:52:52 2005] [notice] [client 10.15.20.9] admserv_host_ip_check: host [ediser12.celepar.parana.gov.br] did not match pattern [*.pr.gov.br] -will scan aliases [Thu Dec 29 10:52:52 2005] [notice] [client 10.15.20.9] admserv_host_ip_check: Unauthorized host ip=10.15.20.9, connection rejected Looks like that the admin server is trying to make a reverse DNS check to allow the access. I?ve digged through the .conf files in the /opt/fedora-ds/admin-serv/config to find where to disable it, but no success. Is this the problem, or there is something else? And how do I solve it? Regards www.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. -------------- next part -------------- An HTML attachment was scrubbed... URL: From marciok at celepar.pr.gov.br Thu Dec 29 15:48:48 2005 From: marciok at celepar.pr.gov.br (Marcio Kabke Pinheiro) Date: Thu, 29 Dec 2005 13:48:48 -0200 Subject: [Fedora-directory-users] Problem starting Management Console Message-ID: <4cf3ac31348c4b451f735d42ec28684c@expresso.pr.gov.br> An HTML attachment was scrubbed... URL: From marciok at celepar.pr.gov.br Thu Dec 29 16:24:35 2005 From: marciok at celepar.pr.gov.br (Marcio Kabke Pinheiro) Date: Thu, 29 Dec 2005 14:24:35 -0200 Subject: [Fedora-directory-users] Another console issue Message-ID: <7815b00c17092668bbe53d805a35140c@expresso.pr.gov.br> An HTML attachment was scrubbed... URL: From ABliss at preferredcare.org Thu Dec 29 21:17:12 2005 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Thu, 29 Dec 2005 16:17:12 -0500 Subject: [Fedora-directory-users] Problem starting Management Console Message-ID: I agree that it might be helpful to mention this doc; as I wasted a couple of hours troubleshooting until I found this article, after which problem was resolved in a couple of minutes. Aaron _____ From: Marcio Kabke Pinheiro [mailto:marciok at celepar.pr.gov.br] Sent: Thursday, December 29, 2005 10:49 AM To: fedora-directory-users at redhat.com Subject: Re: RE: [Fedora-directory-users] Problem starting Management Console Thanks a lot, Aaron, right on the spot. Suggestion for the doc team: talk about this in the Install guide. :-) "Bliss, Aaron" escreveu: I had the exact same problem; this wiki helped me out http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt _____ From: Marcio Kabke Pinheiro [mailto:marciok at celepar.pr.gov.br] Sent: Thursday, December 29, 2005 8:02 AM To: fedora-directory-users at redhat.com Subject: [Fedora-directory-users] Problem starting Management Console I?ve made a fresh install of FDS 1.0.1 in the machine that I was previsouly testing FDS 7.1. The setup was ok, the slapd and admin server started. But when I try to use the Management Console in my Windows machine (which was working ok), appears an error window: "Cannot logon because an incorrect UserID, incorrect password or Directory problem HttpException: Response: HTTP/1.1 401 Autorization required Status: 401 URL: http://10.15.20.128:4616 /admin-serv/autenthicate" The admin port (4616), login and password are the ones chosen in setup. I?ve gone through the /opt/fedora-ds/admin-serv/log directory and found that in the "error" file: [Thu Dec 29 10:52:52 2005] [notice] [client 10.15.20.9] admserv_host_ip_check: ap_get_remote_host could not resolve 10.15.20.9 [Thu Dec 29 10:52:52 2005] [notice] [client 10.15.20.9] admserv_host_ip_check: host [ediser12.celepar.parana.gov.br] did not match pattern [*.pr.gov.br] -will scan aliases [Thu Dec 29 10:52:52 2005] [notice] [client 10.15.20.9] admserv_host_ip_check: Unauthorized host ip=10.15.20.9, connection rejected Looks like that the admin server is trying to make a reverse DNS check to allow the access. I?ve digged through the .conf files in the /opt/fedora-ds/admin-serv/config to find where to disable it, but no success. Is this the problem, or there is something else? And how do I solve it? Regards www.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. -------------- next part -------------- An HTML attachment was scrubbed... URL: