From simonf at cshl.edu Tue Nov 1 20:14:59 2005 From: simonf at cshl.edu (Vsevolod (Simon) Ilyushchenko) Date: Tue, 01 Nov 2005 15:14:59 -0500 Subject: [Fedora-directory-users] Expiration flags from NIS+? Message-ID: <4367CCC3.7060107@cshl.edu> Hi, Does anyone have scripts that translate into FDS's terms the data on expiration/password change as found in the shadow columns of the NIS+ passwd map? Thanks, Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson From Gary_Tay at platts.com Wed Nov 2 04:15:03 2005 From: Gary_Tay at platts.com (Tay, Gary) Date: Wed, 2 Nov 2005 12:15:03 +0800 Subject: [Fedora-directory-users] Fedora Management Console 7.0 Message-ID: Google LAM, LDAP Account Manager Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Anthony Gabila Sent: Monday, October 31, 2005 10:56 AM To: fedora-directory-users at redhat.com Subject: [Fedora-directory-users] Fedora Management Console 7.0 Hi, Not quite sure how to solve this problem, I'm trying to add a user via Fedora Management Console, but I am not able to log in to my Win2k Pro machine using that username. I manage to get around this problem by entering the command "smbpasswd -a testuser" I was wondering if I could skip this extra step by doing all these in the Management Console app? agabila -------------- next part -------------- An HTML attachment was scrubbed... URL: From derek at umiacs.umd.edu Wed Nov 2 19:50:16 2005 From: derek at umiacs.umd.edu (Derek T. Yarnell) Date: Wed, 02 Nov 2005 14:50:16 -0500 Subject: [Fedora-directory-users] pass thru authentication Message-ID: <43691878.2060907@umiacs.umd.edu> Does the Fedora DS or RHDS support pass thru authentication via SASL? For example, openldap can use --enable-spasswd at compile time to allow simple binds be accepted at the LDAP level and then authenticated with SASL (saslauthd in this example) to kerberos underneath and accept the bind. I need to have kerberos around for AFS but would like to be able to just use the LDAP directory as a way to authenticate clients that are not kerberized. -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies derek at umiacs.umd.edu From rmeggins at redhat.com Thu Nov 3 14:17:32 2005 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 03 Nov 2005 07:17:32 -0700 Subject: [Fedora-directory-users] pass thru authentication In-Reply-To: <43691878.2060907@umiacs.umd.edu> References: <43691878.2060907@umiacs.umd.edu> Message-ID: <436A1BFC.7080507@redhat.com> We have a PAM pass thru plugin that allows you to pass through the authentication request from FDS to PAM, and then to kerberos or whatever you want. We use this internally to allow LDAP clients that can only do simple BIND to use their Kerberos password. It's not compiled or enabled by default, but it's pretty simple to do so. http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/?root=dirsec Derek T. Yarnell wrote: > Does the Fedora DS or RHDS support pass thru authentication via SASL? > For example, openldap can use --enable-spasswd at compile time to > allow simple binds be accepted at the LDAP level and then > authenticated with SASL (saslauthd in this example) to kerberos > underneath and accept the bind. > > I need to have kerberos around for AFS but would like to be able to > just use the LDAP directory as a way to authenticate clients that are > not kerberized. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From darjo.gregoric at hit.si Thu Nov 3 15:02:46 2005 From: darjo.gregoric at hit.si (Darjo Gregoric) Date: Thu, 3 Nov 2005 16:02:46 +0100 Subject: [Fedora-directory-users] AD sync In-Reply-To: <43564F96.7080009@redhat.com> Message-ID: Hi, The SSL connection now works, but I can replicate users from Directory server to AD only. (Passwords and all other, and users are valid). Replication from AD to DS works, but without replicating passwords. I use windows 2003. In event log I see this message when I start passync.exe: The description for Event ID (105) in Source (Password Synchronization Service) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. .... Is this normal? I tried capturing traffic with ethereal but when I change password there is no traffic from AD to DS. It seems that DLL hook is not working. The password complexity is enabled. Regards Darjo -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich Megginson Sent: Wednesday, October 19, 2005 3:52 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] AD sync Short answer: You are using an invalid SSL certificate. Longer Answer: SSL server certificates must be capable of key exchange. The cert you are using may be a signing only certificate. This would make it a perfectly good cert for client authentication. It would also make it an acceptable certificate for DHE_ type diffie Hellman server operations. It does not work for RSA SSL server operations. You need to either 1) don't the key usage extension, or 2) specify Key Encipherment (or Key Exchange). The problem is that the MSADCA by default issues these types of certificates, presumably because all of the MS clients are configured to "just work" with them. Darjo Gregoric wrote: >Hi, > > > >I have a problem with AD sync. I have established synchronization >without SSL and works fine, but when I use SSL, connection is not >established and I receive error: > > > >Simple bind failed, LDAP sdk error 81 (Can't contact LDAP server), >Netscape Portable Runtime error -8179 (Peer's Certificate issuer is not >recognized.) > > > >AD machine name is suzy. > > > >I have exported CA and imported it on Directory server. > > > >Certutil -L -d . gives: > > > >CA certificate CTu,u,u > >suzy CT,, > >Server-Cert u,u,u > > > > > >Did i miss something? > > > >Is there any HOW TO for this type of configuration? > > > >Regards >Darjo > > > > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From dshackel at arbor.edu Thu Nov 3 15:29:46 2005 From: dshackel at arbor.edu (Daniel Shackelford) Date: Thu, 03 Nov 2005 10:29:46 -0500 Subject: [Fedora-directory-users] Extending AD replication Message-ID: <436A2CEA.4050304@arbor.edu> Hello All. I have successfully setup Directory Server on FC4 and am replicating/syncing with our Active Directory Domain. No problems there. What I would like to know is if there is a way to replicate more attributes of the users. We use the employeeID attribute in AD, and I would like to replicate that to DS. Anybody know if there is a way to configure what attributes are replicated? Obviously in a DS =>DS replication environment, all attributes will be replicated, but what about AD? -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 From speedy_zinc at yahoo.com Fri Nov 4 06:46:45 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Thu, 3 Nov 2005 22:46:45 -0800 (PST) Subject: [Fedora-directory-users] role of uxwdog? Message-ID: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> What is the role of this watch dog? It would seem more useful if the watch dog can watch over the slapd process (and restart it if it dies), but it does not. So what is it doing? Seems like it's watching over the ns-httpd instead. rgds sz __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From speedy_zinc at yahoo.com Fri Nov 4 07:46:02 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Thu, 3 Nov 2005 23:46:02 -0800 (PST) Subject: [Fedora-directory-users] what's wrong with this ACI? Message-ID: <20051104074602.92814.qmail@web36302.mail.mud.yahoo.com> I've created two user entries under People: Test User: uid=testuser Jane Doe : uid=JDoe Here's what I'm trying to achieve with access control: - Turn off anon access to the entry Test User - Allow full access to Test User on Test User - Allow (read, search, compare) to JDoe on Test User, and no other users - Allow full access to "cn=Directory Manager" on Test User. - Anon access is still allowed on other entries So, here is the list of ACIs (besides the inherited ones) that I've created on the entry Test User: (targetattr = "*") (version 3.0;acl "self";allow (all)(userdn = "ldap:///uid=testuser,ou=People, dc=dummy,dc=com");) (targetattr != "userPassword") (version 3.0;acl "No anonymous access";deny (all)(userdn = "ldap:///anyone");) (targetattr = "*") (target = "ldap:///uid=testuser,ou=People, dc=dummy,dc=com") (version 3.0;acl "Allow JDoe";allow (read,compare,search)(userdn = "ldap:///uid=JDoe,ou=People, dc=dummy,dc=com");) With the ACIs above, it seems that the "No anonymous access" is taking precendence over the other two. Even the "Test User" does not have access to its own data, and JDoe certainly does not either. The only user who has access is the Directory Manager. How do I achieve my goals with ACI? thanks a lot. sz. __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From chen_shaopeng at idsignet.com Fri Nov 4 09:10:48 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Fri, 04 Nov 2005 17:10:48 +0800 Subject: [Fedora-directory-users] what's wrong with this ACI? In-Reply-To: <20051104074602.92814.qmail@web36302.mail.mud.yahoo.com> References: <20051104074602.92814.qmail@web36302.mail.mud.yahoo.com> Message-ID: <436B2598.6040101@idsignet.com> speedy zinc wrote: > I've created two user entries under People: > > Test User: uid=testuser > Jane Doe : uid=JDoe > > Here's what I'm trying to achieve with access control: > > - Turn off anon access to the entry Test User > - Allow full access to Test User on Test User > - Allow (read, search, compare) to JDoe on Test User, > and > no other users > - Allow full access to "cn=Directory Manager" on Test > User. > - Anon access is still allowed on other entries > > So, here is the list of ACIs (besides the inherited > ones) > that I've created on the entry Test User: > > (targetattr = "*") (version 3.0;acl "self";allow > (all)(userdn = "ldap:///uid=testuser,ou=People, > dc=dummy,dc=com");) > > (targetattr != "userPassword") (version 3.0;acl "No > anonymous access";deny (all)(userdn = > "ldap:///anyone");) > > (targetattr = "*") (target = > "ldap:///uid=testuser,ou=People, dc=dummy,dc=com") > (version 3.0;acl "Allow JDoe";allow > (read,compare,search)(userdn = > "ldap:///uid=JDoe,ou=People, dc=dummy,dc=com");) > > With the ACIs above, it seems that the "No anonymous > access" > is taking precendence over the other two. Even the > "Test > User" does not have access to its own data, and JDoe > certainly does not either. The only user who has > access > is the Directory Manager. > > How do I achieve my goals with ACI? > Note that ACIs are logically ORed during evaluation. And "deny" always takes precedence over "allow". So, your ACI which [deny(all)(userdn="ldap:///anyone")] will take precendence over the other two. Therefore, even Test User is denied reading his own data. You can combine the 3 ACIs above into the following: (targetattr="*")(target="ldap:///uid=testuser,ou=People,dc=dummy,dc=com") (version 3.0;acl "Self and JDoe (but no anon to all)"; deny(all)(userdn != "ldap:///uid=testuser,ou=People,dc=dummy,dc=com || ldap://uid=JDoe,ou=People,dc=dummy,dc=com");) This tells the server to deny to all on that specific target except if userdn is "testuser" or "JDoe" . Hope that helps. csp -- Chen Shaopeng http://www.idsignet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From rmeggins at redhat.com Fri Nov 4 13:49:32 2005 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 04 Nov 2005 06:49:32 -0700 Subject: [Fedora-directory-users] role of uxwdog? In-Reply-To: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> References: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> Message-ID: <436B66EC.4010300@redhat.com> speedy zinc wrote: >What is the role of this watch dog? It would seem more >useful if the watch dog can watch over the slapd >process (and restart it if it dies), but it does not. > > We will be addressing that in an upcoming release with sysV init scripts. >So what is it doing? Seems like it's watching over the >ns-httpd instead. > > That's right. >rgds > >sz > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rcritten at redhat.com Fri Nov 4 14:00:45 2005 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 04 Nov 2005 09:00:45 -0500 Subject: [Fedora-directory-users] role of uxwdog? In-Reply-To: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> References: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> Message-ID: <436B698D.8080406@redhat.com> speedy zinc wrote: > What is the role of this watch dog? It would seem more > useful if the watch dog can watch over the slapd > process (and restart it if it dies), but it does not. > > So what is it doing? Seems like it's watching over the > ns-httpd instead. The admin server included with the current Red Hat DS is a stripped-down copy of the Netscape Enterprise Server, a standalone web server. The web server includes its own watchdog daemon, uxwdog. So yes, uxwdog watches ns-httpd and not ns-slapd. I don't know about a watchdog for ns-slapd, I'll leave that up to the more learned LDAP gurus. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Fri Nov 4 14:26:13 2005 From: david_list at boreham.org (David Boreham) Date: Fri, 04 Nov 2005 07:26:13 -0700 Subject: [Fedora-directory-users] role of uxwdog? In-Reply-To: <436B698D.8080406@redhat.com> References: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> <436B698D.8080406@redhat.com> Message-ID: <436B6F85.5000705@boreham.org> > > > I don't know about a watchdog for ns-slapd, I'll leave that up to the > more learned LDAP gurus. Simple : The LDAP server never crashes. ;) From rmeggins at redhat.com Fri Nov 4 15:25:07 2005 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 04 Nov 2005 08:25:07 -0700 Subject: [Fedora-directory-users] what's wrong with this ACI? In-Reply-To: <20051104074602.92814.qmail@web36302.mail.mud.yahoo.com> References: <20051104074602.92814.qmail@web36302.mail.mud.yahoo.com> Message-ID: <436B7D53.9050708@redhat.com> Another thing to remember about ACIs is that everything is denied by default. The only things that are allowed are those things which you explicitly allow. So you don't usually have to create deny rules. speedy zinc wrote: >I've created two user entries under People: > >Test User: uid=testuser >Jane Doe : uid=JDoe > >Here's what I'm trying to achieve with access control: > >- Turn off anon access to the entry Test User >- Allow full access to Test User on Test User >- Allow (read, search, compare) to JDoe on Test User, >and >no other users >- Allow full access to "cn=Directory Manager" on Test >User. >- Anon access is still allowed on other entries > >So, here is the list of ACIs (besides the inherited >ones) >that I've created on the entry Test User: > >(targetattr = "*") (version 3.0;acl "self";allow >(all)(userdn = "ldap:///uid=testuser,ou=People, >dc=dummy,dc=com");) > >(targetattr != "userPassword") (version 3.0;acl "No >anonymous access";deny (all)(userdn = >"ldap:///anyone");) > >(targetattr = "*") (target = >"ldap:///uid=testuser,ou=People, dc=dummy,dc=com") >(version 3.0;acl "Allow JDoe";allow >(read,compare,search)(userdn = >"ldap:///uid=JDoe,ou=People, dc=dummy,dc=com");) > >With the ACIs above, it seems that the "No anonymous >access" >is taking precendence over the other two. Even the >"Test >User" does not have access to its own data, and JDoe >certainly does not either. The only user who has >access >is the Directory Manager. > >How do I achieve my goals with ACI? > >thanks a lot. > >sz. > > > > > >__________________________________ >Yahoo! Mail - PC Magazine Editors' Choice 2005 >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From speedy_zinc at yahoo.com Fri Nov 4 16:47:08 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Fri, 4 Nov 2005 08:47:08 -0800 (PST) Subject: [Fedora-directory-users] what's wrong with this ACI? In-Reply-To: <436B2598.6040101@idsignet.com> Message-ID: <20051104164708.91604.qmail@web36315.mail.mud.yahoo.com> --- Chen Shaopeng wrote: > > Note that ACIs are logically ORed during evaluation. > And "deny" > always takes precedence over "allow". So, your ACI > which [deny(all)(userdn="ldap:///anyone")] will take > precendence > over the other two. Therefore, even Test User is > denied reading > his own data. > > You can combine the 3 ACIs above into the following: > > (targetattr="*")(target="ldap:///uid=testuser,ou=People,dc=dummy,dc=com") > (version 3.0;acl "Self and JDoe (but no anon to > all)"; > deny(all)(userdn != > "ldap:///uid=testuser,ou=People,dc=dummy,dc=com || > ldap://uid=JDoe,ou=People,dc=dummy,dc=com");) > > This tells the server to deny to all on that > specific target except > if userdn is "testuser" or "JDoe" . > > Hope that helps. > Thanks a lot, Chen! Exactly what I want :) sz __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From speedy_zinc at yahoo.com Fri Nov 4 16:51:57 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Fri, 4 Nov 2005 08:51:57 -0800 (PST) Subject: [Fedora-directory-users] role of uxwdog? In-Reply-To: <436B6F85.5000705@boreham.org> Message-ID: <20051104165158.27639.qmail@web36307.mail.mud.yahoo.com> --- David Boreham wrote: > > > > > > > I don't know about a watchdog for ns-slapd, I'll > leave that up to the > > more learned LDAP gurus. > > Simple : The LDAP server never crashes. > > ;) > Sure, I was playing with replication, and I kill one of them intentionally, just to see what that watch dog is doing :) sz __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From mj at sci.fi Sat Nov 5 18:10:11 2005 From: mj at sci.fi (Mike Jackson) Date: Sat, 05 Nov 2005 20:10:11 +0200 Subject: [Fedora-directory-users] role of uxwdog? In-Reply-To: <436B6F85.5000705@boreham.org> References: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> <436B698D.8080406@redhat.com> <436B6F85.5000705@boreham.org> Message-ID: <436CF583.9060909@sci.fi> David Boreham wrote: > >> >> >> I don't know about a watchdog for ns-slapd, I'll leave that up to the >> more learned LDAP gurus. > > > Simple : The LDAP server never crashes. > > ;) I have setup an LDAP server watchdog before with OpenLDAP and Daemontools. It works like a charm. To work with daemontools, a daemon should be able to start without forking itself into the background, e.g. with -f switch or similar, and log all of it's output to stdout (access, errors, etc). OpenLDAP can do this, but I don't believe that FDS can (although it would certainly be a great feature to add because daemontools really kick ass). -- mike From uffe at loop.to Sat Nov 5 19:01:02 2005 From: uffe at loop.to (uffe at loop.to) Date: Sat, 05 Nov 2005 11:01:02 -0800 Subject: [Fedora-directory-users] role of uxwdog? In-Reply-To: <436CF583.9060909@sci.fi> References: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> <436B698D.8080406@redhat.com> <436B6F85.5000705@boreham.org> <436CF583.9060909@sci.fi> Message-ID: <436D016E.1030900@loop.to> Mike Jackson wrote: > David Boreham wrote: > >> >>> >>> >>> I don't know about a watchdog for ns-slapd, I'll leave that up to >>> the more learned LDAP gurus. >> >> >> >> Simple : The LDAP server never crashes. >> >> ;) > > > I have setup an LDAP server watchdog before with OpenLDAP and > Daemontools. It works like a charm. > > To work with daemontools, a daemon should be able to start without > forking itself into the background, e.g. with -f switch or similar, > and log all of it's output to stdout (access, errors, etc). OpenLDAP > can do this, but I don't believe that FDS can (although it would > certainly be a great feature to add because daemontools really kick ass). The Daemontools look very handy! I run qmail under them but hadn't paid enough attention. If ns-slapd is started with -d it will not fork-and-exit and it logs errors to stdout. That's how to launch ns-slapd in debugger and avoid having to follow children. You can use the regular start-slapd script to pass arguments, like "start-slapd -d0" for normal log level. From speedy_zinc at yahoo.com Sat Nov 5 17:58:14 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Sat, 5 Nov 2005 09:58:14 -0800 (PST) Subject: [Fedora-directory-users] question about required fields and I18N issues Message-ID: <20051105175814.20894.qmail@web36304.mail.mud.yahoo.com> How can I enter non-ascii data in the attribute, especially for dn, last name, first name, etc, and still can use the native language for searching? For example, if I want to enter greeks or some eastern european characters, how can I do that? How do I configure the server to support i18n and have the proper collation? How many languages does the console support, i.e. have the proper translation and display correctly? I added an entry using ldapmodify, which contains non-ascii in the DN. It seems to get it correctly, as shown in the title bar of the property editor in the console. But the property editor and the console does not display correctly. The title bar displays correctly, though. And the result from ldapsearch just shows a bunch of garbage characters. All helps appreciated. sz __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From mj at sci.fi Sat Nov 5 19:52:17 2005 From: mj at sci.fi (Mike Jackson) Date: Sat, 05 Nov 2005 21:52:17 +0200 Subject: [Fedora-directory-users] role of uxwdog? In-Reply-To: <436D016E.1030900@loop.to> References: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> <436B698D.8080406@redhat.com> <436B6F85.5000705@boreham.org> <436CF583.9060909@sci.fi> <436D016E.1030900@loop.to> Message-ID: <436D0D71.7010205@sci.fi> uffe at loop.to wrote: > > If ns-slapd is started with -d it will not fork-and-exit > and it logs errors to stdout. That's how to launch ns-slapd in debugger > and avoid having to follow children. You can use the regular > start-slapd script to pass arguments, like "start-slapd -d0" for normal > log level. Hi, While that does work, you don't get any of the normal accesslog information, only errors. That is not really acceptable for everyone, at least not for me. So, I would say that if you don't care about access logging at all, and want to run slapd under daemontools, then you could start it like this: #!/bin/sh # # daemontools run script for ns-slapd service # exec 2>&1 echo "Starting ns-slapd..." exec \ cd /opt/fedora-ds/bin/slapd/server; \ ./ns-slapd \ -D /opt/fedora-ds/slapd-foo \ -d 0 -- mike From mj at sci.fi Sat Nov 5 20:04:16 2005 From: mj at sci.fi (Mike Jackson) Date: Sat, 05 Nov 2005 22:04:16 +0200 Subject: [Fedora-directory-users] role of uxwdog? In-Reply-To: <436D0D71.7010205@sci.fi> References: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> <436B698D.8080406@redhat.com> <436B6F85.5000705@boreham.org> <436CF583.9060909@sci.fi> <436D016E.1030900@loop.to> <436D0D71.7010205@sci.fi> Message-ID: <436D1040.4020000@sci.fi> Mike Jackson wrote: > > Hi, > While that does work, you don't get any of the normal accesslog > information, only errors. That is not really acceptable for everyone, at > least not for me. > Actually, I just discovered how to make it work, at least on linux: nsslapd-accesslog: /dev/stdout I will create a page on the wiki about running FDS under daemontools. -- mike From mj at sci.fi Sun Nov 6 12:53:27 2005 From: mj at sci.fi (Mike Jackson) Date: Sun, 06 Nov 2005 14:53:27 +0200 Subject: [Fedora-directory-users] role of uxwdog? In-Reply-To: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> References: <20051104064645.26161.qmail@web36307.mail.mud.yahoo.com> Message-ID: <436DFCC7.10000@sci.fi> speedy zinc wrote: > What is the role of this watch dog? It would seem more > useful if the watch dog can watch over the slapd > process (and restart it if it dies), but it does not. Hi, You can use daemontools as a watchdog for slapd, which will restart it if it dies. I just wrote a howto on the wiki: http://directory.fedora.redhat.com/wiki/Howto:Daemontools Please test it and mail any mistakes to the list. BR, -- mike From dfulton-lists at concepttechnologyinc.com Sun Nov 6 18:12:53 2005 From: dfulton-lists at concepttechnologyinc.com (Darren Fulton) Date: Sun, 06 Nov 2005 12:12:53 -0600 Subject: [Fedora-directory-users] How can I create a User ID alias? Message-ID: <436E47A5.5070304@concepttechnologyinc.com> I have an in production application at our office (Web Calendar) that I am migrating to LDAP authentication using FDS from application internal authentication. Some of the users in the old program have user id's of $firstname and they don't work because everyone in the ldap server was setup as $firstinitial$lasthname. I have not been sucessful at changing the User ID's in the application from $firstname to $firstinitial$lastname. Question: Is there a way that I can make aliases in FDS such that User ID james equals User ID jjones? If so, how can I do it? Thank you. Darren From speedy_zinc at yahoo.com Mon Nov 7 01:53:11 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Sun, 6 Nov 2005 17:53:11 -0800 (PST) Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <43579E6B.5060202@redhat.com> Message-ID: <20051107015311.11745.qmail@web36302.mail.mud.yahoo.com> Sorry, this is an old issue. Has anyone succeeded in building the server on Ubuntu 5.10? I'd appreciate if someone can share some experience. regards sz. --- Rich Megginson wrote: > Hmm - not sure. Looks like it could also be > compiler related. Perhaps > there is some other config option? I'm not really > sure how the > compiler/linker is supposed to handle the case where > you have a variable > declared as an external global and defined as a > static in the same > compilation unit e.g. > saslint.h:112 > extern sasl_global_callbacks_t global_callbacks; > > client.c:64 > static sasl_global_callbacks_t global_callbacks; > > And client.c includes saslint.h. There don't appear > to be any ifdefs > that protect one or the other. I wonder if there is > some gcc4 compiler > flag to allow this? In server.c, global_callbacks > is defined as a > _global_, not as a static, so I think the intention > is that the > definition of global_callbacks as a static in > client.c is supposed to be > a different variable than the one that is declared > as global in > saslint.h . . . weird. > __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From chen_shaopeng at idsignet.com Mon Nov 7 02:05:38 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Mon, 07 Nov 2005 10:05:38 +0800 Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <20051107015311.11745.qmail@web36302.mail.mud.yahoo.com> References: <20051107015311.11745.qmail@web36302.mail.mud.yahoo.com> Message-ID: <436EB672.3030308@idsignet.com> speedy zinc wrote: > Sorry, this is an old issue. Has anyone succeeded in > building the server on Ubuntu 5.10? > > I'd appreciate if someone can share some experience. > I just upgraded my workstation from Ubuntu 5.04 to 5.10 over the weekend, and it's building fine, but I'm using gcc 3.4 (not 4.0 as you have reported earlier). You might want to downgrade to gcc 3.4 to build it. Some modules use the command "cc", so you might have to create a link from "cc" to your gcc command. The whole thing builds just fine, assuming that you have all the req devel packages installed. csp -- Chen Shaopeng http://www.idsignet.com From speedy_zinc at yahoo.com Mon Nov 7 02:23:52 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Sun, 6 Nov 2005 18:23:52 -0800 (PST) Subject: [Fedora-directory-users] numerical prefix of schema file Message-ID: <20051107022352.24348.qmail@web36308.mail.mud.yahoo.com> Hi, I see each schema file is prefixed with a numerical value, such as: 00core.ldif 50ns-wcal.ldif 51ns-calendar.ldif 60pam-plugin.ldif 99user.ldif so what does the numerical prefix mean? I just know that if I change the schema from the console, it ends up in 99user.ldif. But what about the others? Is it for loading orders, or something else? If I add my own schema files, which value do I use for the prefix? thanks sz __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From david_list at boreham.org Mon Nov 7 03:26:17 2005 From: david_list at boreham.org (David Boreham) Date: Sun, 06 Nov 2005 20:26:17 -0700 Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <436EB672.3030308@idsignet.com> References: <20051107015311.11745.qmail@web36302.mail.mud.yahoo.com> <436EB672.3030308@idsignet.com> Message-ID: <436EC959.9090000@boreham.org> Chen Shaopeng wrote: >speedy zinc wrote: > > >>Sorry, this is an old issue. Has anyone succeeded in >>building the server on Ubuntu 5.10? >> >> >> It should build ok on any moderately recent Linux. What build problem are you having ? From speedy_zinc at yahoo.com Mon Nov 7 06:17:17 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Sun, 6 Nov 2005 22:17:17 -0800 (PST) Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <436EB672.3030308@idsignet.com> Message-ID: <20051107061717.64662.qmail@web36313.mail.mud.yahoo.com> Thanks, I'll try that. But, my home internet connection is such a pig that I really don't want download anything if I don't have too. sz --- Chen Shaopeng wrote: > > I just upgraded my workstation from Ubuntu 5.04 to > 5.10 > over the weekend, and it's building fine, but I'm > using > gcc 3.4 (not 4.0 as you have reported earlier). > > You might want to downgrade to gcc 3.4 to build it. > Some > modules use the command "cc", so you might have to > create > a link from "cc" to your gcc command. > > The whole thing builds just fine, assuming that you > have > all the req devel packages installed. > > csp > -- > Chen Shaopeng > http://www.idsignet.com > __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From speedy_zinc at yahoo.com Mon Nov 7 06:32:34 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Sun, 6 Nov 2005 22:32:34 -0800 (PST) Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <436EC959.9090000@boreham.org> Message-ID: <20051107063234.22858.qmail@web36304.mail.mud.yahoo.com> --- David Boreham wrote: > It should build ok on any moderately recent Linux. > What build problem are you having ? > I followed Rob's suggestion by doing a patch for gcc 4, it went pass the first problem, but I still can't get it pass the second. The second problem is: rm -f .libs/client.lo cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../plugins -I../include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -I/tmp/fedora-ds-build/include -Wall -W -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -I/tmp/fedora-ds-build/include -L/tmp/fedora-ds-build/lib -O2 -pipe -MT client.lo -MD -MP -MF .deps/client.Tpo -c client.c -fPIC -DPIC -o .libs/client.lo client.c:64: error: static declaration of 'global_callbacks' follows non-static declaration saslint.h:112: error: previous declaration of 'global_callbacks' was here make[4]: *** [client.lo] Error 1 make[4]: Leaving directory `/home/csp/redhat/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20/lib' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/csp/redhat/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/csp/redhat/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20' make[1]: *** [build-work/cyrus-sasl-2.1.20/Makefile] Error 2 make[1]: Leaving directory `/home/csp/redhat/dsbuild/ds/cyrus-sasl' make: *** [dep-../../ds/cyrus-sasl] Error 2 --------------- Rich thinks it might have anything to do with gcc 4, but I really don't know how to change gcc4 compile options to get around this. Chen reported he can build with gcc 3.4, and that's whayt I'm going to try to see if I can pass that. Anyways, this dsbuild thingy is getting me really dizzy... should be sleeping anyway. thanks sz __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From speedy_zinc at yahoo.com Mon Nov 7 06:54:23 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Sun, 6 Nov 2005 22:54:23 -0800 (PST) Subject: [Fedora-directory-users] question about schema file keywords Message-ID: <20051107065423.28312.qmail@web36311.mail.mud.yahoo.com> I'm trying to define a schema that is a little more complicated than the hello-world-equivalent, but I'd like to know the real meaning of some keywords I found: NO-USER-MODIFICATION : does this mean that "self" can't change the value of this atttribute? USAGE : what's that exactly? I saw something like "USAGE directoryOperation", what's that for? What are other usage possible? SINGLE-VALUE : does it mean that any attribute which does not have this specifie is a multi-value attribute? STRUCTURAL : not sure I understand the real meaning of this one. There are probably more, but these are the ones commonly found. thanks sz __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From mj at sci.fi Mon Nov 7 10:46:06 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 07 Nov 2005 12:46:06 +0200 Subject: [Fedora-directory-users] numerical prefix of schema file In-Reply-To: <20051107022352.24348.qmail@web36308.mail.mud.yahoo.com> References: <20051107022352.24348.qmail@web36308.mail.mud.yahoo.com> Message-ID: <436F306E.5000009@sci.fi> speedy zinc wrote: > so what does the numerical prefix mean? It is for loading order. > I just know that if I change the schema from the console, it ends up in > 99user.ldif. You should avoid adding schema from the console or over-the-wire, because it will be handled in this way, and there are some problems with using 99user.ldif, e.g. if you need to install version-controlled schema to your servers then this technique will definitely not work. > If I add my own schema files, which value do I use for > the prefix? You can use whatever you want, even numbers that are already used. The schema loader looks at the number first, then the alphabetical order, e.g. 50abc.ldif would be loaded before 50myschema.ldif. The whole purpose behind the loading order is for dependencies, so if you write an objectclass in myschema.ldif and you specify it as a subclass to an objectclass which exists in "25somecoolschema.ldif", then you will want to number "myschema.ldif" with a prefix higher than 25 or if you use 25 then you need to start the filename with something alphabetically later than "somecoolschema". All of this is documented in the Deployment Guide: http://www.redhat.com/docs/manuals/dir-server/deploy/7.1/schema.html#17755 BR, Mike From mj at sci.fi Mon Nov 7 10:52:50 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 07 Nov 2005 12:52:50 +0200 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <20051107065423.28312.qmail@web36311.mail.mud.yahoo.com> References: <20051107065423.28312.qmail@web36311.mail.mud.yahoo.com> Message-ID: <436F3202.5090401@sci.fi> speedy zinc wrote: > I'm trying to define a schema that is a little more > complicated than the hello-world-equivalent, but I'd > like to know the real meaning of some keywords I > found: See: http://www.rfc-editor.org/rfc/rfc2252.txt -- mike From speedy_zinc at yahoo.com Mon Nov 7 11:31:22 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 7 Nov 2005 03:31:22 -0800 (PST) Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <436F3202.5090401@sci.fi> Message-ID: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> --- Mike Jackson wrote: > speedy zinc wrote: > > I'm trying to define a schema that is a little > more > > complicated than the hello-world-equivalent, but > I'd > > like to know the real meaning of some keywords I > > found: > > > See: > > http://www.rfc-editor.org/rfc/rfc2252.txt > Dumb me, never occured to me to read that one :) But I still can't figure out the differences between a STRUCTURAL and an AUXILIARY objectclass. Besdies the definition, they look similar to me. thanks sz __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From speedy_zinc at yahoo.com Mon Nov 7 11:34:35 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 7 Nov 2005 03:34:35 -0800 (PST) Subject: [Fedora-directory-users] real world example of nested roles? Message-ID: <20051107113435.83476.qmail@web36310.mail.mud.yahoo.com> Could anyone give a real world example of how a nested role is used, and how useful it is? thanks a lot. sz __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From mj at sci.fi Mon Nov 7 12:07:54 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 07 Nov 2005 14:07:54 +0200 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> References: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> Message-ID: <436F439A.20404@sci.fi> speedy zinc wrote: > > But I still can't figure out the differences between > a STRUCTURAL and an AUXILIARY objectclass. Besdies the > definition, they look similar to me. > It's part of the X.500 data model. Every directory object can and must have only one structural object class, and the other classes on that object have to be auxiliary. You can only instantiate new objects with structural classes. Example of an object: structural class "car" auxiliary class "europeanCar" auxiliary class "raceCar" europeanCar and raceCar are specializations (subclasses) of car. Finally, FDS/RHDS do not enforce so-called "structural integrity". They will allow you to e.g. create an entry which contains multiple structural classes. OpenLDAP versions 2.1 and later prohibit this and there is no way to disable it, even if you try. A server should give the administrator the possibility of disabling structural integrity checking if desired... I recommend following the rules, even if FDS doesn't enforce them. -- mike From speedy_zinc at yahoo.com Mon Nov 7 12:03:31 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 7 Nov 2005 04:03:31 -0800 (PST) Subject: [Fedora-directory-users] make an attribute default to object class? Message-ID: <20051107120331.71038.qmail@web36304.mail.mud.yahoo.com> Ok, I have this weird idea that I want to make a new attribute an allowed attribute of an existing objectclass and all its sub-classes, but without modifying the definition of the existing class, only thru extension. For example, if I define a new attribute called "myWhackyAttr", and I want to make it part of an allowed attribute of nsRoleDefinition (or nsSimpleRoleDefinition), so that the attribute is available to all sub-classes. To do that, I can change the definition of nsRoleDefinition in 00core.ldif, which everyone would say "stop right there, you shouldn't do that". The other way is, I can create an aux objectclass with that attribute, and everytime I create a new role, I have to make sure that I add that object class to the new entry. That's tedious, and might forget it. Is there a third way to enforce that? thanks for any hint. sz __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From lists at ijichi.org Mon Nov 7 12:14:26 2005 From: lists at ijichi.org (Dominic Ijichi) Date: Mon, 07 Nov 2005 12:14:26 +0000 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <436F439A.20404@sci.fi> References: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> <436F439A.20404@sci.fi> Message-ID: <1131365666.436f452206b92@www.ijichi.org> An embedded and charset-unspecified text was scrubbed... Name: not available URL: From mj at sci.fi Mon Nov 7 12:39:18 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 07 Nov 2005 14:39:18 +0200 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <1131365666.436f452206b92@www.ijichi.org> References: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> <436F439A.20404@sci.fi> <1131365666.436f452206b92@www.ijichi.org> Message-ID: <436F4AF6.2040908@sci.fi> Dominic Ijichi wrote: > i suspect they found that by giving the option of turning off schema checking, > everyone was doing it as a 'quick fix'. NOTE that "schema checking" and "structural integrity checking" are not the same thing. OpenLDAP earlier than 2.1 could have schema checking enabled (may and must attribute checking, syntax checking, length checking, etc) and still not enforce structural integrity. FDS can have "schema checking" enabled and still not check structural integrity... -- mike From mj at sci.fi Mon Nov 7 12:42:58 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 07 Nov 2005 14:42:58 +0200 Subject: [Fedora-directory-users] make an attribute default to object class? In-Reply-To: <20051107120331.71038.qmail@web36304.mail.mud.yahoo.com> References: <20051107120331.71038.qmail@web36304.mail.mud.yahoo.com> Message-ID: <436F4BD2.9070001@sci.fi> speedy zinc wrote: > Ok, I have this weird idea that I want to make a new > attribute an allowed attribute of an existing > objectclass > and all its sub-classes, but without modifying the > definition of the existing class, only thru extension. I suggest that you get a good reference book to really get a grasp on what you are doing instead of using ad-hoc, trial and error sort of design methods. "LDAP Programming, Management, and Integration" by Clayton Donley Chapter 2 "Understanding the LDAP Information Model" has all the information you need. BR, Mike From dom at ijichi.org Mon Nov 7 12:49:41 2005 From: dom at ijichi.org (Dominic Ijichi) Date: Mon, 07 Nov 2005 12:49:41 +0000 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <436F4AF6.2040908@sci.fi> References: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> <436F439A.20404@sci.fi> <1131365666.436f452206b92@www.ijichi.org> <436F4AF6.2040908@sci.fi> Message-ID: <1131367781.436f4d659cf63@www.ijichi.org> An embedded and charset-unspecified text was scrubbed... Name: not available URL: From david_list at boreham.org Mon Nov 7 13:51:47 2005 From: david_list at boreham.org (David Boreham) Date: Mon, 07 Nov 2005 06:51:47 -0700 Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <20051107063234.22858.qmail@web36304.mail.mud.yahoo.com> References: <20051107063234.22858.qmail@web36304.mail.mud.yahoo.com> Message-ID: <436F5BF3.3030903@boreham.org> >client.c:64: error: static declaration of >'global_callbacks' follows non-static declaration >saslint.h:112: error: previous declaration of > > this looks like another gcc4 problem. there are two patches for gcc4 listed on the build page. do you have them both ? (one for cyrus-sasl, the other for DS). From rmeggins at redhat.com Mon Nov 7 17:37:11 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 10:37:11 -0700 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <20051105175814.20894.qmail@web36304.mail.mud.yahoo.com> References: <20051105175814.20894.qmail@web36304.mail.mud.yahoo.com> Message-ID: <436F90C7.9040403@redhat.com> speedy zinc wrote: >How can I enter non-ascii data in the attribute, >especially for dn, last name, first name, etc, and >still can use the native language for searching? > > Firstly, the data must be encoded in utf8. There are usually system utilities available to do native charset -> utf8 conversion - see "man iconv". Secondly, you must use language tags for your attributes if you want them to be properly sorted/collated e.g. cn: Celine Andre cn;lang-fr: \de\55\85\44line Andre My utf8 encoding is not correct, but you should get the general drift. >For example, if I want to enter greeks or some eastern >european characters, how can I do that? > >How do I configure the server to support i18n and have >the proper collation? > > You shouldn't have to do anything. As long as you make sure all data is utf8 encoded, the server should be able to handle it. We use ICU 2.4 which supports about 40 languages. >How many languages does the console support, i.e. have >the proper translation and display correctly? > > You mean, for how many languages has the console been localized for? The console itself is written in Java, which has all of the unicode stuff built in, so it can handle the native charset -> utf8 conversion properly. This assumes you have your LOCALE set up correctly with all of the fonts you need. >I added an entry using ldapmodify, which contains >non-ascii in the DN. It seems to get it correctly, as >shown in the title bar of the property editor in the >console. But the property editor and the console does >not display correctly. The title bar displays >correctly, >though. > >And the result from ldapsearch just shows a bunch of >garbage characters. > > ldapsearch will display the data base64 encoded. Just decode the base64 to see your utf8 chars. >All helps appreciated. > >sz > > > > > >__________________________________ >Yahoo! Mail - PC Magazine Editors' Choice 2005 >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Nov 7 17:41:18 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 10:41:18 -0700 Subject: [Fedora-directory-users] make an attribute default to object class? In-Reply-To: <20051107120331.71038.qmail@web36304.mail.mud.yahoo.com> References: <20051107120331.71038.qmail@web36304.mail.mud.yahoo.com> Message-ID: <436F91BE.2090206@redhat.com> speedy zinc wrote: >Ok, I have this weird idea that I want to make a new >attribute an allowed attribute of an existing >objectclass >and all its sub-classes, but without modifying the >definition of the existing class, only thru extension. > >For example, if I define a new attribute called >"myWhackyAttr", and I want to make it part of an >allowed >attribute of nsRoleDefinition (or >nsSimpleRoleDefinition), >so that the attribute is available to all sub-classes. > >To do that, I can change the definition of >nsRoleDefinition >in 00core.ldif, which everyone would say "stop right >there, >you shouldn't do that". > >The other way is, I can create an aux objectclass with > >that attribute, and everytime I create a new role, >I have to make sure that I add that object class to >the >new entry. That's tedious, and might forget it. > >Is there a third way to enforce that? > > Create a new structural objectclass called MyRole - it will extend nsRoleDefinition and include the myWackyAttr attribute (as a MAY preferably, not a MUST). Then, you'll have to create MyRole roles, for which there is also not console support. >thanks for any hint. > >sz > > > > >__________________________________ >Start your day with Yahoo! - Make it your home page! >http://www.yahoo.com/r/hs > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Nov 7 17:47:25 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 10:47:25 -0700 Subject: [Fedora-directory-users] How can I create a User ID alias? In-Reply-To: <436E47A5.5070304@concepttechnologyinc.com> References: <436E47A5.5070304@concepttechnologyinc.com> Message-ID: <436F932D.3050705@redhat.com> Darren Fulton wrote: >I have an in production application at our office (Web Calendar) that I >am migrating to LDAP authentication using FDS from application internal >authentication. > >Some of the users in the old program have user id's of $firstname and >they don't work because everyone in the ldap server was setup as >$firstinitial$lasthname. > >I have not been sucessful at changing the User ID's in the application >from $firstname to $firstinitial$lastname. > >Question: Is there a way that I can make aliases in FDS such that User >ID james equals User ID jjones? If so, how can I do it? > > FDS does not support LDAP aliases. However, you can have a single entry with two different uid attributes - uid is a multi-valued attribute. This will allow you to do an LDAP search for uid=james or uid=jjones and get the same entry. If you want to use uid as the naming attribute for the DN, you will just have to pick one of the values. >Thank you. > >Darren > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Mon Nov 7 18:08:13 2005 From: david_list at boreham.org (David Boreham) Date: Mon, 07 Nov 2005 11:08:13 -0700 Subject: [Fedora-directory-users] How can I create a User ID alias? In-Reply-To: <436F932D.3050705@redhat.com> References: <436E47A5.5070304@concepttechnologyinc.com> <436F932D.3050705@redhat.com> Message-ID: <436F980D.4040102@boreham.org> Richard Megginson wrote: > Darren Fulton wrote: > >> I have an in production application at our office (Web Calendar) that I >> am migrating to LDAP authentication using FDS from application internal >> authentication. >> Some of the users in the old program have user id's of $firstname and >> they don't work because everyone in the ldap server was setup as >> $firstinitial$lasthname. >> I have not been sucessful at changing the User ID's in the application >> from $firstname to $firstinitial$lastname. > Can you configure the search done by the application ? If so, it should be possible to retain the single uid per user, but add a second attribute value with the second name. Then configure the old applications to search on that attribute to find users' DNs. From jclowser at unitedmessaging.com Mon Nov 7 18:14:10 2005 From: jclowser at unitedmessaging.com (Jeff Clowser) Date: Mon, 07 Nov 2005 13:14:10 -0500 Subject: [Fedora-directory-users] How can I create a User ID alias? In-Reply-To: <436F932D.3050705@redhat.com> References: <436E47A5.5070304@concepttechnologyinc.com> <436F932D.3050705@redhat.com> Message-ID: <436F9972.5090902@unitedmessaging.com> Richard Megginson wrote: > Darren Fulton wrote: > >> I have an in production application at our office (Web Calendar) that I >> am migrating to LDAP authentication using FDS from application internal >> authentication. >> Some of the users in the old program have user id's of $firstname and >> they don't work because everyone in the ldap server was setup as >> $firstinitial$lasthname. >> I have not been sucessful at changing the User ID's in the application >> from $firstname to $firstinitial$lastname. >> >> Question: Is there a way that I can make aliases in FDS such that User >> ID james equals User ID jjones? If so, how can I do it? >> >> > FDS does not support LDAP aliases. However, you can have a single > entry with two different uid attributes - uid is a multi-valued > attribute. This will allow you to do an LDAP search for uid=james or > uid=jjones and get the same entry. If you want to use uid as the > naming attribute for the DN, you will just have to pick one of the > values. > Be careful with this, though - even though LDAP allows/defines uid to be multivalued, I have seen some apps that expect uid to be single valued, and choke or give unexpected results on users that are not. You'll only know, though, by trying it out and seeing if something breaks. What is the web calendar app you are using? Are you using any other apps that use your FDS? - Jeff From wilmer5 at gmail.com Mon Nov 7 23:48:00 2005 From: wilmer5 at gmail.com (Wilmer Jaramillo) Date: Mon, 7 Nov 2005 19:48:00 -0400 Subject: [Fedora-directory-users] Directory Server and SSL Message-ID: <2b26c4260511071548n524ca40ag@mail.gmail.com> Greetings, I have followed the instructions in the documentation of Red Hat(http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html ), nevertheless, late to generate certificates CA for the Directory Server being listened in port 636 with SSL profit not to activate them for the Administrator Server(https), by some reason the list does not appear to me in (Server Group>Administrator Server>Open>Configuration>Encryption>Certificate) Thanks. -- Wilmer Jaramillo M. San Crist?bal - Venezuela TALUG - http://www.linuxtachira.org Linux User: 278.161 -- irc.freenode.net #talug GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A From tim at registriesltd.com.au Tue Nov 8 02:47:55 2005 From: tim at registriesltd.com.au (Tim Edwards) Date: Tue, 08 Nov 2005 13:47:55 +1100 Subject: [Fedora-directory-users] Can't start admin server Message-ID: <437011DB.80007@registriesltd.com.au> Hi, I'm trying to setup Fedora DS using these instructions: http://www.redhat.com/docs/manuals/dir-server/ag/7.1/intro.html#1043886 However I can't find any trace of an adminserver or start-admin or anything like that. I installed from the binary RPM for RHEL4 at http://directory.fedora.redhat.com/wiki/Special:Download Does this RPM include the admin server stuff or do I have to download the source and build it seperately? -- Tim Edwards From speedy_zinc at yahoo.com Tue Nov 8 03:00:05 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 7 Nov 2005 19:00:05 -0800 (PST) Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <20051107063234.22858.qmail@web36304.mail.mud.yahoo.com> Message-ID: <20051108030005.2568.qmail@web36302.mail.mud.yahoo.com> Ok, I uninstalled gcc4 and installed gcc3.4, and I'm getting further than before. But I'm still getting build error... grr :( ./mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib -lsvrcore -L../../../../cyrus-sasl-2.1.20/lib -lsasl 2 -L/usr/kerberos/lib -lgssapi_krb5 -lcrypt -lpthread -L../../../../db-4.2.52.NC/built/.libs -ldb-4.2 ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(db_berkeley.o): In function `berkeleydb_open': db_berkeley.c:(.text+0x41): undefined reference to `db_create_4002' db_berkeley.c:(.text+0xb5): undefined reference to `db_strerror_4002' ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(db_berkeley.o): In function `berkeleydb_close': db_berkeley.c:(.text+0x165): undefined reference to `db_strerror_4002' ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(db_berkeley.o): In function `_sasldb_getdata': db_berkeley.c:(.text+0x31b): undefined reference to `db_strerror_4002' ../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(db_berkeley.o): In function `_sasldb_putdata': db_berkeley.c:(.text+0x530): undefined reference to `db_strerror_4002' db_berkeley.c:(.text+0x585): undefined reference to `db_strerror_4002' collect2: ld returned 1 exit status I have db4.3 installed, so what's wrong with that? thanks Chris S. P. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From rmeggins at redhat.com Tue Nov 8 03:29:53 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 20:29:53 -0700 Subject: [Fedora-directory-users] Can't start admin server In-Reply-To: <437011DB.80007@registriesltd.com.au> References: <437011DB.80007@registriesltd.com.au> Message-ID: <43701BB1.8060403@redhat.com> Did you run setup first? Tim Edwards wrote: > Hi, > > I'm trying to setup Fedora DS using these instructions: > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/intro.html#1043886 > > However I can't find any trace of an adminserver or start-admin or > anything like that. I installed from the binary RPM for RHEL4 at > http://directory.fedora.redhat.com/wiki/Special:Download > > Does this RPM include the admin server stuff or do I have to download > the source and build it seperately? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Nov 8 03:31:31 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 20:31:31 -0700 Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <20051108030005.2568.qmail@web36302.mail.mud.yahoo.com> References: <20051108030005.2568.qmail@web36302.mail.mud.yahoo.com> Message-ID: <43701C13.5040502@redhat.com> speedy zinc wrote: >Ok, I uninstalled gcc4 and installed gcc3.4, and I'm >getting >further than before. But I'm still getting build >error... >grr :( > >./mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib >-lsvrcore -L../../../../cyrus-sasl-2.1.20/lib -lsasl 2 >-L/usr/kerberos/lib -lgssapi_krb5 -lcrypt -lpthread >-L../../../../db-4.2.52.NC/built/.libs -ldb-4.2 > > It's using db4.2 because that's the version that we use for the slapd database. It conflicts with the version of bdb that was used to build sasl, which is the one on your OS. >../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(db_berkeley.o): >In function `berkeleydb_open': >db_berkeley.c:(.text+0x41): undefined reference to >`db_create_4002' >db_berkeley.c:(.text+0xb5): undefined reference to >`db_strerror_4002' >../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(db_berkeley.o): >In function `berkeleydb_close': >db_berkeley.c:(.text+0x165): undefined reference to >`db_strerror_4002' >../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(db_berkeley.o): >In function `_sasldb_getdata': >db_berkeley.c:(.text+0x31b): undefined reference to >`db_strerror_4002' >../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(db_berkeley.o): >In function `_sasldb_putdata': >db_berkeley.c:(.text+0x530): undefined reference to >`db_strerror_4002' >db_berkeley.c:(.text+0x585): undefined reference to >`db_strerror_4002' >collect2: ld returned 1 exit status > > >I have db4.3 installed, so what's wrong with that? > >thanks > >Chris S. P. > > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From dfulton-lists at concepttechnologyinc.com Tue Nov 8 03:40:12 2005 From: dfulton-lists at concepttechnologyinc.com (Darren Fulton) Date: Mon, 07 Nov 2005 21:40:12 -0600 Subject: [Fedora-directory-users] How can I create a User ID alias? In-Reply-To: <436F9972.5090902@unitedmessaging.com> References: <436E47A5.5070304@concepttechnologyinc.com> <436F932D.3050705@redhat.com> <436F9972.5090902@unitedmessaging.com> Message-ID: <43701E1C.8030009@concepttechnologyinc.com> Jeff Clowser wrote: > Richard Megginson wrote: > >> Darren Fulton wrote: >> >>> I have an in production application at our office (Web Calendar) that I >>> am migrating to LDAP authentication using FDS from application internal >>> authentication. >>> Some of the users in the old program have user id's of $firstname and >>> they don't work because everyone in the ldap server was setup as >>> $firstinitial$lasthname. >>> I have not been sucessful at changing the User ID's in the application >>> from $firstname to $firstinitial$lastname. >>> >>> Question: Is there a way that I can make aliases in FDS such that User >>> ID james equals User ID jjones? If so, how can I do it? >>> >>> >> FDS does not support LDAP aliases. However, you can have a single >> entry with two different uid attributes - uid is a multi-valued >> attribute. This will allow you to do an LDAP search for uid=james or >> uid=jjones and get the same entry. If you want to use uid as the >> naming attribute for the DN, you will just have to pick one of the >> values. >> > Be careful with this, though - even though LDAP allows/defines uid to > be multivalued, I have seen some apps that expect uid to be single > valued, and choke or give unexpected results on users that are not. > You'll only know, though, by trying it out and seeing if something > breaks. What is the web calendar app you are using? Are you using > any other apps that use your FDS? > > - Jeff > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users Hello, The web calendar is "Web Calendar" ( http://www.k5n.us/webcalendar.php ) and I'm currently authenticating using http basic auth, over SSL using mod_ldap in Apache. User authenticates as jjones and if there is a webcal user by the name of jjones, it pulls up his calendar. My only problem was that jjones (in this case) doesn't have a calendar, but user james does. I wanted it to recognize that jjones was james and it would pull up the calendar. Adding a second User ID for that user doesn't seem to accomplish my goal in this case, by may help out in the future. Thanks for the help. Darren From speedy_zinc at yahoo.com Tue Nov 8 03:40:56 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 7 Nov 2005 19:40:56 -0800 (PST) Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <436F90C7.9040403@redhat.com> Message-ID: <20051108034056.2365.qmail@web36312.mail.mud.yahoo.com> We are working on a school project to build a "universal" directory service to support a global village (:) on which everyone can logon using their native language. People can talk to each other using their native language, but it gets translated in real-time (don't expect too much, just a school project). And we use FDS as the underlying service for user authentication, user profile, etc. We want to allow user to register themselves, in their own language. So, username etc, should be in the native language. --- Richard Megginson wrote: > speedy zinc wrote: > > >How can I enter non-ascii data in the attribute, > >especially for dn, last name, first name, etc, and > >still can use the native language for searching? > > > > > Firstly, the data must be encoded in utf8. There > are usually system > utilities available to do native charset -> utf8 > conversion - see "man > iconv". Secondly, you must use language tags for > your attributes if you > want them to be properly sorted/collated e.g. > cn: Celine Andre > cn;lang-fr: \de\55\85\44line Andre > Does that mean I can not enter native language (even if my system is using UTF8 encoding) directly in the console? > > >For example, if I want to enter greeks or some > eastern > >european characters, how can I do that? > > > >How do I configure the server to support i18n and > have > >the proper collation? > > > > > You shouldn't have to do anything. As long as you > make sure all data is > utf8 encoded, the server should be able to handle > it. We use ICU 2.4 > which supports about 40 languages. > > >How many languages does the console support, i.e. > have > >the proper translation and display correctly? > > > > > You mean, for how many languages has the console > been localized for? > Yeah, since it is in java, if I change my environment, shouldn't the console displayed in the right language? thanks chris p. __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From speedy_zinc at yahoo.com Tue Nov 8 03:44:20 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 7 Nov 2005 19:44:20 -0800 (PST) Subject: [Fedora-directory-users] make an attribute default to object class? In-Reply-To: <436F91BE.2090206@redhat.com> Message-ID: <20051108034420.97123.qmail@web36301.mail.mud.yahoo.com> --- Richard Megginson wrote: > > > Create a new structural objectclass called MyRole - > it will extend > nsRoleDefinition and include the myWackyAttr > attribute (as a MAY > preferably, not a MUST). Then, you'll have to > create MyRole roles, for > which there is also not console support. > Yeah, but we want to use the same nsRoleDefinition as provided by the server, and can be managed through the console though :) chris p. __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From rmeggins at redhat.com Tue Nov 8 03:44:10 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 20:44:10 -0700 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <20051108034056.2365.qmail@web36312.mail.mud.yahoo.com> References: <20051108034056.2365.qmail@web36312.mail.mud.yahoo.com> Message-ID: <43701F0A.8050104@redhat.com> speedy zinc wrote: >We are working on a school project to build a >"universal" directory service to support a global >village (:) on which everyone can logon using their >native language. People can talk to each other >using their native language, but it gets translated >in real-time (don't expect too much, just a school >project). And we use FDS as the underlying service >for user authentication, user profile, etc. > >We want to allow user to register themselves, >in their own language. So, username etc, should be in >the native language. > > Sure. This is also quite common for large global enterprises who want to provide self service or locally administered access to the directory server. The logic to convert from the local charset to utf8 must be done in the application - LDAP only provides for utf8 data. What is registration application? Is it open source? What language is it written in? For C apps, iconv is provided by most *nix OSes. There is a way to do this in Windows - I can't remember, but there is some code that the ldapsearch, ldapmodify commands use. I have no idea about Mac. It's very easy to do this in Java - strings are stored in Unicode internally, and the conversion code is built into the String class. >--- Richard Megginson wrote: > > > >>speedy zinc wrote: >> >> >> >>>How can I enter non-ascii data in the attribute, >>>especially for dn, last name, first name, etc, and >>>still can use the native language for searching? >>> >>> >>> >>> >>Firstly, the data must be encoded in utf8. There >>are usually system >>utilities available to do native charset -> utf8 >>conversion - see "man >>iconv". Secondly, you must use language tags for >>your attributes if you >>want them to be properly sorted/collated e.g. >>cn: Celine Andre >>cn;lang-fr: \de\55\85\44line Andre >> >> >> > >Does that mean I can not enter native language (even >if my system is using UTF8 encoding) directly in >the console? > > > >>>For example, if I want to enter greeks or some >>> >>> >>eastern >> >> >>>european characters, how can I do that? >>> >>>How do I configure the server to support i18n and >>> >>> >>have >> >> >>>the proper collation? >>> >>> >>> >>> >>You shouldn't have to do anything. As long as you >>make sure all data is >>utf8 encoded, the server should be able to handle >>it. We use ICU 2.4 >>which supports about 40 languages. >> >> >> >>>How many languages does the console support, i.e. >>> >>> >>have >> >> >>>the proper translation and display correctly? >>> >>> >>> >>> >>You mean, for how many languages has the console >>been localized for? >> >> >> > >Yeah, since it is in java, if I change my environment, >shouldn't the console displayed in the right language? > >thanks > >chris p. > > > > >__________________________________ >Yahoo! FareChase: Search multiple travel sites in one click. >http://farechase.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From tim at registriesltd.com.au Tue Nov 8 03:50:54 2005 From: tim at registriesltd.com.au (Tim Edwards) Date: Tue, 08 Nov 2005 14:50:54 +1100 Subject: [Fedora-directory-users] Can't start admin server In-Reply-To: <43701BB1.8060403@redhat.com> References: <437011DB.80007@registriesltd.com.au> <43701BB1.8060403@redhat.com> Message-ID: <4370209E.80903@registriesltd.com.au> Richard Megginson wrote: > Did you run setup first? Yes and I can start the slapd part fine, but I can't find the executable I'm supposed to run to start the admin server. -- Tim Edwards Systems Administrator REGISTRIES LTD ABN 14 003 209 836 Phone: 92909610 IMPORTANT INFORMATION This email may contain privileged or confidential information. If you are not the intended recipient, or a person responsible for delivering this email to the intended recipient, you should not disseminate, review, disclose, distribute or copy the contents of this email or any attachments. In this case, please immediately notify the sender by reply email, then delete this message and any attachments from your system. Unencrypted emails transmitted over public networks are not private communications, and therefore content integrity and confidentiality cannot be guaranteed. Emails may also be lost, destroyed, or arrive late. It is understood that opinions, conclusions and other information in this message that do not relate to the official business of Registries Limited, are neither given nor endorsed. From speedy_zinc at yahoo.com Tue Nov 8 04:02:02 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 7 Nov 2005 20:02:02 -0800 (PST) Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <43701F0A.8050104@redhat.com> Message-ID: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> --- Richard Megginson wrote: > speedy zinc wrote: > > >We are working on a school project to build a > >"universal" directory service to support a global > >village (:) on which everyone can logon using > their > >native language. People can talk to each other > >using their native language, but it gets translated > >in real-time (don't expect too much, just a school > >project). And we use FDS as the underlying service > >for user authentication, user profile, etc. > > > >We want to allow user to register themselves, > >in their own language. So, username etc, should be > in > >the native language. > > > > > Sure. This is also quite common for large global > enterprises who want > to provide self service or locally administered > access to the directory > server. The logic to convert from the local charset > to utf8 must be > done in the application - LDAP only provides for > utf8 data. What is > registration application? Is it open source? What > language is it > written in? For C apps, iconv is provided by most > *nix OSes. There is > a way to do this in Windows - I can't remember, but > there is some code > that the ldapsearch, ldapmodify commands use. I > have no idea about > Mac. It's very easy to do this in Java - strings > are stored in Unicode > internally, and the conversion code is built into > the String class. > But the console does not even display the content "correctly". We use the java sdk to get the data, and it is correct. We are a team of 5, with 5 different lanaguages. We aall develop on Linux, using utf8 environment. We can add entries using native characters, but despite setting our environment to the right locale, the console just displays some garbage characters. regards sz __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From speedy_zinc at yahoo.com Tue Nov 8 04:04:09 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 7 Nov 2005 20:04:09 -0800 (PST) Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <43701C13.5040502@redhat.com> Message-ID: <20051108040409.61918.qmail@web36310.mail.mud.yahoo.com> --- Richard Megginson wrote: > speedy zinc wrote: > > >Ok, I uninstalled gcc4 and installed gcc3.4, and > I'm > >getting > >further than before. But I'm still getting build > >error... > >grr :( > > > >./mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib > >-lsvrcore -L../../../../cyrus-sasl-2.1.20/lib > -lsasl 2 > >-L/usr/kerberos/lib -lgssapi_krb5 -lcrypt -lpthread > > >-L../../../../db-4.2.52.NC/built/.libs -ldb-4.2 > > > > > It's using db4.2 because that's the version that we > use for the slapd > database. It conflicts with the version of bdb that > was used to build > sasl, which is the one on your OS. > Ok, I'm removing db4.3 and installed db4.2. But why is "make buildclean" not working? the readme file said it should reconfigure, no? thanks sz __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From rmeggins at redhat.com Tue Nov 8 04:13:40 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 21:13:40 -0700 Subject: [Fedora-directory-users] Can't start admin server In-Reply-To: <4370209E.80903@registriesltd.com.au> References: <437011DB.80007@registriesltd.com.au> <43701BB1.8060403@redhat.com> <4370209E.80903@registriesltd.com.au> Message-ID: <437025F4.2060001@redhat.com> If you ran the setup program, and it completed with no errors, it should have generated the start-admin shell script in the /opt/fedora-ds directory. If not, then I can only assume there was some problem during setup. Tim Edwards wrote: > Richard Megginson wrote: > >> Did you run setup first? > > > Yes and I can start the slapd part fine, but I can't find the > executable I'm supposed to run to start the admin server. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Nov 8 04:14:48 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 21:14:48 -0700 Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <20051108040409.61918.qmail@web36310.mail.mud.yahoo.com> References: <20051108040409.61918.qmail@web36310.mail.mud.yahoo.com> Message-ID: <43702638.2010306@redhat.com> speedy zinc wrote: >--- Richard Megginson wrote: > > > >>speedy zinc wrote: >> >> >> >>>Ok, I uninstalled gcc4 and installed gcc3.4, and >>> >>> >>I'm >> >> >>>getting >>>further than before. But I'm still getting build >>>error... >>>grr :( >>> >>>./mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib >>>-lsvrcore -L../../../../cyrus-sasl-2.1.20/lib >>> >>> >>-lsasl 2 >> >> >>>-L/usr/kerberos/lib -lgssapi_krb5 -lcrypt -lpthread >>> >>> >>>-L../../../../db-4.2.52.NC/built/.libs -ldb-4.2 >>> >>> >>> >>> >>It's using db4.2 because that's the version that we >>use for the slapd >>database. It conflicts with the version of bdb that >>was used to build >>sasl, which is the one on your OS. >> >> >> > >Ok, I'm removing db4.3 and installed db4.2. > >But why is "make buildclean" not working? the readme >file said it should reconfigure, no? > > I'm not sure. >thanks > >sz > > > > >__________________________________ >Yahoo! FareChase: Search multiple travel sites in one click. >http://farechase.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Nov 8 04:17:02 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Nov 2005 21:17:02 -0700 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> References: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> Message-ID: <437026BE.8010309@redhat.com> speedy zinc wrote: >--- Richard Megginson wrote: > > > >>speedy zinc wrote: >> >> >> >>>We are working on a school project to build a >>>"universal" directory service to support a global >>>village (:) on which everyone can logon using >>> >>> >>their >> >> >>>native language. People can talk to each other >>>using their native language, but it gets translated >>>in real-time (don't expect too much, just a school >>>project). And we use FDS as the underlying service >>>for user authentication, user profile, etc. >>> >>>We want to allow user to register themselves, >>>in their own language. So, username etc, should be >>> >>> >>in >> >> >>>the native language. >>> >>> >>> >>> >>Sure. This is also quite common for large global >>enterprises who want >>to provide self service or locally administered >>access to the directory >>server. The logic to convert from the local charset >>to utf8 must be >>done in the application - LDAP only provides for >>utf8 data. What is >>registration application? Is it open source? What >>language is it >>written in? For C apps, iconv is provided by most >>*nix OSes. There is >>a way to do this in Windows - I can't remember, but >>there is some code >>that the ldapsearch, ldapmodify commands use. I >>have no idea about >>Mac. It's very easy to do this in Java - strings >>are stored in Unicode >>internally, and the conversion code is built into >>the String class. >> >> >> > >But the console does not even display the content >"correctly". We use the java sdk to get the data, and >it is correct. > >We are a team of 5, with 5 different lanaguages. We >aall >develop on Linux, using utf8 environment. We can add >entries using native characters, but despite setting >our environment to the right locale, the console just >displays some garbage characters. > > I'm not sure then. I know it's tricky to get the console to know how to display the local charset correctly. Hopefully one of our i18n experts will chime in here. >regards > >sz > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From chen_shaopeng at idsignet.com Tue Nov 8 04:46:02 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Tue, 08 Nov 2005 12:46:02 +0800 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> References: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> Message-ID: <43702D8A.6030809@idsignet.com> speedy zinc wrote: > > > But the console does not even display the content > "correctly". We use the java sdk to get the data, and > it is correct. > > We are a team of 5, with 5 different lanaguages. We > aall > develop on Linux, using utf8 environment. We can add > entries using native characters, but despite setting > our environment to the right locale, the console just > displays some garbage characters. > The contents in the database has nothing to do with wether the console can display or not though. If you see "garbage" characters, it probably means the console actually got the right data, except that it does not know how to display correctly. Probably lack of the right font? You can change the display font to see if it's right, go to Edit -> Preferences -> Font, and select a font that can display your native language. And I don't think the console has localization for that many languages either. It does not have localization for chinese (maybe I'm wrong, but starting with "-l zh" or "-l zh_CN" does not work). The annoying thing we had with FDS is that the uid must be in 7-bit ascii (duh!). I don't know what does the LDAP specs said (I haven't looked up yet), but it makes it impossible to have user login name in chinese. That's a shame, coz directory server is such an important piece of software. To get around this, we add an attribute called "loginname", and use that as the input to generate a hash, and use the hash as the uid. According to the description of your project, you might have to do this too :) Hope that helps. csp -- Chen Shaopeng http://www.idsignet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From uffe at loop.to Tue Nov 8 05:15:31 2005 From: uffe at loop.to (uffe at loop.to) Date: Mon, 07 Nov 2005 21:15:31 -0800 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <43702D8A.6030809@idsignet.com> References: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> <43702D8A.6030809@idsignet.com> Message-ID: <43703473.4030303@loop.to> Chen Shaopeng wrote: >speedy zinc wrote: > > >>But the console does not even display the content >>"correctly". We use the java sdk to get the data, and >>it is correct. >> >>We are a team of 5, with 5 different lanaguages. We >>aall >>develop on Linux, using utf8 environment. We can add >>entries using native characters, but despite setting >>our environment to the right locale, the console just >>displays some garbage characters. >> >> >> > >The contents in the database has nothing to do with wether >the console can display or not though. If you see >"garbage" characters, it probably means the console actually >got the right data, except that it does not know how to >display correctly. Probably lack of the right font? > >You can change the display font to see if it's right, go to >Edit -> Preferences -> Font, and select a font that can >display your native language. > >And I don't think the console has localization for that many >languages either. It does not have localization for chinese >(maybe I'm wrong, but starting with "-l zh" or "-l zh_CN" >does not work). > >The annoying thing we had with FDS is that the uid must be in >7-bit ascii (duh!). I don't know what does the LDAP specs said >(I haven't looked up yet), but it makes it impossible to have >user login name in chinese. That's a shame, coz directory server >is such an important piece of software. > > The default configuration for the 7-bit-clean-checking plugin is for uid, mail and userPassword attributes. You can adjust it in dse.ldif or via plugin configuration screen in the Console. >To get around this, we add an attribute called "loginname", and >use that as the input to generate a hash, and use the hash as >the uid. According to the description of your project, you might >have to do this too :) > >Hope that helps. > >csp > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From chen_shaopeng at idsignet.com Tue Nov 8 05:55:58 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Tue, 08 Nov 2005 13:55:58 +0800 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <43703473.4030303@loop.to> References: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> <43702D8A.6030809@idsignet.com> <43703473.4030303@loop.to> Message-ID: <43703DEE.6010708@idsignet.com> uffe at loop.to wrote: >> > The default configuration for the 7-bit-clean-checking plugin is for > uid, mail and userPassword attributes. You can adjust it in dse.ldif or > via plugin configuration screen in the Console. > Cool, that's something we never checked though, it might work. I have to check that, later. thx, csp -- Chen Shaopeng http://www.idsignet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From elwartowski at gmail.com Tue Nov 8 10:17:34 2005 From: elwartowski at gmail.com (Chad Elwartowski) Date: Tue, 8 Nov 2005 13:17:34 +0300 Subject: [Fedora-directory-users] Directory Server and Jive Messenger Message-ID: <332a4c70511080217r7f7dd51bgae34c90d3a917bfa@mail.gmail.com> I've asked on the jivesoftware forums and hit a brick wall so I figured folks here might have better insight into this. I'm trying to get Jive Messenger to read in my user database using LDAP. I've tried several different configurations of the jive-messenger.xml to get it working. Here's my configuration: uid cn example.host.name.com 389 dc=example,dc=host,dc=name,dc=com cn=admin supersecretpassword true I'm able to connect to my database using the firefox email address book with this: Hostname: example.host.name.com Base DN: dc=example,dc=host,dc=name,dc=com Port Number: 389 I used a typical install of Fedora Directory Server with admin as the name of my admin user. I'm not sure if I might have my settings in the correct format or if I'm using the wrong baseDN and adminDN. When I run through the jive messenger configuration I click through all of the defaults, add my admin account and password and when I log in all I get under User Summary is my admin account so it's not seeing the LDAP database. If anyone has any insight into this I'd appreciate any help. Thanks, Chad -------------- next part -------------- An HTML attachment was scrubbed... URL: From mj at sci.fi Tue Nov 8 10:50:36 2005 From: mj at sci.fi (Mike Jackson) Date: Tue, 08 Nov 2005 12:50:36 +0200 Subject: [Fedora-directory-users] Directory Server and Jive Messenger In-Reply-To: <332a4c70511080217r7f7dd51bgae34c90d3a917bfa@mail.gmail.com> References: <332a4c70511080217r7f7dd51bgae34c90d3a917bfa@mail.gmail.com> Message-ID: <437082FC.4090406@sci.fi> Chad Elwartowski wrote: > > > uid > cn > example.host.name.com > 389 > dc=example,dc=host,dc=name,dc=com > cn=admin > supersecretpassword > true > > > I used a typical install of Fedora Directory Server with admin as the > name of my admin user. I'm not sure if I might have my settings in the > correct format or if I'm using the wrong baseDN and adminDN. Try using cn=directory manager , along with the password which you defined for directory manager. -- mike From elwartowski at gmail.com Tue Nov 8 11:47:52 2005 From: elwartowski at gmail.com (Chad Elwartowski) Date: Tue, 8 Nov 2005 14:47:52 +0300 Subject: [Fedora-directory-users] Directory Server and Jive Messenger In-Reply-To: <437082FC.4090406@sci.fi> References: <332a4c70511080217r7f7dd51bgae34c90d3a917bfa@mail.gmail.com> <437082FC.4090406@sci.fi> Message-ID: <332a4c70511080347u17836453j17f77e1ffd9f1d23@mail.gmail.com> I set my directory manager user name to 'admin' during setup. On 11/8/05, Mike Jackson wrote: > > Chad Elwartowski wrote: > > > > > > > uid > > cn > > example.host.name.com < > http://example.host.name.com> > > 389 > > dc=example,dc=host,dc=name,dc=com > > cn=admin > > supersecretpassword > > true > > > > > > > I used a typical install of Fedora Directory Server with admin as the > > name of my admin user. I'm not sure if I might have my settings in the > > correct format or if I'm using the wrong baseDN and adminDN. > > Try using cn=directory manager , along with the > password which you defined for directory manager. > > > -- > mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wilmer5 at gmail.com Tue Nov 8 13:56:04 2005 From: wilmer5 at gmail.com (Wilmer Jaramillo) Date: Tue, 8 Nov 2005 09:56:04 -0400 Subject: [Fedora-directory-users] Directory Server and SSL In-Reply-To: <2b26c4260511071548n524ca40ag@mail.gmail.com> References: <2b26c4260511071548n524ca40ag@mail.gmail.com> Message-ID: <2b26c4260511080556l69187e77y@mail.gmail.com> Greetings, I have followed the instructions in the documentation of Red Hat(http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html ), nevertheless, late to generate certificates CA for the Directory Server being listened in port 636 with SSL profit not to activate them for the Administrator Server(https), by some reason the list does not appear to me in (Server Group>Administrator > Server>Open>Configuration>Encryption>Certificate) Thanks. -- Wilmer Jaramillo M. San Crist?bal - Venezuela TALUG - http://www.linuxtachira.org Linux User: 278.161 -- irc.freenode.net #talug GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A From jclowser at unitedmessaging.com Tue Nov 8 14:44:23 2005 From: jclowser at unitedmessaging.com (Jeff Clowser) Date: Tue, 08 Nov 2005 09:44:23 -0500 Subject: [Fedora-directory-users] How can I create a User ID alias? In-Reply-To: <43701E1C.8030009@concepttechnologyinc.com> References: <436E47A5.5070304@concepttechnologyinc.com> <436F932D.3050705@redhat.com> <436F9972.5090902@unitedmessaging.com> <43701E1C.8030009@concepttechnologyinc.com> Message-ID: <4370B9C7.2070301@unitedmessaging.com> Darren Fulton wrote: > Hello, > >The web calendar is "Web Calendar" ( http://www.k5n.us/webcalendar.php ) >and I'm currently authenticating using http basic auth, over SSL using >mod_ldap in Apache. User authenticates as jjones and if there is a >webcal user by the name of jjones, it pulls up his calendar. My only >problem was that jjones (in this case) doesn't have a calendar, but user >james does. I wanted it to recognize that jjones was james and it would >pull up the calendar. > >Adding a second User ID for that user doesn't seem to accomplish my goal >in this case, by may help out in the future. Thanks for the help. > >Darren > > OK - sounds like the calendar server is using the uid you log in as as an index to find the calendar database for that user. So, even if it lets you log in as jjones, it is looking for a jjones cal, not a james calendar. I think this is an application issue, rather than an LDAP one. I.e., the cal sees jjones trying to log in, auths jjones, then uses jjones (rather than anything returned from ldap) to find the calendar. Since that calendar server is written in PHP, you could "fix" it to meet your needs. Something like the following: 1. Create a new attribute (say, calUID) in your ldap schema. 2. Create a webcalendar objectclass and make calUID a required attribute. 3. Set the calUID to be the name associated with the calendar (i.e. "james"). Set uid to be the username you want them to log in as (say jjones). For new users, this can be the same (i.e. jsmith for both). 4. Find out where in the calendar PHP code it authenticates users. Hopefully it will be trivial to do the following: a. Change the filter from (uid=xxx) to (|(uid=xxx)(caluid=xxx)), where xxx is whatever they entered at the login as their uid. b. Where ever it returns a successful login, set whatever is holding the users username/cal name to the value in caluid. You could actually make caluid optional instead of required, and just set the calendar to the value in caluid if it exists, or uid if not. I haven't looked at the code for this cal server, but something like the above might do what you want - a lot depends on how that cal server is coded, etc, but hopefully you can hack something like that together. In any case, I don't think anything on the LDAP side will fix it. - Jeff From rmeggins at redhat.com Tue Nov 8 15:17:04 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 Nov 2005 08:17:04 -0700 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <43702D8A.6030809@idsignet.com> References: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> <43702D8A.6030809@idsignet.com> Message-ID: <4370C170.9070400@redhat.com> Chen Shaopeng wrote: >speedy zinc wrote: > > >>But the console does not even display the content >>"correctly". We use the java sdk to get the data, and >>it is correct. >> >>We are a team of 5, with 5 different lanaguages. We >>aall >>develop on Linux, using utf8 environment. We can add >>entries using native characters, but despite setting >>our environment to the right locale, the console just >>displays some garbage characters. >> >> >> > >The contents in the database has nothing to do with wether >the console can display or not though. If you see >"garbage" characters, it probably means the console actually >got the right data, except that it does not know how to >display correctly. Probably lack of the right font? > >You can change the display font to see if it's right, go to >Edit -> Preferences -> Font, and select a font that can >display your native language. > >And I don't think the console has localization for that many >languages either. It does not have localization for chinese >(maybe I'm wrong, but starting with "-l zh" or "-l zh_CN" >does not work). > >The annoying thing we had with FDS is that the uid must be in >7-bit ascii (duh!). I don't know what does the LDAP specs said >(I haven't looked up yet), but it makes it impossible to have >user login name in chinese. That's a shame, coz directory server >is such an important piece of software. > > This is historical, due to the fact that in the old days, the uid attribute was also the unix login name, which was restricted by most OSes to be 7bit ASCII. There is a 7 bit checking plugin which may be on by default - you can probably safely disable it for all except userPassword (and even then, your systems may be able to accept 8bit passwords). >To get around this, we add an attribute called "loginname", and >use that as the input to generate a hash, and use the hash as >the uid. According to the description of your project, you might >have to do this too :) > >Hope that helps. > >csp > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From pete at openrowley.com Tue Nov 8 17:09:17 2005 From: pete at openrowley.com (Pete Rowley) Date: Tue, 8 Nov 2005 09:09:17 -0800 Subject: [Fedora-directory-users] Directory Server and Jive Messenger In-Reply-To: <332a4c70511080347u17836453j17f77e1ffd9f1d23@mail.gmail.com> Message-ID: <200511081808.jA8I8dYZ024493@mx3.redhat.com> Look at the DS access logs to see what is failing. From mj at sci.fi Tue Nov 8 19:05:06 2005 From: mj at sci.fi (Mike Jackson) Date: Tue, 08 Nov 2005 21:05:06 +0200 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <1131367781.436f4d659cf63@www.ijichi.org> References: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> <436F439A.20404@sci.fi> <1131365666.436f452206b92@www.ijichi.org> <436F4AF6.2040908@sci.fi> <1131367781.436f4d659cf63@www.ijichi.org> Message-ID: <4370F6E2.1080103@sci.fi> Dominic Ijichi wrote: > isn't structural integrity a subset or by-product of schema checking? as in > isn't the correct hierarchical order of objectclass definition part of the > schema just as the oid type of an attribute is? You could say that anything which evaluates and constrains object composition rules is "schema checking". What "schema checking" had meant in practice, in the case of both OL and NDS/FDS, was something that 1) did not include structural integrity checking, and 2) could be disabled by the administrator. FDS still works like this. OL changed their interface forcibly, and it had 2 results: 1) people just didn't upgrade past 2.0.x, or 2) people couldn't figure out why their 3rd-party apps suddently stopped working. It would be fine, IMO, to also add structural integrity checking to FDS. I am not against the idea at all. What is not fine is when you introduce a new constraint, and at the same time provide no option to disable that new constraint. You can not force a random array of 3rd-party LDAP enabled apps to become "structurally compliant" overnight or even in a year or two. Yes, there is a workaround for this in OL. It involves creating new schema and doing tricks with subclasses... Certainly not something the newbie admin would understand. -- mike From rmeggins at redhat.com Tue Nov 8 19:20:21 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 Nov 2005 12:20:21 -0700 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <4370F6E2.1080103@sci.fi> References: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> <436F439A.20404@sci.fi> <1131365666.436f452206b92@www.ijichi.org> <436F4AF6.2040908@sci.fi> <1131367781.436f4d659cf63@www.ijichi.org> <4370F6E2.1080103@sci.fi> Message-ID: <4370FA75.2090601@redhat.com> Mike Jackson wrote: > Dominic Ijichi wrote: > >> isn't structural integrity a subset or by-product of schema >> checking? as in >> isn't the correct hierarchical order of objectclass definition part >> of the >> schema just as the oid type of an attribute is? > > > You could say that anything which evaluates and constrains object > composition rules is "schema checking". What "schema checking" had > meant in practice, in the case of both OL and NDS/FDS, was something > that 1) did not include structural integrity checking, and 2) could be > disabled by the administrator. FDS still works like this. OL changed > their interface forcibly, and it had 2 results: 1) people just didn't > upgrade past 2.0.x, or 2) people couldn't figure out why their > 3rd-party apps suddently stopped working. > > It would be fine, IMO, to also add structural integrity checking to > FDS. I am not against the idea at all. What is not fine is when you > introduce a new constraint, and at the same time provide no option to > disable that new constraint. You can not force a random array of > 3rd-party LDAP enabled apps to become "structurally compliant" > overnight or even in a year or two. 1) FDS should have the option to enforce structural object classes, off by default (at least for 1 or 2 releases). 2) Most objectclasses should be AUXILIARY, not structural, unless they subclass an existing structural object class. Unfortunately, there are a lot of structural object classes out there already. > > Yes, there is a workaround for this in OL. It involves creating new > schema and doing tricks with subclasses... Certainly not something the > newbie admin would understand. > > -- > mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Tue Nov 8 20:11:27 2005 From: mj at sci.fi (Mike Jackson) Date: Tue, 08 Nov 2005 22:11:27 +0200 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <4370FA75.2090601@redhat.com> References: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> <436F439A.20404@sci.fi> <1131365666.436f452206b92@www.ijichi.org> <436F4AF6.2040908@sci.fi> <1131367781.436f4d659cf63@www.ijichi.org> <4370F6E2.1080103@sci.fi> <4370FA75.2090601@redhat.com> Message-ID: <4371066F.5000304@sci.fi> Richard Megginson wrote: > 1) FDS should have the option to enforce structural object classes, off > by default (at least for 1 or 2 releases). And that option is found where? :-) I have studied cn=config pretty extensively, even recently, and have never seen any mention of anything like that. BR, Mike From rmeggins at redhat.com Tue Nov 8 20:34:07 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 Nov 2005 13:34:07 -0700 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <4371066F.5000304@sci.fi> References: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> <436F439A.20404@sci.fi> <1131365666.436f452206b92@www.ijichi.org> <436F4AF6.2040908@sci.fi> <1131367781.436f4d659cf63@www.ijichi.org> <4370F6E2.1080103@sci.fi> <4370FA75.2090601@redhat.com> <4371066F.5000304@sci.fi> Message-ID: <43710BBF.9040303@redhat.com> Mike Jackson wrote: > Richard Megginson wrote: > >> 1) FDS should have the option to enforce structural object classes, >> off by default (at least for 1 or 2 releases). > > > And that option is found where? :-) I have studied cn=config pretty > extensively, even recently, and have never seen any mention of > anything like that. It doesn't exist. Maybe I should have used "shall" instead of "should" > > > BR, > Mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Tue Nov 8 21:05:21 2005 From: mj at sci.fi (Mike Jackson) Date: Tue, 08 Nov 2005 23:05:21 +0200 Subject: [Fedora-directory-users] question about schema file keywords In-Reply-To: <43710BBF.9040303@redhat.com> References: <20051107113122.99769.qmail@web36315.mail.mud.yahoo.com> <436F439A.20404@sci.fi> <1131365666.436f452206b92@www.ijichi.org> <436F4AF6.2040908@sci.fi> <1131367781.436f4d659cf63@www.ijichi.org> <4370F6E2.1080103@sci.fi> <4370FA75.2090601@redhat.com> <4371066F.5000304@sci.fi> <43710BBF.9040303@redhat.com> Message-ID: <43711311.3050200@sci.fi> Richard Megginson wrote: > Mike Jackson wrote: > >> Richard Megginson wrote: >> >>> 1) FDS should have the option to enforce structural object classes, >>> off by default (at least for 1 or 2 releases). >> >> >> >> And that option is found where? :-) I have studied cn=config pretty >> extensively, even recently, and have never seen any mention of >> anything like that. > > > It doesn't exist. Maybe I should have used "shall" instead of "should" Sorry, I just got confused with the ambiguosity of the word should in this context, although I shouldn't have. -- mike From agabila at con.mdsnews.com Wed Nov 9 00:28:04 2005 From: agabila at con.mdsnews.com (Anthony Gabila) Date: Wed, 9 Nov 2005 11:28:04 +1100 Subject: [Fedora-directory-users] Configuring Read/Write Replicas Message-ID: Hello all, Can someone please explain how this is done? a. In the Directory Server Console, select the Directory tab. b. Create an entry. For example, you could use cn=Replication Manager,cn=config. (right click on config and create new user? role? group?) c. Specify a userPassword attribute-value pair. (haven't reached this step yet, not sure what to do with step b.) thanks in advance. Anthony G From nkinder at redhat.com Wed Nov 9 00:32:30 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 08 Nov 2005 16:32:30 -0800 Subject: [Fedora-directory-users] Configuring Read/Write Replicas In-Reply-To: References: Message-ID: <4371439E.3020308@redhat.com> Anthony Gabila wrote: >Hello all, > >Can someone please explain how this is done? > >a. In the Directory Server Console, select the Directory tab. > >b. Create an entry. >For example, you could use cn=Replication Manager,cn=config. >(right click on config and create new user? role? group?) > > Select other from the list, then a list of objectclasses will come up. Select "Person". >c. Specify a userPassword attribute-value pair. >(haven't reached this step yet, not sure what to do with step b.) > > You will need to add the "userPassword" attribute to the entry. After you follow the above step, you can click on "Add Attribute", then select "userPassword" from the list. -NGK >thanks in advance. > >Anthony G > > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From tim at registriesltd.com.au Wed Nov 9 00:44:04 2005 From: tim at registriesltd.com.au (Tim Edwards) Date: Wed, 09 Nov 2005 11:44:04 +1100 Subject: [Fedora-directory-users] Can't start admin server In-Reply-To: <437025F4.2060001@redhat.com> References: <437011DB.80007@registriesltd.com.au> <43701BB1.8060403@redhat.com> <4370209E.80903@registriesltd.com.au> <437025F4.2060001@redhat.com> Message-ID: <43714654.3030503@registriesltd.com.au> Richard Megginson wrote: > If you ran the setup program, and it completed with no errors, it should > have generated the start-admin shell script in the /opt/fedora-ds > directory. If not, then I can only assume there was some problem during > setup. Yeah there must have been. I uninstalled the fedora-ds RPM and rm -rf'ed the /opt/fedora-ds directory and reinstalled it and the start-admin script has appeared. -- Tim Edwards From chen_shaopeng at idsignet.com Wed Nov 9 00:52:36 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Wed, 09 Nov 2005 08:52:36 +0800 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <4370C170.9070400@redhat.com> References: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> <43702D8A.6030809@idsignet.com> <4370C170.9070400@redhat.com> Message-ID: <43714854.5070705@idsignet.com> Richard Megginson wrote: >> > This is historical, due to the fact that in the old days, the uid > attribute was also the unix login name, which was restricted by most > OSes to be 7bit ASCII. There is a 7 bit checking plugin which may be on > by default - you can probably safely disable it for all except > userPassword (and even then, your systems may be able to accept 8bit > passwords). > Thanks, I'll check the plugin more often. My apologies. I see the argument list of the 7-bit plugin now. But is there a reason why the base entry (dc=idsignet,dc=com) is also on that list? Thanks csp -- Chen Shaopeng http://www.idsignet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From rmeggins at redhat.com Wed Nov 9 00:56:10 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 Nov 2005 17:56:10 -0700 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <43714854.5070705@idsignet.com> References: <20051108040202.77715.qmail@web36315.mail.mud.yahoo.com> <43702D8A.6030809@idsignet.com> <4370C170.9070400@redhat.com> <43714854.5070705@idsignet.com> Message-ID: <4371492A.1040800@redhat.com> Chen Shaopeng wrote: >Richard Megginson wrote: > > >>This is historical, due to the fact that in the old days, the uid >>attribute was also the unix login name, which was restricted by most >>OSes to be 7bit ASCII. There is a 7 bit checking plugin which may be on >>by default - you can probably safely disable it for all except >>userPassword (and even then, your systems may be able to accept 8bit >>passwords). >> >> >> > >Thanks, I'll check the plugin more often. My apologies. > >I see the argument list of the 7-bit plugin now. But is there >a reason why the base entry (dc=idsignet,dc=com) is also on >that list? > > You can also specify the suffixes to which the checking applies. If the suffix is not in that list, it should not be checked for 7bit attrs. >Thanks > >csp > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From speedy_zinc at yahoo.com Wed Nov 9 01:26:22 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Tue, 8 Nov 2005 17:26:22 -0800 (PST) Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <43702D8A.6030809@idsignet.com> Message-ID: <20051109012623.97914.qmail@web36313.mail.mud.yahoo.com> --- Chen Shaopeng wrote: > You can change the display font to see if it's > right, go to > Edit -> Preferences -> Font, and select a font that > can > display your native language. > hah, that's an easy one :) thanks. The only thing thouhg, there is no easy way to switch font quickly. If I want to view greek contents, I have to change to a different font. If I want to view chinese contents, I have to switch to a font that can handle chinese charset.... man, that's not very productive. regards chris s.p. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From speedy_zinc at yahoo.com Wed Nov 9 01:29:31 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Tue, 8 Nov 2005 17:29:31 -0800 (PST) Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <20051108040409.61918.qmail@web36310.mail.mud.yahoo.com> Message-ID: <20051109012931.93931.qmail@web36314.mail.mud.yahoo.com> --- speedy zinc wrote: > > > --- Richard Megginson wrote: > > > speedy zinc wrote: > > > > >Ok, I uninstalled gcc4 and installed gcc3.4, and > > I'm > > >getting > > >further than before. But I'm still getting build > > >error... > > >grr :( > > > > > >./mozilla/dist/Linux2.6_x86_glibc_PTH_OPT.OBJ/lib > > >-lsvrcore -L../../../../cyrus-sasl-2.1.20/lib > > -lsasl 2 > > >-L/usr/kerberos/lib -lgssapi_krb5 -lcrypt > -lpthread > > > > >-L../../../../db-4.2.52.NC/built/.libs -ldb-4.2 > > > > > > > > It's using db4.2 because that's the version that > we > > use for the slapd > > database. It conflicts with the version of bdb > that > > was used to build > > sasl, which is the one on your OS. > > > > Ok, I'm removing db4.3 and installed db4.2. > Dang.... I'm still getting the same problem after installing db4.2, even doing a clean rebuild from scratch :( sz __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From rmeggins at redhat.com Wed Nov 9 01:30:28 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 Nov 2005 18:30:28 -0700 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <20051109012623.97914.qmail@web36313.mail.mud.yahoo.com> References: <20051109012623.97914.qmail@web36313.mail.mud.yahoo.com> Message-ID: <43715134.7000206@redhat.com> speedy zinc wrote: >--- Chen Shaopeng wrote: > > > >>You can change the display font to see if it's >>right, go to >>Edit -> Preferences -> Font, and select a font that >>can >>display your native language. >> >> >> >hah, that's an easy one :) thanks. > >The only thing thouhg, there is no easy way to switch >font quickly. If I want to view greek contents, I have >to change to a different font. If I want to view >chinese >contents, I have to switch to a font that can handle >chinese charset.... man, that's not very productive. > > That's an interesting problem. Is there an app that can do that? >regards > >chris s.p. > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Wed Nov 9 01:54:48 2005 From: nhosoi at redhat.com (Noriko Hosoi) Date: Tue, 08 Nov 2005 17:54:48 -0800 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <43715134.7000206@redhat.com> References: <20051109012623.97914.qmail@web36313.mail.mud.yahoo.com> <43715134.7000206@redhat.com> Message-ID: <437156E8.3020200@redhat.com> An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3170 bytes Desc: S/MIME Cryptographic Signature URL: From chen_shaopeng at idsignet.com Wed Nov 9 01:57:45 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Wed, 09 Nov 2005 09:57:45 +0800 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <43715134.7000206@redhat.com> References: <20051109012623.97914.qmail@web36313.mail.mud.yahoo.com> <43715134.7000206@redhat.com> Message-ID: <43715799.9060304@idsignet.com> Richard Megginson wrote: > speedy zinc wrote: > >> --- Chen Shaopeng wrote: >> >> >> >>> You can change the display font to see if it's >>> right, go to >>> Edit -> Preferences -> Font, and select a font that >>> can >>> display your native language. >>> >>> >> >> hah, that's an easy one :) thanks. >> >> The only thing thouhg, there is no easy way to switch >> font quickly. If I want to view greek contents, I have >> to change to a different font. If I want to view >> chinese >> contents, I have to switch to a font that can handle >> chinese charset.... man, that's not very productive. >> >> > That's an interesting problem. Is there an app that can do that? > I see this as two problems: 1. Most fonts can only handle one charset, some can handle two, e.g. some chinese fonts. The annoying thing, I can choose a font that looks nice in chinese, but way ugly in english (most chinese fonts are like that). Or I can choose a font that looks nice in english, but almost unreadable in chinese (some microsoft chinese fonts are like that). It would be really cool if a font can handle charset of the major languages, and look decent too. And if the application is in utf8, that should display properly for most.Then again, I'm not a font designer, I can only wish. 2. The application can provide the UI that is a little easier for switching charset encoding. For example, Thunderbird and Firefox. Provide a preference dialog, where I can set my preferred fonts for my preferred charset. And from the menu View -> Character Encoding -> list of prefered encodings. When user selects an encoding, teh app switches instantly. IE has this feature too. The auto detect kinda works too, but not always. I read emails and online news in 3 different languages: chinese, english and french. Without an easy switch between encodings, that would kill me :) It would be even better if I can set my preferences for the whole desktop, and apply to all applications. But that's a different issue. rgds, csp -- Chen Shaopeng http://www.idsignet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From wilmer5 at gmail.com Wed Nov 9 02:13:18 2005 From: wilmer5 at gmail.com (Wilmer Jaramillo) Date: Tue, 8 Nov 2005 22:13:18 -0400 Subject: [Fedora-directory-users] Boncing Message-ID: <2b26c4260511081813v497d0ffeq@mail.gmail.com> -- Wilmer Jaramillo M. San Crist?bal - Venezuela TALUG - http://www.linuxtachira.org Linux User: 278.161 -- irc.freenode.net #talug GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A From uffe at loop.to Wed Nov 9 02:30:02 2005 From: uffe at loop.to (uffe at loop.to) Date: Tue, 08 Nov 2005 18:30:02 -0800 Subject: [Fedora-directory-users] Directory Server and SSL In-Reply-To: <2b26c4260511080556l69187e77y@mail.gmail.com> References: <2b26c4260511071548n524ca40ag@mail.gmail.com> <2b26c4260511080556l69187e77y@mail.gmail.com> Message-ID: <43715F2A.8030400@loop.to> Hello Wilmer. If I understand correctly, you created a certificate and it doesn't show up in the encryption configuration in the Admin Server Console. Enabling SSL here will allow your Console to use https against your Admin Server, and your AS can use ldaps against your FDS (if FDS has SSL enabled). In this case the certificate should be added to admin-serv-{hostname}-cert8.db, because AS keeps a separate certificate database from FDS. You can get a list of the certificates in the certificate database: # cd /opt/fedora-ds/shared/bin # ./certutil -L -d ../../alias -P admin-serv-example- Make sure the trailing slash is there for the -P argument. Wilmer Jaramillo wrote: > Greetings, >I have followed the instructions in the documentation of Red >Hat(http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html ), >nevertheless, late to generate certificates CA for the Directory >Server being listened in port 636 with SSL profit not to activate them >for the Administrator Server(https), by some reason the list does not >appear to me in (Server Group>Administrator > > >>Server>Open>Configuration>Encryption>Certificate) >> >> > > Thanks. > >-- >Wilmer Jaramillo M. >San Crist?bal - Venezuela >TALUG - http://www.linuxtachira.org >Linux User: 278.161 -- irc.freenode.net #talug >GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From wilmer5 at gmail.com Wed Nov 9 04:04:19 2005 From: wilmer5 at gmail.com (Wilmer Jaramillo) Date: Wed, 9 Nov 2005 00:04:19 -0400 Subject: [Fedora-directory-users] Directory Server and SSL In-Reply-To: <43715F2A.8030400@loop.to> References: <2b26c4260511071548n524ca40ag@mail.gmail.com> <2b26c4260511080556l69187e77y@mail.gmail.com> <43715F2A.8030400@loop.to> Message-ID: <2b26c4260511082004r521b80e6y@mail.gmail.com> wow, thank you for your help, taking into account your observation i copies the database of DS for AS and work, greetings. 2005/11/8, uffe at loop.to : > In this case the certificate should be added to > admin-serv-{hostname}-cert8.db, because AS keeps a separate certificate > database from FDS. -- Wilmer Jaramillo M. San Crist?bal - Venezuela TALUG - http://www.linuxtachira.org Linux User: 278.161 -- irc.freenode.net #talug GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A From wilmer5 at gmail.com Wed Nov 9 05:12:57 2005 From: wilmer5 at gmail.com (Wilmer Jaramillo) Date: Wed, 9 Nov 2005 01:12:57 -0400 Subject: [Fedora-directory-users] FD/DS Quota Disk Message-ID: <2b26c4260511082112s76844a35m@mail.gmail.com> I Looking for in Internet information on quotas of disc in ldap(FD/DS), I am impressed the poor information found, knows somebody some implementation, some related project? -- Wilmer Jaramillo M. San Crist?bal - Venezuela TALUG - http://www.linuxtachira.org Linux User: 278.161 -- irc.freenode.net #talug GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A From ivan.ivanyi at isb-sib.ch Wed Nov 9 11:06:50 2005 From: ivan.ivanyi at isb-sib.ch (Ivan Ivanyi) Date: Wed, 09 Nov 2005 12:06:50 +0100 Subject: [Fedora-directory-users] tls/ssl howto Message-ID: <4371D84A.8010804@isb-sib.ch> Hi, I've just started playing with fedora-ds and TLS by following the howto unless I'm wrong the step-by-step certificate creation creates an invalid certificate... I ended up generating one from cacert.org also the following: > Configure LDAP clients > Modify the following in /etc/openldap/ldap.conf > > URI ldap://example.com > BASE dc=example,dc=com > HOST example.com > TLS_CACERTDIR /etc/openldap/certs/ > TLS_REQCERT allow > > Note: Make sure TLS_CACERTDIR exists might lead to confusion... I initially thought everything was working but the line TLS_REQCERT allow... allows fallback to standard ldap shouldn't this example be > Configure LDAP clients > Modify the following in /etc/openldap/ldap.conf > > URI ldaps://example.com > BASE dc=example,dc=com > TLS_CACERTDIR /etc/openldap/certs/ > TLS_REQCERT demand > > Note: Make sure TLS_CACERTDIR exists The HOST line doesn't seem to be needed (for authentication anyways) and again may be a bit confusing also I couldn't get things working without a copy of cacerts pem certificate in /etc/openldap/certs/ thanks for clarifying my mistakes/misinterpretations/changing the howto... etc -- ************************************************************ Ivan Ivanyi Swiss Institute of Bioinformatics 1, rue Michel Servet CH-1211 Gen?ve 4 Switzerland Tel: (+41 22) 379 58 33 Fax: (+41 22) 379 58 58 E-mail: Ivan.Ivanyi at isb-sib.ch ************************************************************ PGP signature http://www.expasy.org/people/Ivan.Ivanyi.gpg From mj at sci.fi Wed Nov 9 13:59:34 2005 From: mj at sci.fi (Mike Jackson) Date: Wed, 09 Nov 2005 15:59:34 +0200 Subject: [Fedora-directory-users] FD/DS Quota Disk In-Reply-To: <2b26c4260511082112s76844a35m@mail.gmail.com> References: <2b26c4260511082112s76844a35m@mail.gmail.com> Message-ID: <437200C6.1080202@sci.fi> Wilmer Jaramillo wrote: > I Looking for in Internet information on quotas of disc in > ldap(FD/DS), I am impressed the poor information found, knows somebody > some implementation, some related project? Hi, If I understand your question correctly, then the answer is: no, the linux disk quota software is not LDAP enabled. This would be less than trivial to represent in the directory and interpret in the client, say if you wanted users to have different quotas on different hosts. -- mike From blizzard at redhat.com Wed Nov 9 14:52:51 2005 From: blizzard at redhat.com (Christopher Blizzard) Date: Wed, 09 Nov 2005 09:52:51 -0500 Subject: [Fedora-directory-users] question about required fields and I18N issues In-Reply-To: <43715799.9060304@idsignet.com> References: <20051109012623.97914.qmail@web36313.mail.mud.yahoo.com> <43715134.7000206@redhat.com> <43715799.9060304@idsignet.com> Message-ID: <1131547971.2661.5.camel@mobile2> fontconfig can do a lot of what you're describing here. i.e. pick different fonts based on the charset that you're using or the character that you're displaying. The latest versions of Gtk2 use fontconfig for font selection. --Chris On Wed, 2005-11-09 at 09:57 +0800, Chen Shaopeng wrote: > Richard Megginson wrote: > > speedy zinc wrote: > > > >> --- Chen Shaopeng wrote: > >> > >> > >> > >>> You can change the display font to see if it's > >>> right, go to > >>> Edit -> Preferences -> Font, and select a font that > >>> can > >>> display your native language. > >>> > >>> > >> > >> hah, that's an easy one :) thanks. > >> > >> The only thing thouhg, there is no easy way to switch > >> font quickly. If I want to view greek contents, I have > >> to change to a different font. If I want to view > >> chinese > >> contents, I have to switch to a font that can handle > >> chinese charset.... man, that's not very productive. > >> > >> > > That's an interesting problem. Is there an app that can do that? > > > > I see this as two problems: > > 1. Most fonts can only handle one charset, some can handle two, e.g. > some chinese fonts. The annoying thing, I can choose a font that > looks nice in chinese, but way ugly in english (most chinese fonts > are like that). Or I can choose a font that looks nice in english, > but almost unreadable in chinese (some microsoft chinese fonts are > like that). It would be really cool if a font can handle charset > of the major languages, and look decent too. And if the application > is in utf8, that should display properly for most.Then again, I'm > not a font designer, I can only wish. > > 2. The application can provide the UI that is a little easier > for switching charset encoding. For example, Thunderbird and > Firefox. Provide a preference dialog, where I can set my > preferred fonts for my preferred charset. And from the menu > View -> Character Encoding -> list of prefered encodings. > When user selects an encoding, teh app switches instantly. IE > has this feature too. The auto detect kinda works too, but > not always. > > I read emails and online news in 3 different languages: chinese, > english and french. Without an easy switch between encodings, that would > kill me :) > > It would be even better if I can set my preferences for the > whole desktop, and apply to all applications. But that's a > different issue. > > rgds, > > csp > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From simonf at cshl.edu Wed Nov 9 23:01:00 2005 From: simonf at cshl.edu (Vsevolod (Simon) Ilyushchenko) Date: Wed, 09 Nov 2005 18:01:00 -0500 Subject: [Fedora-directory-users] How to ldapsearch password expiration data? Message-ID: <43727FAC.90809@cshl.edu> Hi, I finally found where the password expiration data are located. If I do a database export from the GUI, I can see the entry: *** dn: cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu modifyTimestamp: 20051109200121Z modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo t passwordMaxAge: 864000000 passwordWarning: 0 passwordMinAge: 0 passwordExp: on passwordGraceLimit: 0 objectClass: ldapsubentry objectClass: passwordpolicy objectClass: top cn: cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot createTimestamp: 20051109200121Z nsUniqueId: 97b5d182-1dd111b2-80f8db9c-cc6f0000 *** However, if I ldapsearch -b 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' I'm not getting any subentries: *** # extended LDIF # # LDAPv3 # base with scope sub # filter: (objectclass=*) # requesting: ALL # # search result search: 3 result: 0 Success *** I've tried connecting both as "cn=Manager" and "uid=admin". Is there a way to access these data programmatically using ldapsearch? Thanks, Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson From rmeggins at redhat.com Wed Nov 9 23:18:14 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Nov 2005 16:18:14 -0700 Subject: [Fedora-directory-users] How to ldapsearch password expiration data? In-Reply-To: <43727FAC.90809@cshl.edu> References: <43727FAC.90809@cshl.edu> Message-ID: <437283B6.6020608@redhat.com> Those attributes are operational, so you must explicitly ask for them on the ldapsearch command line e.g. ldapsearch -b 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' passwordMaxAge passwordWarning passwordMinAge passwordExp passwordGraceLimit In addition, ldapsubentry objects are hidden from normal searches. You must explicitly request objects of this type by adding the (objectclass=ldapsubentry) to your search filter e.g. '(|(objectclass=*)(objectclass=ldapsubentry))' to get all regular entries and sub entries, or just '(objectclass=ldapsubentry)' to get only the sub entry objects. Vsevolod (Simon) Ilyushchenko wrote: > Hi, > > I finally found where the password expiration data are located. If I > do a database export from the GUI, I can see the entry: > > *** > dn: > cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu > > modifyTimestamp: 20051109200121Z > modifiersName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo > t > passwordMaxAge: 864000000 > passwordWarning: 0 > passwordMinAge: 0 > passwordExp: on > passwordGraceLimit: 0 > objectClass: ldapsubentry > objectClass: passwordpolicy > objectClass: top > cn: cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu > creatorsName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > createTimestamp: 20051109200121Z > nsUniqueId: 97b5d182-1dd111b2-80f8db9c-cc6f0000 > *** > > However, if I ldapsearch -b > 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' > > > I'm not getting any subentries: > > *** > # extended LDIF > # > # LDAPv3 > # base > > with scope sub > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 3 > result: 0 Success > *** > > I've tried connecting both as "cn=Manager" and "uid=admin". > > Is there a way to access these data programmatically using ldapsearch? > > Thanks, > Simon > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From adireks at gmail.com Thu Nov 10 00:55:47 2005 From: adireks at gmail.com (adirek sanyakhuan) Date: Thu, 10 Nov 2005 07:55:47 +0700 Subject: [Fedora-directory-users] howto Step by Step install Directory Server, help me! Message-ID: <9fed1320511091655i6ed63608l@mail.gmail.com> i new user for fedora and i interest OpenLDAP or Directory Server. i try install but not work! any body suggest stepbystep install Directory Server regard. From rmeggins at redhat.com Thu Nov 10 00:57:49 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Nov 2005 17:57:49 -0700 Subject: [Fedora-directory-users] howto Step by Step install Directory Server, help me! In-Reply-To: <9fed1320511091655i6ed63608l@mail.gmail.com> References: <9fed1320511091655i6ed63608l@mail.gmail.com> Message-ID: <43729B0D.7090200@redhat.com> adirek sanyakhuan wrote: >i new user for fedora and i interest OpenLDAP or Directory Server. >i try install but not work! > > What happened? Any error messages? What exactly is not working? >any body suggest stepbystep install Directory Server > >regard. > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Thu Nov 10 01:08:49 2005 From: mj at sci.fi (Mike Jackson) Date: Thu, 10 Nov 2005 03:08:49 +0200 Subject: [Fedora-directory-users] howto Step by Step install Directory Server, help me! In-Reply-To: <9fed1320511091655i6ed63608l@mail.gmail.com> References: <9fed1320511091655i6ed63608l@mail.gmail.com> Message-ID: <43729DA1.7020804@sci.fi> adirek sanyakhuan wrote: > i new user for fedora and i interest OpenLDAP or Directory Server. > i try install but not work! > any body suggest stepbystep install Directory Server Hi, I just wrote that type of guide on the wiki a few days ago: http://directory.fedora.redhat.com/wiki/Setup -- mike From adireks at gmail.com Thu Nov 10 02:13:22 2005 From: adireks at gmail.com (adirek sanyakhuan) Date: Thu, 10 Nov 2005 09:13:22 +0700 Subject: [Fedora-directory-users] howto Step by Step install Directory Server, help me! In-Reply-To: <43729DA1.7020804@sci.fi> References: <9fed1320511091655i6ed63608l@mail.gmail.com> <43729DA1.7020804@sci.fi> Message-ID: <9fed1320511091813l1d7ebb14j@mail.gmail.com> i config by guide but not work. Message error: Server group ID to use (default: nobody) [slapd-ldap]: starting up server ... [slapd-ldap]: Fedora-Directory/7.1 B2005.146.2010 [slapd-ldap]: ldap.pccp.ac.th:389 (/opt/fedora-ds/slapd-ldap) [slapd-ldap]: [slapd-ldap]: [10/Nov/2005:08:52:00 +0700] - Fedora-Directory/7.1 B2005.146.2010 starting up [slapd-ldap]: [10/Nov/2005:08:52:01 +0700] - slapd started. Listening on All Interfaces port 389 for LDAP requests Your new directory server has been started. Created new Directory Server Start Slapd Starting Slapd server configuration. Success Slapd Added Directory Server information to Configuration Server. Configuring Administration Server... Setting up Administration Server Instance... Configuring Administration Tasks in Directory Server... Configuring Global Parameters in Directory Server... Can't start Admin server [/opt/fedora-ds/start-admin > /tmp/fileErA2P6 2>&1] (error: No such file or directory)INFO Finished with setup, logfile is setup/setup.log 2005/11/10, Mike Jackson : > adirek sanyakhuan wrote: > > i new user for fedora and i interest OpenLDAP or Directory Server. > > i try install but not work! > > any body suggest stepbystep install Directory Server > > > > Hi, > I just wrote that type of guide on the wiki a few days ago: > > http://directory.fedora.redhat.com/wiki/Setup > > > -- > mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Thu Nov 10 02:16:15 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Nov 2005 19:16:15 -0700 Subject: [Fedora-directory-users] howto Step by Step install Directory Server, help me! In-Reply-To: <9fed1320511091813l1d7ebb14j@mail.gmail.com> References: <9fed1320511091655i6ed63608l@mail.gmail.com> <43729DA1.7020804@sci.fi> <9fed1320511091813l1d7ebb14j@mail.gmail.com> Message-ID: <4372AD6F.3000208@redhat.com> What are the contents of the file /tmp/fileErA2P6 ? Is there anything in the admin-serv/logs directory? What's in there? adirek sanyakhuan wrote: >i config by guide but not work. > >Message error: >Server group ID to use (default: nobody) >[slapd-ldap]: starting up server ... >[slapd-ldap]: Fedora-Directory/7.1 B2005.146.2010 >[slapd-ldap]: ldap.pccp.ac.th:389 (/opt/fedora-ds/slapd-ldap) >[slapd-ldap]: >[slapd-ldap]: [10/Nov/2005:08:52:00 +0700] - Fedora-Directory/7.1 >B2005.146.2010 starting up >[slapd-ldap]: [10/Nov/2005:08:52:01 +0700] - slapd started. Listening >on All Interfaces port 389 for LDAP requests >Your new directory server has been started. >Created new Directory Server >Start Slapd Starting Slapd server configuration. >Success Slapd Added Directory Server information to Configuration Server. >Configuring Administration Server... >Setting up Administration Server Instance... >Configuring Administration Tasks in Directory Server... >Configuring Global Parameters in Directory Server... >Can't start Admin server [/opt/fedora-ds/start-admin > /tmp/fileErA2P6 >2>&1] (error: No such file or directory)INFO Finished with setup, >logfile is setup/setup.log > >2005/11/10, Mike Jackson : > > >>adirek sanyakhuan wrote: >> >> >>>i new user for fedora and i interest OpenLDAP or Directory Server. >>>i try install but not work! >>>any body suggest stepbystep install Directory Server >>> >>> >> >>Hi, >> I just wrote that type of guide on the wiki a few days ago: >> >>http://directory.fedora.redhat.com/wiki/Setup >> >> >>-- >>mike >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From adireks at gmail.com Thu Nov 10 02:23:24 2005 From: adireks at gmail.com (adirek sanyakhuan) Date: Thu, 10 Nov 2005 09:23:24 +0700 Subject: [Fedora-directory-users] howto Step by Step install Directory Server, help me! In-Reply-To: <4372AD6F.3000208@redhat.com> References: <9fed1320511091655i6ed63608l@mail.gmail.com> <43729DA1.7020804@sci.fi> <9fed1320511091813l1d7ebb14j@mail.gmail.com> <4372AD6F.3000208@redhat.com> Message-ID: <9fed1320511091823v345e7831i@mail.gmail.com> fileErA2P6 is /tmp 2005/11/10, Richard Megginson : > What are the contents of the file > > /tmp/fileErA2P6 > > ? > Is there anything in the admin-serv/logs directory? What's in there? > > adirek sanyakhuan wrote: > > >i config by guide but not work. > > > >Message error: > >Server group ID to use (default: nobody) > >[slapd-ldap]: starting up server ... > >[slapd-ldap]: Fedora-Directory/7.1 B2005.146.2010 > >[slapd-ldap]: ldap.pccp.ac.th:389 (/opt/fedora-ds/slapd-ldap) > >[slapd-ldap]: > >[slapd-ldap]: [10/Nov/2005:08:52:00 +0700] - Fedora-Directory/7.1 > >B2005.146.2010 starting up > >[slapd-ldap]: [10/Nov/2005:08:52:01 +0700] - slapd started. Listening > >on All Interfaces port 389 for LDAP requests > >Your new directory server has been started. > >Created new Directory Server > >Start Slapd Starting Slapd server configuration. > >Success Slapd Added Directory Server information to Configuration Server. > >Configuring Administration Server... > >Setting up Administration Server Instance... > >Configuring Administration Tasks in Directory Server... > >Configuring Global Parameters in Directory Server... > >Can't start Admin server [/opt/fedora-ds/start-admin > /tmp/fileErA2P6 > >2>&1] (error: No such file or directory)INFO Finished with setup, > >logfile is setup/setup.log > > > >2005/11/10, Mike Jackson : > > > > > >>adirek sanyakhuan wrote: > >> > >> > >>>i new user for fedora and i interest OpenLDAP or Directory Server. > >>>i try install but not work! > >>>any body suggest stepbystep install Directory Server > >>> > >>> > >> > >>Hi, > >> I just wrote that type of guide on the wiki a few days ago: > >> > >>http://directory.fedora.redhat.com/wiki/Setup > >> > >> > >>-- > >>mike > >> > >>-- > >>Fedora-directory-users mailing list > >>Fedora-directory-users at redhat.com > >>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > >> > >> > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot.png Type: image/png Size: 89304 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot-1.png Type: image/png Size: 73575 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot-2.png Type: image/png Size: 69598 bytes Desc: not available URL: From rmeggins at redhat.com Thu Nov 10 03:00:52 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Nov 2005 20:00:52 -0700 Subject: [Fedora-directory-users] howto Step by Step install Directory Server, help me! In-Reply-To: <9fed1320511091823v345e7831i@mail.gmail.com> References: <9fed1320511091655i6ed63608l@mail.gmail.com> <43729DA1.7020804@sci.fi> <9fed1320511091813l1d7ebb14j@mail.gmail.com> <4372AD6F.3000208@redhat.com> <9fed1320511091823v345e7831i@mail.gmail.com> Message-ID: <4372B7E4.2030507@redhat.com> adirek sanyakhuan wrote: >fileErA2P6 is /tmp > > I mean, what is in the file? e.g. cat /tmp/fileErA2P6 Or, try to start-admin again - what happens? What is in admin-serv/logs/error? > >2005/11/10, Richard Megginson : > > >>What are the contents of the file >> >>/tmp/fileErA2P6 >> >>? >>Is there anything in the admin-serv/logs directory? What's in there? >> >>adirek sanyakhuan wrote: >> >> >> >>>i config by guide but not work. >>> >>>Message error: >>>Server group ID to use (default: nobody) >>>[slapd-ldap]: starting up server ... >>>[slapd-ldap]: Fedora-Directory/7.1 B2005.146.2010 >>>[slapd-ldap]: ldap.pccp.ac.th:389 (/opt/fedora-ds/slapd-ldap) >>>[slapd-ldap]: >>>[slapd-ldap]: [10/Nov/2005:08:52:00 +0700] - Fedora-Directory/7.1 >>>B2005.146.2010 starting up >>>[slapd-ldap]: [10/Nov/2005:08:52:01 +0700] - slapd started. Listening >>>on All Interfaces port 389 for LDAP requests >>>Your new directory server has been started. >>>Created new Directory Server >>>Start Slapd Starting Slapd server configuration. >>>Success Slapd Added Directory Server information to Configuration Server. >>>Configuring Administration Server... >>>Setting up Administration Server Instance... >>>Configuring Administration Tasks in Directory Server... >>>Configuring Global Parameters in Directory Server... >>>Can't start Admin server [/opt/fedora-ds/start-admin > /tmp/fileErA2P6 >>>2>&1] (error: No such file or directory)INFO Finished with setup, >>>logfile is setup/setup.log >>> >>>2005/11/10, Mike Jackson : >>> >>> >>> >>> >>>>adirek sanyakhuan wrote: >>>> >>>> >>>> >>>> >>>>>i new user for fedora and i interest OpenLDAP or Directory Server. >>>>>i try install but not work! >>>>>any body suggest stepbystep install Directory Server >>>>> >>>>> >>>>> >>>>> >>>>Hi, >>>> I just wrote that type of guide on the wiki a few days ago: >>>> >>>>http://directory.fedora.redhat.com/wiki/Setup >>>> >>>> >>>>-- >>>>mike >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users at redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users at redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >>> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> >> >> >> >> ------------------------------------------------------------------------ >> >> >> ------------------------------------------------------------------------ >> >> >> ------------------------------------------------------------------------ >> >>------------------------------------------------------------------------ >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Nov 10 04:21:47 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 09 Nov 2005 20:21:47 -0800 Subject: [Fedora-directory-users] howto Step by Step install Directory Server, help me! In-Reply-To: <9fed1320511091813l1d7ebb14j@mail.gmail.com> References: <9fed1320511091655i6ed63608l@mail.gmail.com> <43729DA1.7020804@sci.fi> <9fed1320511091813l1d7ebb14j@mail.gmail.com> Message-ID: <4372CADB.2000808@redhat.com> This sounds like a known issue with the JVM that Admin Server uses crashing with JIT enabled. Re-run your installation, but set the environment variable "JAVA_COMPILER=none" first. That will diable JIT and should get you through the install. When the install is complete, edit the /admin-serv/config/jvm12.conf file, and add "-Djava.compiler=none" to the "jvm.options" config parameter. This will allow the Admin Server to startup without needed an environment variable set. -NGK adirek sanyakhuan wrote: >i config by guide but not work. > >Message error: >Server group ID to use (default: nobody) >[slapd-ldap]: starting up server ... >[slapd-ldap]: Fedora-Directory/7.1 B2005.146.2010 >[slapd-ldap]: ldap.pccp.ac.th:389 (/opt/fedora-ds/slapd-ldap) >[slapd-ldap]: >[slapd-ldap]: [10/Nov/2005:08:52:00 +0700] - Fedora-Directory/7.1 >B2005.146.2010 starting up >[slapd-ldap]: [10/Nov/2005:08:52:01 +0700] - slapd started. Listening >on All Interfaces port 389 for LDAP requests >Your new directory server has been started. >Created new Directory Server >Start Slapd Starting Slapd server configuration. >Success Slapd Added Directory Server information to Configuration Server. >Configuring Administration Server... >Setting up Administration Server Instance... >Configuring Administration Tasks in Directory Server... >Configuring Global Parameters in Directory Server... >Can't start Admin server [/opt/fedora-ds/start-admin > /tmp/fileErA2P6 >2>&1] (error: No such file or directory)INFO Finished with setup, >logfile is setup/setup.log > >2005/11/10, Mike Jackson : > > >>adirek sanyakhuan wrote: >> >> >>>i new user for fedora and i interest OpenLDAP or Directory Server. >>>i try install but not work! >>>any body suggest stepbystep install Directory Server >>> >>> >> >>Hi, >> I just wrote that type of guide on the wiki a few days ago: >> >>http://directory.fedora.redhat.com/wiki/Setup >> >> >>-- >>mike >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From adireks at gmail.com Thu Nov 10 04:55:55 2005 From: adireks at gmail.com (adirek sanyakhuan) Date: Thu, 10 Nov 2005 11:55:55 +0700 Subject: [Fedora-directory-users] howto Step by Step install Directory Server, help me! In-Reply-To: <4372B7E4.2030507@redhat.com> References: <9fed1320511091655i6ed63608l@mail.gmail.com> <43729DA1.7020804@sci.fi> <9fed1320511091813l1d7ebb14j@mail.gmail.com> <4372AD6F.3000208@redhat.com> <9fed1320511091823v345e7831i@mail.gmail.com> <4372B7E4.2030507@redhat.com> Message-ID: <9fed1320511092055s121ab425h@mail.gmail.com> Configuring Global Parameters in Directory Server... Can't start Admin server [/opt/fedora-ds/start-admin > /tmp/fileo673tk 2>&1] (error: No such file or directory)INFO Finished with setup, logfile is setup/setup.log [root at ldap setup]# cat /tmp/fileo673tk Netscape-Enterprise/6.2 B04/18/2005 13:49 warning: daemon is running as super-user [LS ls1] http://ldap.pccp.ac.th, port 35430 ready to accept requests [root at ldap setup]# ===================================== [root at ldap admin-serv]# cd logs/ [root at ldap logs]# ls error [root at ldap logs]# cat error [10/Nov/2005:11:51:51] info ( 3872): successful server startup [10/Nov/2005:11:51:51] info ( 3872): Netscape-Enterprise/6.2 B04/18/2005 13:49 [10/Nov/2005:11:51:51] info ( 3872): Access Host filter is: *.pccp.ac.th [10/Nov/2005:11:51:51] info ( 3872): Access Address filter is: * [10/Nov/2005:11:51:51] info ( 3873): Installing a new configuration [10/Nov/2005:11:51:51] info ( 3873): [LS ls1] http://ldap.pccp.ac.th, port 35430 ready to accept requests [10/Nov/2005:11:51:51] info ( 3873): A new configuration was successfully installed [root at ldap logs]# ========================================== 2005/11/10, Richard Megginson : > adirek sanyakhuan wrote: > > >fileErA2P6 is /tmp > > > > > I mean, what is in the file? e.g. > cat /tmp/fileErA2P6 > Or, try to start-admin again - what happens? What is in > admin-serv/logs/error? > From speedy_zinc at yahoo.com Thu Nov 10 14:54:12 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Thu, 10 Nov 2005 06:54:12 -0800 (PST) Subject: [Fedora-directory-users] more than one base domain? Message-ID: <20051110145412.87431.qmail@web36313.mail.mud.yahoo.com> Is it possible to create more than one base domain in one directory server? For example, can I have dc=alpha,dc=com and dc=beta,dc=com on the same directory, and then search through ldapsearch -b "dc=alpha,dc=com" ... and ldapsearch -b "dc=beta,dc=com" ... The console does not seem to allow that. I wonder though. thanks sz __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From david_list at boreham.org Thu Nov 10 14:58:47 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 10 Nov 2005 07:58:47 -0700 Subject: [Fedora-directory-users] more than one base domain? In-Reply-To: <20051110145412.87431.qmail@web36313.mail.mud.yahoo.com> References: <20051110145412.87431.qmail@web36313.mail.mud.yahoo.com> Message-ID: <43736027.2080409@boreham.org> speedy zinc wrote: >Is it possible to create more than one base domain in >one directory server? For example, can I have > >dc=alpha,dc=com > >and > >dc=beta,dc=com > > Of course, yes. >on the same directory, and then search through > >ldapsearch -b "dc=alpha,dc=com" ... > >and > >ldapsearch -b "dc=beta,dc=com" ... > >The console does not seem to allow that. I wonder >though. > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#17930 Note that in the case you quoted you don't _need_ to create two suffixes : you could configure one : "dc=com" and simply add the two sub domain container entries below that. From speedy_zinc at yahoo.com Thu Nov 10 15:16:04 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Thu, 10 Nov 2005 07:16:04 -0800 (PST) Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <436EB672.3030308@idsignet.com> Message-ID: <20051110151604.21419.qmail@web36305.mail.mud.yahoo.com> Hi Chen, --- Chen Shaopeng wrote: > speedy zinc wrote: > > Sorry, this is an old issue. Has anyone succeeded > in > > building the server on Ubuntu 5.10? > > > > I'd appreciate if someone can share some > experience. > > > > I just upgraded my workstation from Ubuntu 5.04 to > 5.10 > over the weekend, and it's building fine, but I'm > using > gcc 3.4 (not 4.0 as you have reported earlier). > > You might want to downgrade to gcc 3.4 to build it. > Some > modules use the command "cc", so you might have to > create > a link from "cc" to your gcc command. > > The whole thing builds just fine, assuming that you > have > all the req devel packages installed. > Could you share how you made it build on your Ubuntu? I'm also using gcc 3.4, but I have struggling to make it build for so long, it's unbelievable. I want to learn about the internals, and I want to be able to walk through some of the codes in a debugger, so I want to be able to build this on my machine. I have never thought getting this to build is such a pig... it's harder than compiling my own kernel. Guys, is learning this special build framework part of what I must learn before I can build the DS? Sorry, I've been banging my head for too long ... thanks sz __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From rmeggins at redhat.com Thu Nov 10 15:16:44 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 10 Nov 2005 08:16:44 -0700 Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <20051110151604.21419.qmail@web36305.mail.mud.yahoo.com> References: <20051110151604.21419.qmail@web36305.mail.mud.yahoo.com> Message-ID: <4373645C.4020703@redhat.com> speedy zinc wrote: >Hi Chen, > >--- Chen Shaopeng wrote: > > > >>speedy zinc wrote: >> >> >>>Sorry, this is an old issue. Has anyone succeeded >>> >>> >>in >> >> >>>building the server on Ubuntu 5.10? >>> >>>I'd appreciate if someone can share some >>> >>> >>experience. >> >> >>I just upgraded my workstation from Ubuntu 5.04 to >>5.10 >>over the weekend, and it's building fine, but I'm >>using >>gcc 3.4 (not 4.0 as you have reported earlier). >> >>You might want to downgrade to gcc 3.4 to build it. >>Some >>modules use the command "cc", so you might have to >>create >>a link from "cc" to your gcc command. >> >>The whole thing builds just fine, assuming that you >>have >>all the req devel packages installed. >> >> >> > >Could you share how you made it build on your Ubuntu? >I'm also using gcc 3.4, but I have struggling to make >it build for so long, it's unbelievable. > >I want to learn about the internals, and I want to >be able to walk through some of the codes in a >debugger, so I want to be able to build this on my >machine. > >I have never thought getting this to build is such >a pig... it's harder than compiling my own kernel. > > It was never meant to be easy to build, being a proprietary product for so long :-( We've been trying to make it easier to build as we go along with new features, sort of like trying to build the bridge and cross it at the same time . . . >Guys, is learning this special build framework part >of what I must learn before I can build the DS? >Sorry, I've been banging my head for too long ... > > We're working on it. We're working on an improved build framework using the dsbuild/gar stuff that should (hopefully) allow you to build on more platforms than just rhel/fedora core. >thanks > >sz > > > > > >__________________________________ >Yahoo! Mail - PC Magazine Editors' Choice 2005 >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From speedy_zinc at yahoo.com Thu Nov 10 15:33:50 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Thu, 10 Nov 2005 07:33:50 -0800 (PST) Subject: [Fedora-directory-users] more than one base domain? In-Reply-To: <43736027.2080409@boreham.org> Message-ID: <20051110153350.26865.qmail@web36305.mail.mud.yahoo.com> --- David Boreham wrote: > >on the same directory, and then search through > > > >ldapsearch -b "dc=alpha,dc=com" ... > > > >and > > > >ldapsearch -b "dc=beta,dc=com" ... > > > >The console does not seem to allow that. I wonder > >though. > > > > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#17930 > Ah ok, so it's done from the configuration tab, I was trying to do this in the directory tab. Ok, now that I've created a second root suffix, how do I manage it? The directory tab only shows the first suffix. I created a new root suffix "dc=alpha,dc=com", with a database named alpha, and checked the option to add associate database. But from the console, I can't seem to be able to do anything with it. thanks sz __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From simonf at cshl.edu Thu Nov 10 17:05:29 2005 From: simonf at cshl.edu (Vsevolod (Simon) Ilyushchenko) Date: Thu, 10 Nov 2005 12:05:29 -0500 Subject: [Fedora-directory-users] How to ldapsearch password expiration data? In-Reply-To: <437283B6.6020608@redhat.com> References: <43727FAC.90809@cshl.edu> <437283B6.6020608@redhat.com> Message-ID: <43737DD9.5000809@cshl.edu> Rich, Thanks - I can see them now. However, now I have questions about the semantics of password expiration. The NIS+ tables store the account (not password) expiration date as the absolute day number (from year 0). I'm trying to replicate these data in FDS. 1. First of all, I'm not sure that the password expiration feature does the same thing. When the password expires, will the user be prompted to change it or will he be locked out? 2. Second, I can't even test it, because I can't seem to force an expiration. The passwordMaxAge attribute is the number of days after which the password will expire. Well, it's the number of days *since when*? Since today? How is it updated then as the time goes by? Or since the first logon? Where is it stored then? I am truly missing something. The admin guide does not make it clear. Thanks, Simon Richard Megginson wrote on 11/09/2005 06:18 PM: > Those attributes are operational, so you must explicitly ask for them on > the ldapsearch command line e.g. > ldapsearch -b > 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' > passwordMaxAge passwordWarning passwordMinAge passwordExp > passwordGraceLimit > > In addition, ldapsubentry objects are hidden from normal searches. You > must explicitly request objects of this type by adding the > (objectclass=ldapsubentry) to your search filter e.g. > '(|(objectclass=*)(objectclass=ldapsubentry))' > to get all regular entries and sub entries, or just > '(objectclass=ldapsubentry)' > to get only the sub entry objects. -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson From basile.mathieu at siris.sorbonne.fr Thu Nov 10 17:08:10 2005 From: basile.mathieu at siris.sorbonne.fr (basile au siris) Date: Thu, 10 Nov 2005 18:08:10 +0100 Subject: [Fedora-directory-users] probleme with replication Message-ID: <43737E7A.2090805@siris.sorbonne.fr> i try to do single master replication i use redhat documention , but when i try to initialize consumer i have: " replication error acquiring replica: permisssion denied.Error code: 3 " and on the consumer : " NSMMReplicationPlugin - conn =2 op=5 replica "dc=mysite,dc=fr" unable to acquire replica: error ; permission denied " the database i want to replique is read only on the consumer if someone has got an idea , i try many things , read many time the redhat manual but it don t work thanks basile From nhosoi at redhat.com Thu Nov 10 17:52:02 2005 From: nhosoi at redhat.com (Noriko Hosoi) Date: Thu, 10 Nov 2005 09:52:02 -0800 Subject: [Fedora-directory-users] more than one base domain? In-Reply-To: <20051110153350.26865.qmail@web36305.mail.mud.yahoo.com> References: <20051110153350.26865.qmail@web36305.mail.mud.yahoo.com> Message-ID: <437388C2.2090607@redhat.com> An HTML attachment was scrubbed... URL: From uffe at loop.to Thu Nov 10 18:56:27 2005 From: uffe at loop.to (uffe at loop.to) Date: Thu, 10 Nov 2005 10:56:27 -0800 Subject: [Fedora-directory-users] probleme with replication In-Reply-To: <43737E7A.2090805@siris.sorbonne.fr> References: <43737E7A.2090805@siris.sorbonne.fr> Message-ID: <437397DB.9050502@loop.to> Hello Basile. That error happens when a replication agreement is created on the master with a bind DN that is not configured as one of the "Current Supplier DNs" in the consumer's replica configuration. There is probably a more verbose message in your master's errors log in this case. basile au siris wrote: > i try to do single master replication > i use redhat documention , but when i try to initialize consumer > i have: " replication error acquiring replica: permisssion > denied.Error code: 3 " > and on the consumer : > " NSMMReplicationPlugin - conn =2 op=5 replica "dc=mysite,dc=fr" > unable to acquire replica: error ; permission denied " > > the database i want to replique is read only on the consumer > if someone has got an idea , i try many things , read many time the > redhat manual but > it don t work > thanks > basile > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From chen_shaopeng at idsignet.com Fri Nov 11 00:28:21 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Fri, 11 Nov 2005 08:28:21 +0800 Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <20051110151604.21419.qmail@web36305.mail.mud.yahoo.com> References: <20051110151604.21419.qmail@web36305.mail.mud.yahoo.com> Message-ID: <4373E5A5.8010300@idsignet.com> speedy zinc wrote: > > Could you share how you made it build on your Ubuntu? > I'm also using gcc 3.4, but I have struggling to make > it build for so long, it's unbelievable. > > I want to learn about the internals, and I want to > be able to walk through some of the codes in a > debugger, so I want to be able to build this on my > machine. > > I have never thought getting this to build is such > a pig... it's harder than compiling my own kernel. > > Guys, is learning this special build framework part > of what I must learn before I can build the DS? > Sorry, I've been banging my head for too long ... > Hmm, I didn't do anything special though. According to the build page on wiki, it said you need: - db4-devel - krb5-devel - libtermcap-devel - ncurses-devel All the packages are availabe on Ubuntu, except libtermcap-devel. So I installed termcap-compat. Your problem seems to be with db4. Unfortunately, I'm currently at work now, and here I have a Centos 4.1 for my build, and an older version of ubuntu for other works. My ubuntu machine is at home, which I can't check right now. I can't remember which version of db4 I have, I think I have both db4-2 and db4-3 installed. I'll give a list of the package versions I have, when I get home this evening. But it's early morning now, in Shanghai :) But I'm not well versed with that build environment though. Makefile and stuff have never been my cup of tea. csp -- Chen Shaopeng http://www.idsignet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From speedy_zinc at yahoo.com Fri Nov 11 02:24:04 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Thu, 10 Nov 2005 18:24:04 -0800 (PST) Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <4373E5A5.8010300@idsignet.com> Message-ID: <20051111022404.31541.qmail@web36309.mail.mud.yahoo.com> --- Chen Shaopeng wrote: > > Hmm, I didn't do anything special though. According > to the build page on wiki, it said you need: > > - db4-devel > - krb5-devel > - libtermcap-devel > - ncurses-devel > > All the packages are availabe on Ubuntu, except > libtermcap-devel. So > I installed termcap-compat. > Thanks, here is my environment: - libdb4-2 - libdb4.2++c2 - libdb4-2.dev - libdb4.2++-dev - libdb4.3 (I can't remove this completely, it has too many apps depend on it) - libncurses5 (5.4.9) - libncurses5-dev - libncursesw5 (5.4.9) - libncursesw5-dev - termcap-compat 1.2.3 - libkrb53 (1.3.6-4) - libkrb5-dev (1.3.6-4) - perl 5.8.7 - cvs 1.12.9 - gcc 3.4.4-6 - g++ 3.4.4-6 - gmake 4.80-9 Other stuffs are just default Ubuntu 5.10. I'd appreciate if you can help me get pass this build problem. thanks sz __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From speedy_zinc at yahoo.com Fri Nov 11 02:39:07 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Thu, 10 Nov 2005 18:39:07 -0800 (PST) Subject: [Fedora-directory-users] help with memory corruption Message-ID: <20051111023907.16018.qmail@web36308.mail.mud.yahoo.com> My gnome desktop totally hanged, and out of frustration, I just pushed the reset button. Now I got a memory corruption error when trying to start up slapd: *** glibc detected *** malloc(): memory corruption: 0x08176080 *** slapd-neo/start-slapd: line 33: 7560 Aborted ./ns-slapd -D /opt/fedora-ds/slapd-neo -i /opt/fedora-ds/slapd-neo/logs/pid -w $STARTPIDFILE "$@" Couldn't find anything about cleaning up corrupted data in the admin guide. Could someone tell what's this error about? Now I wonder, if I can get this kind of corruption that easily, how would people handle it in real production environment? If I get a sudden power outage, or the cleaning guy just trips on the power cord, and boom, the server won't start. That's not pretty, isn't it? thanks sz __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From david_list at boreham.org Fri Nov 11 03:02:09 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 10 Nov 2005 20:02:09 -0700 Subject: [Fedora-directory-users] help with memory corruption In-Reply-To: <20051111023907.16018.qmail@web36308.mail.mud.yahoo.com> References: <20051111023907.16018.qmail@web36308.mail.mud.yahoo.com> Message-ID: <437409B1.3000105@boreham.org> speedy zinc wrote: >*** glibc detected *** malloc(): memory corruption: >0x08176080 *** >slapd-neo/start-slapd: line 33: 7560 Aborted > ./ns-slapd -D /opt/fedora-ds/slapd-neo -i >/opt/fedora-ds/slapd-neo/logs/pid -w $STARTPIDFILE >"$@" > >Couldn't find anything about cleaning up corrupted >data >in the admin guide. Could someone tell what's this >error about? > > I'm not sure. First let's figure out which process is causing this error. I'm not 100% that it's the server itself. What do you see in the errors log ? Do you get the server startup banner ? You could also try running under strace (make a copy of start-slapd, edit it to add 'strace -f -o /tmp/straceout' to the line mentioned above). The output from strace will give us some idea of what's happening. Running in gdb with a breakpoint on the heap error function you see caled above would be cool if you can manage that. Post the stack trace here if so. >Now I wonder, if I can get this kind of corruption >that >easily, how would people handle it in real production >environment? If I get a sudden power outage, or the >cleaning guy just trips on the power cord, and boom, >the server won't start. That's not pretty, isn't it? > > Let's hold judgement until we figure out the problem. I've been working on this code for 9 years and this is the first time I've seen something like this in released server code, if indeed that's what is triggering the error here. This must be code you built, right ? (I don't believe the FDS binaries are built with the debug heap). It's also possible that this is a build or compiler issue. Again I don't believe the product has been extensively tested when built with gcc4. From speedy_zinc at yahoo.com Fri Nov 11 03:44:50 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Thu, 10 Nov 2005 19:44:50 -0800 (PST) Subject: [Fedora-directory-users] help with memory corruption In-Reply-To: <437409B1.3000105@boreham.org> Message-ID: <20051111034450.60081.qmail@web36303.mail.mud.yahoo.com> --- David Boreham wrote: > speedy zinc wrote: > > > > I'm not sure. First let's figure out which process > is causing this error. > I'm not 100% that it's the server itself. What do > you see in the errors > log ? Do you get the server startup banner ? You > could also try running > under strace (make a copy of start-slapd, edit it to > add 'strace -f -o > /tmp/straceout' to the > line mentioned above). The output from strace will > give us some idea of > what's happening. Running in gdb with a breakpoint > on the heap error > function you see caled above would be cool if you > can manage that. > Post the stack trace here if so. > Let me try if I understand your instruction here, and see if I can get anything. And no, I don't get any banner, it hasn't got to the flash screen at all. > Let's hold judgement until we figure out the > problem. > I've been working on this code for 9 years and this > is the first time > I've seen something like this in released server > code, if indeed > that's what is triggering the error here. > Sorry if that sounds like flaming. I didn't do anythign for the whole, was working on a paper, and have Eclipse open on some test codes (which has nothing to do with FDS). Eclipse started to hang, and then Gnome, and then nothing works, except the cursor. But before I reset, I forgot that I have fds running. > This must be code you built, right ? (I don't > believe the FDS binaries > are built with the debug heap). It's also possible > that this is a > build or compiler issue. Again I don't believe the > product has been > extensively tested when built with gcc4. > No, this is the package I downloaded. It's in rpm format, I use alien to convert it to a deb package, and installed. I've never been able to build it yet, have been banging my head and asking for help on this list for a long time. Maybe I should just install a fedora distro or something... thanks sz __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From david_list at boreham.org Fri Nov 11 03:56:35 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 10 Nov 2005 20:56:35 -0700 Subject: [Fedora-directory-users] help with memory corruption In-Reply-To: <20051111034450.60081.qmail@web36303.mail.mud.yahoo.com> References: <20051111034450.60081.qmail@web36303.mail.mud.yahoo.com> Message-ID: <43741673.5010002@boreham.org> >for the whole, was working on a paper, and have >Eclipse >open on some test codes (which has nothing to do with >FDS). Eclipse started to hang, and then Gnome, and >then >nothing works, except the cursor. > > Well I doubt this is anything to do with FDS. It sounds like the machine, or at least the window manager has some serious problems. >But before I reset, I forgot that I have fds running. > > Reset with the server running is absolutely ok. If it were the sudden shutdown that had triggered the problem, it'd show up in database recovery. The fact that you have no output in the errors file indicates that we never got to recovery. > No, this is the package I downloaded. It's in rpm > >format, I use alien to convert it to a deb package, >and installed. > > Ok, I guess it must be linked with the debug heap. Strange, because that would seriously affect performance, I suspect. From rmeggins at redhat.com Fri Nov 11 03:53:48 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 10 Nov 2005 20:53:48 -0700 Subject: [Fedora-directory-users] more than one base domain? In-Reply-To: <437388C2.2090607@redhat.com> References: <20051110153350.26865.qmail@web36305.mail.mud.yahoo.com> <437388C2.2090607@redhat.com> Message-ID: <437415CC.7060608@redhat.com> I think if you're in the Directory tab, and you click right on the top level node, it should give you the option to create the root entry for your new suffix (or sub suffix). New Root Suffix entry or something like that. Suffix creation does not create the entry. Noriko Hosoi wrote: > speedy zinc wrote: > >>--- David Boreham wrote: >> >> >> >>>>on the same directory, and then search through >>>> >>>>ldapsearch -b "dc=alpha,dc=com" ... >>>> >>>>and >>>> >>>>ldapsearch -b "dc=beta,dc=com" ... >>>> >>>>The console does not seem to allow that. I wonder >>>>though. >>>> >>>> >>>> >>>> >>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#17930 >> >> >> >>Ah ok, so it's done from the configuration tab, I was >>trying to do this in the directory tab. >> >>Ok, now that I've created a second root suffix, how >>do I manage it? The directory tab only shows the >>first suffix. >> >>I created a new root suffix "dc=alpha,dc=com", with a >>database named alpha, and checked the option to add >>associate database. >> >>But from the console, I can't seem to be able to do >>anything with it. >> >>thanks >> >>sz >> >> >> > I wonder if you have initialized your new database? Once you did it, > you should be able to see it on the directory tab. > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/dbmanage.html#1117340 > Thanks, > --noriko > >> >>__________________________________ >>Start your day with Yahoo! - Make it your home page! >>http://www.yahoo.com/r/hs >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Nov 11 03:57:05 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 10 Nov 2005 20:57:05 -0700 Subject: [Fedora-directory-users] How to ldapsearch password expiration data? In-Reply-To: <43737DD9.5000809@cshl.edu> References: <43727FAC.90809@cshl.edu> <437283B6.6020608@redhat.com> <43737DD9.5000809@cshl.edu> Message-ID: <43741691.4070805@redhat.com> Vsevolod (Simon) Ilyushchenko wrote: > Rich, > > Thanks - I can see them now. > > However, now I have questions about the semantics of password > expiration. The NIS+ tables store the account (not password) > expiration date as the absolute day number (from year 0). I'm trying > to replicate these data in FDS. > > 1. First of all, I'm not sure that the password expiration feature > does the same thing. When the password expires, will the user be > prompted to change it or will he be locked out? It really depends on the application. I think FDS will send back some response controls related to password expiration. FDS also allows a configurable number of "grace logins" to allow the user to login specifically for the purpose of changing the password. > > 2. Second, I can't even test it, because I can't seem to force an > expiration. The passwordMaxAge attribute is the number of days after > which the password will expire. Well, it's the number of days *since > when*? Since today? How is it updated then as the time goes by? Or > since the first logon? Where is it stored then? I think the console uses a minimum of 1 day, but in LDAP you can go down to the second, so that might make it easier to test. passwordMaxAge is the age since the password was created or last modified. > > I am truly missing something. The admin guide does not make it clear. > > Thanks, > Simon > > Richard Megginson wrote on 11/09/2005 06:18 PM: > >> Those attributes are operational, so you must explicitly ask for them >> on the ldapsearch command line e.g. >> ldapsearch -b >> 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' >> passwordMaxAge passwordWarning passwordMinAge passwordExp >> passwordGraceLimit >> >> In addition, ldapsubentry objects are hidden from normal searches. >> You must explicitly request objects of this type by adding the >> (objectclass=ldapsubentry) to your search filter e.g. >> '(|(objectclass=*)(objectclass=ldapsubentry))' >> to get all regular entries and sub entries, or just >> '(objectclass=ldapsubentry)' >> to get only the sub entry objects. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From speedy_zinc at yahoo.com Fri Nov 11 04:04:21 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Thu, 10 Nov 2005 20:04:21 -0800 (PST) Subject: [Fedora-directory-users] help with memory corruption In-Reply-To: <437409B1.3000105@boreham.org> Message-ID: <20051111040421.10783.qmail@web36313.mail.mud.yahoo.com> BTW, this is my home machine, and I have not worked on this for 2 days. The last access (from the timestamp in the access file) dates back to 11/09. And the error file is empty. sz __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From chen_shaopeng at idsignet.com Fri Nov 11 04:18:31 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Fri, 11 Nov 2005 12:18:31 +0800 Subject: [Fedora-directory-users] help with memory corruption In-Reply-To: <20051111023907.16018.qmail@web36308.mail.mud.yahoo.com> References: <20051111023907.16018.qmail@web36308.mail.mud.yahoo.com> Message-ID: <43741B97.7050706@idsignet.com> speedy zinc wrote: > > *** glibc detected *** malloc(): memory corruption: > 0x08176080 *** > slapd-neo/start-slapd: line 33: 7560 Aborted > ./ns-slapd -D /opt/fedora-ds/slapd-neo -i > /opt/fedora-ds/slapd-neo/logs/pid -w $STARTPIDFILE > "$@" > Hmm, not sure if this is the same problem, but it looks very similar. Take a look at your dse.ldif, and see if you have any plugin config which points to a non-existing .so file. I had a similar problem some time ago, when I moved my plugin .so file to another location, and forgot to update the dse.ldif file. csp -- Chen Shaopeng http://www.idsignet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From james at dvzproperty.com Fri Nov 11 08:02:02 2005 From: james at dvzproperty.com (James van Zeeland) Date: Fri, 11 Nov 2005 18:02:02 +1000 Subject: [Fedora-directory-users] Joins domain, won't logon. Message-ID: <1131696119.21436.8771.camel@helix.lateralblue.com> Hi. Up to date FC4 install + Fedora Directory + Samba + VMware , on HP ML150 dual 3.0G Xeons w/ 2Gb Boots as a Directory server, and then on start of X logs in as vmware user which starts a VMware only session (no window manager) and launches a 2003 terminal server. Files are served from samba on the linux host. Up till now users have been happilly using old workstations in workgroup mode with syncd passwds, no problemo. I can't see anything in smb.conf to explain this behaviour : 2003 Terminal server was built, intended to be the first genuine domain member. It happilly joined the domain, but on attempt to login, reports "Cannot log you in now because the domain is unavailable" But it is available. Or should be. Sorry, do not have the config files immediately on hand ( no remote access yet - new installation) Thought I'd throw a feeler out and see if anyone can tell me what can cause this behaviour. I read about a samba bug that caused something like this (machine accounts must be stored in the same ou as users, but this was supposedly fixed around samba 3.0.11 and I'm on 3.0.14something here.) I have smbldap-tools installed, behaviour is same manually creating machine account or letting it be created by samba. I also had trouble with WINS support throwing a bad IP address (not even inside the subnet) into the mix. No idea where that came from; Disabling WINS (don't need it yet) fixed that, but the domain not available on attempted login has me scratching my head. I also read about DNS sometimes causing this, but the FQDN for both machines my-server1.mydomain.local and my-appserver1.mydomain.local both resolve without a problem. I don't know what's wrong and am considering removing the directory and SAMBA and taking the network down to reconfigure them from scratch because somethings wack. Of note : when loggged in as local administrator, password sync'd with PDC, map some network drives, then attempt to join the machine to the domain, it will FAIL reporting that multiple connections using different credentials are a no-no. J From chen_shaopeng at idsignet.com Fri Nov 11 08:52:30 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Fri, 11 Nov 2005 16:52:30 +0800 Subject: [Fedora-directory-users] lagest depoyment? Message-ID: <43745BCE.1070106@idsignet.com> Could someone with experiences in deploying FDS/RHDS (or even before that) shed some light on your largest deployment of directory? For example: - total #users - average # of concurrent users (at the same time) - total #objects in the system - hardware specs - how many servers - network topology - biggest problem encountered - ... I'm just trying to get a feel about the hardware requirements. Numbers from the Sun Directory is ok too. If you don't mind sharing that. thanks a lot. csp From james at dvzproperty.com Fri Nov 11 13:44:50 2005 From: james at dvzproperty.com (James van Zeeland) Date: Fri, 11 Nov 2005 23:44:50 +1000 Subject: [Fedora-directory-users] Joins domain, won't logon. In-Reply-To: <1131696119.21436.8771.camel@helix.lateralblue.com> References: <1131696119.21436.8771.camel@helix.lateralblue.com> Message-ID: <1131716686.21436.9408.camel@helix.lateralblue.com> The pre 3.0.11 fix for something similar was tested by placing the Computers OU inside the People ou. Made no difference. The rogue WINS entry may have come about through the legacy samba server that this FC4 build replaces (redhat 5 vintage) - the IP noted was it's old IP address before the subnet was altered and the server replaced. It was however, patched in and turned on; I think nmb broadcasts go to 255.255.255.255/0 rather than (for example) 10.2.3.255/24 ?? smb.conf seems to be correct for domain controller. > Of note : when loggged in as local administrator, password sync'd with > PDC, map some network drives, then attempt to join the machine to the > domain, it will FAIL reporting that multiple connections using different > credentials are a no-no. So I am wondering why when I have a network connection to a file share open as user "Administrator" (uid 0) I cannot then connect the machine to a domain, but if I disconnect mapped drives, restart and try again with the same credentials, it will connect to the domain, but (reset again :-) then fail to actually login with any domain account. Should I be looking closely at the directories "Administrator" account? Could a problem or poor configuration of the root/administrator accounts be the root cause? J On Fri, 2005-11-11 at 18:02, James van Zeeland wrote: > Hi. > > Up to date FC4 install + Fedora Directory + Samba + VMware , on HP ML150 > dual 3.0G Xeons w/ 2Gb > > Boots as a Directory server, and then on start of X logs in as vmware > user which starts a VMware only session (no window manager) and launches > a 2003 terminal server. Files are served from samba on the linux host. > > Up till now users have been happilly using old workstations in workgroup > mode with syncd passwds, no problemo. I can't see anything in smb.conf > to explain this behaviour : > > 2003 Terminal server was built, intended to be the first genuine domain > member. It happilly joined the domain, but on attempt to login, reports > "Cannot log you in now because the domain is unavailable" > > But it is available. Or should be. > > Sorry, do not have the config files immediately on hand ( no remote > access yet - new installation) > > Thought I'd throw a feeler out and see if anyone can tell me what can > cause this behaviour. > > I read about a samba bug that caused something like this (machine > accounts must be stored in the same ou as users, but this was supposedly > fixed around samba 3.0.11 and I'm on 3.0.14something here.) > > I have smbldap-tools installed, behaviour is same manually creating > machine account or letting it be created by samba. > > I also had trouble with WINS support throwing a bad IP address (not even > inside the subnet) into the mix. No idea where that came from; Disabling > WINS (don't need it yet) fixed that, but the domain not available on > attempted login has me scratching my head. > > I also read about DNS sometimes causing this, but the FQDN for both > machines my-server1.mydomain.local and my-appserver1.mydomain.local both > resolve without a problem. > > I don't know what's wrong and am considering removing the directory and > SAMBA and taking the network down to reconfigure them from scratch > because somethings wack. > > Of note : when loggged in as local administrator, password sync'd with > PDC, map some network drives, then attempt to join the machine to the > domain, it will FAIL reporting that multiple connections using different > credentials are a no-no. > > J > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From mont.rothstein at gmail.com Fri Nov 11 17:39:14 2005 From: mont.rothstein at gmail.com (Mont Rothstein) Date: Fri, 11 Nov 2005 09:39:14 -0800 Subject: [Fedora-directory-users] Fedora DS and a C# .NET app Message-ID: <467a83630511110939v3fcab7afo6a8dda536572a080@mail.gmail.com> Hello, I have just started working with Fedora Directory Server (still going through all of the docs and install) and I realized that something I want to do may not be possible. I was hoping someone on this list could tell me if what I want to do can or can not be done. We have a Windows C# .NET WinForms application. What we want to do is to authenticate users to a Fedora DS that we setup and then control their access rights based on settings in the DS. The trick is that the users may or may not be on an AD domain, and in either case we will not be their primary DS, only the one used for our application. Furthermore, we don't want them to have to sign in to out application, only to their computer. In short, is it possible to authenticate a Windows user to a Fedora DS using their standard Windows login info? I hope this is clear. Thanks, -Mont -------------- next part -------------- An HTML attachment was scrubbed... URL: From mont.rothstein at gmail.com Sat Nov 12 20:10:47 2005 From: mont.rothstein at gmail.com (Mont Rothstein) Date: Sat, 12 Nov 2005 12:10:47 -0800 Subject: [Fedora-directory-users] Can't authenticate to directory server Message-ID: <467a83630511121210m113465acl2929abc8ddff9f6@mail.gmail.com> I can't authenticate to my directory server from another machine. My directory server is running on RedHat ES4. I am trying to use Secure authentication (NTLM?) from a Windows C# .NET application. I suspect my problem is one of incorrect configuration on the directory server side. I can access the directory server from the Windows app using anonymous access. I created a user in the directory server and added that user to the Directory Administrators Group's ACI. I also added the IP address of the machine I am trying to communicate from to the Hosts list in the Directory Administrators Group ACI. I can login to the console using my user (uid=mont,ou=people,dc=foray,dc=com) on my Linux server. I have tried logging in from the Windows app using both the full RDN and simply the user name "mont". Neither work. Any ideas as to what needs to be done to enable authentication from a remote machine would be greatly appreciated. Thanks, -Mont -------------- next part -------------- An HTML attachment was scrubbed... URL: From mont.rothstein at gmail.com Sat Nov 12 21:58:34 2005 From: mont.rothstein at gmail.com (Mont Rothstein) Date: Sat, 12 Nov 2005 13:58:34 -0800 Subject: [Fedora-directory-users] Re: Can't authenticate to directory server In-Reply-To: <467a83630511121210m113465acl2929abc8ddff9f6@mail.gmail.com> References: <467a83630511121210m113465acl2929abc8ddff9f6@mail.gmail.com> Message-ID: <467a83630511121358y55ece408s1c98df68b9a6917b@mail.gmail.com> I solved my own problem, partially, but there is still something I don't understand. My problem was in trying to use the Secure authentication type in my Windows app. When I changed the authentication type to None (which in Windows parlance means a simple bind) it worked. All of the entries I had made for allowing my specific host access, and permissions I had granted the account (adding the user to the Domain Admins) were unnecessary. However, what I can't figure out is how to use any authentication that is stronger. I presume that the Windows None/simple bind equates to Plain. My supported sasl mechanisms are: external, plain, gssapi, digest-md5, cram-md5, and anonymous. Do I need to add to this list to communicate via stronger authentication with my Windows app, and if so how do I add to this list? Thanks, -Mont On 11/12/05, Mont Rothstein wrote: > > I can't authenticate to my directory server from another machine. > > My directory server is running on RedHat ES4. I am trying to use Secure > authentication (NTLM?) from a Windows C# .NET application. I suspect my > problem is one of incorrect configuration on the directory server side. > > I can access the directory server from the Windows app using anonymous > access. > > I created a user in the directory server and added that user to the > Directory Administrators Group's ACI. I also added the IP address of the > machine I am trying to communicate from to the Hosts list in the Directory > Administrators Group ACI. > > I can login to the console using my user > (uid=mont,ou=people,dc=foray,dc=com) on my Linux server. I have tried > logging in from the Windows app using both the full RDN and simply the user > name "mont". Neither work. > > Any ideas as to what needs to be done to enable authentication from a > remote machine would be greatly appreciated. > > Thanks, > -Mont > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nhosoi at redhat.com Sun Nov 13 03:25:27 2005 From: nhosoi at redhat.com (Noriko Hosoi) Date: Sat, 12 Nov 2005 19:25:27 -0800 Subject: [Fedora-directory-users] Re: Can't authenticate to directory server In-Reply-To: <467a83630511121358y55ece408s1c98df68b9a6917b@mail.gmail.com> References: <467a83630511121210m113465acl2929abc8ddff9f6@mail.gmail.com> <467a83630511121358y55ece408s1c98df68b9a6917b@mail.gmail.com> Message-ID: <4376B227.5080406@redhat.com> An HTML attachment was scrubbed... URL: From mont.rothstein at gmail.com Sun Nov 13 17:42:26 2005 From: mont.rothstein at gmail.com (Mont Rothstein) Date: Sun, 13 Nov 2005 09:42:26 -0800 Subject: [Fedora-directory-users] Re: Can't authenticate to directory server In-Reply-To: <4376B227.5080406@redhat.com> References: <467a83630511121210m113465acl2929abc8ddff9f6@mail.gmail.com> <467a83630511121358y55ece408s1c98df68b9a6917b@mail.gmail.com> <4376B227.5080406@redhat.com> Message-ID: <467a83630511130942s1d1bb2a3m8d1a0599999b4015@mail.gmail.com> Thanks for the reference, I hadn't found that yet. -Mont On 11/12/05, Noriko Hosoi wrote: > > Mont Rothstein wrote: > > I solved my own problem, partially, but there is still something I don't > understand. > > My problem was in trying to use the Secure authentication type in my > Windows app. When I changed the authentication type to None (which in > Windows parlance means a simple bind) it worked. All of the entries I had > made for allowing my specific host access, and permissions I had granted the > account (adding the user to the Domain Admins) were unnecessary. > > However, what I can't figure out is how to use any authentication that is > stronger. I presume that the Windows None/simple bind equates to Plain. My > supported sasl mechanisms are: external, plain, gssapi, digest-md5, > cram-md5, and anonymous. > > FDS supports digest-md5 and gssapi: > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165 > > Thanks, > --noriko > > > Do I need to add to this list to communicate via stronger authentication > with my Windows app, and if so how do I add to this list? > > Thanks, > -Mont > > > On 11/12/05, Mont Rothstein wrote: > > > > I can't authenticate to my directory server from another machine. > > > > My directory server is running on RedHat ES4. I am trying to use Secure > > authentication (NTLM?) from a Windows C# .NET application. I suspect my > > problem is one of incorrect configuration on the directory server side. > > > > I can access the directory server from the Windows app using anonymous > > access. > > > > I created a user in the directory server and added that user to the > > Directory Administrators Group's ACI. I also added the IP address of the > > machine I am trying to communicate from to the Hosts list in the Directory > > Administrators Group ACI. > > > > I can login to the console using my user > > (uid=mont,ou=people,dc=foray,dc=com) on my Linux server. I have tried > > logging in from the Windows app using both the full RDN and simply the user > > name "mont". Neither work. > > > > Any ideas as to what needs to be done to enable authentication from a > > remote machine would be greatly appreciated. > > > > Thanks, > > -Mont > > > > > ------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chen_shaopeng at idsignet.com Mon Nov 14 01:00:19 2005 From: chen_shaopeng at idsignet.com (Chen Shaopeng) Date: Mon, 14 Nov 2005 09:00:19 +0800 Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <20051111022404.31541.qmail@web36309.mail.mud.yahoo.com> References: <20051111022404.31541.qmail@web36309.mail.mud.yahoo.com> Message-ID: <4377E1A3.7020707@idsignet.com> speedy zinc wrote: > Thanks, here is my environment: > > - libdb4-2 > - libdb4.2++c2 > - libdb4-2.dev > - libdb4.2++-dev > - libdb4.3 (I can't remove this completely, it has too > many apps depend on it) > - libncurses5 (5.4.9) > - libncurses5-dev > - libncursesw5 (5.4.9) > - libncursesw5-dev > - termcap-compat 1.2.3 > - libkrb53 (1.3.6-4) > - libkrb5-dev (1.3.6-4) > - perl 5.8.7 > - cvs 1.12.9 > - gcc 3.4.4-6 > - g++ 3.4.4-6 > - gmake 4.80-9 > > Other stuffs are just default Ubuntu 5.10. > > I'd appreciate if you can help me get pass this build > problem. > That looks almost the same as I have, but I have libdb4.3-devel instead. Here's the little note I took when I built it, probably not helpful. How to build DS: ================================================================ Prereq: - db4-devel - krb5-devel (MIT) - libtermcap-devel (???) - ncurses-devel Add "." to PATH cd dsbuild/meta/ds gmake ================================================================ Admin server port config: /opt/fedora-ds/admin-serv/config/server.xml Netscape httpd port config ================================================================ csp -- Chen Shaopeng http://www.idsignet.com From basile.mathieu at siris.sorbonne.fr Mon Nov 14 11:02:01 2005 From: basile.mathieu at siris.sorbonne.fr (basile au siris) Date: Mon, 14 Nov 2005 12:02:01 +0100 Subject: [Fedora-directory-users] probleme with replication In-Reply-To: <437397DB.9050502@loop.to> References: <43737E7A.2090805@siris.sorbonne.fr> <437397DB.9050502@loop.to> Message-ID: <43786EA9.7090300@siris.sorbonne.fr> hi i may have find what was wrong , i don t use on the consumer enable legacy consumer , and then replication seems to start but server on the consummer stop here are the logs : consumer : NSMMReplicationPlugin - multimaster_be_state_change: replica dc=siris,dc=sorbonne,dc=fr is going offline; disabling replication [14/Nov/2005:11:28:35 +0100] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [14/Nov/2005:11:28:40 +0100] - import userRoot: Workers finished; cleaning up... [14/Nov/2005:11:28:43 +0100] - import userRoot: Workers cleaned up. [14/Nov/2005:11:28:43 +0100] - import userRoot: Indexing complete. Post-processing... [14/Nov/2005:11:28:43 +0100] - import userRoot: Flushing caches... [14/Nov/2005:11:28:43 +0100] - import userRoot: Closing files... [14/Nov/2005:11:28:46 +0100] - import userRoot: Import complete. Processed 3171 entries in 11 seconds. (288.27 entries/sec) [14/Nov/2005:11:28:46 +0100] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=siris,dc=sorbonne,dc=fr is coming online; enabling replication [14/Nov/2005:11:31:20 +0100] - Fedora-Directory/7.1 B2005.146.2010 starting up [14/Nov/2005:11:31:20 +0100] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [14/Nov/2005:11:35:19 +0100] - Fedora-Directory/7.1 B2005.146.2010 starting up [14/Nov/2005:11:35:21 +0100] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [14/Nov/2005:11:41:39 +0100] - Fedora-Directory/7.1 B2005.146.2010 starting up [14/Nov/2005:11:41:40 +0100] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [14/Nov/2005:11:44:15 +0100] - Fedora-Directory/7.1 B2005.146.2010 starting up [14/Nov/2005:11:44:16 +0100] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. supplier : [14/Nov/2005:11:28:31 +0100] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=replication" (195:389)". [14/Nov/2005:11:28:42 +0100] NSMMReplicationPlugin - agmt="cn=replication" (195:389): Warning: unable to receive endReplication extended operation response (Can't contact LDAP server) [14/Nov/2005:11:28:42 +0100] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=replication" (195:389)". Sent 3171 entries. [14/Nov/2005:11:28:42 +0100] NSMMReplicationPlugin - agmt="cn=replication" (195:389): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error -5961 (TCP connection reset by peer.) i configure suuplier to authenticate a samba server , and add samba schema on the consumer but don t do all that configuration on the consumer . Could it be a problem thanks basile uffe at loop.to wrote: >Hello Basile. That error happens when a replication agreement is >created on the master with a bind DN that is not configured as one of >the "Current Supplier DNs" in the consumer's replica configuration. > >There is probably a more verbose message in your master's errors log in >this case. > >basile au siris wrote: > > > >>i try to do single master replication >>i use redhat documention , but when i try to initialize consumer >>i have: " replication error acquiring replica: permisssion >>denied.Error code: 3 " >>and on the consumer : >>" NSMMReplicationPlugin - conn =2 op=5 replica "dc=mysite,dc=fr" >>unable to acquire replica: error ; permission denied " >> >>the database i want to replique is read only on the consumer >>if someone has got an idea , i try many things , read many time the >>redhat manual but >>it don t work >>thanks >>basile >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From dshackel at arbor.edu Mon Nov 14 13:37:44 2005 From: dshackel at arbor.edu (Daniel Shackelford) Date: Mon, 14 Nov 2005 08:37:44 -0500 Subject: [Fedora-directory-users] Second Try: Message-ID: <43789328.7040406@arbor.edu> I sent this earlier to the list, but it seemed to have been lost amidst the setup/compile/authentication questions: Hello All. I have successfully setup Directory Server on FC4 and am replicating/syncing with our Active Directory Domain. No problems there. What I would like to know is if there is a way to replicate more attributes of the users, or extent the ntUser part of the schema and have those changes also replicated. We use the employeeID attribute in AD, and I would like to replicate that to DS. Anybody know if there is a way to configure what attributes are replicated? Obviously in a DS =>DS replication environment, all attributes will be replicated, but what about DS =>AD? Anyone have any experience in this area? -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45 From rmeggins at redhat.com Mon Nov 14 14:50:47 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 14 Nov 2005 07:50:47 -0700 Subject: [Fedora-directory-users] probleme with replication In-Reply-To: <43786EA9.7090300@siris.sorbonne.fr> References: <43737E7A.2090805@siris.sorbonne.fr> <437397DB.9050502@loop.to> <43786EA9.7090300@siris.sorbonne.fr> Message-ID: <4378A447.10909@redhat.com> It looks as though you have created some sort of configuration that makes the supplier cause the consumer to crash during replication. What exactly did you do? I'd like to try to reproduce this problem. basile au siris wrote: > hi > i may have find what was wrong , i don t use on the consumer enable > legacy consumer , and then > replication seems to start but server on the consummer stop > here are the logs : > > consumer : > NSMMReplicationPlugin - multimaster_be_state_change: replica > dc=siris,dc=sorbonne,dc=fr is going offline; disabling replication > [14/Nov/2005:11:28:35 +0100] - WARNING: Import is running with > nsslapd-db-private-import-mem on; No other process is allowed to > access the database > [14/Nov/2005:11:28:40 +0100] - import userRoot: Workers finished; > cleaning up... > [14/Nov/2005:11:28:43 +0100] - import userRoot: Workers cleaned up. > [14/Nov/2005:11:28:43 +0100] - import userRoot: Indexing complete. > Post-processing... > [14/Nov/2005:11:28:43 +0100] - import userRoot: Flushing caches... > [14/Nov/2005:11:28:43 +0100] - import userRoot: Closing files... > [14/Nov/2005:11:28:46 +0100] - import userRoot: Import complete. > Processed 3171 entries in 11 seconds. (288.27 entries/sec) > [14/Nov/2005:11:28:46 +0100] NSMMReplicationPlugin - > multimaster_be_state_change: replica dc=siris,dc=sorbonne,dc=fr is > coming online; enabling replication > [14/Nov/2005:11:31:20 +0100] - Fedora-Directory/7.1 B2005.146.2010 > starting up > [14/Nov/2005:11:31:20 +0100] - Detected Disorderly Shutdown last time > Directory Server was running, recovering database. > [14/Nov/2005:11:35:19 +0100] - Fedora-Directory/7.1 B2005.146.2010 > starting up > [14/Nov/2005:11:35:21 +0100] - Detected Disorderly Shutdown last time > Directory Server was running, recovering database. > [14/Nov/2005:11:41:39 +0100] - Fedora-Directory/7.1 B2005.146.2010 > starting up > [14/Nov/2005:11:41:40 +0100] - Detected Disorderly Shutdown last time > Directory Server was running, recovering database. > [14/Nov/2005:11:44:15 +0100] - Fedora-Directory/7.1 B2005.146.2010 > starting up > [14/Nov/2005:11:44:16 +0100] - Detected Disorderly Shutdown last time > Directory Server was running, recovering database. > > supplier : > > [14/Nov/2005:11:28:31 +0100] NSMMReplicationPlugin - Beginning total > update of replica "agmt="cn=replication" (195:389)". > [14/Nov/2005:11:28:42 +0100] NSMMReplicationPlugin - > agmt="cn=replication" (195:389): Warning: unable to receive > endReplication extended operation response (Can't contact LDAP server) > [14/Nov/2005:11:28:42 +0100] NSMMReplicationPlugin - Finished total > update of replica "agmt="cn=replication" (195:389)". Sent 3171 entries. > [14/Nov/2005:11:28:42 +0100] NSMMReplicationPlugin - > agmt="cn=replication" (195:389): Simple bind failed, LDAP sdk error 91 > (Can't connect to the LDAP server), Netscape Portable Runtime error > -5961 (TCP connection reset by peer.) > > i configure suuplier to authenticate a samba server , and add samba > schema on the consumer > but don t do all that configuration on the consumer . > Could it be a problem > thanks > basile > > > > > > > > uffe at loop.to wrote: > >> Hello Basile. That error happens when a replication agreement is >> created on the master with a bind DN that is not configured as one of >> the "Current Supplier DNs" in the consumer's replica configuration. >> >> There is probably a more verbose message in your master's errors log in >> this case. >> >> basile au siris wrote: >> >> >> >>> i try to do single master replication >>> i use redhat documention , but when i try to initialize consumer >>> i have: " replication error acquiring replica: permisssion >>> denied.Error code: 3 " >>> and on the consumer : >>> " NSMMReplicationPlugin - conn =2 op=5 replica "dc=mysite,dc=fr" >>> unable to acquire replica: error ; permission denied " >>> >>> the database i want to replique is read only on the consumer >>> if someone has got an idea , i try many things , read many time the >>> redhat manual but >>> it don t work >>> thanks >>> basile >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Nov 14 14:55:26 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 14 Nov 2005 07:55:26 -0700 Subject: [Fedora-directory-users] Second Try: In-Reply-To: <43789328.7040406@arbor.edu> References: <43789328.7040406@arbor.edu> Message-ID: <4378A55E.2050207@redhat.com> The sync code doesn't support this. You would have to add those extra objectclasses and attributes to the windows sync code. Look at http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c?root=dirsec&rev=1.22&view=auto This is the list of attributes and objectclasses that get synced. Daniel Shackelford wrote: > I sent this earlier to the list, but it seemed to have been lost > amidst the setup/compile/authentication questions: > > Hello All. > > I have successfully setup Directory Server on FC4 and am > replicating/syncing with our Active Directory Domain. No problems > there. What I would like to know is if there is a way to replicate > more attributes of the users, or extent the ntUser part of the schema > and have those changes also replicated. We use the employeeID > attribute in AD, and I would like to replicate that to DS. Anybody > know if there is a way to configure what attributes are replicated? > Obviously in a DS =>DS replication environment, all attributes will be > replicated, but what about DS =>AD? > > Anyone have any experience in this area? > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From dshackel at arbor.edu Mon Nov 14 17:39:53 2005 From: dshackel at arbor.edu (Daniel Shackelford) Date: Mon, 14 Nov 2005 12:39:53 -0500 Subject: [Fedora-directory-users] Second Try: Message-ID: <4378CBE9.8030106@arbor.edu> Date: Mon, 14 Nov 2005 07:55:26 -0700 From: Richard Megginson Subject: Re: [Fedora-directory-users] Second Try: The sync code doesn't support this. You would have to add those extra objectclasses and attributes to the windows sync code. Look at http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c?root=dirsec&rev=1.22&view=auto This is the list of attributes and objectclasses that get synced. Thank you, that is exactly what I needed to know. Cheers! -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45 From speedy_zinc at yahoo.com Tue Nov 15 01:27:12 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 14 Nov 2005 17:27:12 -0800 (PST) Subject: [Fedora-directory-users] help with memory corruption In-Reply-To: <43741B97.7050706@idsignet.com> Message-ID: <20051115012712.57998.qmail@web36306.mail.mud.yahoo.com> Sorry for long delay, was preparing for my exams. --- Chen Shaopeng wrote: > Hmm, not sure if this is the same problem, but it > looks > very similar. > > Take a look at your dse.ldif, and see if you have > any plugin > config which points to a non-existing .so file. > > I had a similar problem some time ago, when I moved > my plugin > .so file to another location, and forgot to update > the > dse.ldif file. > That was the problem, I had put the example plugin in, and remove the folder when my eclipse hangs and refuses to start. It was easy to find out with David's instruction. Here's part of the strace message: 9067 close(6) = 0 9067 open("/home/chris/workspace/examples/Debug/libexamples.so", O_RDONLY) = -1 ENOENT (No such file or directory) 9067 fstat64(3, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 9067 time([1131682123]) = 1131682123 9067 time(NULL) = 1131682123 9067 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=165, ...}) = 0 9067 open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = 6 9067 writev(6, [{"*** glibc detected *** ", 23}, {"malloc(): memory corruption", 27}, {": 0x", 4}, {"08176080", 8}, {" ***\n", 5}], 5) = 67 9067 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 9067 tgkill(9067, 9067, SIGABRT) = 0 9067 --- SIGABRT (Aborted) @ 0 (0) --- 9067 +++ killed by SIGABRT +++ I removed the entry in the dse.ldif file, and everything works again. thanks a lot. sz. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From speedy_zinc at yahoo.com Tue Nov 15 01:28:34 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 14 Nov 2005 17:28:34 -0800 (PST) Subject: [Fedora-directory-users] Re: help for building FDS In-Reply-To: <4377E1A3.7020707@idsignet.com> Message-ID: <20051115012834.58458.qmail@web36306.mail.mud.yahoo.com> --- Chen Shaopeng wrote: > > That looks almost the same as I have, but I have > libdb4.3-devel instead. > > Here's the little note I took when I built it, > probably not helpful. > > How to build DS: > > ================================================================ > Prereq: > - db4-devel > - krb5-devel (MIT) > - libtermcap-devel (???) > - ncurses-devel > > Add "." to PATH > > cd dsbuild/meta/ds > gmake > > Still doesn't work for me :( regards sz __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From speedy_zinc at yahoo.com Tue Nov 15 01:32:32 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 14 Nov 2005 17:32:32 -0800 (PST) Subject: [Fedora-directory-users] more than one base domain? In-Reply-To: <437415CC.7060608@redhat.com> Message-ID: <20051115013233.27166.qmail@web36308.mail.mud.yahoo.com> --- Richard Megginson wrote: > I think if you're in the Directory tab, and you > click right on the top > level node, it should give you the option to create > the root entry for > your new suffix (or sub suffix). New Root Suffix > entry or something > like that. Suffix creation does not create the > entry. > I couldn't find any way to do that from the Directory tab. The only way was to try to add a new value to the list of suffixes, but the server won't take it. sz __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From david_list at boreham.org Tue Nov 15 01:34:08 2005 From: david_list at boreham.org (David Boreham) Date: Mon, 14 Nov 2005 18:34:08 -0700 Subject: [Fedora-directory-users] help with memory corruption In-Reply-To: <20051115012712.57998.qmail@web36306.mail.mud.yahoo.com> References: <20051115012712.57998.qmail@web36306.mail.mud.yahoo.com> Message-ID: <43793B10.9080008@boreham.org> >That was the problem, I had put the example plugin in, >and remove the folder when my eclipse hangs and >refuses >to start. > > Hmm. We shouldn't be aborting with no error message when a plugin .so file is missing : that's not right. I'm not sure if this has always been broken (seems unlikely) or is some issue with the underlying shared library opening code in NSPR that has changed underneath us. Either way I think this should be fixed sometime. Worst case we can stat the file first. -------------- next part -------------- An HTML attachment was scrubbed... URL: From speedy_zinc at yahoo.com Tue Nov 15 04:06:49 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Mon, 14 Nov 2005 20:06:49 -0800 (PST) Subject: [Fedora-directory-users] lagest depoyment? In-Reply-To: <43745BCE.1070106@idsignet.com> Message-ID: <20051115040649.19852.qmail@web36304.mail.mud.yahoo.com> --- Chen Shaopeng wrote: > Could someone with experiences in deploying FDS/RHDS > (or even before > that) shed some light on your largest deployment of > directory? > > For example: > > - total #users > - average # of concurrent users (at the same time) > - total #objects in the system > - hardware specs > - how many servers > - network topology > - biggest problem encountered > - ... > > I'm just trying to get a feel about the hardware > requirements. > Numbers from the Sun Directory is ok too. > > If you don't mind sharing that. > > thanks a lot. Heh, would be a great way for us, newbies, to learn about the specific requirements of FDS too. That could serve as guideline for us. Other aspects can be learned by hacking the code, studying the protocols, etc. But this only can be learned through experience, the hard way by screwing up yourself, or by learning from other people's experience (which I hope to learn more from this list). This is what I found most lacking. Everyone seems to have to spend a lot of time, repeating the learning process the hard way, because there is lack of sharing of case studies and past experiences. Two of my high school classmates are studying architecture and civil engineering. They have all kinds of case studies, experiences, past failures and successes. And very detailed besides that. You can easily use them as guideline for new designs. Some are no-no, some are best practices, etc. They were laughing at what we call "software engineering", because they can easily prove at what load their bridge will crash, but I have no way to prove at what load my server will crash. Sure, it is easy to say that computer and software evolve much faster, but still, this domain seems to be characterized by the lack of rigorous and scientific measurement. No, I'm talking about the O() thing, that's nothing compared to other engineering fields. I study the linux kernel too, and there's also no way to prove the reliability of the system. Sorry that this has nothing to do with FDS, and sounds like a rant :) I love my field of study, but that does not seem to stand up to scientific review. Oh great, I just flamed two groups of people in one shot :) Ah, should go to sleep now, maybe tomorrow will be better. sz __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From mj at sci.fi Tue Nov 15 05:14:20 2005 From: mj at sci.fi (Mike Jackson) Date: Tue, 15 Nov 2005 07:14:20 +0200 Subject: [Fedora-directory-users] lagest depoyment? In-Reply-To: <20051115040649.19852.qmail@web36304.mail.mud.yahoo.com> References: <20051115040649.19852.qmail@web36304.mail.mud.yahoo.com> Message-ID: <43796EAC.2060404@sci.fi> speedy zinc wrote: > They were laughing at what we call "software > engineering", > because they can easily prove at what load their > bridge > will crash, but I have no way to prove at what load my > server will crash. No, they can not easily prove what the straw that will break the camel's back is. They can only prove mathematical cases which would never happen in real life. For example, they might say that if you put a 500,000kg weight which occupies one square meter on the center of this bridge, then it will certainly break. They have no way of knowing how many cars/trucks the bridge can really hold before it breaks, because the cars will be spread at different distances, will weigh differently, travelling at different speeds, etc. They do not conduct those type of bridge system performance tests in real life to see where the bridge really breaks, because they don't really want to break a bridge to find out (too costly, plus it would kill people and destroy a lot of cars). Therefore, we live with conservative capacity statements (estimates) from bridge engineers, which are derived from abstract mathematical cases and/or computer simulations. Computers have many variables which can be tuned for different purposes, so the absolute performance is difficult to abstractly state. I suggest you take some time to study system performance testing. Another thing worth understanding is the difference between software engineering and system engineering. Finally, I can't give you details about my deployments because it would reveal sales related numbers of the system which I work with - something which I am not allowed to reveal because of business reasons. -- mike From basile.mathieu at siris.sorbonne.fr Tue Nov 15 11:58:36 2005 From: basile.mathieu at siris.sorbonne.fr (basile au siris) Date: Tue, 15 Nov 2005 12:58:36 +0100 Subject: [Fedora-directory-users] problem with ssl Message-ID: <4379CD6C.6030603@siris.sorbonne.fr> hi i try to enable ssl with redhat documentation i use certutil to generate certificate i store in /opt/fedora-ds/slapd_myserver/alias but when in the console i check enable ssl and use cipher family rsa i don t see my certificate i use wiki fedora and do what they say but with same result i have attribute nscertfile and nscertfile in cn=encryption,cn=config with path to slapd-myserver-cert8.db and slapd-myserver-key3.db what do i forget to do ? thanks basile From basile.mathieu at siris.sorbonne.fr Tue Nov 15 12:30:23 2005 From: basile.mathieu at siris.sorbonne.fr (basile au siris) Date: Tue, 15 Nov 2005 13:30:23 +0100 Subject: [Fedora-directory-users] problem with ssl In-Reply-To: <4379CD6C.6030603@siris.sorbonne.fr> References: <4379CD6C.6030603@siris.sorbonne.fr> Message-ID: <4379D4DF.4010202@siris.sorbonne.fr> i now can ldapsearch with -ZZ but still cant see my certificate in encryption tab in server console i don t understand exactly what it means basile basile au siris wrote: > hi > i try to enable ssl with redhat documentation i use certutil to > generate certificate > i store in /opt/fedora-ds/slapd_myserver/alias > but when in the console i check enable ssl and use cipher family rsa > i don t see my certificate > i use wiki fedora and do what they say but with same result > i have attribute nscertfile and nscertfile in cn=encryption,cn=config > with > path to slapd-myserver-cert8.db and slapd-myserver-key3.db > what do i forget to do ? > thanks > basile > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From speedy_zinc at yahoo.com Tue Nov 15 13:01:45 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Tue, 15 Nov 2005 05:01:45 -0800 (PST) Subject: [Fedora-directory-users] lagest depoyment? In-Reply-To: <43796EAC.2060404@sci.fi> Message-ID: <20051115130145.47998.qmail@web36309.mail.mud.yahoo.com> --- Mike Jackson wrote: > Computers have many variables which can be tuned for > different purposes, > so the absolute performance is difficult to > abstractly state. > And that's what I referred to: a systematic way. And I'd like to learn the best practice in a systematic way. At least in other field, there are certain ways (no matter how abstract that is) to evaluate certain things, and it is a recognized way besides that. But there is not much comparable thing in computer science. I have one year to go before graduating, and I think I've done quite a bit of programming practice during these school years. Currently, my graduation project is settled on (for now) modelling server behavior under heavy load, especially how to make the OS behave "consistently" regardless of the app that is taking heavy load. And I'd like to work out a model that is consistent all the time (or least, over 98% of the time). Maybe my technique is not right, but I find it quite hard to experiment, and especially hard to simulate heavy load and get an objective result, when I have only a one-machine setup which has to act as a server as well as 2000 clients or something. That's when I think it would be great if people can publish some data that we can use as a base to study. What I found amazing is that there's not much analysis data on previous project that students like me can study. And we have all heard about those multi-million and multi-billion dollars IT projects all the time. I think it is pretty safe to publish some analysis data in a huge projects like those, without revealing any industrial secrets or compromsing any privacy. My friend in civial engineering, when he submit a project on a small tiny bridge, he has to provide a lot of simulation and analysis data to show that the bridge would stand up. He can tweak the parameters, that's fine, but that's based on recognized frameworks. When we submit our project, in CS, the teacher will feed in pre-calculated input data, and look at the output. If the output matches, you pass. Most people think that's fine, as long as they get the grade. What's scary is that we work on a hard-core real-time OS kernel, which the professor insists on that's the kind of OS that could be used to control a nuclear power center, and we used that same lousy method to evaluate student's work. But that's hardly scientific, isn't it? Yeah, I know, I've learned the real-time kernel model, it's different, and there are quite a bit of literature, and there's even mathematical model, etc, but I don't see much of a framework. Ah, all these ranting which has nothing to do with FDS... sorry :) > I suggest you take some time to study system > performance testing. > Another thing worth understanding is the difference > between software > engineering and system engineering. > > Finally, I can't give you details about my > deployments because it would > reveal sales related numbers of the system which I > work with - something > which I am not allowed to reveal because of business > reasons. > Yeah, I know, but it could be anonymized, no? :) I promise I won't beat on this thread again. Chen's fault, I was doing some modelling work, and he threw in this question, can't help it :) regards sz __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From david_list at boreham.org Tue Nov 15 14:57:55 2005 From: david_list at boreham.org (David Boreham) Date: Tue, 15 Nov 2005 07:57:55 -0700 Subject: [Fedora-directory-users] lagest depoyment? In-Reply-To: <43796EAC.2060404@sci.fi> References: <20051115040649.19852.qmail@web36304.mail.mud.yahoo.com> <43796EAC.2060404@sci.fi> Message-ID: <4379F773.1020905@boreham.org> > Finally, I can't give you details about my deployments because it > would reveal sales related numbers of the system which I work with - > something which I am not allowed to reveal because of business reasons. Mike's hit the nail on the head as regards why you're not hearing answers here. I know about all kinds of huge deployments, but I'm not sure if that information is secret so I have to assume that it is. Because FDS and RHDS are quite new I doubt you will find many very large production deployments _yet_. There are certainly deployments on NSDS and SunDS that have millions of entries and 10's of servers. You can do your own performance evaluation relatively easily to determine scaling for your application. The LDAP performance tools originally written for the Netscape 'Directory Server Resource Kit' are handy for this. The best versions of these right now are in the Sun DS Resource Kit which you can download for free from their web site. From rmeggins at redhat.com Tue Nov 15 15:29:40 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 15 Nov 2005 08:29:40 -0700 Subject: [Fedora-directory-users] problem with ssl In-Reply-To: <4379CD6C.6030603@siris.sorbonne.fr> References: <4379CD6C.6030603@siris.sorbonne.fr> Message-ID: <4379FEE4.4020004@redhat.com> basile au siris wrote: > hi > i try to enable ssl with redhat documentation i use certutil to > generate certificate > i store in /opt/fedora-ds/slapd_myserver/alias > but when in the console i check enable ssl and use cipher family rsa > i don t see my certificate > i use wiki fedora and do what they say but with same result > i have attribute nscertfile and nscertfile in cn=encryption,cn=config > with > path to slapd-myserver-cert8.db and slapd-myserver-key3.db > what do i forget to do ? /opt/fedora-ds/alias should have two files for your server - slapd-myserver-key3.db and slapd-myserver-cert8.db. When you use certutil or it's related tools, there are two command line arguments which are really key - -P and -d. The argument for -P should be "slapd-myserver-". Notice the "-" at the end. If you do not specify this "-" at the end, you will not get your desired results. The argument for -d should always be /opt/fedora-ds/alias - this directory is (for historical reasons) the directory in to which all of the crypto files go. > thanks > basile > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From mont.rothstein at gmail.com Tue Nov 15 19:22:25 2005 From: mont.rothstein at gmail.com (Mont Rothstein) Date: Tue, 15 Nov 2005 11:22:25 -0800 Subject: [Fedora-directory-users] Need some pointers to information Message-ID: <467a83630511151122i709d557cs8cb9c5eec8ea2bb6@mail.gmail.com> I want to use a Linux server as a file server for Windows clients. I would like to be able to add users to the Directory Server pragmatically and from that have users be able to access the Linux server via Samba. Save/edit/delete files, and set ACLs. This server will not be the PDC, and there may or may not be a PDC on the network at all (computers may be a simple workgroup). I've been going through the various docs and how-tos on setting up Fedora Directory Server, Samba, and integrating the two, but everything I have been reading seems to assume that my Linux server will be the PDC. The process for adding users seems to be to create a Unix user and then make them a Samba user. Which is basically the opposite of what I want. I would like to add the user to the Directory Server and have that fully enable the user's access to the Linux server. Perhaps I am just confused. I've searched and searched but I can't find anything that looks at/talks about the Fedora Directory Server and Samba from this direction. Any help here is greatly appreciated. Thanks, -Mont -------------- next part -------------- An HTML attachment was scrubbed... URL: From del at babel.com.au Wed Nov 16 02:58:48 2005 From: del at babel.com.au (Del) Date: Wed, 16 Nov 2005 13:58:48 +1100 Subject: [Fedora-directory-users] MD5 for password hashes In-Reply-To: <435CF054.1050209@redhat.com> References: <43354EDE.4000306@babel.com.au> <43354FE9.4090807@babel.com.au> <4337FC34.20104@redhat.com> <435C7DCA.8070104@babel.com.au> <435CF054.1050209@redhat.com> Message-ID: <437AA068.30602@babel.com.au> Rich Megginson wrote: > We hope to have another binary release by the end of the week. We've > just got a couple of bug fixes to go. Hi Rich, ! http://directory.fedora.redhat.com/wiki/Download has pointers to new releases (Fedora Directory Server 1.0) but the links all give me 404's. So are we getting closer to that binary release? -- Del From rmeggins at redhat.com Wed Nov 16 03:13:10 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 15 Nov 2005 20:13:10 -0700 Subject: [Fedora-directory-users] MD5 for password hashes In-Reply-To: <437AA068.30602@babel.com.au> References: <43354EDE.4000306@babel.com.au> <43354FE9.4090807@babel.com.au> <4337FC34.20104@redhat.com> <435C7DCA.8070104@babel.com.au> <435CF054.1050209@redhat.com> <437AA068.30602@babel.com.au> Message-ID: <437AA3C6.2030709@redhat.com> Del wrote: > Rich Megginson wrote: > >> We hope to have another binary release by the end of the week. We've >> just got a couple of bug fixes to go. > > > Hi Rich, > > ! > > http://directory.fedora.redhat.com/wiki/Download has pointers to new > releases (Fedora Directory Server 1.0) but the links all give me 404's. > > So are we getting closer to that binary release? Closer . . . -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From mmontgomery at theplanet.com Wed Nov 16 06:35:49 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Wed, 16 Nov 2005 00:35:49 -0600 Subject: [Fedora-directory-users] ssl client authentication Message-ID: <437AD345.9050809@theplanet.com> conn=31 op=-1 fd=67 closed - Peer does not recognize and trust the CA that issued your certificate. I've been trying to get client authentication via ssl working for quite a while now. I've tried generating my own CA via openssl, creating a self-signed ssl cert, importing CA cert via the interface, converting the client ssl to pkcs12 format, importing it via the interface, and trying to run a 'ldapsearch' using the cert (non-pkcs12 format) on the client machine but get the above error. I've also tried clearing the whole DB, regenerating everything (CA cert, and server client cert), and generating a client cert for a test machine with this: /serverRoot/shared/bin/certutil -S -n "hostname-Cert" -s "cn=server-cert" -c "CA certificate" -t "u,u,u" -m 1002 -v 120 -d . -z noise.txt -f pwdfile.txt then running this: '../shared/bin/certutil -L -d /opt/fedora-ds/alias/ -n "hostname-test-Cert"' and putting that in a ssl cert file on the client, '/root/client.crt', using this as an ldap.conf file: host ***.***.***.*** base dc=test,dc=testdomain,dc=com uri ldap://***.***.***.*** ldap_version 3 port 636 pam_filter objectclass=posixAccount pam_login_attribute uid ssl start_tls ssl on tls_cert /root/client.crt pam_password md5 And testing again with ldapsearch. But I still get the above error. Does anyone have any ideas why this is happening, as I'm at a loss. Thanks. From nkwan at redhat.com Wed Nov 16 15:51:28 2005 From: nkwan at redhat.com (Thomas) Date: Wed, 16 Nov 2005 07:51:28 -0800 Subject: [Fedora-directory-users] ssl client authentication In-Reply-To: <437AD345.9050809@theplanet.com> References: <437AD345.9050809@theplanet.com> Message-ID: <437B5580.5030302@redhat.com> Several Problems. #1 You said you have a self-signed ssl cert, and a self-signed (assumed) CA cert When you do ldapsearch (which is your SSL client), the directory server (your SSL server) replies with the certificate chain which includes the CA certificate, and the self-signed SSL certificate. Then, the SSL client checks if the SSL certificate is signed by a "trusted" CA. Since you have a self-signed SSL certificate, you should have the SSL certificate imported into your SSL client's security database, and it should be marked as trusted (i.e -t "CT,CT,CT"). If this certificate is not marked as trusted, the client (i.e Peer) will not "trust" the connection. Another way to do this is to sign your SSL server certificate with your self-signed CA certificate, and import your CA certificate into your SSL client's security database. This approach is more generic and you dont have to trust every single server certificate that is signed by the CA. #2 You also have a self-signed client certificate If your client certificate is self-signed, that mean you need to import the client certificate into the server's security database, and mark it as trusted. Otherwise, the server will not trust your client certificate and the connection will not be established. You may want to consider to sign your client certificate with your CA certificate so that your client certificate will be trusted as long as you have the CA certificate imported and trusted in the server's database. thomas Michael Montgomery wrote: > conn=31 op=-1 fd=67 closed - Peer does not recognize and trust the CA > that issued your certificate. > > I've been trying to get client authentication via ssl working for > quite a while now. I've tried generating my own CA via openssl, > creating a self-signed ssl cert, importing CA cert via the interface, > converting the client ssl to pkcs12 format, importing it via the > interface, and trying to run a 'ldapsearch' using the cert (non-pkcs12 > format) on the client machine but get the above error. > > I've also tried clearing the whole DB, regenerating everything (CA > cert, and server client cert), and generating a client cert for a test > machine with this: > > /serverRoot/shared/bin/certutil -S -n "hostname-Cert" -s > "cn=server-cert" -c "CA certificate" -t "u,u,u" -m 1002 -v 120 -d . -z > noise.txt -f pwdfile.txt > > then running this: > > '../shared/bin/certutil -L -d /opt/fedora-ds/alias/ -n > "hostname-test-Cert"' > > and putting that in a ssl cert file on the client, '/root/client.crt', > using this as an ldap.conf file: > > host ***.***.***.*** > base dc=test,dc=testdomain,dc=com > uri ldap://***.***.***.*** > ldap_version 3 > port 636 > pam_filter objectclass=posixAccount > pam_login_attribute uid > ssl start_tls > ssl on > tls_cert /root/client.crt > pam_password md5 > > And testing again with ldapsearch. > > But I still get the above error. > > Does anyone have any ideas why this is happening, as I'm at a loss. > > Thanks. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From mj at sci.fi Wed Nov 16 18:30:37 2005 From: mj at sci.fi (Mike Jackson) Date: Wed, 16 Nov 2005 20:30:37 +0200 Subject: [Fedora-directory-users] MD5 for password hashes In-Reply-To: <437AA3C6.2030709@redhat.com> References: <43354EDE.4000306@babel.com.au> <43354FE9.4090807@babel.com.au> <4337FC34.20104@redhat.com> <435C7DCA.8070104@babel.com.au> <435CF054.1050209@redhat.com> <437AA068.30602@babel.com.au> <437AA3C6.2030709@redhat.com> Message-ID: <437B7ACD.6060106@sci.fi> Richard Megginson wrote: > Del wrote: > >> Rich Megginson wrote: >> >>> We hope to have another binary release by the end of the week. We've >>> just got a couple of bug fixes to go. >> >> >> >> Hi Rich, >> >> ! >> >> http://directory.fedora.redhat.com/wiki/Download has pointers to new >> releases (Fedora Directory Server 1.0) but the links all give me 404's. >> >> So are we getting closer to that binary release? > > > Closer . . . You do realize that MD5 has been _fully_ broken now, don't you? And I'm not talking about dictionary attacks; I'm talking about a fast mathematical attack vector on the algorithm itself. An interesting demonstration here: http://www.doxpara.com/?q=node&from=10 Collision generators here: http://www.stachliu.com/collisions.html The new and improved collision generator: http://www.stachliu.com/md5coll.c "Old (Wang, et al.) average run time on IBM P690 supercomputer - 1 hour" - out of reach for most people "New average run time on P4 1.6ghz PC - 45 minutes" - within reach for nearly everyone Now, storing md5 doesn't seem much safer than storing crypt. -- mike From rmeggins at redhat.com Wed Nov 16 18:32:23 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 16 Nov 2005 11:32:23 -0700 Subject: [Fedora-directory-users] MD5 for password hashes In-Reply-To: <437B7ACD.6060106@sci.fi> References: <43354EDE.4000306@babel.com.au> <43354FE9.4090807@babel.com.au> <4337FC34.20104@redhat.com> <435C7DCA.8070104@babel.com.au> <435CF054.1050209@redhat.com> <437AA068.30602@babel.com.au> <437AA3C6.2030709@redhat.com> <437B7ACD.6060106@sci.fi> Message-ID: <437B7B37.40908@redhat.com> Mike Jackson wrote: > Richard Megginson wrote: > >> Del wrote: >> >>> Rich Megginson wrote: >>> >>>> We hope to have another binary release by the end of the week. >>>> We've just got a couple of bug fixes to go. >>> >>> >>> >>> >>> Hi Rich, >>> >>> ! >>> >>> http://directory.fedora.redhat.com/wiki/Download has pointers to new >>> releases (Fedora Directory Server 1.0) but the links all give me 404's. >>> >>> So are we getting closer to that binary release? >> >> >> >> Closer . . . > > > You do realize that MD5 has been _fully_ broken now, don't you? And > I'm not talking about dictionary attacks; I'm talking about a fast > mathematical attack vector on the algorithm itself. > > > An interesting demonstration here: > > http://www.doxpara.com/?q=node&from=10 > > > Collision generators here: > > http://www.stachliu.com/collisions.html > > The new and improved collision generator: > > http://www.stachliu.com/md5coll.c > > "Old (Wang, et al.) average run time on IBM P690 supercomputer - 1 hour" > - out of reach for most people > > "New average run time on P4 1.6ghz PC - 45 minutes" > - within reach for nearly everyone > > > Now, storing md5 doesn't seem much safer than storing crypt. That's why cert based auth is the best way to go. But in the meantime, the next release of FDS will support SHA-256, SHA-384, and SHA-512 password hashing. > > -- > mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From ftardini at gmail.com Thu Nov 17 01:01:36 2005 From: ftardini at gmail.com (Fernando D. Tardini) Date: Wed, 16 Nov 2005 22:01:36 -0300 Subject: [Fedora-directory-users] Directory server Message-ID: <000d01c5eb12$77570ee0$6400a8c0@exentrius> Hello, i apology for my english, I'm from argentina and some technicals words i don't understand it verywell. This is really simple, i have installed fc4 and the DS for this distribution and all work perfectly. Now i have a 2003 Active Directory server and i have to make a sync with this two. I enable de replica in the directory server, and don't give any error, and I install the PassSync.msi in the 2003 server and i configured all and seem to work but don't sync the password, and i don?t get any log error. I created the user cn=replication manager,cn=config in the DS. Now i have some questions that i don?t understan verywell: 1- what base do i have to put in the passSync to look for, a base of the AD or the DS.? I mean the base where the passsync look for changes i supouse. 2- the PassSync work only with ssl or without ssl work too? 3- what is the supplier dn in the replication panel and what is the format ? I think that i have write it wrong and write the wrong supplier dn. 4- how the DS sync with the AD if I configure the DS as a consumer or i have to configure it as a single server? For information, i have read all the documentation too many times, and i can't find the error. The strange thing is that i get no error, like if the sync work but don?t write the entries. Another starnge thing is that with AD 2000, not 2003, the users sync good, not the passwords, but in 2003, sync once and then it's like if broke down. i hope you will help to solve this errors and thanks a lot. -------------- next part -------------- An HTML attachment was scrubbed... URL: From del at babel.com.au Thu Nov 17 02:07:06 2005 From: del at babel.com.au (Del) Date: Thu, 17 Nov 2005 13:07:06 +1100 Subject: [Fedora-directory-users] MD5 for password hashes In-Reply-To: <437B7ACD.6060106@sci.fi> References: <43354EDE.4000306@babel.com.au> <43354FE9.4090807@babel.com.au> <4337FC34.20104@redhat.com> <435C7DCA.8070104@babel.com.au> <435CF054.1050 209@redhat.com> <437AA068.30602@babel.com.au> <437AA3C6.2030709@redhat.com> <437B7ACD.6060106@sci.fi> Message-ID: <437BE5CA.2060707@babel.com.au> > You do realize that MD5 has been _fully_ broken now, don't you? And I'm > not talking about dictionary attacks; I'm talking about a fast > mathematical attack vector on the algorithm itself. This isn't really about storing MD5s for any length of time, it's about migrating a bunch of existing MD5 hashes into the directory from another directory that stores them (and doesn't support SSHA-512 or anything similar). Also, a couple of points: * The MD5 hashes aren't publically available. To generate a collision on a hash you have to have the hash, and if the server won't let you read the hash then you're stumped. Until, of course, you break the root DN password of the DS, in which case the security of MD5 is the least of your worries. * The MD5 collision generators can generate (quickly) two strings that have the same MD5 checksum. We cannot (yet) quickly generate a string that has a chosen checksum. Manipulating a piece of data to have the checksum you want (i.e. MD5 password cracking) is a hell of a lot more difficult than finding a colision between two bits of random data. The walls are down on this, though, and generating a piece of data with a chosen checksum is probably a few years away. Long enough to begin and conclude a password migration strategy. * It's still safer than storing clear text. -- Del From basile.mathieu at siris.sorbonne.fr Thu Nov 17 14:24:47 2005 From: basile.mathieu at siris.sorbonne.fr (basile au siris) Date: Thu, 17 Nov 2005 15:24:47 +0100 Subject: [Fedora-directory-users] questions on ssl and certutil Message-ID: <437C92AF.8060208@siris.sorbonne.fr> hi i have ssl enable in my directory server and it works fine i use redhat documentation to do that with certutil but i have a few questions for a good understanding of ssl in fds 1) i have two files slapd-myserver-cert8.db and slapd-myserver-key3.db are they the key and self-signed certificate for directory server , or are they files ( databases ) where thoses key and certificates are stored 2) i want to enable ssl in fedora console and in redhat documentation i have to generate new certificates . How can i use first certificate to signed this new ( if i do 4 5 and 7 step in redhat documenation i got an error , but i m not sure of the syntax i have to use ) , how can i generate clients certificate , how can i generate new server certificate ? i find redhat documentation not very clear for this subject ( but so clear on many others :) if someone can explain me exactly how it works and how to generate new certificates thanks basile From mmontgomery at theplanet.com Thu Nov 17 16:09:45 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Thu, 17 Nov 2005 10:09:45 -0600 Subject: [Fedora-directory-users] ssl client authentication Message-ID: <1132243785.24437.11.camel@work> Thank you very much for your response. I just have a couple more questions so I can be sure I know what I'm talking about. > the directory server (your SSL server) replies with the certificate chain which includes > the CA certificate, and the self-signed SSL certificate." I'm assuming the 'self-signed SSL cerificate' is the client's ssl certificate I imported into the SSL server's store, and NOT the server's own client certificate? > you should have the SSL certificate imported into your SSL client's security database, > and it should be marked as trusted (i.e -t "CT,CT,CT"). Is there any documentation on how to do this with a RHEL4 server? The only things that come to mind are the openssl dirs '/usr/share/ssl/*', and possibly installing the certutil package on this machine...(but how would the ldap.conf file reference this, and even know about it... I'm curious about integration) >Another way to do this is to sign your SSL server certificate with your self-signed CA > certificate, and import your CA certificate into your SSL client's security database. I'm assuming you're talking about this option to Sign/Validate a self-signed cert: -V Validate a certificate -n cert-name The nickname of the cert to Validate -b time validity time ("YYMMDDHHMMSS[+HHMM|-HHMM|Z]") -e Check certificate signature -u certusage Specify certificate usage: C SSL Client V SSL Server S Email signer R Email Recipient -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -X force the database to open R/W But then there's still the above question of how to import it into clients... Once again, thank you very much for your answers up to this point, as they were quite helpful. Michael. From dean at hwr.arizona.edu Thu Nov 17 21:43:17 2005 From: dean at hwr.arizona.edu (Dean Jones) Date: Thu, 17 Nov 2005 14:43:17 -0700 Subject: [Fedora-directory-users] Winsync - passwords? Message-ID: <437CF975.1060909@hwr.arizona.edu> Hey everyone, I have setup winsync between FDS and AD and just want to clarify a few points that i can't find in the docs or older posts.. 1. Passwords. They do not appear to be syncing either direction but i don't have SSL enabled. my guess is that this is normal? 2. Accounts. They are only syncing from AD -> FDS but i'm assuming this is also due to lack of SSL? 3. Existing users. If i have identical users setup on both my FDS and AD servers and then do a sync, what will happen? just a password sync? Has anyone done this before? thanks! From nkinder at redhat.com Thu Nov 17 21:59:38 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 17 Nov 2005 13:59:38 -0800 Subject: [Fedora-directory-users] Winsync - passwords? In-Reply-To: <437CF975.1060909@hwr.arizona.edu> References: <437CF975.1060909@hwr.arizona.edu> Message-ID: <437CFD4A.7030401@redhat.com> Dean Jones wrote: > > Hey everyone, > > I have setup winsync between FDS and AD and just want to clarify a few > points that i can't find in the docs or older posts.. > > 1. Passwords. They do not appear to be syncing either direction but i > don't have SSL enabled. my guess is that this is normal? No. They should be syncing from FDS -> AD without SSL, but not the other way. This is related to your issue 2 below. > > 2. Accounts. They are only syncing from AD -> FDS but i'm assuming > this is also due to lack of SSL? Nope. Accounts can sync fine without SSL. SSL is only required for passwords to sync from AD -> FDS. You should take a look at the "errors" log on the FDS side. You may want to enable replication level logging through the Console application to get some useful info. -NGK > > 3. Existing users. If i have identical users setup on both my FDS and > AD servers and then do a sync, what will happen? just a password > sync? Has anyone done this before? > > thanks! > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Thu Nov 17 22:15:30 2005 From: david_list at boreham.org (David Boreham) Date: Thu, 17 Nov 2005 15:15:30 -0700 Subject: [Fedora-directory-users] Winsync - passwords? In-Reply-To: <437CFD4A.7030401@redhat.com> References: <437CF975.1060909@hwr.arizona.edu> <437CFD4A.7030401@redhat.com> Message-ID: <437D0102.4070505@boreham.org> > > No. They should be syncing from FDS -> AD without SSL, but not the > other way. This is related to your issue 2 below. Other way around. Password sync AD -> FDS works without SSL. Password sync FDS -> AD requires SSL. AD will refuse to modify a password unless you connect via SSL. From romanportrait at yahoo.com Thu Nov 17 22:59:25 2005 From: romanportrait at yahoo.com (Roman Portrait) Date: Thu, 17 Nov 2005 14:59:25 -0800 (PST) Subject: [Fedora-directory-users] binary release Message-ID: <20051117225925.74205.qmail@web31103.mail.mud.yahoo.com> Where can I download Fedora Directory server for Solaris 8 or 9? Thanks, RM --------------------------------- Yahoo! FareChase - Search multiple travel sites in one click. -------------- next part -------------- An HTML attachment was scrubbed... URL: From darjo.gregoric at hit.si Fri Nov 18 09:25:32 2005 From: darjo.gregoric at hit.si (Darjo Gregoric) Date: Fri, 18 Nov 2005 10:25:32 +0100 Subject: [Fedora-directory-users] Winsync - passwords? In-Reply-To: <437CFD4A.7030401@redhat.com> Message-ID: Hi, I have set AD 2003 and fedora DS using SSL to replicate users. Replication works fine from DS to AD, including passwords. (Without ssl replicates users but without passwords, and account is disabled.) What it does not work is password sync from AD to DS. Is there any problem with pasync nad windows 2003? It looks that pasync is not working. Regards Darjo From basile.mathieu at siris.sorbonne.fr Fri Nov 18 12:57:13 2005 From: basile.mathieu at siris.sorbonne.fr (basile au siris) Date: Fri, 18 Nov 2005 13:57:13 +0100 Subject: [Fedora-directory-users] ssl probleme with ldapsearch Message-ID: <437DCFA9.9060701@siris.sorbonne.fr> i generate rootCA and servercertificate with openssl and import them in fedora console it works fine and i can use tls with /opt/fedora/shared/bin/ldapsearch but when i use ldapsearch of openldap package i can t have it recognize server certificate i give path to cacert in /etc/openldap/ldap.conf and /etc/ldap.conf i give path to /opt/fedora-ds/alias in same files nothing work thanks for help basile From basile.mathieu at siris.sorbonne.fr Fri Nov 18 13:02:04 2005 From: basile.mathieu at siris.sorbonne.fr (basile au siris) Date: Fri, 18 Nov 2005 14:02:04 +0100 Subject: [Fedora-directory-users] ssl probleme with ldapsearch In-Reply-To: <437DCFA9.9060701@siris.sorbonne.fr> References: <437DCFA9.9060701@siris.sorbonne.fr> Message-ID: <437DD0CC.50204@siris.sorbonne.fr> ok it works you don t have to use TLS_CACERTDIR but the exact path to certificate TLS_CACERT basile basile au siris wrote: > i generate rootCA and servercertificate with openssl and import them > in fedora console > it works fine and i can use tls with /opt/fedora/shared/bin/ldapsearch > but when i use ldapsearch of openldap package i can t have it > recognize server > certificate > i give path to cacert in /etc/openldap/ldap.conf and /etc/ldap.conf > i give path to /opt/fedora-ds/alias in same files > nothing work > thanks for help > basile > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From simonf at cshl.edu Fri Nov 18 17:26:59 2005 From: simonf at cshl.edu (Vsevolod (Simon) Ilyushchenko) Date: Fri, 18 Nov 2005 12:26:59 -0500 Subject: [Fedora-directory-users] Account expiration on Solaris 2.8 does not work. Message-ID: <437E0EE3.70507@cshl.edu> Hi, I have successfully configured a Solaris 2.8 box to use FDS as the authentication server. However, one detail eludes me. I'd like to be able to inactivate accounts. This feature works fine with Linux clients. With Solaris, I can get either LDAP inactivation or local accounts work. :( If I have this in pam.conf, then the LDAP accounts are locked out correctly, but local accounts don't work at all! other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 server_policy other account required pam_ldap.so If I run ssh -d -d -d to a local account, it tells me: debug3: PAM: do_pam_account pam_acct_mgmt = 13 (No account present for user) On the other hand, if I have this in pam.conf (and that's what Gary Tay's guide recommends), than local accounts work fine, but I have a locked LDAP account that accepts ANY password: other account requisite pam_roles.so.1 other account binding pam_unix_account.so.1 server_policy other account required pam_ldap.so Is there a particular patch set, perhaps, that would solve this? Thanks, Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson From Gary_Tay at platts.com Fri Nov 18 18:11:59 2005 From: Gary_Tay at platts.com (Tay, Gary) Date: Sat, 19 Nov 2005 02:11:59 +0800 Subject: [Fedora-directory-users] Account expiration on Solaris 2.8 does notwork. Message-ID: While trying it against SUN ONE DS5.2, it actually worked, and below are the lessons learned: 0) Make sure Solaris8 Native LDAP Client has latest kernel and LDAP Patch 108993-49. 1) Did you change this ACL? this is a workaround to make pam_ldap work with account management. In FDS, open Directory Server, select defaultSearchBase, i.e. dc=example,dc=com and edit one of the listed ACIs, which is usually named ?LDAP_Naming_Services_proxy_password_read?: Change it. From: (target="ldap:///dc=example,dc=com")(targetattr="userPa ssword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,read,search) userdn = "ldap:///cn=proxyagent,ou=profile,dc=example,dc=com" ;) To: (target="ldap:///dc=example,dc=com")(targetattr="us erPassword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,search) userdn = ldap:///cn=proxyagent,ou=profile,dc=example,dc=com ;) 2) After creating user entry, did you add "posixAccount" as well as "shadowAccount" to them in admin. console? and enter values for uidNumber and gidNumber posixAccount attributes. 3) Make VERY sure that your user entry contains VALID homeDirectory path and loginShell. 4) If netgroup compat mode is used on Solaris8 Native LDAP Client, you got to blank out 2nd and 3rd fields of all + at netgroupX lines, eg: + at netgroup1 :::::::: + at netgroup2 :::::::: 5) Make sure LDAP domain name in /etc/defautdomain is defined at Solaris8 LDAP Client, and a nisDomainObject "example.com" exists at the root entry of the LDAP DIT. # echo "example.com" >/etc/defaultdomain # domainname `cat /etc/defaultdomain` 6) Check that passwordStorageScheme in cn=config is "crypt" Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com on behalf of Vsevolod (Simon) Ilyushchenko Sent: Sat 11/19/2005 1:26 AM To: General discussion list for the Fedora Directory server project. Cc: Subject: [Fedora-directory-users] Account expiration on Solaris 2.8 does notwork. Hi, I have successfully configured a Solaris 2.8 box to use FDS as the authentication server. However, one detail eludes me. I'd like to be able to inactivate accounts. This feature works fine with Linux clients. With Solaris, I can get either LDAP inactivation or local accounts work. :( If I have this in pam.conf, then the LDAP accounts are locked out correctly, but local accounts don't work at all! other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 server_policy other account required pam_ldap.so If I run ssh -d -d -d to a local account, it tells me: debug3: PAM: do_pam_account pam_acct_mgmt = 13 (No account present for user) On the other hand, if I have this in pam.conf (and that's what Gary Tay's guide recommends), than local accounts work fine, but I have a locked LDAP account that accepts ANY password: other account requisite pam_roles.so.1 other account binding pam_unix_account.so.1 server_policy other account required pam_ldap.so Is there a particular patch set, perhaps, that would solve this? Thanks, Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 8522 bytes Desc: not available URL: From Gary_Tay at platts.com Fri Nov 18 18:17:58 2005 From: Gary_Tay at platts.com (Tay, Gary) Date: Sat, 19 Nov 2005 02:17:58 +0800 Subject: [Fedora-directory-users] Account expiration on Solaris 2.8 does notwork. Message-ID: Point 4, I meant those lines in /etc/shadow. 4) If netgroup compat mode is used on Solaris8 Native LDAP Client, you got to blank out 2nd and 3rd fields of all + at netgroupX lines in /etc/shadow, eg: + at netgroup1 :::::::: + at netgroup2 :::::::: See also: http://swforum.sun.com/jive/thread.jspa?threadID=52764&tstart=15 Configuring LDAP netgroups (related account expiration/reset/force password change bug was also discussed). Gary -----Original Message----- From: Tay, Gary on behalf of Tay, Gary Sent: Sat 11/19/2005 2:11 AM To: General discussion list for the Fedora Directory server project. Cc: Subject: RE: [Fedora-directory-users] Account expiration on Solaris 2.8 does notwork. While trying it against SUN ONE DS5.2, it actually worked, and below are the lessons learned: 0) Make sure Solaris8 Native LDAP Client has latest kernel and LDAP Patch 108993-49. 1) Did you change this ACL? this is a workaround to make pam_ldap work with account management. In FDS, open Directory Server, select defaultSearchBase, i.e. dc=example,dc=com and edit one of the listed ACIs, which is usually named ?LDAP_Naming_Services_proxy_password_read?: Change it. From: (target="ldap:///dc=example,dc=com")(targetattr="userPa ssword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,read,search) userdn = "ldap:///cn=proxyagent,ou=profile,dc=example,dc=com" ;) To: (target="ldap:///dc=example,dc=com")(targetattr="us erPassword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,search) userdn = ldap:///cn=proxyagent,ou=profile,dc=example,dc=com ;) 2) After creating user entry, did you add "posixAccount" as well as "shadowAccount" to them in admin. console? and enter values for uidNumber and gidNumber posixAccount attributes. 3) Make VERY sure that your user entry contains VALID homeDirectory path and loginShell. 4) If netgroup compat mode is used on Solaris8 Native LDAP Client, you got to blank out 2nd and 3rd fields of all + at netgroupX lines, eg: + at netgroup1 :::::::: + at netgroup2 :::::::: 5) Make sure LDAP domain name in /etc/defautdomain is defined at Solaris8 LDAP Client, and a nisDomainObject "example.com" exists at the root entry of the LDAP DIT. # echo "example.com" >/etc/defaultdomain # domainname `cat /etc/defaultdomain` 6) Check that passwordStorageScheme in cn=config is "crypt" Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com on behalf of Vsevolod (Simon) Ilyushchenko Sent: Sat 11/19/2005 1:26 AM To: General discussion list for the Fedora Directory server project. Cc: Subject: [Fedora-directory-users] Account expiration on Solaris 2.8 does notwork. Hi, I have successfully configured a Solaris 2.8 box to use FDS as the authentication server. However, one detail eludes me. I'd like to be able to inactivate accounts. This feature works fine with Linux clients. With Solaris, I can get either LDAP inactivation or local accounts work. :( If I have this in pam.conf, then the LDAP accounts are locked out correctly, but local accounts don't work at all! other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 server_policy other account required pam_ldap.so If I run ssh -d -d -d to a local account, it tells me: debug3: PAM: do_pam_account pam_acct_mgmt = 13 (No account present for user) On the other hand, if I have this in pam.conf (and that's what Gary Tay's guide recommends), than local accounts work fine, but I have a locked LDAP account that accepts ANY password: other account requisite pam_roles.so.1 other account binding pam_unix_account.so.1 server_policy other account required pam_ldap.so Is there a particular patch set, perhaps, that would solve this? Thanks, Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 10110 bytes Desc: not available URL: From simonf at cshl.edu Fri Nov 18 18:49:35 2005 From: simonf at cshl.edu (Vsevolod (Simon) Ilyushchenko) Date: Fri, 18 Nov 2005 13:49:35 -0500 Subject: [Fedora-directory-users] Account expiration on Solaris 2.8 does notwork. In-Reply-To: References: Message-ID: <437E223F.204@cshl.edu> Gary, You totally rule! Thanks! I'll try patching next week. BTW - I'm not using native Solaris client, I have installed the Openldap client libraries. How do I change the ACL below? If I select "access permissions" menu item on the dc=example,dc=com, I get a window with the following ACls defined: Enable anonymous access Enable self write for common attributes Configuration Administrator Configuration Administrator Group Directory Administrator Group SIE Group I can also add new ACLs, but I'm not sure how to find the one you are referring to. Thanks, Simon > 1) Did you change this ACL? this is a workaround to make pam_ldap work with account management. > > In FDS, open Directory Server, select defaultSearchBase, i.e. dc=example,dc=com and edit one of the listed ACIs, which is usually named ?LDAP_Naming_Services_proxy_password_read?: > > Change it. > > From: > (target="ldap:///dc=example,dc=com")(targetattr="userPa ssword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,read,search) userdn = "ldap:///cn=proxyagent,ou=profile,dc=example,dc=com" ;) > > To: > (target="ldap:///dc=example,dc=com")(targetattr="us erPassword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,search) userdn = ldap:///cn=proxyagent,ou=profile,dc=example,dc=com ;) > > > 2) After creating user entry, did you add "posixAccount" as well as "shadowAccount" to them in admin. console? and enter values for uidNumber and gidNumber posixAccount attributes. > > 3) Make VERY sure that your user entry contains VALID homeDirectory path and loginShell. > > 4) If netgroup compat mode is used on Solaris8 Native LDAP Client, you got to blank out 2nd and 3rd fields of all + at netgroupX lines, eg: > > + at netgroup1 :::::::: > + at netgroup2 :::::::: > > 5) Make sure LDAP domain name in /etc/defautdomain is defined at Solaris8 LDAP Client, and a nisDomainObject "example.com" exists at the root entry of the LDAP DIT. > > # echo "example.com" >/etc/defaultdomain > # domainname `cat /etc/defaultdomain` > > 6) Check that passwordStorageScheme in cn=config is "crypt" > > Gary > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com on behalf of Vsevolod (Simon) Ilyushchenko > Sent: Sat 11/19/2005 1:26 AM > To: General discussion list for the Fedora Directory server project. > Cc: > Subject: [Fedora-directory-users] Account expiration on Solaris 2.8 does notwork. > > > > Hi, > > I have successfully configured a Solaris 2.8 box to use FDS as the > authentication server. However, one detail eludes me. > > I'd like to be able to inactivate accounts. This feature works fine with > Linux clients. With Solaris, I can get either LDAP inactivation or local > accounts work. :( > > If I have this in pam.conf, then the LDAP accounts are locked out > correctly, but local accounts don't work at all! > > other account requisite pam_roles.so.1 > other account required pam_unix_account.so.1 server_policy > other account required pam_ldap.so > > If I run ssh -d -d -d to a local account, it tells me: > debug3: PAM: do_pam_account pam_acct_mgmt = 13 (No account present for user) > > On the other hand, if I have this in pam.conf (and that's what Gary > Tay's guide recommends), than local accounts work fine, but I have a > locked LDAP account that accepts ANY password: > > other account requisite pam_roles.so.1 > other account binding pam_unix_account.so.1 server_policy > other account required pam_ldap.so > > Is there a particular patch set, perhaps, that would solve this? > > Thanks, > Simon > -- > > Simon (Vsevolod ILyushchenko) simonf at cshl.edu > http://www.simonf.com > > "Think like a man of action, act like a man of thought." > > Henri Bergson > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson From Jon.Jackson at identix.com Fri Nov 18 21:04:42 2005 From: Jon.Jackson at identix.com (Jackson, Jon) Date: Fri, 18 Nov 2005 15:04:42 -0600 Subject: [Fedora-directory-users] Missing packages Message-ID: <78006EF781F40B47935AF941E9692FCC01C01375@idxmnmail.identix.com> Hi Community, It seems like the http://directory.fedora.redhat.com/downloads/* packages are missing. All of the links for binary packages are not working. Did these get moved, and the Wiki is not caught up yet? Is there a mirror for these packages? Thanks in advance, --JJ From rmeggins at redhat.com Fri Nov 18 21:27:25 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 18 Nov 2005 14:27:25 -0700 Subject: [Fedora-directory-users] Missing packages In-Reply-To: <78006EF781F40B47935AF941E9692FCC01C01375@idxmnmail.identix.com> References: <78006EF781F40B47935AF941E9692FCC01C01375@idxmnmail.identix.com> Message-ID: <437E473D.2000203@redhat.com> https://www.redhat.com/archives/fedora-directory-devel/2005-November/msg00038.html Jackson, Jon wrote: >Hi Community, > >It seems like the http://directory.fedora.redhat.com/downloads/* >packages are missing. All of the links for binary packages are not >working. > >Did these get moved, and the Wiki is not caught up yet? Is there a >mirror for these packages? > >Thanks in advance, >--JJ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From Gary_Tay at platts.com Sat Nov 19 02:43:57 2005 From: Gary_Tay at platts.com (Tay, Gary) Date: Sat, 19 Nov 2005 10:43:57 +0800 Subject: [Fedora-directory-users] Account expiration on Solaris 2.8 doesnotwork. Message-ID: I believe the ACL and another one, see related post, are added by SUN DS5.2 "idsconfig" command (iPlanet Directory Server Config), since FDS7.1 does not provide this command, these two ACLs do not exist, you could simply add them in at the "dc=example,dc=com" (defaultSearchBase) level, using copy and paste and manual editing mode. See related post: https://www.redhat.com/archives/fedora-directory-users/2005-July/msg00133.html I have seen Account Management features like account lockout, account pw reset leading to user forced pw change, and account expiration working on Solaris Native LDAP Client libraries, if you use OpenLDAP+PADL Client libraries, I do not what will be in for you, most likely it won't work. I highly recommend the use of Native Client libs, or else when SUN changes something your hard worked craft may not be working anymore. Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com on behalf of Vsevolod (Simon) Ilyushchenko Sent: Sat 11/19/2005 2:49 AM To: General discussion list for the Fedora Directory server project. Cc: Subject: Re: [Fedora-directory-users] Account expiration on Solaris 2.8 doesnotwork. Gary, You totally rule! Thanks! I'll try patching next week. BTW - I'm not using native Solaris client, I have installed the Openldap client libraries. How do I change the ACL below? If I select "access permissions" menu item on the dc=example,dc=com, I get a window with the following ACls defined: Enable anonymous access Enable self write for common attributes Configuration Administrator Configuration Administrator Group Directory Administrator Group SIE Group I can also add new ACLs, but I'm not sure how to find the one you are referring to. Thanks, Simon > 1) Did you change this ACL? this is a workaround to make pam_ldap work with account management. > > In FDS, open Directory Server, select defaultSearchBase, i.e. dc=example,dc=com and edit one of the listed ACIs, which is usually named ?LDAP_Naming_Services_proxy_password_read?: > > Change it. > > From: > (target="ldap:///dc=example,dc=com")(targetattr="userPa ssword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,read,search) userdn = "ldap:///cn=proxyagent,ou=profile,dc=example,dc=com" ;) > > To: > (target="ldap:///dc=example,dc=com")(targetattr="us erPassword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,search) userdn = ldap:///cn=proxyagent,ou=profile,dc=example,dc=com ;) > > > 2) After creating user entry, did you add "posixAccount" as well as "shadowAccount" to them in admin. console? and enter values for uidNumber and gidNumber posixAccount attributes. > > 3) Make VERY sure that your user entry contains VALID homeDirectory path and loginShell. > > 4) If netgroup compat mode is used on Solaris8 Native LDAP Client, you got to blank out 2nd and 3rd fields of all + at netgroupX lines, eg: > > + at netgroup1 :::::::: > + at netgroup2 :::::::: > > 5) Make sure LDAP domain name in /etc/defautdomain is defined at Solaris8 LDAP Client, and a nisDomainObject "example.com" exists at the root entry of the LDAP DIT. > > # echo "example.com" >/etc/defaultdomain > # domainname `cat /etc/defaultdomain` > > 6) Check that passwordStorageScheme in cn=config is "crypt" > > Gary > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com on behalf of Vsevolod (Simon) Ilyushchenko > Sent: Sat 11/19/2005 1:26 AM > To: General discussion list for the Fedora Directory server project. > Cc: > Subject: [Fedora-directory-users] Account expiration on Solaris 2.8 does notwork. > > > > Hi, > > I have successfully configured a Solaris 2.8 box to use FDS as the > authentication server. However, one detail eludes me. > > I'd like to be able to inactivate accounts. This feature works fine with > Linux clients. With Solaris, I can get either LDAP inactivation or local > accounts work. :( > > If I have this in pam.conf, then the LDAP accounts are locked out > correctly, but local accounts don't work at all! > > other account requisite pam_roles.so.1 > other account required pam_unix_account.so.1 server_policy > other account required pam_ldap.so > > If I run ssh -d -d -d to a local account, it tells me: > debug3: PAM: do_pam_account pam_acct_mgmt = 13 (No account present for user) > > On the other hand, if I have this in pam.conf (and that's what Gary > Tay's guide recommends), than local accounts work fine, but I have a > locked LDAP account that accepts ANY password: > > other account requisite pam_roles.so.1 > other account binding pam_unix_account.so.1 server_policy > other account required pam_ldap.so > > Is there a particular patch set, perhaps, that would solve this? > > Thanks, > Simon > -- > > Simon (Vsevolod ILyushchenko) simonf at cshl.edu > http://www.simonf.com > > "Think like a man of action, act like a man of thought." > > Henri Bergson > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 13122 bytes Desc: not available URL: From ftardini at gmail.com Sun Nov 20 04:38:29 2005 From: ftardini at gmail.com (Fernando D. Tardini) Date: Sun, 20 Nov 2005 01:38:29 -0300 Subject: [Fedora-directory-users] error and access logs Message-ID: <001101c5ed8c$45aff150$6400a8c0@exentrius> hello, can someone tell me what mean this acces log ] conn=49 op=5 RESULT err=0 tag=101 nentries=24 etime=0 [18/Nov/2005:00:07:43 -0300] conn=49 op=6 UNBIND [18/Nov/2005:00:07:43 -0300] conn=49 op=6 fd=68 closed - U1 [18/Nov/2005:00:17:49 -0300] conn=50 fd=67 slot=67 connection from 192.168.0.10 to 192.168.0.10 [18/Nov/2005:00:17:49 -0300] conn=50 op=0 BIND dn="cn=admin-serv-fedora-ldap, cn=Fedora Administration Server, cn=Server Group, cn=fedora-ldap.sotano.com, ou=sotano.com, o=NetscapeRoot" method=128 version=3 [18/Nov/2005:00:17:49 -0300] conn=50 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=admin-serv-fedora-ldap,cn=fedora administration server,cn=server group,cn=fedora-ldap.sotano.com,ou=sotano.com,o=netscaperoot" [18/Nov/2005:00:17:49 -0300] conn=50 op=1 BIND dn="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128 version=3 [18/Nov/2005:00:17:49 -0300] conn=50 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" [18/Nov/2005:00:17:49 -0300] conn=50 op=2 UNBIND [18/Nov/2005:00:17:49 -0300] conn=50 op=2 fd=67 closed - U1 [18/Nov/2005:00:17:49 -0300] conn=51 fd=68 slot=68 connection from 192.168.0.10 to 192.168.0.10 [18/Nov/2005:00:17:49 -0300] conn=51 op=0 BIND dn="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128 version=3 [18/Nov/2005:00:17:49 -0300] conn=51 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" [18/Nov/2005:00:17:49 -0300] conn=51 op=1 SRCH base="cn=statusping, cn=operation, cn=tasks, cn=admin-serv-fedora-ldap, cn=fedora administration server, cn=server group, cn=fedora-ldap.sotano.com, ou=sotano.com, o=netscaperoot" scope=0 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [18/Nov/2005:00:17:49 -0300] conn=51 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [18/Nov/2005:00:17:49 -0300] conn=51 op=2 SRCH base="cn=admin-serv-fedora-ldap, cn=Fedora Administration Server, cn=Server Group, cn=fedora-ldap.sotano.com, ou=sotano.com, o=NetscapeRoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [18/Nov/2005:00:17:49 -0300] conn=51 op=2 RESULT err=0 tag=101 nentries=24 etime=0 [18/Nov/2005:00:17:49 -0300] conn=51 op=3 SRCH base="cn=slapd-fedora-ldap, cn=Fedora Directory Server, cn=Server Group, cn=fedora-ldap.sotano.com, ou=sotano.com, o=NetscapeRoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [18/Nov/2005:00:17:49 -0300] conn=51 op=3 RESULT err=0 tag=101 nentries=13 etime=0 [18/Nov/2005:00:17:49 -0300] conn=51 op=4 SRCH base="cn=Fedora Directory Server, cn=Server Group, cn=fedora-ldap.sotano.com, ou=sotano.com, o=NetscapeRoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [18/Nov/2005:00:17:49 -0300] conn=51 op=4 RESULT err=0 tag=101 nentries=17 etime=0 [18/Nov/2005:00:17:49 -0300] conn=51 op=5 SRCH base="cn=Fedora Administration Server, cn=Server Group, cn=fedora-ldap.sotano.com, ou=sotano.com, o=NetscapeRoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [18/Nov/2005:00:17:49 -0300] conn=51 op=5 RESULT err=0 tag=101 nentries=24 etime=0 [18/Nov/2005:00:17:49 -0300] conn=51 op=6 UNBIND [18/Nov/2005:00:17:49 -0300] conn=51 op=6 fd=68 closed - U1 and this error log [13/Nov/2005:21:47:19 -0300] NSMMReplicationPlugin - agmt="cn=prueba" (192:389): Replica has no update vector. It has never been initialized. [13/Nov/2005:21:47:23 -0300] NSMMReplicationPlugin - agmt="cn=prueba" (192:389): Replica has no update vector. It has never been initialized. [13/Nov/2005:21:47:25 -0300] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=prueba" (192:389)". [13/Nov/2005:21:47:29 -0300] - Entry "uid=Guest,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:21:47:29 -0300] - Entry "uid=TsInternetUser,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:21:47:29 -0300] - Entry "uid=Administrator,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:21:47:29 -0300] - Entry "uid=krbtgt,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:21:47:30 -0300] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=prueba" (192:389)". Sent 19 entries. [13/Nov/2005:21:49:20 -0300] agmt="cn=prueba" (192:389) - Can't locate CSN 4370157b000114730000 in the changelog (DB rc=-30990). The consumer may need to be reinitialized. [13/Nov/2005:21:49:20 -0300] agmt="cn=prueba" (192:389) - Can't locate CSN 4370157b000114730000 in the changelog (DB rc=-30990). The consumer may need to be reinitialized. [13/Nov/2005:21:49:46 -0300] agmt="cn=prueba" (192:389) - Can't locate CSN 4370157b000114730000 in the changelog (DB rc=-30990). The consumer may need to be reinitialized. [13/Nov/2005:21:50:23 -0300] agmt="cn=prueba" (192:389) - Can't locate CSN 4370157b000114730000 in the changelog (DB rc=-30990). The consumer may need to be reinitialized. [13/Nov/2005:21:50:23 -0300] agmt="cn=prueba" (192:389) - Can't locate CSN 4370157b000114730000 in the changelog (DB rc=-30990). The consumer may need to be reinitialized. [13/Nov/2005:21:53:16 -0300] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=prueba" (192:389)". [13/Nov/2005:21:53:17 -0300] - Entry "uid=Guest,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:21:53:17 -0300] - Entry "uid=TsInternetUser,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:21:53:17 -0300] - Entry "uid=Administrator,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:21:53:17 -0300] - Entry "uid=krbtgt,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:21:53:18 -0300] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=prueba" (192:389)". Sent 19 entries. [13/Nov/2005:22:02:49 -0300] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=prueba" (192:389)". [13/Nov/2005:22:02:49 -0300] - Entry "uid=Guest,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:22:02:49 -0300] - Entry "uid=TsInternetUser,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:22:02:49 -0300] - Entry "uid=Administrator,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:22:02:49 -0300] - Entry "uid=krbtgt,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [13/Nov/2005:22:02:50 -0300] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=prueba" (192:389)". Sent 19 entries. [13/Nov/2005:22:14:46 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [13/Nov/2005:22:39:46 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [13/Nov/2005:23:14:46 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [13/Nov/2005:23:19:46 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [13/Nov/2005:23:44:46 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [13/Nov/2005:23:54:46 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [17/Nov/2005:21:30:28 -0300] - Fedora-Directory/7.1 B2005.146.2010 starting up [17/Nov/2005:21:30:28 -0300] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [17/Nov/2005:21:30:32 -0300] - _csngen_parse_state: replica id mismatch; current id - 65535, replica id in the state - 5235 [17/Nov/2005:21:30:32 -0300] NSMMReplicationPlugin - _replica_init_from_config: failed to create csn generator for replica (cn=replica,cn=\22dc=sotano,dc=com\22,cn=mapping tree,cn=config) [17/Nov/2005:21:30:32 -0300] NSMMReplicationPlugin - Unable to configure replica dc=sotano,dc=com: failed to create csn generator for replica (cn=replica,cn=\22dc=sotano,dc=com\22,cn=mapping tree,cn=config) [17/Nov/2005:21:30:32 -0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [17/Nov/2005:21:35:16 -0300] NSMMReplicationPlugin - agmt_delete: begin [17/Nov/2005:21:35:49 -0300] NSMMReplicationPlugin - replica_config_modify: replica does not exist for dc=sotano,dc=com [17/Nov/2005:21:40:40 -0300] NSMMReplicationPlugin - agmt="cn=prueb" (organiza-a6b090:389): Replica has no update vector. It has never been initialized. [17/Nov/2005:21:40:40 -0300] NSMMReplicationPlugin - agmt="cn=prueb" (organiza-a6b090:389): Replica has no update vector. It has never been initialized. [17/Nov/2005:21:40:44 -0300] NSMMReplicationPlugin - agmt="cn=prueb" (organiza-a6b090:389): Replica has no update vector. It has never been initialized. [17/Nov/2005:21:40:47 -0300] NSMMReplicationPlugin - agmt="cn=prueb" (organiza-a6b090:389): Replica has no update vector. It has never been initialized. [17/Nov/2005:21:40:51 -0300] NSMMReplicationPlugin - agmt="cn=prueb" (organiza-a6b090:389): Replica has no update vector. It has never been initialized. [17/Nov/2005:21:40:55 -0300] NSMMReplicationPlugin - agmt="cn=prueb" (organiza-a6b090:389): Replica has no update vector. It has never been initialized. [17/Nov/2005:21:40:56 -0300] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=prueb" (organiza-a6b090:389)". [17/Nov/2005:21:40:57 -0300] - Entry "uid=Guest,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [17/Nov/2005:21:40:57 -0300] - Entry "uid=TsInternetUser,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [17/Nov/2005:21:40:57 -0300] - Entry "uid=Administrator,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [17/Nov/2005:21:40:57 -0300] - Entry "uid=krbtgt,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [17/Nov/2005:21:40:58 -0300] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=prueb" (organiza-a6b090:389)". Sent 20 entries. [17/Nov/2005:21:53:30 -0300] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=prueb" (organiza-a6b090:389)". [17/Nov/2005:21:53:31 -0300] - Entry "uid=Guest,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [17/Nov/2005:21:53:31 -0300] - Entry "uid=TsInternetUser,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [17/Nov/2005:21:53:31 -0300] - Entry "uid=Administrator,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [17/Nov/2005:21:53:31 -0300] - Entry "uid=krbtgt,ou=People, dc=sotano,dc=com" missing attribute "sn" required by object class "person" [17/Nov/2005:21:53:31 -0300] NSMMReplicationPlugin - IsValidOperation: NULL operation CSN [17/Nov/2005:21:53:31 -0300] NSMMReplicationPlugin - write_changelog_and_ruv: can't add a change for uid=perroloco,ou=people,dc=sotano,dc=com (uniqid: ea326606-1dd111b2-8061a9f6-0b080000, optype: 8) to changelog csn [17/Nov/2005:21:53:32 -0300] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=prueb" (organiza-a6b090:389)". Sent 21 entries. [17/Nov/2005:22:15:40 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [17/Nov/2005:22:30:40 -0300] NSMMReplicationPlugin - agmt="cn=prueb" (organiza-a6b090:389): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error -5973 (A directory lookup on a network address has failed.) [17/Nov/2005:22:35:40 -0300] NSMMReplicationPlugin - agmt="cn=prueb" (organiza-a6b090:389): Simple bind resumed [17/Nov/2005:22:50:40 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [17/Nov/2005:23:00:40 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [17/Nov/2005:23:10:40 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [17/Nov/2005:23:25:40 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 [17/Nov/2005:23:50:40 -0300] NSMMReplicationPlugin - failed to send dirsync search request: 2 thanks a lot -------------- next part -------------- An HTML attachment was scrubbed... URL: From speedy_zinc at yahoo.com Mon Nov 21 05:49:08 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Sun, 20 Nov 2005 21:49:08 -0800 (PST) Subject: [Fedora-directory-users] what is LA/LAS? Message-ID: <20051121054908.25188.qmail@web36303.mail.mud.yahoo.com> I'm reading the ACL plugin code, and it mentioned about "LA" or "LAS". I grep the code of the whole DS, but couldn't really figure out what that is. Could someone give a brief explanation about that? thanks sz __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com From speedy_zinc at yahoo.com Mon Nov 21 05:57:40 2005 From: speedy_zinc at yahoo.com (speedy zinc) Date: Sun, 20 Nov 2005 21:57:40 -0800 (PST) Subject: [Fedora-directory-users] design docs of FDS? Message-ID: <20051121055740.28376.qmail@web36303.mail.mud.yahoo.com> Is there any design documents about the internals of FDS (that can be open sourced)? thanks sz __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From david_list at boreham.org Mon Nov 21 06:58:28 2005 From: david_list at boreham.org (David Boreham) Date: Sun, 20 Nov 2005 23:58:28 -0700 Subject: [Fedora-directory-users] what is LA/LAS? In-Reply-To: <20051121054908.25188.qmail@web36303.mail.mud.yahoo.com> References: <20051121054908.25188.qmail@web36303.mail.mud.yahoo.com> Message-ID: <43817014.3060103@boreham.org> speedy zinc wrote: >I'm reading the ACL plugin code, and it mentioned >about >"LA" or "LAS". I grep the code of the whole DS, but >couldn't really figure out what that is. > >Could someone give a brief explanation about that? > > Did you find libaccess and the nsacl headers ? The explanation (not brief unfortunately) lies in there. As far as I can tell, LAS stands for 'Logic Authorization Statement'. But really it's just a thingy in an ACL : like ip= or . This all might make more sense in light of the fact that when access control (or at least non-toy access control) was added to the server in the late '90's, the engineer that worked on the project used code from an existing access control facility that was in the Netscape web server at the time (and I guess still is). So all that LAS stuff is to allow abstraction of the specifics of access control (what is to be allowed to do which things to what resources) via call backs. From david_list at boreham.org Mon Nov 21 07:01:38 2005 From: david_list at boreham.org (David Boreham) Date: Mon, 21 Nov 2005 00:01:38 -0700 Subject: [Fedora-directory-users] design docs of FDS? In-Reply-To: <20051121055740.28376.qmail@web36303.mail.mud.yahoo.com> References: <20051121055740.28376.qmail@web36303.mail.mud.yahoo.com> Message-ID: <438170D2.7070802@boreham.org> speedy zinc wrote: >Is there any design documents about the internals of >FDS (that can be open sourced)? > > There never were copious design docs. So if you want more than is posted here: http://directory.fedora.redhat.com/wiki/Architecture the answer is probably 'no'. From rmeggins at redhat.com Mon Nov 21 14:49:25 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Nov 2005 07:49:25 -0700 Subject: [Fedora-directory-users] design docs of FDS? In-Reply-To: <438170D2.7070802@boreham.org> References: <20051121055740.28376.qmail@web36303.mail.mud.yahoo.com> <438170D2.7070802@boreham.org> Message-ID: <4381DE75.3000008@redhat.com> David Boreham wrote: > speedy zinc wrote: > >> Is there any design documents about the internals of >> FDS (that can be open sourced)? >> >> > There never were copious design docs. So if you want more > than is posted here: http://directory.fedora.redhat.com/wiki/Architecture > the answer is probably 'no'. We plan to make more and more of our design docs available on the wiki. If there is something specific you want to see, let us know and we might be able to make that available sooner rather than later. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From Jon.Jackson at identix.com Mon Nov 21 17:05:00 2005 From: Jon.Jackson at identix.com (Jackson, Jon) Date: Mon, 21 Nov 2005 11:05:00 -0600 Subject: [Fedora-directory-users] Binary Download links borken on main site -- Any mirrors? Message-ID: <78006EF781F40B47935AF941E9692FCC01C013D7@idxmnmail.identix.com> Hi, I've been trying to get ahold of the 1.0.2 binaries for FC4, but the link is dead (and is dead for FC3/RHEL4, FC2/RHEL3). Is there another place to get these? I've done some googling and can't seem to locate a mirror. And I can't seem to find a site maintainer's email address, so I'm reaching out to the users. How are you obtaining binaries? How finicky is the build process, If I were to build from the sources? Do the sources include the recently released tools? Thanks, JJ From Jon.Jackson at identix.com Mon Nov 21 17:30:13 2005 From: Jon.Jackson at identix.com (Jackson, Jon) Date: Mon, 21 Nov 2005 11:30:13 -0600 Subject: [Fedora-directory-users] Binary Download links borken on main site -- Any mirrors? Message-ID: <78006EF781F40B47935AF941E9692FCC01C013DC@idxmnmail.identix.com> All, Richard had already responded to my first post, sorry for the dupe. Thanks Richard M for the information. --JJ From mj at sci.fi Mon Nov 21 18:14:09 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 21 Nov 2005 20:14:09 +0200 Subject: [Fedora-directory-users] design docs of FDS? In-Reply-To: <4381DE75.3000008@redhat.com> References: <20051121055740.28376.qmail@web36303.mail.mud.yahoo.com> <438170D2.7070802@boreham.org> <4381DE75.3000008@redhat.com> Message-ID: <43820E71.3070907@sci.fi> Richard Megginson wrote: > David Boreham wrote: > >> speedy zinc wrote: >> >>> Is there any design documents about the internals of >>> FDS (that can be open sourced)? >>> >>> >> There never were copious design docs. So if you want more >> than is posted here: http://directory.fedora.redhat.com/wiki/Architecture >> the answer is probably 'no'. > > > We plan to make more and more of our design docs available on the wiki. > If there is something specific you want to see, let us know and we might > be able to make that available sooner rather than later. I'd like to see the high-level architectural blueprints (big picture) published, e.g. AutoCad, UML, or however they were drawn; something which is a little more detailed than one arrow pointing from the backend to the frontend. BR, Mike From rmeggins at redhat.com Mon Nov 21 18:23:22 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Nov 2005 11:23:22 -0700 Subject: [Fedora-directory-users] design docs of FDS? In-Reply-To: <43820E71.3070907@sci.fi> References: <20051121055740.28376.qmail@web36303.mail.mud.yahoo.com> <438170D2.7070802@boreham.org> <4381DE75.3000008@redhat.com> <43820E71.3070907@sci.fi> Message-ID: <4382109A.9090207@redhat.com> Mike Jackson wrote: > Richard Megginson wrote: > >> David Boreham wrote: >> >>> speedy zinc wrote: >>> >>>> Is there any design documents about the internals of >>>> FDS (that can be open sourced)? >>>> >>>> >>> There never were copious design docs. So if you want more >>> than is posted here: >>> http://directory.fedora.redhat.com/wiki/Architecture >>> the answer is probably 'no'. >> >> >> >> We plan to make more and more of our design docs available on the >> wiki. If there is something specific you want to see, let us know >> and we might be able to make that available sooner rather than later. > > > I'd like to see the high-level architectural blueprints (big picture) > published, e.g. AutoCad, UML, So would I. > or however they were drawn; By hand. > something which is a little more detailed than one arrow pointing from > the backend to the frontend. The source code is very detailed in this respect :-) > > > BR, > Mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Mon Nov 21 18:28:48 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 21 Nov 2005 20:28:48 +0200 Subject: [Fedora-directory-users] Binary Download links borken on main site -- Any mirrors? In-Reply-To: <78006EF781F40B47935AF941E9692FCC01C013D7@idxmnmail.identix.com> References: <78006EF781F40B47935AF941E9692FCC01C013D7@idxmnmail.identix.com> Message-ID: <438211E0.8050807@sci.fi> Jackson, Jon wrote: > Hi, > > I've been trying to get ahold of the 1.0.2 binaries for FC4, but the > link is dead (and is dead for FC3/RHEL4, FC2/RHEL3). Is there another > place to get these? I've done some googling and can't seem to locate a > mirror. And I can't seem to find a site maintainer's email address, so > I'm reaching out to the users. How are you obtaining binaries? > > How finicky is the build process, If I were to build from the sources? > Do the sources include the recently released tools? I built 1.0 from source with dsbuild, on my RHEL4 laptop, and it worked for me (tm). The admin console is really fast now with apache, compared to how it performed with the previous backend ns-httpd. I mean to say that it is a major performance improvement. This is the first time IMO that the admin console is actually "usable". I ran into one small hiccup while the admin server was building, where it refused to build with jdk1.5.0. Dropping back to 1.4.2 solved the problem. Actually, I keep both of them in /usr/java, and just move the jdk symlink back and forth as needed. JAVA_HOME is set to /usr/java/jdk. Note that you need httpd and httpd-devel packages on a RHEL/FC machine before 1.0 will build with dsbuild, since apxs is required for building mod_restart. BR, -- mike From mj at sci.fi Mon Nov 21 18:38:42 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 21 Nov 2005 20:38:42 +0200 Subject: [Fedora-directory-users] design docs of FDS? In-Reply-To: <4382109A.9090207@redhat.com> References: <20051121055740.28376.qmail@web36303.mail.mud.yahoo.com> <438170D2.7070802@boreham.org> <4381DE75.3000008@redhat.com> <43820E71.3070907@sci.fi> <4382109A.9090207@redhat.com> Message-ID: <43821432.80903@sci.fi> Richard Megginson wrote: > > By hand. Well, maybe you could put those bar napkins on a flat-bed scanner and post some jpgs on the wiki :-) -- mike From rmeggins at redhat.com Mon Nov 21 19:24:44 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Nov 2005 12:24:44 -0700 Subject: [Fedora-directory-users] design docs of FDS? In-Reply-To: <43821432.80903@sci.fi> References: <20051121055740.28376.qmail@web36303.mail.mud.yahoo.com> <438170D2.7070802@boreham.org> <4381DE75.3000008@redhat.com> <43820E71.3070907@sci.fi> <4382109A.9090207@redhat.com> <43821432.80903@sci.fi> Message-ID: <43821EFC.3040101@redhat.com> Mike Jackson wrote: > Richard Megginson wrote: > >> >> By hand. > > > Well, maybe you could put those bar napkins on a flat-bed scanner and > post some jpgs on the wiki :-) Yes, well, that would work, except for the scotch^H^H^H^H^H^Hbeer^H^H^H^Hwater stains :-) But seriously, we have a lot of docs, we just need to go through them, fix up the copyrights, and post them. Once FDS.next is out, you should begin to see these trickling out. > > -- > mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Nov 21 19:26:48 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Nov 2005 12:26:48 -0700 Subject: [Fedora-directory-users] Binary Download links borken on main site -- Any mirrors? In-Reply-To: <438211E0.8050807@sci.fi> References: <78006EF781F40B47935AF941E9692FCC01C013D7@idxmnmail.identix.com> <438211E0.8050807@sci.fi> Message-ID: <43821F78.9060906@redhat.com> Mike Jackson wrote: > Jackson, Jon wrote: > >> Hi, >> >> I've been trying to get ahold of the 1.0.2 binaries for FC4, but the >> link is dead (and is dead for FC3/RHEL4, FC2/RHEL3). Is there another >> place to get these? I've done some googling and can't seem to locate a >> mirror. And I can't seem to find a site maintainer's email address, so >> I'm reaching out to the users. How are you obtaining binaries? >> >> How finicky is the build process, If I were to build from the sources? >> Do the sources include the recently released tools? > > > > I built 1.0 from source with dsbuild, on my RHEL4 laptop, and it > worked for me (tm). The admin console is really fast now with apache, > compared to how it performed with the previous backend ns-httpd. I > mean to say that it is a major performance improvement. This is the > first time IMO that the admin console is actually "usable". Note that 1.0 is not yet fully baked - that's why we dropped the download links. So if it works for you, that's great. If not, we'd really like to find out how/where it doesn't work. > > I ran into one small hiccup while the admin server was building, > where it refused to build with jdk1.5.0. What problems did you see? > Dropping back to 1.4.2 solved the problem. Actually, I keep both of > them in /usr/java, and just move the jdk symlink back and forth as > needed. JAVA_HOME is set to /usr/java/jdk. > > Note that you need httpd and httpd-devel packages on a RHEL/FC > machine before 1.0 will build with dsbuild, since apxs is required for > building mod_restart. > > BR, > -- > mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Mon Nov 21 19:53:06 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 21 Nov 2005 21:53:06 +0200 Subject: [Fedora-directory-users] Binary Download links borken on main site -- Any mirrors? In-Reply-To: <43821F78.9060906@redhat.com> References: <78006EF781F40B47935AF941E9692FCC01C013D7@idxmnmail.identix.com> <438211E0.8050807@sci.fi> <43821F78.9060906@redhat.com> Message-ID: <438225A2.2070909@sci.fi> Richard Megginson wrote: > > Note that 1.0 is not yet fully baked - that's why we dropped the > download links. So if it works for you, that's great. If not, we'd > really like to find out how/where it doesn't work. Well, I just built it and started it up on the laptop to see the new features, etc. It's been running for 3 days now without a problem, but I haven't done any extensive testing. I even had it replicating with a FDS 7.1 server in multi-master for a while, as I was writing the mmr.pl script which is now found on the wiki. >> I ran into one small hiccup while the admin server was building, >> where it refused to build with jdk1.5.0. > > > What problems did you see? I didn't record it, but iirc it said something about "enum" not working the same (or at all) in 1.5.0... -- mike From david_list at boreham.org Mon Nov 21 21:34:59 2005 From: david_list at boreham.org (David Boreham) Date: Mon, 21 Nov 2005 14:34:59 -0700 Subject: [Fedora-directory-users] design docs of FDS? In-Reply-To: <43820E71.3070907@sci.fi> References: <20051121055740.28376.qmail@web36303.mail.mud.yahoo.com> <438170D2.7070802@boreham.org> <4381DE75.3000008@redhat.com> <43820E71.3070907@sci.fi> Message-ID: <43823D83.2090104@boreham.org> > I'd like to see the high-level architectural blueprints (big picture) > published, e.g. AutoCad, UML, or however they were drawn; something > which is a little more detailed than one arrow pointing from the > backend to the frontend. Better start drawing then ;) From wilmer5 at gmail.com Tue Nov 22 18:16:22 2005 From: wilmer5 at gmail.com (Wilmer Jaramillo) Date: Tue, 22 Nov 2005 14:16:22 -0400 Subject: [Fedora-directory-users] Consult about experience with Red Hat Directory Server Message-ID: <2b26c4260511221016n1b7fba4em@mail.gmail.com> i want know cases of study and experiences of installation and implantation of form satisfactory of software in other institutions and/or companies the part of Red Hat Inc. around the world or in Latinoamerica in the framework of yours extensive trajectory in this matter. Thanks and Greetings. Wil. From sboggs at trustedcs.com Tue Nov 22 20:57:24 2005 From: sboggs at trustedcs.com (Scott Boggs) Date: Tue, 22 Nov 2005 14:57:24 -0600 Subject: [Fedora-directory-users] Active Directory Interaction Message-ID: <43838634.30104@trustedcs.com> I have recently started working with the fedora directory server and I think the project totally rocks!. I am hoping that a seasoned directory server veteran can educate me on where I am going wrong with setting a Fedora-ds and Active directory server to sync passwords. The following is my configuration and observations: I am running Fedora Core 4 loaded with the fedora-ds-7.1-2.RHEL4.i386.opt.rpm that the project provided for evaluation. Part of my evaluation is to demonstrate how the the directory sever will interact with a active directory system. I have followed the instructions listed in chapter 18 of the Red Hat Directory Server Administration Guide. Where I am running into issues is that the step 6 of the setup instructions states that once the suffix is selected within the console configuration area that sync can be chosen and a New Synchronization Agreement created. This area seems to be missing on my version. I am guessing that I have hit a limitation of the evaluation version and I need to now build my own to enable this functionality. Am I correct? If not, could someone please point me in the correct direction. Thank you for you time. From nkinder at redhat.com Tue Nov 22 21:11:44 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 22 Nov 2005 13:11:44 -0800 Subject: [Fedora-directory-users] Active Directory Interaction In-Reply-To: <43838634.30104@trustedcs.com> References: <43838634.30104@trustedcs.com> Message-ID: <43838990.9040903@redhat.com> Scott Boggs wrote: >I have recently started working with the fedora directory server and I >think the >project totally rocks!. I am hoping that a seasoned directory server >veteran can >educate me on where I am going wrong with setting a Fedora-ds and Active >directory >server to sync passwords. The following is my configuration and >observations: > >I am running Fedora Core 4 loaded with the >fedora-ds-7.1-2.RHEL4.i386.opt.rpm that >the project provided for evaluation. > >Part of my evaluation is to demonstrate how the the directory sever will >interact with >a active directory system. I have followed the instructions listed in >chapter 18 of the >Red Hat Directory Server Administration Guide. Where I am running into >issues is that >the step 6 of the setup instructions states that once the suffix is >selected within the console >configuration area that sync can be chosen and a New Synchronization >Agreement created. > >This area seems to be missing on my version. I am guessing that I have >hit a limitation of the >evaluation version and I need to now build my own to enable this >functionality. Am I correct? >If not, could someone please point me in the correct direction. > > Hi Scott, The binaries you have are not any sort of crippled, eval version. You can setup the Windows Sync feature. You need to right click on your dataqbase that is associated with your suffix under the "Configuration" tab in Console to create a new Windows Synch agreement. This is under the "Replication" item in the tree on the left-hand side of the Console. You most ilkely want to use the "userRoot" database. -NGK >Thank you for you time. > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: From cramert at musc.edu Tue Nov 22 22:00:22 2005 From: cramert at musc.edu (Thomas Cramer) Date: Tue, 22 Nov 2005 17:00:22 -0500 Subject: [Fedora-directory-users] Require SSL/TLS Only Connections Message-ID: <438394F6.5050802@musc.edu> I would like to require that *only* SSL/TLS connections be allowed to my server. This is not to be confused with wanting SSL client authentication. I had initially thought I could do this with ACI using the authmethod="ssl", however after looking at the documentation closely and experimentation this refers to do client based SSL authentication as well. I do have SSL/TLS set up correctly, I just want to disallow non-encrypted traffic. In OpenLDAP I would merely state "security ssf=128" to require SSL/TLS only connections. Anyone know how to do this in FDS? == tc From ulf.weltman at hp.com Wed Nov 23 04:39:21 2005 From: ulf.weltman at hp.com (Ulf Weltman) Date: Tue, 22 Nov 2005 20:39:21 -0800 Subject: [Fedora-directory-users] Require SSL/TLS Only Connections In-Reply-To: <438394F6.5050802@musc.edu> References: <438394F6.5050802@musc.edu> Message-ID: <4383F279.9070903@hp.com> Hello Thomas. You can disable the plain LDAP port by setting nsslapd-port to 0 in dse.ldif. The errors log should say that the non-secure port is disabled when you start up again. I don't think there's a way to get the server to require successful start-TLS on the plain port before accepting any other operations. Thomas Cramer wrote: > I would like to require that *only* SSL/TLS connections be allowed to > my server. This is not to be confused with wanting SSL client > authentication. I had initially thought I could do this with ACI > using the authmethod="ssl", however after looking at the documentation > closely and experimentation this refers to do client based SSL > authentication as well. I do have SSL/TLS set up correctly, I just > want to disallow non-encrypted traffic. > > > In OpenLDAP I would merely state "security ssf=128" to require SSL/TLS > only connections. > > Anyone know how to do this in FDS? > > > > == > tc > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From hartmut.woehrle at mail.pcom.de Wed Nov 23 15:40:16 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?iso-8859-1?q?W=F6hrle?=) Date: Wed, 23 Nov 2005 16:40:16 +0100 Subject: [Fedora-directory-users] Winsync Problem with NT4 Message-ID: <200511231640.16784.hartmut.woehrle@mail.pcom.de> Hello Everyone, it seems as if everyone is syncing with AD but not with an NT PDC.... except of me. I have a Problem while setting up a connection: I set up winsync at the PDC (not passwordsync up till now) and I try to initiate a first init-replication. Then nothing happens and the FDS says "Loop detected" But at the PDC side I see an entry in the usersync.log with tells me, which "uid=...." I'm using to connect. Maybe it is because I used the wrong password at the first try (PDC side)? I read in the manual that "After the service is installed and started the first time the password can only be changed via an LDAP modify operation, not the configuration file." Ldapmodify - where?? PDC or FDS side? But I'm not able to find the place where this PDC information would be stored in the FDS - so I guess ldapmodify at the PDC? Or is uninstall and re-install the only chance to fix it? See U Hartmut -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de From david_list at boreham.org Wed Nov 23 15:57:34 2005 From: david_list at boreham.org (David Boreham) Date: Wed, 23 Nov 2005 08:57:34 -0700 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <200511231640.16784.hartmut.woehrle@mail.pcom.de> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> Message-ID: <4384916E.5070202@boreham.org> Hartmut W?hrle wrote: >I have a Problem while setting up a connection: >I set up winsync at the PDC (not passwordsync up till now) and I try to >initiate a first init-replication. Then nothing happens and the FDS says >"Loop detected" > > Hi, can you post the entire log segment where this shows up please ? >But at the PDC side I see an entry in the usersync.log with tells me, which >"uid=...." I'm using to connect. > >Maybe it is because I used the wrong password at the first try (PDC side)? I >read in the manual that > > Wrong password would just mean that the connection would fail. It wouldn't have any persistent effect. >"After the service is installed and started the first time the password can >only be changed via an LDAP modify operation, not the configuration file." > >Ldapmodify - where?? PDC or FDS side? > > NTDS side (PDC machine). NTDS uses ApacheDS. ApacheDS stores its password in its database. However originally it always initialized that password to a known value. We were concerned about the security implications of that and made a change to the ApacheDS code such that the password is read from the config file rather than use the default value (which would be the same for all installations). In order to force users to set the password, I believe we refuse to function until it is set in the config file. At least that's how I remember it. I'd need to look at the code to be sure. Anyway, the ldapmodify operation will be to the userpassword attribute on the ApacheDS root entry. I'll look that up and post the command... Your problem may be that you haven't set the password in the first place. It should be possible to use ldapsearch to check that your ntds is up and running and answering LDAP searches correctly. Once that's proven, FDS should be able to sync with it ok using the same bind credentials and password. >But I'm not able to find the place where this PDC information would be stored >in the FDS - so I guess ldapmodify at the PDC? >Or is uninstall and re-install the only chance to fix it? > > You shouldn't need to reinstall. From hartmut.woehrle at mail.pcom.de Wed Nov 23 16:15:10 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?iso-8859-1?q?W=F6hrle?=) Date: Wed, 23 Nov 2005 17:15:10 +0100 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <4384916E.5070202@boreham.org> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <4384916E.5070202@boreham.org> Message-ID: <200511231715.10818.hartmut.woehrle@mail.pcom.de> Am Mittwoch, 23. November 2005 16:57 schrieb David Boreham: > Hi, can you post the entire log segment where this shows up please ? I have to setup the Loglevel to Replication to debug first... hope I can do it tomorrow. BTW. where can I set the loglevel for the usersync.log? The wrapper.conf entries about loglevels just make the wrapper.log bigger and more informative, but not the usersync.log > Wrong password would just mean that the connection would fail. It > wouldn't have any > persistent effect. Hmm, as I understand the "hardcoded" user at the PDC side is cn=admin,ou=system When I started the first time this user didn't exist - of security reasons our Admin is called different (Superroot for example). Does this have any effects? > Anyway, the ldapmodify operation will be to the userpassword attribute > on the ApacheDS root entry. I'll look that up and post the command... Would be nice :) And where is this ApacheDS? In the usual C:\Program Files\Red Hat Directory Synchronization > You shouldn't need to reinstall. Ufff.... Thanks -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de From david_list at boreham.org Wed Nov 23 16:22:08 2005 From: david_list at boreham.org (David Boreham) Date: Wed, 23 Nov 2005 09:22:08 -0700 Subject: [Fedora-directory-users] Require SSL/TLS Only Connections In-Reply-To: <4383F279.9070903@hp.com> References: <438394F6.5050802@musc.edu> <4383F279.9070903@hp.com> Message-ID: <43849730.8090104@boreham.org> >> I would like to require that *only* SSL/TLS connections be allowed to >> my server. This is not to be confused with wanting SSL client >> authentication. I had initially thought I could do this with ACI >> using the authmethod="ssl", however after looking at the >> documentation closely and experimentation this refers to do client >> based SSL authentication as well. I do have SSL/TLS set up >> correctly, I just want to disallow non-encrypted traffic. > This is interesting. I swear that we had a 'transport security type' aci las type. I remember talking about it as if it existed many times. However, when I look at the code I see that you are correct : the 'authmethod' thing is really looking for SASL_EXTERNAL/SSL authentication, and not SSL used as transport. Something for the todo list perhaps would be to add transport type: encrypted or not and so on. From hartmut.woehrle at mail.pcom.de Wed Nov 23 16:58:48 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?iso-8859-1?q?W=F6hrle?=) Date: Wed, 23 Nov 2005 17:58:48 +0100 Subject: [Fedora-directory-users] Winsync Problem with NT4 Message-ID: <200511231758.48323.hartmut.woehrle@mail.pcom.de> Am Mittwoch, 23. November 2005 16:57 schrieb David Boreham: > Hi, can you post the entire log segment where this shows up please ? I have to setup the Loglevel to Replication to debug first... hope I can do it tomorrow. BTW. where can I set the loglevel for the usersync.log? The wrapper.conf entries about loglevels just make the wrapper.log bigger and more informative, but not the usersync.log > Wrong password would just mean that the connection would fail. It > wouldn't have any > persistent effect. Hmm, as I understand the "hardcoded" user at the PDC side is cn=admin,ou=system When I started the first time this user didn't exist - of security reasons our Admin is called different (Superroot for example). Does this have any effects? > Anyway, the ldapmodify operation will be to the userpassword attribute > on the ApacheDS root entry. I'll look that up and post the command... Would be nice :) And where is this ApacheDS? In the usual C:\Program Files\Red Hat Directory Synchronization > You shouldn't need to reinstall. Ufff.... Thanks -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From elliot at bozemanpass.com Fri Nov 25 18:04:19 2005 From: elliot at bozemanpass.com (Elliot Schlegelmilch) Date: Fri, 25 Nov 2005 11:04:19 -0700 Subject: [Fedora-directory-users] Winsync Problem with NT4 Message-ID: <43875223.409@bozemanpass.com> > Maybe it is because I used the wrong password at the first try (PDC side)? I > read in the manual that > "After the service is installed and started the first time the password can > only be changed via an LDAP modify operation, not the configuration file." I'm glad to hear someone is giving this a try. A ldapmodify command similar to this can change the default password: ldapmodify -D 'uid=admin,ou=system' -h pdc.my.domain -p 389 -w secret dn: uid=admin,ou=system changetype: modify replace: userpassword userpassword: foob4r Then I believe you use this user and password (uid=admin,ou=system, foob4r) in the replication agreement. Regards, Elliot From kevin_myer at iu13.org Sat Nov 26 20:42:25 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Sat, 26 Nov 2005 15:42:25 -0500 Subject: [Fedora-directory-users] Apps switched in SysV admin init script Message-ID: <20051126154225.ftmejcur1pcro4sk@webapps.iu13.org> The SysV init script at: http://www.directory.fedora.redhat.com/download/fedora-ds-admin-init.d has the apps for stopping and restarting the admin service switched. Can someone update the Wiki with the following change? --- fedora-ds-admin-init.d 2005-11-26 15:38:24.000000000 -0500 +++ fedora-ds-admin-init.d 2005-11-26 15:38:36.000000000 -0500 @@ -14,8 +14,8 @@ # Set up some common variables before we launch into what might be # considered boilerplate by now. path_start=/opt/fedora-ds/start-admin -path_restart=/opt/fedora-ds/stop-admin -path_stop=/opt/fedora-ds/restart-admin +path_restart=/opt/fedora-ds/restart-admin +path_stop=/opt/fedora-ds/stop-admin path=./ns-httpd prog="Fedora-DS Admin" Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From Barry.R.Ribbeck at rice.edu Mon Nov 28 03:06:13 2005 From: Barry.R.Ribbeck at rice.edu (Barry R Ribbeck) Date: Sun, 27 Nov 2005 21:06:13 -0600 Subject: [Fedora-directory-users] SASL-GSSAPI and KRB5 Message-ID: <438A7425.1040701@rice.edu> I am trying to use SASL-GSSAPI to leverage our Kerberos V authentication REALM with Fedora Directory server. When I search anonymously for supported SASL mechanisms, I get the following response. Seeing GSSAPI is comforting, but I am sure that is not the whole story. I am running the directory on RHL E3 with SASL2. What I am looking for are some docs for the entire process. Turbo Fredriksson has some excellent docs on Open LDAP, but they don't seem to map well to the Fedora Directory. Any suggestion would be greatly apprectiated and I would love to document the process for others. ldapsearch -H ldaps://FQDN/ -x -b "" -s base -LLL supportedSASLMechanisms dn: supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: PLAIN supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: ANONYMOUS When I attempt to bind to the directory and search for the same information with the command line below. ldapsearch -Y GSSAPI -X u: -b "" -s base -LLL -H ldaps://FQDN supportedSASLMechanism I get the following command line error SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context and the following directory error log error [27/Nov/2005:20:21:18 -0600] - new SSL connection on 69 [27/Nov/2005:20:21:18 -0600] - activity on 69r [27/Nov/2005:20:21:18 -0600] - read activity on 69 [27/Nov/2005:20:21:18 -0600] - conn 12 activity level = 0 [27/Nov/2005:20:21:18 -0600] - sasl(2): GSSAPI Error: Miscellaneous failure (Bad encryption type)[27/Nov/2005:20:21:18 -0600] - listener got signaled The directory seems to support SASL, and SASL2 is installed, I am just not sure if anything else is required. A blank ldapsearch reveals the following ldapsearch SASL/DIGEST-MD5 authentication started The directory docs are pretty thin. Any help would be appreciated. From david_list at boreham.org Mon Nov 28 03:31:41 2005 From: david_list at boreham.org (David Boreham) Date: Sun, 27 Nov 2005 20:31:41 -0700 Subject: [Fedora-directory-users] SASL-GSSAPI and KRB5 In-Reply-To: <438A7425.1040701@rice.edu> References: <438A7425.1040701@rice.edu> Message-ID: <438A7A1D.7070009@boreham.org> Barry R Ribbeck wrote: > I am trying to use SASL-GSSAPI to leverage our Kerberos V > authentication REALM with Fedora Directory server. When I search > anonymously for supported SASL mechanisms, I get the following > response. Seeing GSSAPI is comforting, but I am sure that is not the > whole story. I am running the directory on RHL E3 with SASL2. What I > am looking for are some docs for the entire process. Turbo > Fredriksson has some excellent docs on Open LDAP, but they don't seem > to map well to the Fedora Directory. Any suggestion would be greatly > apprectiated and I would love to document the process for others. There isn't a whole lot to document here, since the server is punting the payload to GSSAPI, much the same as OL does. The differences are in user identity mapping, but it would appear that you haven't got that far yet. The initial handshake isn't completing. > When I attempt to bind to the directory and search for the same > information with the command line below. > > ldapsearch -Y GSSAPI -X u: -b "" -s base -LLL -H > ldaps://FQDN supportedSASLMechanism Did you really mean to initiate a SASL/GSSAPI bind over SSL ? I'm not sure that will work. It might, but it may not be supported. I know for sure that encrypted gssapi will _not_ work. It uses the same layered I/O hooks that SSL does, and you can't have both active at the same time (nor would you want to AFAIK). Try the non-ssl port and see what happens. From joe at openpower.com.tw Mon Nov 28 03:32:04 2005 From: joe at openpower.com.tw (joe) Date: Mon, 28 Nov 2005 11:32:04 +0800 Subject: [Fedora-directory-users] What does "Cert Token" mean? Message-ID: <1133148724.15472.14.camel@mrjnote> Dear all When I tried to fill all of fields of passSync service in windows 2000. I didn't really know what should I put in Cert Token field. The Document answer is "password". But I want to understand what it means? Thanks a lot. Joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From hartmut.woehrle at mail.pcom.de Fri Nov 25 08:56:00 2005 From: hartmut.woehrle at mail.pcom.de (Hartmut =?iso-8859-1?q?W=F6hrle?=) Date: Fri, 25 Nov 2005 09:56:00 +0100 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <4384916E.5070202@boreham.org> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <4384916E.5070202@boreham.org> Message-ID: <200511250956.00492.hartmut.woehrle@mail.pcom.de> Am Mittwoch, 23. November 2005 16:57 schrieb David Boreham: > Hi, can you post the entire log segment where this shows up please ? OK, attached is the Error Log (error-loglevel set to Replication debugging) > Wrong password would just mean that the connection would fail. It > wouldn't have any > persistent effect. Hmm, I also did a ldapsearch and got the "Invalid Credential" (log at the end) So this means it uses the wrong password. Because I tried a different one than the actual. But when starting the ldapsearch, does it login to the ApacheDS without using PDC data? Or is there a connection? And what should come out.... - the whole PDC tree I think, but I'm not sure. > > NTDS side (PDC machine). NTDS uses ApacheDS. ApacheDS stores > its password in its database. However originally it always initialized that > password to a known value. We were concerned about the security > implications of that and made a change to the ApacheDS code such that > the password is read from the config file rather than use the default value > (which would be the same for all installations). In order to force users > to set the password, I believe we refuse to function until it is set in the > config file. At least that's how I remember it. I'd need to look at the > code to be sure. But it uses which user? uid=admin,ou=system as default ApacheDS root entry? And what happens, when this User doesn't exist? And the password is set to a value I can not remember? I think the only chance to solve this problem is to reinstall (deinstall deletes the DS - right?) the whole winsync and have - now - the user admin and use its password. > > Anyway, the ldapmodify operation will be to the userpassword attribute > on the ApacheDS root entry. I'll look that up and post the command... > > Your problem may be that you haven't set the password in the first place. > It should be possible to use ldapsearch to check that your ntds is up > and running and answering LDAP searches correctly. Once that's proven, > FDS should be able to sync with it ok using the same bind credentials > and password. > ldapsearch works, but (as you can see below) my bind password is wrong (or I can't remember.... :) ) -------------- Begin of LOG ------------------------ [root at fedorads001 slapd-fedorads001]# ldapsearch -v -D "uid=admin,ou=system" -x -w mysecret -h 192.168.1.218 -t "*" ldap_initialize( ldap://192.168.1.218 ) ldap_bind: Invalid credentials (49) additional info: Bind failure: org.apache.ldap.common.exception.LdapAuthenticationException at org.apache.ldap.server.authn.AuthenticationService.process(AuthenticationService.java:297) at org.apache.ldap.server.interceptor.InterceptorChain$3.process(InterceptorChain.java:578) at org.apache.ldap.server.interceptor.BaseInterceptor.process(BaseInterceptor.java:185) at org.apache.ldap.server.normalization.NormalizationService.process(NormalizationService.java:162) at org.apache.ldap.server.interceptor.BaseInterceptor.process(BaseInterceptor.java:101) at org.apache.ldap.server.interceptor.InterceptorChain.process(InterceptorChain.java:478) at org.apache.ldap.server.jndi.JndiProvider.invoke(JndiProvider.java:171) at org.apache.ldap.server.jndi.JndiProvider$PartitionNexusImpl.hasEntry(JndiProvider.java:247) at org.apache.ldap.server.jndi.ServerContext.(ServerContext.java:118) at org.apache.ldap.server.jndi.ServerDirContext.(ServerDirContext.java:61) at org.apache.ldap.server.jndi.ServerLdapContext.(ServerLdapContext.java:56) at org.apache.ldap.server.jndi.JndiProvider.getLdapContext(JndiProvider.java:122) at org.apache.ldap.server.jndi.CoreContextFactory.getInitialContext(CoreContextFactory.java:245) at org.apache.ldap.server.jndi.ServerContextFactory.getInitialContext(ServerContextFactory.java:154) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.ldap.InitialLdapContext.(Unknown Source) at org.apache.ldap.server.protocol.BindHandler.messageReceived(BindHandler.java:134) at org.apache.mina.protocol.handler.DemuxingProtocolHandler.messageReceived(DemuxingProtocolHandler.java:69) at org.apache.mina.protocol.AbstractProtocolFilterChain$2.messageReceived(AbstractProtocolFilterChain.java:149) at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:363) at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1100 (AbstractProtocolFilterChain.java:50) at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524) at org.apache.mina.protocol.AbstractProtocolFilterChain$1.messageReceived(AbstractProtocolFilterChain.java:99) at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:363) at org.apache.mina.protocol.AbstractProtocolFilterChain.messageReceived(AbstractProtocolFilterChain.java:354) at org.apache.mina.protocol.ProtocolSessionManagerFilterChain$1.messageReceived(ProtocolSessionManagerFilterChain.java:77) at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:363) at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1100 (AbstractProtocolFilterChain.java:50) at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524) at org.apache.mina.protocol.filter.ProtocolThreadPoolFilter.processEvent(ProtocolThreadPoolFilter.java:96) at org.apache.mina.util.BaseThreadPool$Worker.processEvents(BaseThreadPool.java:340) at org.apache.mina.util.BaseThreadPool$Worker.run(BaseThreadPool.java:279) BindRequest = org.apache.ldap.common.message.BindRequestImpl at da9067 -------------- End of LOG ------------------------ Btw... It would be nice to find a schema (written or drawn) which tells me (or everyone) how winsync and passwordsync works. The Pictures in the manuals tell me the way which way the servers exchange informations, but within the PDC (or AD) I don't know anything - it is a black box. And .... I didn't find the sources to check by myself - is it closed source? See U Hartmut -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de -------------- next part -------------- [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - Running Dirsync [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> ready_to_acquire_replica [24/Nov/2005:14:02:14 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:02:14 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:02:14 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:02:14 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:02:14 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:02:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:02:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:02:18 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:02:18 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:02:18 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:02:18 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:02:18 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:02:18 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:02:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:02:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:02:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:02:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:02:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:02:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:02:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:02:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:02:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:02:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:02:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:02:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:02:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:02:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:02:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:02:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:02:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 11 seconds [24/Nov/2005:14:02:31 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:02:31 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:02:31 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:02:31 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:32 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): windows_inc_stop: protocol stopped after 1 seconds [24/Nov/2005:14:02:32 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:02:32 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:02:32 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:02:32 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:02:32 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:02:32 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:02:32 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:02:32 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:02:32 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error -5961 (TCP connection reset by peer.) [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start -> ready_to_acquire_replica [24/Nov/2005:14:02:33 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:02:33 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:02:33 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:02:33 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:02:33 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:02:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:02:37 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:02:37 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:02:37 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:02:37 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:02:37 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:02:37 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:02:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:02:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:02:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:02:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:02:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:02:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:02:43 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:02:43 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:02:43 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:02:43 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:02:43 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:02:43 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:02:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:02:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:02:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:02:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:02:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 11 seconds [24/Nov/2005:14:02:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:02:55 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:02:55 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:02:55 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:02:55 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:02:55 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:02:55 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:02:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:02:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:02:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:02:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:02:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:02:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 23 seconds [24/Nov/2005:14:03:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:03:19 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:03:20 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:03:20 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:03:20 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:03:20 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:03:20 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:03:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:03:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:03:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:03:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:03:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:03:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 47 seconds [24/Nov/2005:14:03:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:03:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:03:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:03:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:03:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:03:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:03:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:03:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:03:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:03:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:03:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:03:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:03:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 126 seconds [24/Nov/2005:14:04:07 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:04:07 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:04:07 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:04:07 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:04:07 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:04:07 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:04:07 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:04:07 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:04:07 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:04:07 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:04:07 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:04:07 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:04:07 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 287 seconds [24/Nov/2005:14:05:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:05:43 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:05:43 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:05:43 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:05:43 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:05:43 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:05:43 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:05:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:05:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:05:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:05:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:05:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:05:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 491 seconds [24/Nov/2005:14:07:14 +0100] NSMMReplicationPlugin - Running Dirsync [24/Nov/2005:14:07:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:07:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> ready_to_acquire_replica [24/Nov/2005:14:07:14 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:07:14 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:07:14 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:07:14 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:07:14 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:07:14 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:07:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:07:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:07:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:07:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:07:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:07:15 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:07:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:07:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:07:18 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:07:18 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:07:18 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:07:18 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:07:18 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:07:18 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:07:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:07:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:07:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:07:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:07:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:07:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:07:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:07:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:07:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:07:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:07:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:07:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:07:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:07:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:07:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:07:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:07:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:07:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:07:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 11 seconds [24/Nov/2005:14:07:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:07:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:07:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:07:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:07:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:07:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:07:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:07:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:07:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:07:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:07:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:07:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:07:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 23 seconds [24/Nov/2005:14:08:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:08:00 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:08:00 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:08:00 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:08:00 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:08:00 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:08:00 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:08:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:08:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:08:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:08:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:08:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:08:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 47 seconds [24/Nov/2005:14:08:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:08:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:08:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:08:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:08:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:08:37 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:08:37 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:08:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:08:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:08:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:08:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:08:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:08:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 107 seconds [24/Nov/2005:14:08:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:08:48 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:08:48 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:08:48 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:08:48 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:08:48 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:08:48 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:08:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:08:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:08:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:08:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:08:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:08:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 287 seconds [24/Nov/2005:14:08:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:08:55 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:08:55 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:08:55 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:08:55 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:08:55 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:08:55 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:08:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:08:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:08:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:08:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:08:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:08:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 580 seconds [24/Nov/2005:14:10:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:10:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:10:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:10:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:10:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:10:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:10:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:10:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:10:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:10:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:10:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:10:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:10:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 791 seconds [24/Nov/2005:14:12:14 +0100] NSMMReplicationPlugin - Running Dirsync [24/Nov/2005:14:12:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:12:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> ready_to_acquire_replica [24/Nov/2005:14:12:14 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:12:14 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:12:14 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:12:14 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:12:14 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:12:14 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:12:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:12:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:12:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:12:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:12:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:12:15 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:12:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:12:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:12:18 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:12:18 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:12:18 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:12:18 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:12:18 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:12:18 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:12:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:12:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:12:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:12:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:12:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:12:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 6 seconds [24/Nov/2005:14:12:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:12:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:12:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:12:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:12:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:12:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:12:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:12:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:12:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:12:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:12:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:12:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:12:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 11 seconds [24/Nov/2005:14:12:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:12:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:12:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:12:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:12:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:12:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:12:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:12:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:12:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:12:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:12:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:12:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:12:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 23 seconds [24/Nov/2005:14:13:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:13:00 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:13:00 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:13:00 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:13:00 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:13:00 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:13:00 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:13:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:13:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:13:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:13:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:13:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:13:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 47 seconds [24/Nov/2005:14:13:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:13:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:13:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:13:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:13:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:13:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:13:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:13:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:13:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:13:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:13:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:13:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:13:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 107 seconds [24/Nov/2005:14:13:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:13:48 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:13:48 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:13:48 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:13:48 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:13:48 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:13:48 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:13:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:13:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:13:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:13:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:13:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:13:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 287 seconds [24/Nov/2005:14:13:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:13:55 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:13:55 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:13:55 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:13:55 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:13:55 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:13:55 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:13:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:13:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:13:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:13:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:13:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:13:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 580 seconds [24/Nov/2005:14:15:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:15:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:15:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:15:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:15:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:15:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:15:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:15:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:15:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:15:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:15:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:15:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:15:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 791 seconds [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - Running Dirsync [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> ready_to_acquire_replica [24/Nov/2005:14:17:14 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:17:14 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:17:14 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:17:14 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:17:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:17:15 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:17:15 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:17:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:17:18 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:17:18 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:17:18 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:17:18 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:17:18 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:17:18 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:17:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:17:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:17:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:17:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:17:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:17:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 6 seconds [24/Nov/2005:14:17:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:17:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:17:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:17:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:17:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:17:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:17:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:17:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:17:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:17:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:17:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:17:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:17:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 11 seconds [24/Nov/2005:14:17:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:17:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:17:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:17:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:17:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:17:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:17:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:17:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:17:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:17:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:17:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:17:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:17:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 23 seconds [24/Nov/2005:14:18:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:18:00 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:18:00 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:18:00 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:18:00 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:18:00 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:18:00 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:18:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:18:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:18:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:18:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:18:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:18:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 47 seconds [24/Nov/2005:14:18:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:18:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:18:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:18:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:18:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:18:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:18:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:18:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:18:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:18:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:18:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:18:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:18:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 107 seconds [24/Nov/2005:14:18:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:18:48 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:18:48 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:18:48 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:18:48 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:18:48 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:18:48 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:18:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:18:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:18:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:18:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:18:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:18:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 288 seconds [24/Nov/2005:14:20:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:20:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:20:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:20:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:20:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:20:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:20:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:20:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:20:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:20:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:20:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:20:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:20:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 491 seconds [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - Running Dirsync [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> ready_to_acquire_replica [24/Nov/2005:14:22:14 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:22:14 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:22:14 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:22:14 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:22:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:22:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:22:18 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:22:18 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:22:18 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:22:18 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:22:18 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:22:18 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:22:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:22:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:22:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:22:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:22:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:22:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:22:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:22:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:22:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:22:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:22:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:22:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:22:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:22:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:22:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:22:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:22:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:22:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:22:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 12 seconds [24/Nov/2005:14:22:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:22:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:22:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:22:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:22:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:22:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:22:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:22:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:22:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:22:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:22:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:22:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:22:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 23 seconds [24/Nov/2005:14:23:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:23:00 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:23:00 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:23:00 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:23:00 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:23:00 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:23:00 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:23:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:23:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:23:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:23:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:23:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:23:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 47 seconds [24/Nov/2005:14:23:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:23:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:23:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:23:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:23:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:23:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:23:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:23:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:23:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:23:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:23:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:23:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:23:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 107 seconds [24/Nov/2005:14:23:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:23:48 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:23:48 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:23:48 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:23:48 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:23:48 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:23:48 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:23:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:23:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:23:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:23:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:23:49 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:23:49 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 287 seconds [24/Nov/2005:14:25:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:25:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:25:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:25:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 438348f3000000010000 438348f3 [24/Nov/2005:14:25:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:25:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:25:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:25:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:25:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:25:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:25:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:25:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:25:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 492 seconds [24/Nov/2005:14:25:32 +0100] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 4385bf4c000000010000 into pending list [24/Nov/2005:14:25:32 +0100] NSMMReplicationPlugin - Purged state information from entry ou=People, dc=home,dc=org up to CSN 437a0e73000000010000 [24/Nov/2005:14:25:32 +0100] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 4385bf4c000000010000 [24/Nov/2005:14:25:32 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - Running Dirsync [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> ready_to_acquire_replica [24/Nov/2005:14:27:14 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:27:14 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:27:14 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:27:14 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:27:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:27:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:27:18 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:27:18 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:27:18 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:27:18 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:27:18 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:27:18 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:27:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:27:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:27:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:27:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:27:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:27:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:27:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:27:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:27:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:27:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:27:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:27:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:27:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:27:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:27:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:27:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:27:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:27:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:27:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 11 seconds [24/Nov/2005:14:27:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:27:37 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:27:37 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:27:37 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:27:37 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:27:37 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:27:37 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:27:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:27:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:27:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:27:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:27:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:27:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 23 seconds [24/Nov/2005:14:28:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:28:00 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:28:00 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:28:00 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:28:00 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:28:00 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:28:00 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:28:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:28:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:28:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:28:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:28:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:28:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 48 seconds [24/Nov/2005:14:28:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:28:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:28:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:28:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:28:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:28:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:28:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:28:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:28:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:28:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:28:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:28:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:28:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 107 seconds [24/Nov/2005:14:28:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:28:48 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:28:48 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:28:48 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:28:48 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:28:48 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:28:48 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:28:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:28:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:28:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:28:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:28:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:28:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 287 seconds [24/Nov/2005:14:30:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:30:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:30:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:30:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:30:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:30:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:30:24 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:30:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:30:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:30:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:30:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:30:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:30:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 491 seconds [24/Nov/2005:14:31:48 +0100] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 4385c0c4000000010000 into pending list [24/Nov/2005:14:31:48 +0100] NSMMReplicationPlugin - conn=52 op=32 csn=4385c0c4000000010000 process postop: canceling operation csn [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - Running Dirsync [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> ready_to_acquire_replica [24/Nov/2005:14:32:14 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:32:14 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:32:14 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:32:14 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:32:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:32:17 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:32:17 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:32:17 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:32:17 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385bf4c000000010000 4385bf4c [24/Nov/2005:14:32:17 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:32:17 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:32:17 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:32:17 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:32:17 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:32:17 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:32:17 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:32:17 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:32:17 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:32:19 +0100] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 4385c0e3000000010000 into pending list [24/Nov/2005:14:32:19 +0100] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 4385c0e3000000010000 [24/Nov/2005:14:32:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:32:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:32:23 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:32:23 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:32:23 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c0e3000000010000 4385c0e3 [24/Nov/2005:14:32:23 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:32:23 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:32:23 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:32:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:32:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:32:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:32:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:32:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:32:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 11 seconds [24/Nov/2005:14:32:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:32:35 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:32:35 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:32:35 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c0e3000000010000 4385c0e3 [24/Nov/2005:14:32:35 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:32:35 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:32:35 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:32:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:32:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:32:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:32:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:32:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:32:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 23 seconds [24/Nov/2005:14:32:47 +0100] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 4385c0ff000000010000 into pending list [24/Nov/2005:14:32:47 +0100] conn=52 op=50 csn=4385c0ff000000010000 - Enter urp_get_min_naming_conflict_entry for cn=specialusers,dc=home,dc=org [24/Nov/2005:14:32:47 +0100] conn=52 op=50 csn=4385c0ff000000010000 - Leave urp_get_min_naming_conflict_entry (found 0 entries) [24/Nov/2005:14:32:47 +0100] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 4385c0ff000000010000 [24/Nov/2005:14:32:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:32:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:32:59 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:32:59 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:32:59 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c0ff000000010000 4385c0ff [24/Nov/2005:14:32:59 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:32:59 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:32:59 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:32:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:32:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:32:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:32:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:32:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:32:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 48 seconds [24/Nov/2005:14:33:11 +0100] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 4385c117000000010000 into pending list [24/Nov/2005:14:33:11 +0100] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 4385c117000000010000 [24/Nov/2005:14:33:11 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:33:28 +0100] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 4385c128000000010000 into pending list [24/Nov/2005:14:33:28 +0100] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 4385c128000000010000 [24/Nov/2005:14:33:28 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:33:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:33:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:33:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:33:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c128000000010000 4385c128 [24/Nov/2005:14:33:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:33:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:33:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:33:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:33:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:33:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:33:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:33:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:33:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 107 seconds [24/Nov/2005:14:33:43 +0100] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 4385c137000000010000 into pending list [24/Nov/2005:14:33:43 +0100] NSMMReplicationPlugin - Purged state information from entry uid=useradmin, ou=SpecialUsers,dc=home,dc=org up to CSN 437c86a8000000010000 [24/Nov/2005:14:33:43 +0100] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 4385c137000000010000 [24/Nov/2005:14:33:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:33:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:33:47 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:33:47 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:33:47 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c137000000010000 4385c137 [24/Nov/2005:14:33:47 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:33:47 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:33:47 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:33:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:33:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:33:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:33:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:33:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:33:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 287 seconds [24/Nov/2005:14:34:12 +0100] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 4385c154000000010000 into pending list [24/Nov/2005:14:34:12 +0100] NSMMReplicationPlugin - Purged state information from entry dc=home,dc=org up to CSN 437c86b7000000010000 [24/Nov/2005:14:34:12 +0100] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 4385c154000000010000 [24/Nov/2005:14:34:12 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> start [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start -> ready_to_acquire_replica [24/Nov/2005:14:34:38 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:34:38 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:34:38 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:34:38 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:34:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:34:42 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:34:42 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:34:42 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:34:42 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:34:42 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:34:42 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:34:42 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:34:42 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:34:42 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:34:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:34:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:34:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:34:43 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:34:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:34:48 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:34:48 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:34:48 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:34:48 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:34:48 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:34:48 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:34:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:34:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:34:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:34:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:34:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:34:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 12 seconds [24/Nov/2005:14:34:50 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:34:50 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:34:50 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:34:50 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): windows_inc_stop: protocol stopped after 0 seconds [24/Nov/2005:14:34:51 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:34:51 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:34:51 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:34:51 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start -> ready_to_acquire_replica [24/Nov/2005:14:34:51 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:34:51 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:34:51 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:34:51 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:34:51 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:34:55 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:34:55 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:34:56 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:34:56 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:34:56 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:34:56 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:34:56 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:34:56 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:34:56 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:34:56 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:34:56 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:34:56 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:34:56 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:35:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:35:01 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:35:01 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:35:01 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:35:01 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:35:01 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:35:01 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:35:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:35:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:35:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:35:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:35:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:35:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 12 seconds [24/Nov/2005:14:35:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:35:13 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:35:13 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:35:13 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:35:13 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:35:13 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:35:13 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:35:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:35:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:35:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:35:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:35:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:35:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 23 seconds [24/Nov/2005:14:35:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:35:23 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:35:23 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:35:23 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:35:23 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:35:23 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:35:23 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:35:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:35:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:35:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:35:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:35:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:35:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 61 seconds [24/Nov/2005:14:35:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:35:37 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:35:37 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:35:37 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:35:37 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:35:37 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:35:37 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:35:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:35:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:35:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:35:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:35:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:35:38 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 143 seconds [24/Nov/2005:14:36:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:36:25 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:36:25 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:36:25 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:36:25 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:36:25 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:36:25 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:36:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:36:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:36:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:36:26 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:36:26 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:36:26 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:36:26 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 287 seconds [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - Running Dirsync [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> ready_to_acquire_replica [24/Nov/2005:14:37:14 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:37:14 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:37:14 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:37:14 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:37:14 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:37:18 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:37:18 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:37:18 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:37:18 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:37:18 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:37:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:37:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:37:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:37:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:37:24 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:37:24 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:37:25 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:37:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:37:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:37:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:37:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:37:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:37:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:37:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 11 seconds [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:37:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:37:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:37:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:37:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:37:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 24 seconds [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:38:00 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:38:00 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:38:00 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:38:00 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:38:00 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 47 seconds [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:38:01 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:38:01 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:38:01 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:38:01 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:38:01 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 142 seconds [24/Nov/2005:14:38:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:38:36 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:38:36 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:38:36 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:38:36 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:38:36 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:38:36 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:38:36 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:38:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:38:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:38:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:38:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:38:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:38:37 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 299 seconds [24/Nov/2005:14:38:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:38:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:38:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:38:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): windows_inc_stop: protocol stopped after 0 seconds [24/Nov/2005:14:38:48 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:38:48 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:38:48 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:38:48 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start -> ready_to_acquire_replica [24/Nov/2005:14:38:48 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:38:48 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:38:48 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:38:48 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:38:48 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:38:52 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:38:52 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:38:52 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:38:52 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:38:52 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:38:58 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:38:58 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:38:58 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:38:58 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:38:58 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:38:58 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:38:58 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:38:58 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:38:58 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:38:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:38:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:38:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:38:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:38:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 11 seconds [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:39:10 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:39:10 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:39:10 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:39:10 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=specialusers,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:39:10 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 24 seconds [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> start [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start -> ready_to_acquire_replica [24/Nov/2005:14:39:19 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:39:19 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:39:19 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:39:19 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:39:19 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:39:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:39:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:39:20 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:39:20 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:39:23 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:39:23 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:39:23 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:39:23 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:39:23 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 6 seconds [24/Nov/2005:14:39:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:39:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:39:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:39:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): windows_inc_stop: protocol stopped after 1 seconds [24/Nov/2005:14:39:25 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:39:25 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:39:25 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:39:25 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger to cancel on the connection [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start -> ready_to_acquire_replica [24/Nov/2005:14:39:25 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:39:25 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:39:25 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:39:25 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - windows_acquire_replica returned transient_error (105) [24/Nov/2005:14:39:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: ready_to_acquire_replica -> start_backoff [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: start_backoff -> backoff [24/Nov/2005:14:39:30 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:39:30 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:39:30 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:39:30 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:39:30 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 5 seconds [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:39:35 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:39:35 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:39:35 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:39:35 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:39:35 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 12 seconds [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:39:47 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:39:47 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:39:47 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:39:47 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:39:47 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 23 seconds [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:40:11 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:40:11 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:40:11 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:40:11 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:40:11 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 47 seconds [24/Nov/2005:14:40:24 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:40:24 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:40:24 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:40:24 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:40:25 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:40:25 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:40:25 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:40:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:40:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:40:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:40:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:40:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:40:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:40:25 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 130 seconds [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:40:59 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:40:59 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:40:59 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:40:59 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:40:59 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 288 seconds [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): State: backoff -> backoff [24/Nov/2005:14:41:13 +0100] - acquire_replica, supplier RUV: [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - supplier: {replicageneration} 4383139d000000010000 [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - supplier: {replica 1 ldap://fedorads001.home.org:389} 43832d4e000000010000 4385c154000000010000 4385c154 [24/Nov/2005:14:41:13 +0100] - acquire_replica, consumer RUV: [24/Nov/2005:14:41:13 +0100] - acquire_replica, consumer RUV = null [24/Nov/2005:14:41:13 +0100] - acquire_replica, supplier RUV is newer [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Trying non-secure slapi_ldap_init [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): binddn = uid=useradmin,ou=special users,dc=home,dc=org, passwd = {DES}123mypass456-erht== [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Simple bind resumed [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Disconnected from the consumer [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Beginning linger on the connection [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): No linger on the closed conn [24/Nov/2005:14:41:13 +0100] NSMMReplicationPlugin - agmt="cn=PDC-Sync" (winpdc:389): Replication session backing off for 573 seconds From philip at lembobrothers.com Sun Nov 27 07:41:44 2005 From: philip at lembobrothers.com (Philip Lembo) Date: Sun, 27 Nov 2005 02:41:44 -0500 Subject: [Fedora-directory-users] Creating Replication Agreements at the Command Line Message-ID: <43896338.3070406@lembobrothers.com> If anyone has successfully set up replication end-to-end (starting with configuring the replicas and on to creating and enabling a replication agreement) from the command line as opposed to using the GUI console, I'd appreciate seeing any notes they may have on the subject. While the Red Hat doc does a terrific job of covering replication (someone should get a medal for the troubleshooting section ...), there's no discussion there on how to administer this from the command line. For reliability and efficiency reasons I've been doing more and more of my directory management using command line tools, and would like to extend this into replication management. Thanks in advance. Phil Lembo From rcritten at redhat.com Mon Nov 28 14:05:07 2005 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 28 Nov 2005 09:05:07 -0500 Subject: [Fedora-directory-users] Apps switched in SysV admin init script In-Reply-To: <20051126154225.ftmejcur1pcro4sk@webapps.iu13.org> References: <20051126154225.ftmejcur1pcro4sk@webapps.iu13.org> Message-ID: <438B0E93.5040709@redhat.com> Done. Nice catch. rob Kevin M. Myer wrote: > The SysV init script at: > > http://www.directory.fedora.redhat.com/download/fedora-ds-admin-init.d > > has the apps for stopping and restarting the admin service switched. > Can someone update the Wiki with the following change? > > --- fedora-ds-admin-init.d 2005-11-26 15:38:24.000000000 -0500 > +++ fedora-ds-admin-init.d 2005-11-26 15:38:36.000000000 -0500 > @@ -14,8 +14,8 @@ > # Set up some common variables before we launch into what might be > # considered boilerplate by now. > path_start=/opt/fedora-ds/start-admin > -path_restart=/opt/fedora-ds/stop-admin > -path_stop=/opt/fedora-ds/restart-admin > +path_restart=/opt/fedora-ds/restart-admin > +path_stop=/opt/fedora-ds/stop-admin > path=./ns-httpd > prog="Fedora-DS Admin" > > > Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From ckannan at redhat.com Mon Nov 28 14:27:12 2005 From: ckannan at redhat.com (Chandrasekar Kannan) Date: Mon, 28 Nov 2005 06:27:12 -0800 Subject: [Fedora-directory-users] What does "Cert Token" mean? In-Reply-To: <1133148724.15472.14.camel@mrjnote> References: <1133148724.15472.14.camel@mrjnote> Message-ID: <438B13C0.3040508@redhat.com> "Cert token" is the password for the certificate/key database ( cert8.db,key3.db,secmod.db ) that you need to create under C:\Program Files\Red Hat Directory Password Synchronization. This database should at least contain/trust the CA certificate that signed your redhat directory 'server certificate'. --Chandra joe wrote: > Dear all > > When I tried to fill all of fields of passSync service in windows > 2000. I didn't really know what should I put in Cert Token field. > > The Document answer is "password". But I want to understand what > it means? Thanks a lot. > > Joe > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From lembo at optonline.net Mon Nov 28 14:48:01 2005 From: lembo at optonline.net (lembo at optonline.net) Date: Mon, 28 Nov 2005 09:48:01 -0500 Subject: [Fedora-directory-users] Creating Replication Agreements at the Command Line Message-ID: Not sure if this was up there when I asked my original question, but I've found an answer that addresses it perfectly for me -- a Fedora DS HOWTO! http://directory.fedora.redhat.com/wiki/Howto:MultiMasterReplication Phil Lembo From bribbeck at rice.edu Mon Nov 28 15:00:17 2005 From: bribbeck at rice.edu (Barry R. Ribbeck) Date: Mon, 28 Nov 2005 09:00:17 -0600 Subject: [Fedora-directory-users] SASL-GSSAPI - KRB5 In-Reply-To: <20051128133357.11A7A72F5A@hormel.redhat.com> References: <20051128133357.11A7A72F5A@hormel.redhat.com> Message-ID: <438B1B81.8010200@rice.edu> SASL-GSAPPI - Kerberos When I attempt to bind to the directory and search for the same > information with the command line below. > > ldapsearch -Y GSSAPI -X u: -b "" -s base -LLL -H > ldaps://FQDN supportedSASLMechanism Did you really mean to initiate a SASL/GSSAPI bind over SSL ? I'm not sure that will work. It might, but it may not be supported. I know for sure that encrypted gssapi will _not_ work. It uses the same layered I/O hooks that SSL does, and you can't have both active at the same time (nor would you want to AFAIK). Try the non-ssl port and see what happens. The new and improved error after changing from -H ldaps://..... to -H ldap://... follows SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context [28/Nov/2005:07:47:47 -0600] - new connection on 68 [28/Nov/2005:07:47:47 -0600] - activity on 68r [28/Nov/2005:07:47:47 -0600] - read activity on 68 [28/Nov/2005:07:47:47 -0600] - conn 10 activity level = 0 [28/Nov/2005:07:47:47 -0600] - sasl(2): GSSAPI Error: Miscellaneous failure (Bad encryption type)[28/Nov/2005:07:47:47 -0600] - listener got signaled [28/Nov/2005:07:47:47 -0600] - activity on 68r [28/Nov/2005:07:47:47 -0600] - read activity on 68 [28/Nov/2005:07:47:47 -0600] - listener got signaled Thanks for the hint. I did read that it would not be supported over SSL the competing port would be a valid reason. I did get the mapping pieces completed but had some difficulty understanding the REALMS docs. http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165 The docs state that GSS-API must be enabled as a SASL mechanism in the Directory to make this work, but it does not state how if this is the default or if not how to enable GSS-API. The Realms section reads as if I have to change the DN of all users in the directory to be under cn=gssapi,cn=auth and therefore the confusion. Thanks again for any clarity given Barry -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bribbeck.vcf Type: text/x-vcard Size: 249 bytes Desc: not available URL: From rmeggins at redhat.com Mon Nov 28 15:17:08 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Nov 2005 08:17:08 -0700 Subject: [Fedora-directory-users] Creating Replication Agreements at the Command Line In-Reply-To: <43896338.3070406@lembobrothers.com> References: <43896338.3070406@lembobrothers.com> Message-ID: <438B1F74.1000505@redhat.com> The Red Hat docs don't yet have this information. However, you may find this useful - http://directory.fedora.redhat.com/wiki/Howto:MultiMasterReplication Philip Lembo wrote: > If anyone has successfully set up replication end-to-end (starting > with configuring the replicas and on to creating and enabling a > replication agreement) from the command line as opposed to using the > GUI console, I'd appreciate seeing any notes they may have on the > subject. While the Red Hat doc does a terrific job of covering > replication (someone should get a medal for the troubleshooting > section ...), there's no discussion there on how to administer this > from the command line. For reliability and efficiency reasons I've > been doing more and more of my directory management using command line > tools, and would like to extend this into replication management. > Thanks in advance. > > Phil Lembo > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Mon Nov 28 15:35:39 2005 From: david_list at boreham.org (David Boreham) Date: Mon, 28 Nov 2005 08:35:39 -0700 Subject: [Fedora-directory-users] SASL-GSSAPI - KRB5 In-Reply-To: <438B1B81.8010200@rice.edu> References: <20051128133357.11A7A72F5A@hormel.redhat.com> <438B1B81.8010200@rice.edu> Message-ID: <438B23CB.9020406@boreham.org> >Thanks for the hint. I did read that it would not be supported over SSL the competing port would be a valid reason. I did get the mapping pieces completed but had some difficulty understanding the REALMS docs. http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165 >The docs state that GSS-API must be enabled as a SASL mechanism in the Directory to make this work, but it does not state how if this is the default or if not how to enable GSS-API. The Realms section reads as if I have to change the DN of all users in the directory to be under cn=gssapi,cn=auth and therefore the confusion. > > That 'realms' section in the doc is just plain wrong. In fact I'm not really sure how it got in there. Please disregard it altogether. From mj at sci.fi Mon Nov 28 15:52:04 2005 From: mj at sci.fi (Mike Jackson) Date: Mon, 28 Nov 2005 17:52:04 +0200 Subject: [Fedora-directory-users] Creating Replication Agreements at the Command Line In-Reply-To: References: Message-ID: <438B27A4.9020601@sci.fi> lembo at optonline.net wrote: > Not sure if this was up there when I asked my original question, but I've found an answer that addresses it perfectly for me -- a Fedora DS HOWTO! > > http://directory.fedora.redhat.com/wiki/Howto:MultiMasterReplication Hi, Please let me know if something in the howto is unclear, or if there are any bugs in the mmr.pl script so that I can make corrections. -- mike From mmontgomery at theplanet.com Mon Nov 28 16:32:39 2005 From: mmontgomery at theplanet.com (Michael Montgomery) Date: Mon, 28 Nov 2005 10:32:39 -0600 Subject: [Fedora-directory-users] Re: Re: ssl client authentication In-Reply-To: <20051117170005.5FC3973528@hormel.redhat.com> References: <20051117170005.5FC3973528@hormel.redhat.com> Message-ID: <1133195559.9534.6.camel@localhost> Does anyone possibly have an answer to these questions? I'm quite stumped at the moment, and would love to try and get this fully working. Thanks again. > Date: Thu, 17 Nov 2005 10:09:45 -0600 > From: Michael Montgomery > Subject: Re: Re: [Fedora-directory-users] ssl client authentication > To: fedora-directory-users at redhat.com > Message-ID: <1132243785.24437.11.camel at work> > Content-Type: text/plain > > Thank you very much for your response. I just have a couple more > questions so I can be sure I know what I'm talking about. > > > the directory server (your SSL server) replies with the certificate chain which includes > > the CA certificate, and the self-signed SSL certificate." > > I'm assuming the 'self-signed SSL cerificate' is the client's ssl > certificate I imported into the SSL server's store, and NOT the server's > own client certificate? > > > you should have the SSL certificate imported into your SSL client's security database, > > and it should be marked as trusted (i.e -t "CT,CT,CT"). > > Is there any documentation on how to do this with a RHEL4 server? The > only things that come to mind are the openssl dirs '/usr/share/ssl/*', > and possibly installing the certutil package on this machine...(but how > would the ldap.conf file reference this, and even know about it... I'm > curious about integration) > > >Another way to do this is to sign your SSL server certificate with your self-signed CA > > certificate, and import your CA certificate into your SSL client's security database. > > I'm assuming you're talking about this option to Sign/Validate a > self-signed cert: > > -V Validate a certificate > -n cert-name The nickname of the cert to Validate > -b time validity time ("YYMMDDHHMMSS[+HHMM|-HHMM|Z]") > -e Check certificate signature > -u certusage Specify certificate usage: > C SSL Client > V SSL Server > S Email signer > R Email Recipient > -d certdir Cert database directory (default is ~/.netscape) > -P dbprefix Cert & Key database prefix > -X force the database to open R/W > > But then there's still the above question of how to import it into > clients... > > Once again, thank you very much for your answers up to this point, as > they were quite helpful. > > Michael. From kevin_myer at iu13.org Tue Nov 29 00:10:31 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Mon, 28 Nov 2005 19:10:31 -0500 Subject: [Fedora-directory-users] Search by "uid" attribute returns duplicate results Message-ID: <20051128191031.buqoymry03y80g4w@webapps.iu13.org> Hello, I migrated a Netscape Directory Server 4.16 installation to Fedora Directory Server over the weekend. It went very smoothly, but I now have a puzzling problem. I have two servers setup in multimaster replication mode. On the one server, for one subtree only, if I search via the 'uid' attribute, each search returns two identical entries. On the other server, if I search via the 'uid' attribute, I get one entry. If I search on anything but the 'uid' attribute (say, for instance 'mail'), I get one result from both servers. The server that returns duplicate results for the 'uid' searches was running in a test mode prior to my migration. However, I wiped the database/subtree that had our organization accounts located in it prior to migrating. My initial suspicion is that I have a messed up index somewhere but I don't see how I would ever have been able to import duplicate sets of entries anyway, since we are using 'uid' as our RDN value. Further, if I export the data for that subtree, there are only one set of entries for each account. Thoughts on what might be occuring? Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From rmeggins at redhat.com Tue Nov 29 00:16:06 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Nov 2005 17:16:06 -0700 Subject: [Fedora-directory-users] Search by "uid" attribute returns duplicate results In-Reply-To: <20051128191031.buqoymry03y80g4w@webapps.iu13.org> References: <20051128191031.buqoymry03y80g4w@webapps.iu13.org> Message-ID: <438B9DC6.7010300@redhat.com> Kevin M. Myer wrote: > Hello, > > I migrated a Netscape Directory Server 4.16 installation to Fedora > Directory Server over the weekend. It went very smoothly, but I now > have a puzzling problem. I have two servers setup in multimaster > replication mode. On the one server, for one subtree only, if I > search via the 'uid' attribute, each search returns two identical > entries. On the other server, if I search via the 'uid' attribute, I > get one entry. If I search on anything but the 'uid' attribute (say, > for instance 'mail'), I get one result from both servers. > > The server that returns duplicate results for the 'uid' searches was > running in a test mode prior to my migration. However, I wiped the > database/subtree that had our organization accounts located in it > prior to migrating. My initial suspicion is that I have a messed up > index somewhere but I don't see how I would ever have been able to > import duplicate sets of entries anyway, since we are using 'uid' as > our RDN value. Sounds like a messed up index i.e. when you wiped the database/subtree, it didn't wipe the uid.db4 index file. However, if you initialized the database again by importing an LDIF file (e.g. by ldif2db, not ldapmodify -a), it should have wiped out the old index as well. > Further, if I export the data for that subtree, there are only one set > of entries for each account. Right, because there is only 1 real entry, it's just that there are two different uid values in the index pointing to your 1 real entry. > > Thoughts on what might be occuring? > > Kevin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Tue Nov 29 00:17:30 2005 From: david_list at boreham.org (David Boreham) Date: Mon, 28 Nov 2005 17:17:30 -0700 Subject: [Fedora-directory-users] Search by "uid" attribute returns duplicate results In-Reply-To: <20051128191031.buqoymry03y80g4w@webapps.iu13.org> References: <20051128191031.buqoymry03y80g4w@webapps.iu13.org> Message-ID: <438B9E1A.3010904@boreham.org> > Thoughts on what might be occuring? Not really. But I wonder if it's returning two entries or the same entry twice ? Can you try modifying an entry and see if 'both' copies are modified in the search results ? The next things I'd recommend would be running the search with logging verbosity turned way up and posting the results here. That should show us why the search returned two entries. Another thing to try is to use the dbscan utility to examine the indices. The fact that only one copy of the entries is output from db2ldif would suggest that there's really only one copy in the database, but somehow the index has become broken such that there are two copies of the same ID in the ID List. But that's not supposed to be able to happen... Sometimes migration can do strange things when it uses the underlying database files from the old server, but that wouldn't have happened in a 4.x to 7.x migration. From kevin_myer at iu13.org Tue Nov 29 00:26:20 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Mon, 28 Nov 2005 19:26:20 -0500 Subject: [Fedora-directory-users] Search by "uid" attribute returns duplicate results In-Reply-To: <438B9DC6.7010300@redhat.com> References: <20051128191031.buqoymry03y80g4w@webapps.iu13.org> <438B9DC6.7010300@redhat.com> Message-ID: <20051128192620.4oons0zuuggogow0@webapps.iu13.org> Quoting Richard Megginson : > Sounds like a messed up index i.e. when you wiped the > database/subtree, it didn't wipe the uid.db4 index file. However, > if you initialized the database again by importing an LDIF file (e.g. > by ldif2db, not ldapmodify -a), it should have wiped out the old > index as well. I used the Admin Console to do the creation/wiping and importing. Not sure which mechanism that invokes. So far it hasn't created major problems, except with RADIUS authentication, since freeradius apparently wants a unique entry when a LDAP BIND occurs. I'm envisioning the need to completely wipe things for this subtree on one server. If I disable replication both ways for this subtree, delete the subtree on the errant server, then enable replication and initialize from the good set of data, that should take care of things, right? Or is there an even simpler way to recreate the index? Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From tim at registriesltd.com.au Tue Nov 29 01:18:55 2005 From: tim at registriesltd.com.au (Tim Edwards) Date: Tue, 29 Nov 2005 12:18:55 +1100 Subject: [Fedora-directory-users] 'No Such Object' when importing LDIF from OpenLDAP Message-ID: <438BAC7F.8070407@registriesltd.com.au> I'm trying to import the data from our OpenLDAP server into FedoraDS. I've exported the data from OpenLDAP into an LDIF file and am now trying to import that into my Fedora DS instance, unfortunately it gets errors on the first entry. I tried just seperating out the first entry into its own LDIF file: dn: cn=Domain Users,ou=groups,dc=registriesltd,dc=com,dc=au gidNumber: 513 sambaSID: S-1-5-21-1837449576-3234076748-520123900-513 cn: Domain Users sambaGroupType: 2 objectClass: top objectClass: posixgroup objectClass: sambaGroupMapping description: Domain Users displayName: Domain Users creatorsName: cn=samba,ou=special,dc=registriesltd,dc=com,dc=au createTimestamp: 20041013050147Z modifiersName: cn=samba,ou=special,dc=registriesltd,dc=com,dc=au modifyTimestamp: 20041013050147Z But I still get the same error when importing it: Error adding object 'dn: cn=Domain Users,ou=groups,dc=registriesltd,dc=com,dc=au'. The error sent by the server was 'No such object'. The object is: LDAPEntry: cn=Domain Users,ou=groups,dc=registriesltd,dc=com,dc=au; LDAPAttributeSet: LDAPAttribute {type='gidnumber', values='513'} LDAPAttribute {type='displayname', values='Domain Users'} LDAPAttribute {type='objectclass', values='top,posixgroup,sambaGroupMapping'} LDAPAttribute {type='sambasid', values='S-1-5-21-1837449576-3234076748-520123900-513'} LDAPAttribute {type='modifytimestamp', values='20041013050147Z'} LDAPAttribute {type='modifiersname', values='cn=samba,ou=special,dc=registriesltd,dc=com,dc=au'} LDAPAttribute {type='sambagrouptype', values='2'} LDAPAttribute {type='createtimestamp', values='20041013050147Z'} LDAPAttribute {type='cn', values='Domain Users'} LDAPAttribute {type='creatorsname', values='cn=samba,ou=special,dc=registriesltd,dc=com,dc=au'} LDAPAttribute {type='description', values='Domain Users'}. I'm a bit of newbie when it comes to LDIF files and Schemas so I'm not sure exacly where to go from here? Is there a more detailed error log than that rejects file? What kind of problems cause this 'No Such Object' error? Thanks -- Tim Edwards From rmeggins at redhat.com Tue Nov 29 01:31:34 2005 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Nov 2005 18:31:34 -0700 Subject: [Fedora-directory-users] Search by "uid" attribute returns duplicate results In-Reply-To: <20051128192620.4oons0zuuggogow0@webapps.iu13.org> References: <20051128191031.buqoymry03y80g4w@webapps.iu13.org> <438B9DC6.7010300@redhat.com> <20051128192620.4oons0zuuggogow0@webapps.iu13.org> Message-ID: <438BAF76.9070801@redhat.com> Kevin M. Myer wrote: > Quoting Richard Megginson : > > >> Sounds like a messed up index i.e. when you wiped the >> database/subtree, it didn't wipe the uid.db4 index file. However, >> if you initialized the database again by importing an LDIF file (e.g. >> by ldif2db, not ldapmodify -a), it should have wiped out the old >> index as well. > > > I used the Admin Console to do the creation/wiping and importing. Not > sure which mechanism that invokes. Looks like it didn't clean up correctly. Also, import from the console may be using the equivalent of ldapmodify -a, which just adds the new entries without wiping out the old. If you use the "initialize database" option, it should do a full destructive import. > So far it hasn't created major problems, except with RADIUS > authentication, since freeradius apparently wants a unique entry when > a LDAP BIND occurs. I'm envisioning the need to completely wipe > things for this subtree on one server. If I disable replication both > ways for this subtree, delete the subtree on the errant server, then > enable replication and initialize from the good set of data, that > should take care of things, right? Or is there an even simpler way to > recreate the index? You could try db2index, but reimport is the fastest and safest way. > > Kevin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature URL: From kevin_myer at iu13.org Tue Nov 29 01:31:55 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Mon, 28 Nov 2005 20:31:55 -0500 Subject: [Fedora-directory-users] 'No Such Object' when importing LDIF from OpenLDAP In-Reply-To: <438BAC7F.8070407@registriesltd.com.au> References: <438BAC7F.8070407@registriesltd.com.au> Message-ID: <20051128203155.y53g9h1ohbz4kg4w@webapps.iu13.org> Quoting Tim Edwards : > I'm trying to import the data from our OpenLDAP server into FedoraDS. > I've exported the data from OpenLDAP into an LDIF file and am now > trying to import that into my Fedora DS instance, unfortunately it > gets errors on the first entry. I tried just seperating out the first > entry into its own LDIF file: > > dn: cn=Domain Users,ou=groups,dc=registriesltd,dc=com,dc=au > gidNumber: 513 > sambaSID: S-1-5-21-1837449576-3234076748-520123900-513 > cn: Domain Users > sambaGroupType: 2 > objectClass: top > objectClass: posixgroup > objectClass: sambaGroupMapping > description: Domain Users > displayName: Domain Users > creatorsName: cn=samba,ou=special,dc=registriesltd,dc=com,dc=au > createTimestamp: 20041013050147Z > modifiersName: cn=samba,ou=special,dc=registriesltd,dc=com,dc=au > modifyTimestamp: 20041013050147Z Tim, What is the base of the directory you are trying to import into? If it is dc=registriesltd,dc=com,dc=au, then you need a ou=groups,dc=registriesltd,dc=com,dc=au entry before you can import your cn=Domain Users entry. The parent of each child entry must exist before you can import the child. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From david_list at boreham.org Tue Nov 29 02:19:41 2005 From: david_list at boreham.org (David Boreham) Date: Mon, 28 Nov 2005 19:19:41 -0700 Subject: [Fedora-directory-users] 'No Such Object' when importing LDIF from OpenLDAP In-Reply-To: <438BAC7F.8070407@registriesltd.com.au> References: <438BAC7F.8070407@registriesltd.com.au> Message-ID: <438BBABD.30008@boreham.org> > > I'm a bit of newbie when it comes to LDIF files and Schemas so I'm not > sure exacly where to go from here? Is there a more detailed error log > than that rejects file? What kind of problems cause this 'No Such > Object' error? If you get no such object upon attempting to add an entry, that means that the entry's parent doesn't exist. From del at babel.com.au Tue Nov 29 02:41:10 2005 From: del at babel.com.au (Del) Date: Tue, 29 Nov 2005 13:41:10 +1100 Subject: [Fedora-directory-users] 'No Such Object' when importing LDIFfrom OpenLDAP In-Reply-To: <438BAC7F.8070407@registriesltd.com.au> References: <438BAC7F.8070407@registriesltd.com.au> Message-ID: <438BBFC6.9060207@babel.com.au> Tim Edwards wrote: > I'm trying to import the data from our OpenLDAP server into FedoraDS. > I've exported the data from OpenLDAP into an LDIF file and am now trying > to import that into my Fedora DS instance, unfortunately it gets errors > on the first entry. I tried just seperating out the first entry into its > own LDIF file: > > dn: cn=Domain Users,ou=groups,dc=registriesltd,dc=com,dc=au You need to (manually) create the ou=groups,dc=registriesltd,dc=com,dc=au entry before you add this as others have suggested. > gidNumber: 513 > sambaSID: S-1-5-21-1837449576-3234076748-520123900-513 You will probably have to add a schema extension before you add this attribute -- have you read the stuff in the Fedora Directory Server wiki about getting schema entries from OpenLDAP (in whose format the samba schema extensions are provided) into FDS? > objectClass: sambaGroupMapping Alternatively, if you know the OID of the sambaGroupMapping object class then you can use LdapImport to import the object and its attributes directly from your running OpenLDAP DS into your running FDS. > creatorsName: cn=samba,ou=special,dc=registriesltd,dc=com,dc=au > createTimestamp: 20041013050147Z > modifiersName: cn=samba,ou=special,dc=registriesltd,dc=com,dc=au > modifyTimestamp: 20041013050147Z You don't want to attempt to import these attributes from your LDIF file into FDS. LdapImport should be able to help you out here: http://wiki.babel.com.au/index.php?area=Linux_Projects&page=LdapImport -- Del From basile.mathieu at siris.sorbonne.fr Tue Nov 29 13:24:48 2005 From: basile.mathieu at siris.sorbonne.fr (basile au siris) Date: Tue, 29 Nov 2005 14:24:48 +0100 Subject: [Fedora-directory-users] problem importing sendmail.schema in fds Message-ID: <438C56A0.9030000@siris.sorbonne.fr> hi i try to import sendmail.schema in fds and i have this error when i restart server : dse - The entry cn=schema in file /opt/fedora-ds/slapd-nagios1/config/schema/63sendmail.ldif is invalid, error code 21 (Invalid syntax) - object class sendmailMTAAlias: Unknown allowed attribute type " sendmailMTACluster" here is the file 63sendmail.schema attribute sendmailMTACluster seems to be right define and if i delete this attribute i have same error with others # #******************************************************************** # dn: cn=schema # #******************************************************************** # attributeTypes: ( 1.3.6.1.4.1.6152.10.3.1.10 NAME 'sendmailMTACluster' DESC 'cluster name associated with a set of MTAs' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # #******************************************************************** # attributeTypes: ( 1.3.6.1.4.1.6152.10.3.1.11 NAME 'sendmailMTAHost' DESC 'host name associated with a MTA cluster' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # #******************************************************************** # attributeTypes: ( 1.3.6.1.4.1.6152.10.3.1.13 NAME 'sendmailMTAKey' DESC 'key (left hand side) of an aliases or map entry' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) # #******************************************************************** # attributeTypes: ( 1.3.6.1.4.1.6152.10.3.1.14 NAME 'sendmailMTAMapName' DESC 'identifier for the particular map' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE ) # #******************************************************************** # attributeTypes: ( 1.3.6.1.4.1.6152.10.3.1.16 NAME 'sendmailMTAMapValue' DESC 'value (right hand side) of a map entry' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # #******************************************************************** # attributeTypes: ( 1.3.6.1.4.1.6152.10.3.1.18 NAME 'sendmailMTAAliasGrouping' DESC 'name that identifies a particular aliases grouping' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # #******************************************************************** # attributeTypes: ( 1.3.6.1.4.1.6152.10.3.1.20 NAME 'sendmailMTAAliasValue' DESC 'value (right hand side) of an alias' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # #******************************************************************** # attributeTypes: ( 1.3.6.1.4.1.6152.10.3.1.22 NAME 'sendmailMTAClassName' DESC 'identifier for the class' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE ) # #******************************************************************** # attributeTypes: ( 1.3.6.1.4.1.6152.10.3.1.23 NAME 'sendmailMTAClassValue' DESC 'member of a class' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # #******************************************************************** # objectClasses: ( 1.3.6.1.4.1.6152.10.3.2.10 NAME 'sendmailMTA' SUP top STRUCTURAL DESC 'Sendmail MTA definition' MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) ) # #******************************************************************** # objectClasses: ( 1.3.6.1.4.1.6152.10.3.2.11 NAME 'sendmailMTAMap' SUP sendmailMTA STRUCTURAL DESC 'Sendmail MTA map definition' MUST sendmailMTAMapName MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) ) # #******************************************************************** # objectClasses: ( 1.3.6.1.4.1.6152.10.3.2.12 NAME 'sendmailMTAMapObject' SUP sendmailMTAMap STRUCTURAL DESC 'Sendmail MTA map object' MUST ( sendmailMTAMapName $ sendmailMTAKey $ sendmailMTAMapValue ) MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) ) # #******************************************************************** # objectClasses: ( 1.3.6.1.4.1.6152.10.3.2.13 NAME 'sendmailMTAAlias' SUP sendmailMTA STRUCTURAL DESC 'Sendmail MTA alias definition' MAY ( sendmailMTAAliasGrouping $ sendmailMTACluster $ sendmailMTAHost $ Description ) ) # #******************************************************************** # objectClasses: ( 1.3.6.1.4.1.6152.10.3.2.14 NAME 'sendmailMTAAliasObject' SUP sendmailMTAAlias STRUCTURAL DESC 'Sendmail MTA alias object' MUST ( sendmailMTAKey $ sendmailMTAAliasValue ) MAY ( sendmailMTAAliasGrouping $ sendmailMTACluster $ sendmailMTAHost $ Description ) ) # #******************************************************************** # thanks for help basile From basile.mathieu at siris.sorbonne.fr Tue Nov 29 14:24:40 2005 From: basile.mathieu at siris.sorbonne.fr (basile au siris) Date: Tue, 29 Nov 2005 15:24:40 +0100 Subject: [Fedora-directory-users] problem importing sendmail.schema in fds In-Reply-To: <438C56A0.9030000@siris.sorbonne.fr> References: <438C56A0.9030000@siris.sorbonne.fr> Message-ID: <438C64A8.8000407@siris.sorbonne.fr> just have to delete blank in objectclass definition ........ basile au siris wrote: > hi > i try to import sendmail.schema in fds and i have this error when i > restart server : > > dse - The entry cn=schema in file > /opt/fedora-ds/slapd-nagios1/config/schema/63sendmail.ldif is invalid, > error code 21 (Invalid syntax) - object class sendmailMTAAlias: > Unknown allowed attribute type " sendmailMTACluster" > > > here is the file 63sendmail.schema > attribute sendmailMTACluster seems to be right define > and if i delete this attribute i have same error with others > > # > #******************************************************************** > # > dn: cn=schema > # > #******************************************************************** > # > attributeTypes: ( > 1.3.6.1.4.1.6152.10.3.1.10 > NAME 'sendmailMTACluster' > DESC 'cluster name associated with a set of MTAs' > EQUALITY caseIgnoreIA5Match > SUBSTR caseIgnoreIA5SubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} > ) > # > #******************************************************************** > # > attributeTypes: ( > 1.3.6.1.4.1.6152.10.3.1.11 > NAME 'sendmailMTAHost' > DESC 'host name associated with a MTA cluster' > EQUALITY caseIgnoreIA5Match > SUBSTR caseIgnoreIA5SubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} > ) > # > #******************************************************************** > # > attributeTypes: ( > 1.3.6.1.4.1.6152.10.3.1.13 > NAME 'sendmailMTAKey' > DESC 'key (left hand side) of an aliases or map entry' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} > ) > # > #******************************************************************** > # > attributeTypes: ( > 1.3.6.1.4.1.6152.10.3.1.14 > NAME 'sendmailMTAMapName' > DESC 'identifier for the particular map' > EQUALITY caseIgnoreMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} > SINGLE-VALUE > ) > # > #******************************************************************** > # > attributeTypes: ( > 1.3.6.1.4.1.6152.10.3.1.16 > NAME 'sendmailMTAMapValue' > DESC 'value (right hand side) of a map entry' > EQUALITY caseIgnoreMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 > SINGLE-VALUE > ) > # > #******************************************************************** > # > attributeTypes: ( > 1.3.6.1.4.1.6152.10.3.1.18 > NAME 'sendmailMTAAliasGrouping' > DESC 'name that identifies a particular aliases grouping' > EQUALITY caseIgnoreIA5Match > SUBSTR caseIgnoreIA5SubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} > ) > # > #******************************************************************** > # > attributeTypes: ( > 1.3.6.1.4.1.6152.10.3.1.20 > NAME 'sendmailMTAAliasValue' > DESC 'value (right hand side) of an alias' > EQUALITY caseIgnoreMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 > ) > # > #******************************************************************** > # > attributeTypes: ( > 1.3.6.1.4.1.6152.10.3.1.22 > NAME 'sendmailMTAClassName' > DESC 'identifier for the class' > EQUALITY caseIgnoreMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} > SINGLE-VALUE > ) > # > #******************************************************************** > # > attributeTypes: ( > 1.3.6.1.4.1.6152.10.3.1.23 > NAME 'sendmailMTAClassValue' > DESC 'member of a class' > EQUALITY caseIgnoreMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 > ) > # > #******************************************************************** > # > objectClasses: ( > 1.3.6.1.4.1.6152.10.3.2.10 > NAME 'sendmailMTA' > SUP top > STRUCTURAL > DESC 'Sendmail MTA definition' > MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) > ) > # > #******************************************************************** > # > objectClasses: ( > 1.3.6.1.4.1.6152.10.3.2.11 > NAME 'sendmailMTAMap' > SUP sendmailMTA > STRUCTURAL > DESC 'Sendmail MTA map definition' > MUST sendmailMTAMapName > MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) > ) > # > #******************************************************************** > # > objectClasses: ( > 1.3.6.1.4.1.6152.10.3.2.12 > NAME 'sendmailMTAMapObject' > SUP sendmailMTAMap > STRUCTURAL > DESC 'Sendmail MTA map object' > MUST ( sendmailMTAMapName $ sendmailMTAKey $ sendmailMTAMapValue ) > MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) > ) > # > #******************************************************************** > # > objectClasses: ( > 1.3.6.1.4.1.6152.10.3.2.13 > NAME 'sendmailMTAAlias' > SUP sendmailMTA > STRUCTURAL > DESC 'Sendmail MTA alias definition' > MAY ( sendmailMTAAliasGrouping $ sendmailMTACluster $ > sendmailMTAHost $ Description ) > ) > # > #******************************************************************** > # > objectClasses: ( > 1.3.6.1.4.1.6152.10.3.2.14 > NAME 'sendmailMTAAliasObject' > SUP sendmailMTAAlias > STRUCTURAL > DESC 'Sendmail MTA alias object' > MUST ( sendmailMTAKey $ sendmailMTAAliasValue ) > MAY ( sendmailMTAAliasGrouping $ sendmailMTACluster $ > sendmailMTAHost $ Description ) > ) > # > #******************************************************************** > # > > > thanks for help > > basile > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From simonf at cshl.edu Tue Nov 29 19:36:49 2005 From: simonf at cshl.edu (Vsevolod (Simon) Ilyushchenko) Date: Tue, 29 Nov 2005 14:36:49 -0500 Subject: [Fedora-directory-users] pam.conf on Solaris 2.6? Message-ID: <438CADD1.3070200@cshl.edu> Hi, Has anyone been able to make OpenLDAP work via pam.con in Solaris 2.6? (Don't ask. :) The 'id' and 'su' commands don't even use LDAP, and when I enable UsePam in openssh, the LDAP calls are made, but the user is not recognized. When I look at the traffic, I see this: 0.003082 client -> server LDAP MsgId=2 Search Request, Base DN=dc=cshl,dc=edu ... The correct uid is requested. 0.003882 server -> client LDAP MsgId=2 Search Entry, 1 result ... Correct user entry is returned, but the next client request is very puzzling: 0.005893 client -> server LDAP MsgId=3 Bind Request, DN=uid=ilyush,ou=People,dc=cshl,dc=edu 0000 00 11 25 29 98 74 00 30 7b 94 f2 94 08 00 45 00 ..%).t.0{.....E. 0010 00 85 e1 2c 40 00 fe 06 4a 84 8f 30 07 df 8f 30 ..., at ...J..0...0 0020 2a 82 fa 6a 01 85 6c c4 0b 8c eb 0c 9d d6 50 18 *..j..l.......P. 0030 22 38 d4 76 00 00 30 5b 02 01 03 60 37 02 01 03 "8.v..0[...`7... 0040 04 23 75 69 64 3d 69 6c 79 75 73 68 2c 6f 75 3d .#uid=ilyush,ou= 0050 50 65 6f 70 6c 65 2c 64 63 3d 63 73 68 6c 2c 64 People,dc=cshl,d 0060 63 3d 65 64 75 80 0d 08 0a 0d 7f 49 4e 43 4f 52 c=edu......INCOR 0070 52 45 43 54 a0 1d 30 1b 04 19 31 2e 33 2e 36 2e RECT..0...1.3.6. 0080 31 2e 34 2e 31 2e 34 32 2e 32 2e 32 37 2e 38 2e 1.4.1.42.2.27.8. 0090 35 2e 31 5.1 Obviously, this attempt to login does not work: 0.006885 server -> client LDAP MsgId=3 Bind Result, Invalid credentials 0000 00 00 0c 07 ac 2a 00 11 25 29 98 74 08 00 45 00 .....*..%).t..E. 0010 00 36 21 22 40 00 40 06 c8 de 8f 30 2a 82 8f 30 .6!"@. at ....0*..0 0020 07 df 01 85 fa 6a eb 0c 9d d6 6c c4 0b e9 50 18 .....j....l...P. 0030 16 d0 50 ea 00 00 30 0c 02 01 03 61 07 0a 01 31 ..P...0....a...1 0040 04 00 04 00 .... I've taken the pam.conf file that works fine for me on Solaris 8 and removed all the non-existent libraries. Here it is: *** login auth sufficient pam_unix.so.1 login auth required pam_ldap.so.1 rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth required pam_unix.so.1 dtlogin auth required pam_unix.so.1 rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix.so.1 other auth sufficient pam_unix.so.1 other auth sufficient pam_ldap.so login account sufficient pam_unix.so.1 login account required pam_ldap.so other account sufficient pam_unix.so.1 other account required pam_ldap.so other session required pam_unix.so.1 dtsession auth required pam_unix.so.1 passwd auth required pam_passwd_auth.so.1 ppp auth required pam_unix.so.1 ppp auth required pam_dial_auth.so.1 cron account required pam_unix.so.1 *** Thanks, Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson From elliot at bozemanpass.com Tue Nov 29 20:27:02 2005 From: elliot at bozemanpass.com (Elliot Schlegelmilch) Date: Tue, 29 Nov 2005 13:27:02 -0700 Subject: [Fedora-directory-users] Winsync Problem with NT4 In-Reply-To: <200511250956.00492.hartmut.woehrle@mail.pcom.de> References: <200511231640.16784.hartmut.woehrle@mail.pcom.de> <4384916E.5070202@boreham.org> <200511250956.00492.hartmut.woehrle@mail.pcom.de> Message-ID: <438CB996.4020509@bozemanpass.com> Hartmut W?hrle wrote: > Hmm, I also did a ldapsearch and got the "Invalid Credential" (log at the end) > So this means it uses the wrong password. Because I tried a different one than > the actual. But when starting the ldapsearch, does it login to the ApacheDS > without using PDC data? Or is there a connection? And what should come > out.... - the whole PDC tree I think, but I'm not sure. I'm a bit confused now. Which password, or which actual? You can ldapsearch using the uid=admin,ou=system account and correct password. > > >>NTDS side (PDC machine). NTDS uses ApacheDS. ApacheDS stores >>its password in its database. However originally it always initialized that >>password to a known value. We were concerned about the security >>implications of that and made a change to the ApacheDS code such that >>the password is read from the config file rather than use the default value >>(which would be the same for all installations). In order to force users >>to set the password, I believe we refuse to function until it is set in the >>config file. At least that's how I remember it. I'd need to look at the >>code to be sure. > > But it uses which user? > uid=admin,ou=system > as default ApacheDS root entry? > And what happens, when this User doesn't exist? And the password is set to a > value I can not remember? I think the only chance to solve this problem is to > reinstall (deinstall deletes the DS - right?) the whole winsync and have - > now - the user admin and use its password. > > >>Anyway, the ldapmodify operation will be to the userpassword attribute >>on the ApacheDS root entry. I'll look that up and post the command... >> >>Your problem may be that you haven't set the password in the first place. >>It should be possible to use ldapsearch to check that your ntds is up >>and running and answering LDAP searches correctly. Once that's proven, >>FDS should be able to sync with it ok using the same bind credentials >>and password. >> > > ldapsearch works, but (as you can see below) my bind password is wrong (or I > can't remember.... :) ) I would suggest opening up your c:\program files\fedora directory synchronization\conf\usersync.conf in your favorite editor, and see what password is in it. Try binding as that user. While looking inside that file look for the 'server.db.partition.suffix.usersync field. Then, with this password and base, try another search. ldapsearch -v -h 192.168.1.218 -D "uid=admin,ou=system" -w pw -b "dc=home,dc=org" "(objectclass=*) I'm just guessing the base, but I assume it's something very similar. You should see something similar to this: # Guest, users, example.com dn: sAMAccountName=Guest,cn=users,dc=example,dc=com memberOf: sAMAccountName=Domain Guests,cn=users,dc=example,dc=com lastLogon: 0 objectGUID: 0105000000000005150000003D725165EB1AB15BC9504D49F5010000 countryCode: 0 Once you can access your PDC from LDAP, there's a lot better chance that your Fedora Directory Server will be able to for replication. > > Btw... It would be nice to find a schema (written or drawn) which tells me (or > everyone) how winsync and passwordsync works. The Pictures in the manuals > tell me the way which way the servers exchange informations, but within the > PDC (or AD) I don't know anything - it is a black box. > And .... I didn't find the sources to check by myself - is it closed source? It's not closed source. http://directory.fedora.redhat.com/wiki/Building#Pulling_the_Directory_Server_Source > > See U > Hartmut From kevin_myer at iu13.org Wed Nov 30 13:45:39 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Wed, 30 Nov 2005 08:45:39 -0500 Subject: [Fedora-directory-users] Search by "uid" attribute returns duplicate results In-Reply-To: <438BAF76.9070801@redhat.com> References: <20051128191031.buqoymry03y80g4w@webapps.iu13.org> <438B9DC6.7010300@redhat.com> <20051128192620.4oons0zuuggogow0@webapps.iu13.org> <438BAF76.9070801@redhat.com> Message-ID: <20051130084539.k6y9e1bbzc0gw4ws@webapps.iu13.org> I used the good master set of data to reinitialize the server that had duplicate uid's and that seemed to do the trick. Thanks to all for your responses and suggestions. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From brzurom at tycho.ncsc.mil Wed Nov 30 19:36:33 2005 From: brzurom at tycho.ncsc.mil (Brian Zuromski) Date: Wed, 30 Nov 2005 14:36:33 -0500 Subject: [Fedora-directory-users] NIS migration Message-ID: <1133379393.3150.4.camel@MOSS-TAUTOG.tycho.ncsc.mil> Hi, I'm migrating a network from NIS to FDS. All the users of the old network were members of a particular group which is required to access certain directories/files etc.... I'm having problems in the FDS assigning them to groups with the same GID. I fixed it temporarily by adding the group in the local /etc/group file on each host and it works. How do I create the group on the FDS server and assign people to it and it'll carry over to each box. Thanks!!! From mj at sci.fi Wed Nov 30 19:58:47 2005 From: mj at sci.fi (Mike Jackson) Date: Wed, 30 Nov 2005 21:58:47 +0200 Subject: [Fedora-directory-users] NIS migration In-Reply-To: <1133379393.3150.4.camel@MOSS-TAUTOG.tycho.ncsc.mil> References: <1133379393.3150.4.camel@MOSS-TAUTOG.tycho.ncsc.mil> Message-ID: <438E0477.80105@sci.fi> Brian Zuromski wrote: > Hi, > I'm migrating a network from NIS to FDS. All the users of the old > network were members of a particular group which is required to access > certain directories/files etc.... I'm having problems in the FDS > assigning them to groups with the same GID. I fixed it temporarily by > adding the group in the local /etc/group file on each host and it works. > How do I create the group on the FDS server and assign people to it and > it'll carry over to each box. Thanks!!! dn: cn=specialGroupFoo,ou=groups,dc=foo,dc=com objectClass: top objectClass: posixGroup cn: specialGroupFoo gidNumber: 999 memberUid: jdoe memberUid: bsmith memberUid: jblack memberUid: sjohnson -- mike From kevin_myer at iu13.org Wed Nov 30 22:21:31 2005 From: kevin_myer at iu13.org (Kevin M. Myer) Date: Wed, 30 Nov 2005 17:21:31 -0500 Subject: [Fedora-directory-users] LDAP subagent questions Message-ID: <20051130172131.d3iuzs2je9wk0wgw@webapps.iu13.org> Hello, I'm working through some of the documentation for the ldap-agent at http://www.redhat.com/docs/manuals/dir-server/ag/7.1/snmp.html (although with Fedora Directory Server). I have a simple ldap-agent.conf file in /opt/fedora-ds/slapd-instance/config. The documentation states that a config item of "server" should be specified that points to the log directory of the Directory Server instance to be monitored. I found that it balked if I did that: ldap-agent: Error opening server config file: /opt/fedora-ds/slapd-instance/logs/config/dse.ldif so I changed the server value to be just /opt/fedora-ds/slapd-instance. Error message goes away but now when I try to start ldap-agent, I get: ldap-agent: Not started! Check log file for details. And if I check the log file for details, I see: 2005-11-30 16:58:21 Starting ldap-agent... The -D option generates no more additional information. On the server, net-snmp is running, with agentx support, listening to a socket in /var/agentx/master. The documentation states that version 5.2.1 is required, but I'm only running 5.1.2. Now I found that if I disabled iptables on this server, the agent came up, one time. Thought that was it but then I found if I killed it and restarted it, it didn't come up. And then with iptables enabled again, it did come up. And then it didn't. You get the picture - its very inconsistent :) So, anyone have this running reliably? Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org From nkinder at redhat.com Wed Nov 30 22:27:41 2005 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 30 Nov 2005 14:27:41 -0800 Subject: [Fedora-directory-users] LDAP subagent questions In-Reply-To: <20051130172131.d3iuzs2je9wk0wgw@webapps.iu13.org> References: <20051130172131.d3iuzs2je9wk0wgw@webapps.iu13.org> Message-ID: <438E275D.5060404@redhat.com> Kevin M. Myer wrote: > Hello, > > I'm working through some of the documentation for the ldap-agent at > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/snmp.html > (although with Fedora Directory Server). I have a simple > ldap-agent.conf file in /opt/fedora-ds/slapd-instance/config. The > documentation states that a config item of "server" should be > specified that points to the log directory of the Directory Server > instance to be monitored. I found that it balked if I did that: > > ldap-agent: Error opening server config file: > /opt/fedora-ds/slapd-instance/logs/config/dse.ldif > > so I changed the server value to be just /opt/fedora-ds/slapd-instance. The documentation states that the "server" parameter needs to be set to the log directory of the slapd instance you want to monitor. Here is the example from the Admin Guide: server /opt/redhat-ds/slapd-phonebook/logs How are you starting the subagent? Are you passing it the full path to the ldap-agent config file you created? Your command should be something like: ./ldapagent /opt/redhat-ds/ldap-agent.conf -NGK > > Error message goes away but now when I try to start ldap-agent, I get: > > ldap-agent: Not started! Check log file for details. > > And if I check the log file for details, I see: > > 2005-11-30 16:58:21 Starting ldap-agent... > > The -D option generates no more additional information. > > On the server, net-snmp is running, with agentx support, listening to > a socket in /var/agentx/master. The documentation states that version > 5.2.1 is required, but I'm only running 5.1.2. > > Now I found that if I disabled iptables on this server, the agent came > up, one time. Thought that was it but then I found if I killed it and > restarted it, it didn't come up. And then with iptables enabled > again, it did come up. And then it didn't. You get the picture - its > very inconsistent :) > > So, anyone have this running reliably? > > Kevin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3174 bytes Desc: S/MIME Cryptographic Signature URL: