From dfulton at concepttechnologyinc.com Tue Aug 1 02:18:35 2006 From: dfulton at concepttechnologyinc.com (Darren Fulton) Date: Mon, 31 Jul 2006 21:18:35 -0500 (CDT) Subject: [Fedora-directory-users] FDS java console - can login, can search, but cannot edit or do anything useful Message-ID: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> I need help please. The directory server seems to be working fine (users are authenticating and contacts lists are available). The admin server seems to be fine too (I can login to the FDS Gateway and search for users, authenticate as admin, and add contacts). I can also login to the directory server console as admin. After logging in it looks like this: http://concepttechnologyinc.com/images/snapshot_fds-console3.png Which is not how it once looked. I can click the second tab and perform a search. It finds users. If I right click on a user object and select "Edit", the curser starts throbbing like it is going to do something, but it never does. It just keeps throbbing. Same thing if I double click on the user. That looks like this: http://concepttechnologyinc.com/images/snapshot_fds-console2.png Same problem occurs if I try and add a user, which is what I've been trying to do for a week. This was not the case a few months ago. - I'm running 1.0-2.RHEL4.i386 on RHEL 4.3. - I've rebooted the server - I have the X11 deprecated libs installed. [root at host2 ~]# rpm -qa | grep deprec xorg-x11-deprecated-libs-6.8.2-1.EL.13.25.1 xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.25.1 ############## - I have tried the most recent Sun Java as well as the IBM Java from a couple of the earlier FDS versions that I had backed up. ############## [dfulton at host2 ~]$ java -version java version "1.5.0_06" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) ############## [dfulton at host2 bin]$ pwd /opt/fedora-ds.backup.working.11_03_2005/bin/base/jre/bin [dfulton at host2 bin]$ ./java -version java version "1.4.2" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2) Classic VM (build 1.4.2, J2RE 1.4.2 IBM build cxia32142sr1a-20050209 (JIT enabled: jitc)) ############## - When I start the console there is no weird java output in the terminal. I login and there still aren't any errors. I search for a user, still no errors. But, when I try and start the edit of an object returened by the search, it spews a bunch of output: [root at host2 fedora-ds]# java -version java version "1.5.0_06" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) [root at host2 fedora-ds]# ./startconsole ####the stuff below shows up the second I click "Edit" Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException at com.netscape.management.client.ug.ResourceEditor.setupPlugin(UnknownSource) at com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) at com.netscape.management.client.ug.ResourceEditor.(Unknown Source) at com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown Source) at com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.AbstractButton.doClick(Unknown Source) at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source) at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(UnknownSource) at java.awt.Component.processMouseEvent(Unknown Source) at javax.swing.JComponent.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.run(Unknown Source) #################### - Here is some log output that might help. [root at host2 fedora-ds]# tail -n 50 /opt/fedora-ds/slapd-host2/logs/errors Fedora-Directory/1.0.2 B2006.060.1928 host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) [26/Jul/2006:15:00:23 -0500] - slapd shutting down - signaling operation threads [26/Jul/2006:15:00:23 -0500] - slapd shutting down - closing down internal subsystems and plugins [26/Jul/2006:15:00:23 -0500] - Waiting for 4 database threads to stop [26/Jul/2006:15:00:24 -0500] - All database threads now stopped [26/Jul/2006:15:00:24 -0500] - slapd stopped. Fedora-Directory/1.0.2 B2006.060.1928 host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) [26/Jul/2006:15:00:32 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 starting up [26/Jul/2006:15:00:37 -0500] - slapd started. Listening on All Interfaces port389 for LDAP requests [26/Jul/2006:15:00:40 -0500] - slapd shutting down - signaling operation threads [26/Jul/2006:15:00:40 -0500] - slapd shutting down - waiting for 27 threads to terminate [26/Jul/2006:15:00:40 -0500] - slapd shutting down - closing down internal subsystems and plugins [26/Jul/2006:15:00:40 -0500] - Waiting for 4 database threads to stop [26/Jul/2006:15:00:41 -0500] - All database threads now stopped [26/Jul/2006:15:00:41 -0500] - slapd stopped. Fedora-Directory/1.0.2 B2006.060.1928 host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) [26/Jul/2006:15:00:55 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 starting up [26/Jul/2006:15:00:56 -0500] - slapd started. Listening on All Interfaces port389 for LDAP requests [26/Jul/2006:15:21:50 -0500] - slapd shutting down - signaling operation threads [26/Jul/2006:15:21:50 -0500] - slapd shutting down - waiting for 29 threads to terminate [26/Jul/2006:15:21:50 -0500] - slapd shutting down - closing down internal subsystems and plugins [26/Jul/2006:15:21:51 -0500] - Waiting for 4 database threads to stop [26/Jul/2006:15:21:51 -0500] - All database threads now stopped [26/Jul/2006:15:21:52 -0500] - slapd stopped. Fedora-Directory/1.0.2 B2006.060.1928 host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) [26/Jul/2006:15:22:10 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 starting up [26/Jul/2006:15:22:10 -0500] - slapd started. Listening on All Interfaces port389 for LDAP requests [26/Jul/2006:17:37:38 -0500] - slapd shutting down - signaling operation threads [26/Jul/2006:17:37:41 -0500] - slapd shutting down - waiting for 28 threads to terminate [26/Jul/2006:17:37:43 -0500] - slapd shutting down - closing down internal subsystems and plugins Fedora-Directory/1.0.2 B2006.060.1928 host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) [26/Jul/2006:17:41:13 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 starting up [26/Jul/2006:17:41:13 -0500] - Detected Disorderly Shutdown last time DirectoryServer was running, recovering database. [26/Jul/2006:17:41:18 -0500] - slapd started. Listening on All Interfaces port389 for LDAP requests ################ Please help if you can. I've been working on it off and on for a week now with no luck. Thanks. -- Best Regards, Darren Fulton Concept Technology, Inc. From rmeggins at redhat.com Tue Aug 1 13:24:54 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 01 Aug 2006 07:24:54 -0600 Subject: [Fedora-directory-users] FDS java console - can login, can search, but cannot edit or do anything useful In-Reply-To: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> References: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> Message-ID: <44CF5626.2090408@redhat.com> Darren Fulton wrote: > I need help please. The directory server seems to be working fine (users are authenticating and contacts lists are available). The admin server seems to be fine too (I can login to the FDS Gateway and search for users, authenticate as admin, and add contacts). > > I can also login to the directory server console as admin. After logging in it looks like this: > > http://concepttechnologyinc.com/images/snapshot_fds-console3.png > > Which is not how it once looked. > What changed? > I can click the second tab and perform a search. It finds users. If I right click on a user object and select "Edit", the curser starts throbbing like it is going to do something, but it never does. It just keeps throbbing. Same thing if I double click on the user. > > That looks like this: > http://concepttechnologyinc.com/images/snapshot_fds-console2.png > > Same problem occurs if I try and add a user, which is what I've been trying to do for a week. > > This was not the case a few months ago. > > - I'm running 1.0-2.RHEL4.i386 on RHEL 4.3. > > - I've rebooted the server > > - I have the X11 deprecated libs installed. > [root at host2 ~]# rpm -qa | grep deprec > xorg-x11-deprecated-libs-6.8.2-1.EL.13.25.1 > xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.25.1 > ############## > > - I have tried the most recent Sun Java as well as the IBM Java from a couple of the earlier FDS versions that I had backed up. > ############## > [dfulton at host2 ~]$ java -version > java version "1.5.0_06" > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) > Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) > ############## > [dfulton at host2 bin]$ pwd > /opt/fedora-ds.backup.working.11_03_2005/bin/base/jre/bin > [dfulton at host2 bin]$ ./java -version > java version "1.4.2" > Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2) > Classic VM (build 1.4.2, J2RE 1.4.2 IBM build cxia32142sr1a-20050209 (JIT enabled: jitc)) > ############## > > - When I start the console there is no weird java output in the terminal. I login and there still aren't any errors. I search for a user, still no errors. But, when I try and start the edit of an object returened by the search, it spews a bunch of output: > Try startconsole -D 9 > console.log 2>&1 That should help us shed some light on what's going on. > [root at host2 fedora-ds]# java -version > java version "1.5.0_06" > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) > Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) > [root at host2 fedora-ds]# ./startconsole > ####the stuff below shows up the second I click "Edit" > Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException > at com.netscape.management.client.ug.ResourceEditor.setupPlugin(UnknownSource) > at com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) > at com.netscape.management.client.ug.ResourceEditor.(Unknown Source) > at com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown Source) > at com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown Source) > at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) > at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) > at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) > at javax.swing.DefaultButtonModel.setPressed(Unknown Source) > at javax.swing.AbstractButton.doClick(Unknown Source) > at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source) > at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(UnknownSource) > at java.awt.Component.processMouseEvent(Unknown Source) > at javax.swing.JComponent.processMouseEvent(Unknown Source) > at java.awt.Component.processEvent(Unknown Source) > at java.awt.Container.processEvent(Unknown Source) > at java.awt.Component.dispatchEventImpl(Unknown Source) > at java.awt.Container.dispatchEventImpl(Unknown Source) > at java.awt.Component.dispatchEvent(Unknown Source) > at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) > at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) > at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) > at java.awt.Container.dispatchEventImpl(Unknown Source) > at java.awt.Window.dispatchEventImpl(Unknown Source) > at java.awt.Component.dispatchEvent(Unknown Source) > at java.awt.EventQueue.dispatchEvent(Unknown Source) > at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) > at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) > at java.awt.EventDispatchThread.pumpEvents(Unknown Source) > at java.awt.EventDispatchThread.pumpEvents(Unknown Source) > at java.awt.EventDispatchThread.run(Unknown Source) > #################### > > - Here is some log output that might help. > > > [root at host2 fedora-ds]# tail -n 50 /opt/fedora-ds/slapd-host2/logs/errors > Fedora-Directory/1.0.2 B2006.060.1928 > host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) > > [26/Jul/2006:15:00:23 -0500] - slapd shutting down - signaling operation threads > [26/Jul/2006:15:00:23 -0500] - slapd shutting down - closing down internal subsystems and plugins > [26/Jul/2006:15:00:23 -0500] - Waiting for 4 database threads to stop > [26/Jul/2006:15:00:24 -0500] - All database threads now stopped > [26/Jul/2006:15:00:24 -0500] - slapd stopped. > Fedora-Directory/1.0.2 B2006.060.1928 > host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) > > [26/Jul/2006:15:00:32 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 starting up > [26/Jul/2006:15:00:37 -0500] - slapd started. Listening on All Interfaces port389 for LDAP requests > [26/Jul/2006:15:00:40 -0500] - slapd shutting down - signaling operation threads > [26/Jul/2006:15:00:40 -0500] - slapd shutting down - waiting for 27 threads to terminate > [26/Jul/2006:15:00:40 -0500] - slapd shutting down - closing down internal subsystems and plugins > [26/Jul/2006:15:00:40 -0500] - Waiting for 4 database threads to stop > [26/Jul/2006:15:00:41 -0500] - All database threads now stopped > [26/Jul/2006:15:00:41 -0500] - slapd stopped. > Fedora-Directory/1.0.2 B2006.060.1928 > host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) > > [26/Jul/2006:15:00:55 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 starting up > [26/Jul/2006:15:00:56 -0500] - slapd started. Listening on All Interfaces port389 for LDAP requests > [26/Jul/2006:15:21:50 -0500] - slapd shutting down - signaling operation threads > [26/Jul/2006:15:21:50 -0500] - slapd shutting down - waiting for 29 threads to terminate > [26/Jul/2006:15:21:50 -0500] - slapd shutting down - closing down internal subsystems and plugins > [26/Jul/2006:15:21:51 -0500] - Waiting for 4 database threads to stop > [26/Jul/2006:15:21:51 -0500] - All database threads now stopped > [26/Jul/2006:15:21:52 -0500] - slapd stopped. > Fedora-Directory/1.0.2 B2006.060.1928 > host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) > > [26/Jul/2006:15:22:10 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 starting up > [26/Jul/2006:15:22:10 -0500] - slapd started. Listening on All Interfaces port389 for LDAP requests > [26/Jul/2006:17:37:38 -0500] - slapd shutting down - signaling operation threads > [26/Jul/2006:17:37:41 -0500] - slapd shutting down - waiting for 28 threads to terminate > [26/Jul/2006:17:37:43 -0500] - slapd shutting down - closing down internal subsystems and plugins > Fedora-Directory/1.0.2 B2006.060.1928 > host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) > > [26/Jul/2006:17:41:13 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 starting up > [26/Jul/2006:17:41:13 -0500] - Detected Disorderly Shutdown last time DirectoryServer was running, recovering database. > [26/Jul/2006:17:41:18 -0500] - slapd started. Listening on All Interfaces port389 for LDAP requests > > ################ > > Please help if you can. I've been working on it off and on for a week now with no luck. Thanks. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Nick.Johnson at exeter.ac.uk Tue Aug 1 14:26:55 2006 From: Nick.Johnson at exeter.ac.uk (Nick Johnson) Date: Tue, 01 Aug 2006 15:26:55 +0100 Subject: [Fedora-directory-users] Net::LDAP or Mozilla::LDAP::Conn/Entry for FDS Message-ID: <44CF64AF.4060301@exeter.ac.uk> What are the disadvantages of sticking with Net::LDAP and not using Mozilla::LDAP::Conn/Entry as the Perl module interface for Fedora DS v.1.0.2? Thanks Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: nick.johnson.vcf Type: text/x-vcard Size: 301 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3269 bytes Desc: S/MIME Cryptographic Signature URL: From EMLiberman at ra.rockwell.com Tue Aug 1 14:30:36 2006 From: EMLiberman at ra.rockwell.com (Eugene M Liberman) Date: Tue, 1 Aug 2006 10:30:36 -0400 Subject: [Fedora-directory-users] I am trying to build FDS for Windows XP platform Message-ID: I am trying to build FDS for Windows XP platform. I got MKS tools as recommended in the build section. Could anyone provide any help and guidance in the build process? Where do I start? Thank you, Gene Liberman -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Aug 1 14:40:41 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 01 Aug 2006 08:40:41 -0600 Subject: [Fedora-directory-users] Net::LDAP or Mozilla::LDAP::Conn/Entry for FDS In-Reply-To: <44CF64AF.4060301@exeter.ac.uk> References: <44CF64AF.4060301@exeter.ac.uk> Message-ID: <44CF67E9.7090704@redhat.com> Nick Johnson wrote: > What are the disadvantages of sticking with Net::LDAP and not using > Mozilla::LDAP::Conn/Entry as the Perl module interface for Fedora DS > v.1.0.2? Net::LDAP allows you to use all of the LDAPv3 controls and extended operations by providing an ASN.1 parser. I personally like the OO interface of Net::LDAP. Mozilla::LDAP is a wrapper around the C libraries, so it is as much as a factor of 10 faster. So if you need as much performance as you can get, use it instead of Net::LDAP which is native perl. Also, if you want to use Mozilla NSS for crypto, you must use Mozilla::LDAP - Net::LDAP uses Net::SSLeay which is a wrapper around openssl. > Thanks > Nick > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Nick.Johnson at exeter.ac.uk Tue Aug 1 15:59:46 2006 From: Nick.Johnson at exeter.ac.uk (Nick Johnson) Date: Tue, 01 Aug 2006 16:59:46 +0100 Subject: [Fedora-directory-users] Net::LDAP or Mozilla::LDAP::Conn/Entry for FDS In-Reply-To: <44CF67E9.7090704@redhat.com> References: <44CF64AF.4060301@exeter.ac.uk> <44CF67E9.7090704@redhat.com> Message-ID: <44CF7A72.30304@exeter.ac.uk> Richard, Many thanks for your concise summary. Perhaps this could be added to the Wiki FAQ sometime? Regards Nick Richard Megginson wrote: > Nick Johnson wrote: >> What are the disadvantages of sticking with Net::LDAP and not using >> Mozilla::LDAP::Conn/Entry as the Perl module interface for Fedora DS >> v.1.0.2? > Net::LDAP allows you to use all of the LDAPv3 controls and extended > operations by providing an ASN.1 parser. I personally like the OO > interface of Net::LDAP. > > Mozilla::LDAP is a wrapper around the C libraries, so it is as much as > a factor of 10 faster. So if you need as much performance as you can > get, use it instead of Net::LDAP which is native perl. Also, if you > want to use Mozilla NSS for crypto, you must use Mozilla::LDAP - > Net::LDAP uses Net::SSLeay which is a wrapper around openssl. >> Thanks >> Nick >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: nick.johnson.vcf Type: text/x-vcard Size: 301 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3269 bytes Desc: S/MIME Cryptographic Signature URL: From dfulton at concepttechnologyinc.com Tue Aug 1 16:22:24 2006 From: dfulton at concepttechnologyinc.com (Darren Fulton - CTI) Date: Tue, 01 Aug 2006 11:22:24 -0500 Subject: [Fedora-directory-users] FDS java console - can login, can search, but cannot edit or do anything useful In-Reply-To: <44CF5626.2090408@redhat.com> References: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> <44CF5626.2090408@redhat.com> Message-ID: <44CF7FC0.5020802@concepttechnologyinc.com> Richard Megginson wrote: > Darren Fulton wrote: >> I need help please. The directory server seems to be working fine >> (users are authenticating and contacts lists are available). The >> admin server seems to be fine too (I can login to the FDS Gateway and >> search for users, authenticate as admin, and add contacts). >> I can also login to the directory server console as admin. After >> logging in it looks like this: >> >> http://concepttechnologyinc.com/images/snapshot_fds-console3.png >> >> Which is not how it once looked. >> > What changed? >> I can click the second tab and perform a search. It finds users. If >> I right click on a user object and select "Edit", the curser starts >> throbbing like it is going to do something, but it never does. It >> just keeps throbbing. Same thing if I double click on the user. >> That looks like this: >> http://concepttechnologyinc.com/images/snapshot_fds-console2.png >> >> Same problem occurs if I try and add a user, which is what I've been >> trying to do for a week. >> >> This was not the case a few months ago. >> >> - I'm running 1.0-2.RHEL4.i386 on RHEL 4.3. >> >> - I've rebooted the server >> >> - I have the X11 deprecated libs installed. [root at host2 ~]# rpm -qa >> | grep deprec >> xorg-x11-deprecated-libs-6.8.2-1.EL.13.25.1 >> xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.25.1 >> ############## >> >> - I have tried the most recent Sun Java as well as the IBM Java from >> a couple of the earlier FDS versions that I had backed up. >> ############## >> [dfulton at host2 ~]$ java -version >> java version "1.5.0_06" >> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) >> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >> ############## >> [dfulton at host2 bin]$ pwd >> /opt/fedora-ds.backup.working.11_03_2005/bin/base/jre/bin >> [dfulton at host2 bin]$ ./java -version >> java version "1.4.2" >> Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2) >> Classic VM (build 1.4.2, J2RE 1.4.2 IBM build cxia32142sr1a-20050209 >> (JIT enabled: jitc)) >> ############## >> >> - When I start the console there is no weird java output in the >> terminal. I login and there still aren't any errors. I search for a >> user, still no errors. But, when I try and start the edit of an >> object returened by the search, it spews a bunch of output: >> > Try startconsole -D 9 > console.log 2>&1 > > That should help us shed some light on what's going on. >> [root at host2 fedora-ds]# java -version >> java version "1.5.0_06" >> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) >> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >> [root at host2 fedora-ds]# ./startconsole >> ####the stuff below shows up the second I click "Edit" >> Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException >> at >> com.netscape.management.client.ug.ResourceEditor.setupPlugin(UnknownSource) >> >> at >> com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) >> at >> com.netscape.management.client.ug.ResourceEditor.(Unknown Source) >> at >> com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown >> Source) >> at >> com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown >> Source) >> at javax.swing.AbstractButton.fireActionPerformed(Unknown >> Source) >> at javax.swing.AbstractButton$Handler.actionPerformed(Unknown >> Source) >> at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown >> Source) >> at javax.swing.DefaultButtonModel.setPressed(Unknown Source) >> at javax.swing.AbstractButton.doClick(Unknown Source) >> at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown >> Source) >> at >> javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(UnknownSource) >> >> at java.awt.Component.processMouseEvent(Unknown Source) >> at javax.swing.JComponent.processMouseEvent(Unknown Source) >> at java.awt.Component.processEvent(Unknown Source) >> at java.awt.Container.processEvent(Unknown Source) >> at java.awt.Component.dispatchEventImpl(Unknown Source) >> at java.awt.Container.dispatchEventImpl(Unknown Source) >> at java.awt.Component.dispatchEvent(Unknown Source) >> at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown >> Source) >> at java.awt.LightweightDispatcher.processMouseEvent(Unknown >> Source) >> at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) >> at java.awt.Container.dispatchEventImpl(Unknown Source) >> at java.awt.Window.dispatchEventImpl(Unknown Source) >> at java.awt.Component.dispatchEvent(Unknown Source) >> at java.awt.EventQueue.dispatchEvent(Unknown Source) >> at >> java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) >> at >> java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) >> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >> at java.awt.EventDispatchThread.run(Unknown Source) >> #################### >> >> - Here is some log output that might help. >> >> >> [root at host2 fedora-ds]# tail -n 50 >> /opt/fedora-ds/slapd-host2/logs/errors >> Fedora-Directory/1.0.2 B2006.060.1928 >> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >> >> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - signaling >> operation threads >> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - closing down >> internal subsystems and plugins >> [26/Jul/2006:15:00:23 -0500] - Waiting for 4 database threads to stop >> [26/Jul/2006:15:00:24 -0500] - All database threads now stopped >> [26/Jul/2006:15:00:24 -0500] - slapd stopped. >> Fedora-Directory/1.0.2 B2006.060.1928 >> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >> >> [26/Jul/2006:15:00:32 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 >> starting up >> [26/Jul/2006:15:00:37 -0500] - slapd started. Listening on All >> Interfaces port389 for LDAP requests >> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - signaling >> operation threads >> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - waiting for 27 >> threads to terminate >> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - closing down >> internal subsystems and plugins >> [26/Jul/2006:15:00:40 -0500] - Waiting for 4 database threads to stop >> [26/Jul/2006:15:00:41 -0500] - All database threads now stopped >> [26/Jul/2006:15:00:41 -0500] - slapd stopped. >> Fedora-Directory/1.0.2 B2006.060.1928 >> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >> >> [26/Jul/2006:15:00:55 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 >> starting up >> [26/Jul/2006:15:00:56 -0500] - slapd started. Listening on All >> Interfaces port389 for LDAP requests >> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - signaling >> operation threads >> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - waiting for 29 >> threads to terminate >> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - closing down >> internal subsystems and plugins >> [26/Jul/2006:15:21:51 -0500] - Waiting for 4 database threads to stop >> [26/Jul/2006:15:21:51 -0500] - All database threads now stopped >> [26/Jul/2006:15:21:52 -0500] - slapd stopped. >> Fedora-Directory/1.0.2 B2006.060.1928 >> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >> >> [26/Jul/2006:15:22:10 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 >> starting up >> [26/Jul/2006:15:22:10 -0500] - slapd started. Listening on All >> Interfaces port389 for LDAP requests >> [26/Jul/2006:17:37:38 -0500] - slapd shutting down - signaling >> operation threads >> [26/Jul/2006:17:37:41 -0500] - slapd shutting down - waiting for 28 >> threads to terminate >> [26/Jul/2006:17:37:43 -0500] - slapd shutting down - closing down >> internal subsystems and plugins >> Fedora-Directory/1.0.2 B2006.060.1928 >> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >> >> [26/Jul/2006:17:41:13 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 >> starting up >> [26/Jul/2006:17:41:13 -0500] - Detected Disorderly Shutdown last time >> DirectoryServer was running, recovering database. >> [26/Jul/2006:17:41:18 -0500] - slapd started. Listening on All >> Interfaces port389 for LDAP requests >> >> ################ >> >> Please help if you can. I've been working on it off and on for a >> week now with no luck. Thanks. >> Thank you for the reply. Question: What changed [with the way the first screen of the console looks]? Answer: I thought there were options to open Netscape Root and mydomian. Maybe I'm remembering wrong, but I didn't think it was blank. Request: Try startconsole -D 9 > console.log 2>&1 That should help us shed some light on what's going on. Here are the contents of console.log from beginning -> 3 minutes after attempting to edit a user: [root at host2 fedora-ds]# pwd /opt/fedora-ds [root at host2 fedora-ds]# cat console.log java.util.prefs.userRoot=/root/.fedora-console java.runtime.name=Java(TM) 2 Runtime Environment, Standard Edition sun.boot.library.path=/usr/java/jre1.5.0_06/lib/i386 java.vm.version=1.5.0_06-b05 java.vm.vendor=Sun Microsystems Inc. java.vendor.url=http://java.sun.com/ path.separator=: java.vm.name=Java HotSpot(TM) Client VM file.encoding.pkg=sun.io user.country=US sun.os.patch.level=unknown java.vm.specification.name=Java Virtual Machine Specification user.dir=/opt/fedora-ds java.runtime.version=1.5.0_06-b05 java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment java.endorsed.dirs=/usr/java/jre1.5.0_06/lib/endorsed os.arch=i386 java.io.tmpdir=/tmp line.separator= java.vm.specification.vendor=Sun Microsystems Inc. os.name=Linux sun.jnu.encoding=UTF-8 java.library.path=./lib java.specification.name=Java Platform API Specification java.class.version=49.0 sun.management.compiler=HotSpot Client Compiler os.version=2.6.9-34.0.1.ELsmp user.home=/root user.timezone=America/Chicago java.awt.printerjob=sun.print.PSPrinterJob file.encoding=UTF-8 java.specification.version=1.5 java.class.path=./java/jss3.jar:./java/ldapjdk.jar:./java/fedora-base-1.0.jar:./java/fedora-mcc-1.0.jar:./java/fedora-mcc-1.0_en.jar:./java/fedora-nmclf-1.0.jar:./java/fedora-nmclf-1.0_en.jar user.name=root java.vm.specification.version=1.0 java.home=/usr/java/jre1.5.0_06 sun.arch.data.model=32 java.util.prefs.systemRoot=/root/.fedora-console user.language=en java.specification.vendor=Sun Microsystems Inc. java.vm.info=mixed mode, sharing java.version=1.5.0_06 java.ext.dirs=/usr/java/jre1.5.0_06/lib/ext sun.boot.class.path=/usr/java/jre1.5.0_06/lib/rt.jar:/usr/java/jre1.5.0_06/lib/i18n.jar:/usr/java/jre1.5.0_06/lib/sunrsasign.jar:/usr/java/jre1.5.0_06/lib/jsse.jar:/usr/java/jre1.5.0_06/lib/jce.jar:/usr/java/jre1.5.0_06/lib/charsets.jar:/usr/java/jre1.5.0_06/classes java.vendor=Sun Microsystems Inc. file.separator=/ java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi sun.io.unicode.encoding=UnicodeLittle sun.cpu.endian=little sun.cpu.isalist= ResourceSet: NOT found loader20120943:com.netscape.management.client.console.versioninfo Fedora-Management-Console/1.0 B2006.060.1914 RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/Error.gif RemoteImage: Create RemoteImage cache for loader20120943 RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/Inform.gif RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/Warn.gif RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/Question.gif ResourceSet: NOT found loader20120943:com.netscape.management.client.components.components RemoteImage: NOT found loader20120943:com/netscape/management/client/images/logo16.gif RemoteImage: NOT found loader20120943:com/netscape/management/client/console/images/login.gif ResourceSet: NOT found loader20120943:com.netscape.management.client.util.default ResourceSet: found loader20120943:com.netscape.management.client.util.default JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button width = 72 ResourceSet: found loader20120943:com.netscape.management.client.util.default CommManager> New CommRecord (http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate) http://host2.concepttechnologyinc.com:34877/[0:0] open> Ready http://host2.concepttechnologyinc.com:34877/[0:0] accept> http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate http://host2.concepttechnologyinc.com:34877/[0:0] send> GET \ http://host2.concepttechnologyinc.com:34877/[0:0] send> /admin-serv/authenticate \ http://host2.concepttechnologyinc.com:34877/[0:0] send> HTTP/1.0 http://host2.concepttechnologyinc.com:34877/[0:0] send> Host: host2.concepttechnologyinc.com:34877 http://host2.concepttechnologyinc.com:34877/[0:0] send> Connection: Keep-Alive http://host2.concepttechnologyinc.com:34877/[0:0] send> User-Agent: Fedora-Management-Console/1.0 http://host2.concepttechnologyinc.com:34877/[0:0] send> Accept-Language: en http://host2.concepttechnologyinc.com:34877/[0:0] send> Authorization: Basic \ http://host2.concepttechnologyinc.com:34877/[0:0] send> YWRtaW46bGRhcGFkbWluOTk3 \ http://host2.concepttechnologyinc.com:34877/[0:0] send> http://host2.concepttechnologyinc.com:34877/[0:0] send> http://host2.concepttechnologyinc.com:34877/[0:0] recv> HTTP/1.1 200 OK http://host2.concepttechnologyinc.com:34877/[0:0] recv> Date: Tue, 01 Aug 2006 16:09:23 GMT http://host2.concepttechnologyinc.com:34877/[0:0] recv> Server: Apache/2.0 HttpChannel.invoke: admin version = 2.0 http://host2.concepttechnologyinc.com:34877/[0:0] recv> Admin-Server: Fedora-Administrator/1.0.1 HttpChannel.invoke: admin version = 1.0.1 http://host2.concepttechnologyinc.com:34877/[0:0] recv> Content-Length: 429 http://host2.concepttechnologyinc.com:34877/[0:0] recv> Connection: close http://host2.concepttechnologyinc.com:34877/[0:0] recv> Content-Type: text/html http://host2.concepttechnologyinc.com:34877/[0:0] recv> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Reading 429 bytes... http://host2.concepttechnologyinc.com:34877/[0:0] recv> 429 bytes read Console.replyHandler: adminVersion = 1.0.1 Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot Console: Cannot open cn=group, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, ou=Global Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot ResourceSet: NOT found loader20120943:com.netscape.management.client.topology.topology ResourceSet: found loader20120943:com.netscape.management.client.topology.topology RemoteImage: found loader20120943:com/netscape/management/client/images/logo16.gif RemoteImage: NOT found loader20120943:com/netscape/management/client/images/ConsoleBanner.gif RemoteImage: NOT found loader20120943:com/netscape/management/client/images/warn16.gif ResourceSet: NOT found loader20120943:com.netscape.management.client.default UIPermissions: TopologyEditing yes Cannot open: cn=topologyplugin,ou=1.0, ou=admin, ou=Global Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot ResourceSet: found loader20120943:com.netscape.management.client.topology.topology ResourceSet: found loader20120943:com.netscape.management.client.default ResourceSet: found loader20120943:com.netscape.management.client.topology.topology ResourceSet: found loader20120943:com.netscape.management.client.topology.topology UIPermissions: CustomViewEditing yes ResourceSet: found loader20120943:com.netscape.management.client.default ResourceSet: found loader20120943:com.netscape.management.client.default UIPermissions: UGTabVisibility yes UIPermissions: UGEditing yes ResourceSet: found loader20120943:com.netscape.management.client.topology.topology TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for performance tuning Cannot load custom views, error code= 32 pub defaultView=null user defaultView= RemoteImage: NOT found loader20120943:com/netscape/management/client/images/notsecure.gif http://host2.concepttechnologyinc.com:34877/[0:0] close> Closed TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for performance tuning ResourceSet: found loader20120943:com.netscape.management.client.topology.topology RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/user24.gif RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/group24.gif RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/ou24.gif JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button width = 72 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 108 JButtonFactory: button height = 19 ResourceSet: NOT found loader20120943:com.netscape.management.client.ug.PickerEditorResource ResourceSet: found loader20120943:com.netscape.management.client.ug.PickerEditorResource ResourceSet: found loader20120943:com.netscape.management.client.ug.PickerEditorResource RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/user.gif RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/group.gif RemoteImage: NOT found loader20120943:com/netscape/management/nmclf/icons/ou.gif JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 Search: (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) ResourceSet: found loader20120943:com.netscape.management.client.topology.topology JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 LDAPUtil.getVLVIndex dc=concepttechnologyinc,dc=com 2 (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) cn match=null VLDirectoryTableModel: getVlVIndex=null ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.console.console ResourceSet: found loader20120943:com.netscape.management.client.ug.PickerEditorResource ResourceSet: found loader20120943:com.netscape.management.client.ug.PickerEditorResource ResourceSet: found loader20120943:com.netscape.management.client.ug.PickerEditorResource JButtonFactory: button width = 108 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException at com.netscape.management.client.ug.ResourceEditor.setupPlugin(Unknown Source) at com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) at com.netscape.management.client.ug.ResourceEditor.(Unknown Source) at com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown Source) at com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) at java.awt.Component.processMouseEvent(Unknown Source) at javax.swing.JComponent.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.run(Unknown Source) [root at host2 fedora-ds]# Best Regards, Darren Fulton Concept Technology, Inc. 1106 17th Avenue South Nashville, TN 37212 Phone - 615.321.6428 Ext. 105 Fax - 615.321.5598 From rmeggins at redhat.com Tue Aug 1 16:41:53 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 01 Aug 2006 10:41:53 -0600 Subject: [Fedora-directory-users] FDS java console - can login, can search, but cannot edit or do anything useful In-Reply-To: <44CF7FC0.5020802@concepttechnologyinc.com> References: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> <44CF5626.2090408@redhat.com> <44CF7FC0.5020802@concepttechnologyinc.com> Message-ID: <44CF8451.9060703@redhat.com> Darren Fulton - CTI wrote: > > > Richard Megginson wrote: >> Darren Fulton wrote: >>> I need help please. The directory server seems to be working fine >>> (users are authenticating and contacts lists are available). The >>> admin server seems to be fine too (I can login to the FDS Gateway >>> and search for users, authenticate as admin, and add contacts). I >>> can also login to the directory server console as admin. After >>> logging in it looks like this: >>> >>> http://concepttechnologyinc.com/images/snapshot_fds-console3.png >>> >>> Which is not how it once looked. >>> >> What changed? >>> I can click the second tab and perform a search. It finds users. >>> If I right click on a user object and select "Edit", the curser >>> starts throbbing like it is going to do something, but it never >>> does. It just keeps throbbing. Same thing if I double click on the >>> user. That looks like this: >>> http://concepttechnologyinc.com/images/snapshot_fds-console2.png >>> >>> Same problem occurs if I try and add a user, which is what I've been >>> trying to do for a week. >>> >>> This was not the case a few months ago. >>> >>> - I'm running 1.0-2.RHEL4.i386 on RHEL 4.3. >>> >>> - I've rebooted the server >>> >>> - I have the X11 deprecated libs installed. [root at host2 ~]# rpm -qa >>> | grep deprec >>> xorg-x11-deprecated-libs-6.8.2-1.EL.13.25.1 >>> xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.25.1 >>> ############## >>> >>> - I have tried the most recent Sun Java as well as the IBM Java from >>> a couple of the earlier FDS versions that I had backed up. >>> ############## >>> [dfulton at host2 ~]$ java -version >>> java version "1.5.0_06" >>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) >>> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >>> ############## >>> [dfulton at host2 bin]$ pwd >>> /opt/fedora-ds.backup.working.11_03_2005/bin/base/jre/bin >>> [dfulton at host2 bin]$ ./java -version >>> java version "1.4.2" >>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2) >>> Classic VM (build 1.4.2, J2RE 1.4.2 IBM build cxia32142sr1a-20050209 >>> (JIT enabled: jitc)) >>> ############## >>> >>> - When I start the console there is no weird java output in the >>> terminal. I login and there still aren't any errors. I search for >>> a user, still no errors. But, when I try and start the edit of an >>> object returened by the search, it spews a bunch of output: >>> >> Try startconsole -D 9 > console.log 2>&1 >> >> That should help us shed some light on what's going on. >>> [root at host2 fedora-ds]# java -version >>> java version "1.5.0_06" >>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) >>> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >>> [root at host2 fedora-ds]# ./startconsole >>> ####the stuff below shows up the second I click "Edit" >>> Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException >>> at >>> com.netscape.management.client.ug.ResourceEditor.setupPlugin(UnknownSource) >>> >>> at >>> com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) >>> at >>> com.netscape.management.client.ug.ResourceEditor.(Unknown Source) >>> at >>> com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown >>> Source) >>> at >>> com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown >>> Source) >>> at javax.swing.AbstractButton.fireActionPerformed(Unknown >>> Source) >>> at >>> javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) >>> at >>> javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) >>> at javax.swing.DefaultButtonModel.setPressed(Unknown Source) >>> at javax.swing.AbstractButton.doClick(Unknown Source) >>> at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown >>> Source) >>> at >>> javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(UnknownSource) >>> >>> at java.awt.Component.processMouseEvent(Unknown Source) >>> at javax.swing.JComponent.processMouseEvent(Unknown Source) >>> at java.awt.Component.processEvent(Unknown Source) >>> at java.awt.Container.processEvent(Unknown Source) >>> at java.awt.Component.dispatchEventImpl(Unknown Source) >>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>> at java.awt.Component.dispatchEvent(Unknown Source) >>> at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown >>> Source) >>> at java.awt.LightweightDispatcher.processMouseEvent(Unknown >>> Source) >>> at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) >>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>> at java.awt.Window.dispatchEventImpl(Unknown Source) >>> at java.awt.Component.dispatchEvent(Unknown Source) >>> at java.awt.EventQueue.dispatchEvent(Unknown Source) >>> at >>> java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) >>> at >>> java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) >>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>> at java.awt.EventDispatchThread.run(Unknown Source) >>> #################### >>> >>> - Here is some log output that might help. >>> >>> >>> [root at host2 fedora-ds]# tail -n 50 >>> /opt/fedora-ds/slapd-host2/logs/errors >>> Fedora-Directory/1.0.2 B2006.060.1928 >>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>> >>> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - signaling >>> operation threads >>> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - closing down >>> internal subsystems and plugins >>> [26/Jul/2006:15:00:23 -0500] - Waiting for 4 database threads to stop >>> [26/Jul/2006:15:00:24 -0500] - All database threads now stopped >>> [26/Jul/2006:15:00:24 -0500] - slapd stopped. >>> Fedora-Directory/1.0.2 B2006.060.1928 >>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>> >>> [26/Jul/2006:15:00:32 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 >>> starting up >>> [26/Jul/2006:15:00:37 -0500] - slapd started. Listening on All >>> Interfaces port389 for LDAP requests >>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - signaling >>> operation threads >>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - waiting for 27 >>> threads to terminate >>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - closing down >>> internal subsystems and plugins >>> [26/Jul/2006:15:00:40 -0500] - Waiting for 4 database threads to stop >>> [26/Jul/2006:15:00:41 -0500] - All database threads now stopped >>> [26/Jul/2006:15:00:41 -0500] - slapd stopped. >>> Fedora-Directory/1.0.2 B2006.060.1928 >>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>> >>> [26/Jul/2006:15:00:55 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 >>> starting up >>> [26/Jul/2006:15:00:56 -0500] - slapd started. Listening on All >>> Interfaces port389 for LDAP requests >>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - signaling >>> operation threads >>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - waiting for 29 >>> threads to terminate >>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - closing down >>> internal subsystems and plugins >>> [26/Jul/2006:15:21:51 -0500] - Waiting for 4 database threads to stop >>> [26/Jul/2006:15:21:51 -0500] - All database threads now stopped >>> [26/Jul/2006:15:21:52 -0500] - slapd stopped. >>> Fedora-Directory/1.0.2 B2006.060.1928 >>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>> >>> [26/Jul/2006:15:22:10 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 >>> starting up >>> [26/Jul/2006:15:22:10 -0500] - slapd started. Listening on All >>> Interfaces port389 for LDAP requests >>> [26/Jul/2006:17:37:38 -0500] - slapd shutting down - signaling >>> operation threads >>> [26/Jul/2006:17:37:41 -0500] - slapd shutting down - waiting for 28 >>> threads to terminate >>> [26/Jul/2006:17:37:43 -0500] - slapd shutting down - closing down >>> internal subsystems and plugins >>> Fedora-Directory/1.0.2 B2006.060.1928 >>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>> >>> [26/Jul/2006:17:41:13 -0500] - Fedora-Directory/1.0.2 B2006.060.1928 >>> starting up >>> [26/Jul/2006:17:41:13 -0500] - Detected Disorderly Shutdown last >>> time DirectoryServer was running, recovering database. >>> [26/Jul/2006:17:41:18 -0500] - slapd started. Listening on All >>> Interfaces port389 for LDAP requests >>> >>> ################ >>> >>> Please help if you can. I've been working on it off and on for a >>> week now with no luck. Thanks. >>> > Thank you for the reply. > > Question: > What changed [with the way the first screen of the console looks]? > > Answer: > I thought there were options to open Netscape Root and mydomian. > Maybe I'm remembering wrong, but I didn't think it was blank. What I meant was - what did _you_ change? You said it used to have options to open NetscapeRoot and mydomain - what did you change to make them go away? > Request: > Try startconsole -D 9 > console.log 2>&1 That should help us shed > some light on what's going on. > > Here are the contents of console.log from beginning -> 3 minutes after > attempting to edit a user: Hm - it's missing the console view entries. Try this: ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b o=netscaperoot cn=user ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b o=netscaperoot cn=group ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b o=netscaperoot cn=ou ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b o=netscaperoot cn=ResourceEditorExtension ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b o=netscaperoot cn=topologyplugin ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b o=netscaperoot cn=customview It can't seem to find any of these entries. > > [root at host2 fedora-ds]# pwd > /opt/fedora-ds > [root at host2 fedora-ds]# cat console.log > java.util.prefs.userRoot=/root/.fedora-console > java.runtime.name=Java(TM) 2 Runtime Environment, Standard Edition > sun.boot.library.path=/usr/java/jre1.5.0_06/lib/i386 > java.vm.version=1.5.0_06-b05 > java.vm.vendor=Sun Microsystems Inc. > java.vendor.url=http://java.sun.com/ > path.separator=: > java.vm.name=Java HotSpot(TM) Client VM > file.encoding.pkg=sun.io > user.country=US > sun.os.patch.level=unknown > java.vm.specification.name=Java Virtual Machine Specification > user.dir=/opt/fedora-ds > java.runtime.version=1.5.0_06-b05 > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > java.endorsed.dirs=/usr/java/jre1.5.0_06/lib/endorsed > os.arch=i386 > java.io.tmpdir=/tmp > line.separator= > > java.vm.specification.vendor=Sun Microsystems Inc. > os.name=Linux > sun.jnu.encoding=UTF-8 > java.library.path=./lib > java.specification.name=Java Platform API Specification > java.class.version=49.0 > sun.management.compiler=HotSpot Client Compiler > os.version=2.6.9-34.0.1.ELsmp > user.home=/root > user.timezone=America/Chicago > java.awt.printerjob=sun.print.PSPrinterJob > file.encoding=UTF-8 > java.specification.version=1.5 > java.class.path=./java/jss3.jar:./java/ldapjdk.jar:./java/fedora-base-1.0.jar:./java/fedora-mcc-1.0.jar:./java/fedora-mcc-1.0_en.jar:./java/fedora-nmclf-1.0.jar:./java/fedora-nmclf-1.0_en.jar > > user.name=root > java.vm.specification.version=1.0 > java.home=/usr/java/jre1.5.0_06 > sun.arch.data.model=32 > java.util.prefs.systemRoot=/root/.fedora-console > user.language=en > java.specification.vendor=Sun Microsystems Inc. > java.vm.info=mixed mode, sharing > java.version=1.5.0_06 > java.ext.dirs=/usr/java/jre1.5.0_06/lib/ext > sun.boot.class.path=/usr/java/jre1.5.0_06/lib/rt.jar:/usr/java/jre1.5.0_06/lib/i18n.jar:/usr/java/jre1.5.0_06/lib/sunrsasign.jar:/usr/java/jre1.5.0_06/lib/jsse.jar:/usr/java/jre1.5.0_06/lib/jce.jar:/usr/java/jre1.5.0_06/lib/charsets.jar:/usr/java/jre1.5.0_06/classes > > java.vendor=Sun Microsystems Inc. > file.separator=/ > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > sun.io.unicode.encoding=UnicodeLittle > sun.cpu.endian=little > sun.cpu.isalist= > ResourceSet: NOT found > loader20120943:com.netscape.management.client.console.versioninfo > Fedora-Management-Console/1.0 B2006.060.1914 > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/Error.gif > RemoteImage: Create RemoteImage cache for loader20120943 > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/Inform.gif > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/Warn.gif > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/Question.gif > ResourceSet: NOT found > loader20120943:com.netscape.management.client.components.components > RemoteImage: NOT found > loader20120943:com/netscape/management/client/images/logo16.gif > RemoteImage: NOT found > loader20120943:com/netscape/management/client/console/images/login.gif > ResourceSet: NOT found > loader20120943:com.netscape.management.client.util.default > ResourceSet: found > loader20120943:com.netscape.management.client.util.default > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button width = 72 > ResourceSet: found > loader20120943:com.netscape.management.client.util.default > CommManager> New CommRecord > (http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate) > http://host2.concepttechnologyinc.com:34877/[0:0] open> Ready > http://host2.concepttechnologyinc.com:34877/[0:0] accept> > http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate > http://host2.concepttechnologyinc.com:34877/[0:0] send> GET \ > http://host2.concepttechnologyinc.com:34877/[0:0] send> > /admin-serv/authenticate \ > http://host2.concepttechnologyinc.com:34877/[0:0] send> HTTP/1.0 > http://host2.concepttechnologyinc.com:34877/[0:0] send> Host: > host2.concepttechnologyinc.com:34877 > http://host2.concepttechnologyinc.com:34877/[0:0] send> Connection: > Keep-Alive > http://host2.concepttechnologyinc.com:34877/[0:0] send> User-Agent: > Fedora-Management-Console/1.0 > http://host2.concepttechnologyinc.com:34877/[0:0] send> > Accept-Language: en > http://host2.concepttechnologyinc.com:34877/[0:0] send> Authorization: > Basic \ > http://host2.concepttechnologyinc.com:34877/[0:0] send> > YWRtaW46bGRhcGFkbWluOTk3 \ > http://host2.concepttechnologyinc.com:34877/[0:0] send> > http://host2.concepttechnologyinc.com:34877/[0:0] send> > http://host2.concepttechnologyinc.com:34877/[0:0] recv> HTTP/1.1 200 OK > http://host2.concepttechnologyinc.com:34877/[0:0] recv> Date: Tue, 01 > Aug 2006 16:09:23 GMT > http://host2.concepttechnologyinc.com:34877/[0:0] recv> Server: > Apache/2.0 > HttpChannel.invoke: admin version = 2.0 > http://host2.concepttechnologyinc.com:34877/[0:0] recv> Admin-Server: > Fedora-Administrator/1.0.1 > HttpChannel.invoke: admin version = 1.0.1 > http://host2.concepttechnologyinc.com:34877/[0:0] recv> > Content-Length: 429 > http://host2.concepttechnologyinc.com:34877/[0:0] recv> Connection: close > http://host2.concepttechnologyinc.com:34877/[0:0] recv> Content-Type: > text/html > http://host2.concepttechnologyinc.com:34877/[0:0] recv> > http://host2.concepttechnologyinc.com:34877/[0:0] recv> Reading 429 > bytes... > http://host2.concepttechnologyinc.com:34877/[0:0] recv> 429 bytes read > Console.replyHandler: adminVersion = 1.0.1 > Console: Cannot open: cn=user, > cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global > Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot > Console: Cannot open cn=group, > cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global > Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot > Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.0, > ou=admin, ou=Global Preferences, ou=concepttechnologyinc.com, > o=NetscapeRoot > Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, > ou=Global Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot > ResourceSet: NOT found > loader20120943:com.netscape.management.client.topology.topology > ResourceSet: found > loader20120943:com.netscape.management.client.topology.topology > RemoteImage: found > loader20120943:com/netscape/management/client/images/logo16.gif > RemoteImage: NOT found > loader20120943:com/netscape/management/client/images/ConsoleBanner.gif > RemoteImage: NOT found > loader20120943:com/netscape/management/client/images/warn16.gif > ResourceSet: NOT found > loader20120943:com.netscape.management.client.default > UIPermissions: TopologyEditing yes > Cannot open: cn=topologyplugin,ou=1.0, ou=admin, ou=Global > Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot > ResourceSet: found > loader20120943:com.netscape.management.client.topology.topology > ResourceSet: found loader20120943:com.netscape.management.client.default > ResourceSet: found > loader20120943:com.netscape.management.client.topology.topology > ResourceSet: found > loader20120943:com.netscape.management.client.topology.topology > UIPermissions: CustomViewEditing yes > ResourceSet: found loader20120943:com.netscape.management.client.default > ResourceSet: found loader20120943:com.netscape.management.client.default > UIPermissions: UGTabVisibility yes > UIPermissions: UGEditing yes > ResourceSet: found > loader20120943:com.netscape.management.client.topology.topology > TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for > performance tuning > Cannot load custom views, error code= 32 > ou=concepttechnologyinc.com, o=NetscapeRoot> > pub defaultView=null > user defaultView= > RemoteImage: NOT found > loader20120943:com/netscape/management/client/images/notsecure.gif > http://host2.concepttechnologyinc.com:34877/[0:0] close> Closed > TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for > performance tuning > ResourceSet: found > loader20120943:com.netscape.management.client.topology.topology > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/user24.gif > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/group24.gif > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/ou24.gif > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button width = 72 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 108 > JButtonFactory: button height = 19 > ResourceSet: NOT found > loader20120943:com.netscape.management.client.ug.PickerEditorResource > ResourceSet: found > loader20120943:com.netscape.management.client.ug.PickerEditorResource > ResourceSet: found > loader20120943:com.netscape.management.client.ug.PickerEditorResource > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/user.gif > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/group.gif > RemoteImage: NOT found > loader20120943:com/netscape/management/nmclf/icons/ou.gif > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > Search: > (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) > > ResourceSet: found > loader20120943:com.netscape.management.client.topology.topology > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > LDAPUtil.getVLVIndex dc=concepttechnologyinc,dc=com 2 > (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) > cn > match=null > VLDirectoryTableModel: getVlVIndex=null > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.console.console > ResourceSet: found > loader20120943:com.netscape.management.client.ug.PickerEditorResource > ResourceSet: found > loader20120943:com.netscape.management.client.ug.PickerEditorResource > ResourceSet: found > loader20120943:com.netscape.management.client.ug.PickerEditorResource > JButtonFactory: button width = 108 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException > at > com.netscape.management.client.ug.ResourceEditor.setupPlugin(Unknown > Source) > at > com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) > at > com.netscape.management.client.ug.ResourceEditor.(Unknown Source) > at > com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown > Source) > at > com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown > Source) > at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) > at javax.swing.AbstractButton$Handler.actionPerformed(Unknown > Source) > at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown > Source) > at javax.swing.DefaultButtonModel.setPressed(Unknown Source) > at > javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) > at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) > at java.awt.Component.processMouseEvent(Unknown Source) > at javax.swing.JComponent.processMouseEvent(Unknown Source) > at java.awt.Component.processEvent(Unknown Source) > at java.awt.Container.processEvent(Unknown Source) > at java.awt.Component.dispatchEventImpl(Unknown Source) > at java.awt.Container.dispatchEventImpl(Unknown Source) > at java.awt.Component.dispatchEvent(Unknown Source) > at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown > Source) > at java.awt.LightweightDispatcher.processMouseEvent(Unknown > Source) > at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) > at java.awt.Container.dispatchEventImpl(Unknown Source) > at java.awt.Window.dispatchEventImpl(Unknown Source) > at java.awt.Component.dispatchEvent(Unknown Source) > at java.awt.EventQueue.dispatchEvent(Unknown Source) > at > java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) > at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown > Source) > at java.awt.EventDispatchThread.pumpEvents(Unknown Source) > at java.awt.EventDispatchThread.pumpEvents(Unknown Source) > at java.awt.EventDispatchThread.run(Unknown Source) > [root at host2 fedora-ds]# > > > > Best Regards, > > Darren Fulton > Concept Technology, Inc. > 1106 17th Avenue South > Nashville, TN 37212 > > Phone - 615.321.6428 Ext. 105 > Fax - 615.321.5598 > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jrussler at helix.nih.gov Tue Aug 1 17:27:22 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Tue, 01 Aug 2006 13:27:22 -0400 Subject: [Fedora-directory-users] LDAP and GDM In-Reply-To: <08422C17320455488F792FCD66404BB370FB0C@bnesbexc01.datacom.com.au> References: <08422C17320455488F792FCD66404BB370FB0C@bnesbexc01.datacom.com.au> Message-ID: <44CF8EFA.7070008@helix.nih.gov> On Fedora/Redhat, it's easiest to use "system-config-authentication" rather than picking at PAM config files et al. It there a reason you can't do that? (there are a few) Ian Bishop wrote: > I've setup my Fedora box to authenticate SSH session off Fedora > Directory, however I'm having some trouble getting X session to > authenticate. > > I searched on google and found someone with exactly the same problem, > unfortunately noone seemed to have an answer for them at the time: > > http://mail.gnome.org/archives/gdm-list/2003-January/msg00012.html > > > Is anyone successfully authenticating X sessions with GDM & LDAP? > > Thanks, > Ian. > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From mj at sci.fi Tue Aug 1 18:35:19 2006 From: mj at sci.fi (Mike Jackson) Date: Tue, 01 Aug 2006 21:35:19 +0300 Subject: [Fedora-directory-users] Net::LDAP or Mozilla::LDAP::Conn/Entry for FDS In-Reply-To: <44CF67E9.7090704@redhat.com> References: <44CF64AF.4060301@exeter.ac.uk> <44CF67E9.7090704@redhat.com> Message-ID: <44CF9EE7.3080800@sci.fi> Richard Megginson wrote: > > > Net::LDAP allows you to use all of the LDAPv3 controls and extended > operations by providing an ASN.1 parser. I personally like the OO > interface of Net::LDAP. Me, too. I like it a lot. It's very clean, and well thought out. > Mozilla::LDAP is a wrapper around the C libraries, so it is as much as a > factor of 10 faster. So if you need as much performance as you can get, > use it instead of Net::LDAP which is native perl. Also, if you want to > use Mozilla NSS for crypto, you must use Mozilla::LDAP - Net::LDAP uses > Net::SSLeay which is a wrapper around openssl. One thing to mention here is that Net::SSLeay does not allow more than one concurrent LDAPS handle. Most people don't need that, but worth noting anyway... My reasons for using Net::LDAP are that it is ubiquitous, well tested, and well maintained. Another reason is that it's platform independent, which can be a real lifesaver if you need to deliver the same code to e.g. win32, linux, and unix machines. I have probably written more than 100k lines of code with Net::LDAP, and I recommend that if you are just getting started using perl with LDAP that you start to do the same :-) Net::LDAP is drop-dead easy to code to and drop-dead easy to subclass, which makes for very rapid development. When I design a piece of LDAP functionality which needs to be really fast I just write it in C to begin with. I don't see much sense in using a perl wrapper around C libraries. BR, -- mike From rcritten at redhat.com Tue Aug 1 19:30:07 2006 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 01 Aug 2006 15:30:07 -0400 Subject: [Fedora-directory-users] I am trying to build FDS for Windows XP platform In-Reply-To: References: Message-ID: <44CFABBF.1090708@redhat.com> Eugene M Liberman wrote: > I am trying to build FDS for Windows XP platform. I got MKS tools as > recommended in the build section. Could anyone provide any help and > guidance in the build process? > > Where do I start? I'd start by getting the components built first. By that I mean NSPR, NSS, the LDAPSDK, cyrus, etc. Once those binary components are available it shouldn't take a whole lot of effort to reverse engineer ldapserver/components.mk so the DS build can find them. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From dfulton at concepttechnologyinc.com Tue Aug 1 20:37:29 2006 From: dfulton at concepttechnologyinc.com (Darren Fulton - CTI) Date: Tue, 01 Aug 2006 15:37:29 -0500 Subject: [Fedora-directory-users] FDS java console - can login, can search, but cannot edit or do anything useful In-Reply-To: <44CF8451.9060703@redhat.com> References: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> <44CF5626.2090408@redhat.com> <44CF7FC0.5020802@concepttechnologyinc.com> <44CF8451.9060703@redhat.com> Message-ID: <44CFBB89.1080800@concepttechnologyinc.com> Richard Megginson wrote: > Darren Fulton - CTI wrote: >> >> >> Richard Megginson wrote: >>> Darren Fulton wrote: >>>> I need help please. The directory server seems to be working fine >>>> (users are authenticating and contacts lists are available). The >>>> admin server seems to be fine too (I can login to the FDS Gateway >>>> and search for users, authenticate as admin, and add contacts). I >>>> can also login to the directory server console as admin. After >>>> logging in it looks like this: >>>> >>>> http://concepttechnologyinc.com/images/snapshot_fds-console3.png >>>> >>>> Which is not how it once looked. >>>> >>> What changed? >>>> I can click the second tab and perform a search. It finds users. >>>> If I right click on a user object and select "Edit", the curser >>>> starts throbbing like it is going to do something, but it never >>>> does. It just keeps throbbing. Same thing if I double click on >>>> the user. That looks like this: >>>> http://concepttechnologyinc.com/images/snapshot_fds-console2.png >>>> >>>> Same problem occurs if I try and add a user, which is what I've >>>> been trying to do for a week. >>>> >>>> This was not the case a few months ago. >>>> >>>> - I'm running 1.0-2.RHEL4.i386 on RHEL 4.3. >>>> >>>> - I've rebooted the server >>>> >>>> - I have the X11 deprecated libs installed. [root at host2 ~]# rpm >>>> -qa | grep deprec >>>> xorg-x11-deprecated-libs-6.8.2-1.EL.13.25.1 >>>> xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.25.1 >>>> ############## >>>> >>>> - I have tried the most recent Sun Java as well as the IBM Java >>>> from a couple of the earlier FDS versions that I had backed up. >>>> ############## >>>> [dfulton at host2 ~]$ java -version >>>> java version "1.5.0_06" >>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) >>>> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >>>> ############## >>>> [dfulton at host2 bin]$ pwd >>>> /opt/fedora-ds.backup.working.11_03_2005/bin/base/jre/bin >>>> [dfulton at host2 bin]$ ./java -version >>>> java version "1.4.2" >>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2) >>>> Classic VM (build 1.4.2, J2RE 1.4.2 IBM build >>>> cxia32142sr1a-20050209 (JIT enabled: jitc)) >>>> ############## >>>> >>>> - When I start the console there is no weird java output in the >>>> terminal. I login and there still aren't any errors. I search for >>>> a user, still no errors. But, when I try and start the edit of an >>>> object returened by the search, it spews a bunch of output: >>>> >>> Try startconsole -D 9 > console.log 2>&1 >>> >>> That should help us shed some light on what's going on. >>>> [root at host2 fedora-ds]# java -version >>>> java version "1.5.0_06" >>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) >>>> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >>>> [root at host2 fedora-ds]# ./startconsole >>>> ####the stuff below shows up the second I click "Edit" >>>> Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException >>>> at >>>> com.netscape.management.client.ug.ResourceEditor.setupPlugin(UnknownSource) >>>> >>>> at >>>> com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) >>>> at >>>> com.netscape.management.client.ug.ResourceEditor.(Unknown >>>> Source) >>>> at >>>> com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown >>>> Source) >>>> at >>>> com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown >>>> Source) >>>> at javax.swing.AbstractButton.fireActionPerformed(Unknown >>>> Source) >>>> at >>>> javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) >>>> at >>>> javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) >>>> at javax.swing.DefaultButtonModel.setPressed(Unknown Source) >>>> at javax.swing.AbstractButton.doClick(Unknown Source) >>>> at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown >>>> Source) >>>> at >>>> javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(UnknownSource) >>>> >>>> at java.awt.Component.processMouseEvent(Unknown Source) >>>> at javax.swing.JComponent.processMouseEvent(Unknown Source) >>>> at java.awt.Component.processEvent(Unknown Source) >>>> at java.awt.Container.processEvent(Unknown Source) >>>> at java.awt.Component.dispatchEventImpl(Unknown Source) >>>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>>> at java.awt.Component.dispatchEvent(Unknown Source) >>>> at >>>> java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) >>>> at java.awt.LightweightDispatcher.processMouseEvent(Unknown >>>> Source) >>>> at java.awt.LightweightDispatcher.dispatchEvent(Unknown >>>> Source) >>>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>>> at java.awt.Window.dispatchEventImpl(Unknown Source) >>>> at java.awt.Component.dispatchEvent(Unknown Source) >>>> at java.awt.EventQueue.dispatchEvent(Unknown Source) >>>> at >>>> java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) >>>> at >>>> java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) >>>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>>> at java.awt.EventDispatchThread.run(Unknown Source) >>>> #################### >>>> >>>> - Here is some log output that might help. >>>> >>>> >>>> [root at host2 fedora-ds]# tail -n 50 >>>> /opt/fedora-ds/slapd-host2/logs/errors >>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>> >>>> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - signaling >>>> operation threads >>>> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - closing down >>>> internal subsystems and plugins >>>> [26/Jul/2006:15:00:23 -0500] - Waiting for 4 database threads to stop >>>> [26/Jul/2006:15:00:24 -0500] - All database threads now stopped >>>> [26/Jul/2006:15:00:24 -0500] - slapd stopped. >>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>> >>>> [26/Jul/2006:15:00:32 -0500] - Fedora-Directory/1.0.2 >>>> B2006.060.1928 starting up >>>> [26/Jul/2006:15:00:37 -0500] - slapd started. Listening on All >>>> Interfaces port389 for LDAP requests >>>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - signaling >>>> operation threads >>>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - waiting for 27 >>>> threads to terminate >>>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - closing down >>>> internal subsystems and plugins >>>> [26/Jul/2006:15:00:40 -0500] - Waiting for 4 database threads to stop >>>> [26/Jul/2006:15:00:41 -0500] - All database threads now stopped >>>> [26/Jul/2006:15:00:41 -0500] - slapd stopped. >>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>> >>>> [26/Jul/2006:15:00:55 -0500] - Fedora-Directory/1.0.2 >>>> B2006.060.1928 starting up >>>> [26/Jul/2006:15:00:56 -0500] - slapd started. Listening on All >>>> Interfaces port389 for LDAP requests >>>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - signaling >>>> operation threads >>>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - waiting for 29 >>>> threads to terminate >>>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - closing down >>>> internal subsystems and plugins >>>> [26/Jul/2006:15:21:51 -0500] - Waiting for 4 database threads to stop >>>> [26/Jul/2006:15:21:51 -0500] - All database threads now stopped >>>> [26/Jul/2006:15:21:52 -0500] - slapd stopped. >>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>> >>>> [26/Jul/2006:15:22:10 -0500] - Fedora-Directory/1.0.2 >>>> B2006.060.1928 starting up >>>> [26/Jul/2006:15:22:10 -0500] - slapd started. Listening on All >>>> Interfaces port389 for LDAP requests >>>> [26/Jul/2006:17:37:38 -0500] - slapd shutting down - signaling >>>> operation threads >>>> [26/Jul/2006:17:37:41 -0500] - slapd shutting down - waiting for 28 >>>> threads to terminate >>>> [26/Jul/2006:17:37:43 -0500] - slapd shutting down - closing down >>>> internal subsystems and plugins >>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>> >>>> [26/Jul/2006:17:41:13 -0500] - Fedora-Directory/1.0.2 >>>> B2006.060.1928 starting up >>>> [26/Jul/2006:17:41:13 -0500] - Detected Disorderly Shutdown last >>>> time DirectoryServer was running, recovering database. >>>> [26/Jul/2006:17:41:18 -0500] - slapd started. Listening on All >>>> Interfaces port389 for LDAP requests >>>> >>>> ################ >>>> >>>> Please help if you can. I've been working on it off and on for a >>>> week now with no luck. Thanks. >>>> >> Thank you for the reply. >> >> Question: >> What changed [with the way the first screen of the console looks]? >> >> Answer: >> I thought there were options to open Netscape Root and mydomian. >> Maybe I'm remembering wrong, but I didn't think it was blank. > What I meant was - what did _you_ change? You said it used to have > options to open NetscapeRoot and mydomain - what did you change to > make them go away? I think it happened after an upgrade. However I was able to still use the console after that by using an older console. That doesn't work anymore. Here is the thread on that: https://www.redhat.com/archives/fedora-directory-users/2006-February/msg00186.html >> Request: >> Try startconsole -D 9 > console.log 2>&1 That should help us shed >> some light on what's going on. >> >> Here are the contents of console.log from beginning -> 3 minutes >> after attempting to edit a user: > Hm - it's missing the console view entries. Try this: > ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b > o=netscaperoot cn=user > ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b > o=netscaperoot cn=group > ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b > o=netscaperoot cn=ou > ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b > o=netscaperoot cn=ResourceEditorExtension > ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b > o=netscaperoot cn=topologyplugin > ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b > o=netscaperoot cn=customview > > It can't seem to find any of these entries. [root at host2 bin]# ldapsearch -x -h ldaphost -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=user ldap_bind: Can't contact LDAP server (-1) [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=user version: 1 dn: cn=user,cn=defaultObjectClassesContainer,ou=4.0,ou=Admin,ou=Global Prefere nces,ou=concepttechnologyinc.com,o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: nsdefaultObjectClasses cn: user nsDefaultObjectClass: top nsDefaultObjectClass: person nsDefaultObjectClass: organizationalPerson nsDefaultObjectClass: inetorgperson [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=group version: 1 dn: cn=group,cn=defaultObjectClassesContainer,ou=4.0,ou=Admin,ou=Global Prefer ences,ou=concepttechnologyinc.com,o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: nsdefaultObjectClasses cn: group nsDefaultObjectClass: top nsDefaultObjectClass: groupofuniquenames [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=ou version: 1 dn: cn=ou,cn=defaultObjectClassesContainer,ou=4.0,ou=Admin,ou=Global Preferenc es,ou=concepttechnologyinc.com,o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: nsdefaultObjectClasses cn: ou nsDefaultObjectClass: top nsDefaultObjectClass: organizationalunit [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=ResourceEditorExtension version: 1 dn: cn=ResourceEditorExtension,ou=4.0,ou=Admin,ou=Global Preferences,ou=concep ttechnologyinc.com,o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: extensibleObject cn: ResourceEditorExtension nsmerge: ADD_IF_EMPTY [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=ResourceEditorExtension version: 1 dn: cn=ResourceEditorExtension,ou=4.0,ou=Admin,ou=Global Preferences,ou=concep ttechnologyinc.com,o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: extensibleObject cn: ResourceEditorExtension nsmerge: ADD_IF_EMPTY [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=customview version: 1 dn: cn=CustomView,ou=4.0,ou=Admin,ou=Global Preferences,ou=concepttechnologyin c.com,o=NetscapeRoot objectClass: top objectClass: nsResourceRef cn: CustomView >> >> [root at host2 fedora-ds]# pwd >> /opt/fedora-ds >> [root at host2 fedora-ds]# cat console.log >> java.util.prefs.userRoot=/root/.fedora-console >> java.runtime.name=Java(TM) 2 Runtime Environment, Standard Edition >> sun.boot.library.path=/usr/java/jre1.5.0_06/lib/i386 >> java.vm.version=1.5.0_06-b05 >> java.vm.vendor=Sun Microsystems Inc. >> java.vendor.url=http://java.sun.com/ >> path.separator=: >> java.vm.name=Java HotSpot(TM) Client VM >> file.encoding.pkg=sun.io >> user.country=US >> sun.os.patch.level=unknown >> java.vm.specification.name=Java Virtual Machine Specification >> user.dir=/opt/fedora-ds >> java.runtime.version=1.5.0_06-b05 >> java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment >> java.endorsed.dirs=/usr/java/jre1.5.0_06/lib/endorsed >> os.arch=i386 >> java.io.tmpdir=/tmp >> line.separator= >> >> java.vm.specification.vendor=Sun Microsystems Inc. >> os.name=Linux >> sun.jnu.encoding=UTF-8 >> java.library.path=./lib >> java.specification.name=Java Platform API Specification >> java.class.version=49.0 >> sun.management.compiler=HotSpot Client Compiler >> os.version=2.6.9-34.0.1.ELsmp >> user.home=/root >> user.timezone=America/Chicago >> java.awt.printerjob=sun.print.PSPrinterJob >> file.encoding=UTF-8 >> java.specification.version=1.5 >> java.class.path=./java/jss3.jar:./java/ldapjdk.jar:./java/fedora-base-1.0.jar:./java/fedora-mcc-1.0.jar:./java/fedora-mcc-1.0_en.jar:./java/fedora-nmclf-1.0.jar:./java/fedora-nmclf-1.0_en.jar >> >> user.name=root >> java.vm.specification.version=1.0 >> java.home=/usr/java/jre1.5.0_06 >> sun.arch.data.model=32 >> java.util.prefs.systemRoot=/root/.fedora-console >> user.language=en >> java.specification.vendor=Sun Microsystems Inc. >> java.vm.info=mixed mode, sharing >> java.version=1.5.0_06 >> java.ext.dirs=/usr/java/jre1.5.0_06/lib/ext >> sun.boot.class.path=/usr/java/jre1.5.0_06/lib/rt.jar:/usr/java/jre1.5.0_06/lib/i18n.jar:/usr/java/jre1.5.0_06/lib/sunrsasign.jar:/usr/java/jre1.5.0_06/lib/jsse.jar:/usr/java/jre1.5.0_06/lib/jce.jar:/usr/java/jre1.5.0_06/lib/charsets.jar:/usr/java/jre1.5.0_06/classes >> >> java.vendor=Sun Microsystems Inc. >> file.separator=/ >> java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi >> sun.io.unicode.encoding=UnicodeLittle >> sun.cpu.endian=little >> sun.cpu.isalist= >> ResourceSet: NOT found >> loader20120943:com.netscape.management.client.console.versioninfo >> Fedora-Management-Console/1.0 B2006.060.1914 >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/Error.gif >> RemoteImage: Create RemoteImage cache for loader20120943 >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/Inform.gif >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/Warn.gif >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/Question.gif >> ResourceSet: NOT found >> loader20120943:com.netscape.management.client.components.components >> RemoteImage: NOT found >> loader20120943:com/netscape/management/client/images/logo16.gif >> RemoteImage: NOT found >> loader20120943:com/netscape/management/client/console/images/login.gif >> ResourceSet: NOT found >> loader20120943:com.netscape.management.client.util.default >> ResourceSet: found >> loader20120943:com.netscape.management.client.util.default >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button width = 72 >> ResourceSet: found >> loader20120943:com.netscape.management.client.util.default >> CommManager> New CommRecord >> (http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate) >> http://host2.concepttechnologyinc.com:34877/[0:0] open> Ready >> http://host2.concepttechnologyinc.com:34877/[0:0] accept> >> http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate >> http://host2.concepttechnologyinc.com:34877/[0:0] send> GET \ >> http://host2.concepttechnologyinc.com:34877/[0:0] send> >> /admin-serv/authenticate \ >> http://host2.concepttechnologyinc.com:34877/[0:0] send> HTTP/1.0 >> http://host2.concepttechnologyinc.com:34877/[0:0] send> Host: >> host2.concepttechnologyinc.com:34877 >> http://host2.concepttechnologyinc.com:34877/[0:0] send> Connection: >> Keep-Alive >> http://host2.concepttechnologyinc.com:34877/[0:0] send> User-Agent: >> Fedora-Management-Console/1.0 >> http://host2.concepttechnologyinc.com:34877/[0:0] send> >> Accept-Language: en >> http://host2.concepttechnologyinc.com:34877/[0:0] send> >> Authorization: Basic \ >> http://host2.concepttechnologyinc.com:34877/[0:0] send> >> YWRtaW46bGRhcGFkbWluOTk3 \ >> http://host2.concepttechnologyinc.com:34877/[0:0] send> >> http://host2.concepttechnologyinc.com:34877/[0:0] send> >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> HTTP/1.1 200 OK >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Date: Tue, 01 >> Aug 2006 16:09:23 GMT >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Server: >> Apache/2.0 >> HttpChannel.invoke: admin version = 2.0 >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Admin-Server: >> Fedora-Administrator/1.0.1 >> HttpChannel.invoke: admin version = 1.0.1 >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >> Content-Length: 429 >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Connection: >> close >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Content-Type: >> text/html >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Reading 429 >> bytes... >> http://host2.concepttechnologyinc.com:34877/[0:0] recv> 429 bytes read >> Console.replyHandler: adminVersion = 1.0.1 >> Console: Cannot open: cn=user, >> cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global >> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >> Console: Cannot open cn=group, >> cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global >> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >> Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.0, >> ou=admin, ou=Global Preferences, ou=concepttechnologyinc.com, >> o=NetscapeRoot >> Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, >> ou=Global Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >> ResourceSet: NOT found >> loader20120943:com.netscape.management.client.topology.topology >> ResourceSet: found >> loader20120943:com.netscape.management.client.topology.topology >> RemoteImage: found >> loader20120943:com/netscape/management/client/images/logo16.gif >> RemoteImage: NOT found >> loader20120943:com/netscape/management/client/images/ConsoleBanner.gif >> RemoteImage: NOT found >> loader20120943:com/netscape/management/client/images/warn16.gif >> ResourceSet: NOT found >> loader20120943:com.netscape.management.client.default >> UIPermissions: TopologyEditing yes >> Cannot open: cn=topologyplugin,ou=1.0, ou=admin, ou=Global >> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >> ResourceSet: found >> loader20120943:com.netscape.management.client.topology.topology >> ResourceSet: found loader20120943:com.netscape.management.client.default >> ResourceSet: found >> loader20120943:com.netscape.management.client.topology.topology >> ResourceSet: found >> loader20120943:com.netscape.management.client.topology.topology >> UIPermissions: CustomViewEditing yes >> ResourceSet: found loader20120943:com.netscape.management.client.default >> ResourceSet: found loader20120943:com.netscape.management.client.default >> UIPermissions: UGTabVisibility yes >> UIPermissions: UGEditing yes >> ResourceSet: found >> loader20120943:com.netscape.management.client.topology.topology >> TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for >> performance tuning >> Cannot load custom views, error code= 32 >> > ou=concepttechnologyinc.com, o=NetscapeRoot> >> pub defaultView=null >> user defaultView= >> RemoteImage: NOT found >> loader20120943:com/netscape/management/client/images/notsecure.gif >> http://host2.concepttechnologyinc.com:34877/[0:0] close> Closed >> TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for >> performance tuning >> ResourceSet: found >> loader20120943:com.netscape.management.client.topology.topology >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/user24.gif >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/group24.gif >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/ou24.gif >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button width = 72 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 108 >> JButtonFactory: button height = 19 >> ResourceSet: NOT found >> loader20120943:com.netscape.management.client.ug.PickerEditorResource >> ResourceSet: found >> loader20120943:com.netscape.management.client.ug.PickerEditorResource >> ResourceSet: found >> loader20120943:com.netscape.management.client.ug.PickerEditorResource >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/user.gif >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/group.gif >> RemoteImage: NOT found >> loader20120943:com/netscape/management/nmclf/icons/ou.gif >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 19 >> Search: >> (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) >> >> ResourceSet: found >> loader20120943:com.netscape.management.client.topology.topology >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> LDAPUtil.getVLVIndex dc=concepttechnologyinc,dc=com 2 >> (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) >> cn >> match=null >> VLDirectoryTableModel: getVlVIndex=null >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.console.console >> ResourceSet: found >> loader20120943:com.netscape.management.client.ug.PickerEditorResource >> ResourceSet: found >> loader20120943:com.netscape.management.client.ug.PickerEditorResource >> ResourceSet: found >> loader20120943:com.netscape.management.client.ug.PickerEditorResource >> JButtonFactory: button width = 108 >> JButtonFactory: button height = 19 >> JButtonFactory: button width = 90 >> JButtonFactory: button height = 19 >> Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException >> at >> com.netscape.management.client.ug.ResourceEditor.setupPlugin(Unknown >> Source) >> at >> com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) >> at >> com.netscape.management.client.ug.ResourceEditor.(Unknown Source) >> at >> com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown >> Source) >> at >> com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown >> Source) >> at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) >> at javax.swing.AbstractButton$Handler.actionPerformed(Unknown >> Source) >> at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown >> Source) >> at javax.swing.DefaultButtonModel.setPressed(Unknown Source) >> at >> javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) >> at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) >> at java.awt.Component.processMouseEvent(Unknown Source) >> at javax.swing.JComponent.processMouseEvent(Unknown Source) >> at java.awt.Component.processEvent(Unknown Source) >> at java.awt.Container.processEvent(Unknown Source) >> at java.awt.Component.dispatchEventImpl(Unknown Source) >> at java.awt.Container.dispatchEventImpl(Unknown Source) >> at java.awt.Component.dispatchEvent(Unknown Source) >> at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown >> Source) >> at java.awt.LightweightDispatcher.processMouseEvent(Unknown >> Source) >> at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) >> at java.awt.Container.dispatchEventImpl(Unknown Source) >> at java.awt.Window.dispatchEventImpl(Unknown Source) >> at java.awt.Component.dispatchEvent(Unknown Source) >> at java.awt.EventQueue.dispatchEvent(Unknown Source) >> at >> java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) >> at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown >> Source) >> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >> at java.awt.EventDispatchThread.run(Unknown Source) >> [root at host2 fedora-ds]# >> >> >> >> Best Regards, >> >> Darren Fulton >> Concept Technology, Inc. >> 1106 17th Avenue South >> Nashville, TN 37212 >> >> Phone - 615.321.6428 Ext. 105 >> Fax - 615.321.5598 >> >> >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From richip at richip.dhs.org Tue Aug 1 20:44:44 2006 From: richip at richip.dhs.org (Richi Plana) Date: Tue, 01 Aug 2006 14:44:44 -0600 Subject: [Fedora-directory-users] Authentication Cache While Offline In-Reply-To: <1154017530.2975.30.camel@richip.dhs.org> References: <1153893833.2975.9.camel@richip.dhs.org> <1154017530.2975.30.camel@richip.dhs.org> Message-ID: <1154465084.2721.32.camel@richip.dhs.org> Hi, All. Any suggestions/leads?: On Thu, 2006-07-27 at 10:25 -0600, Richi Plana wrote: > Hi, All. > > On Wed, 2006-07-26 at 00:03 -0600, Richi Plana wrote: > > I recently set up fedora-ds and managed to configure several FC5 > > machines to authenticate and get user information from the LDAP server. > > Unfortunately, the laptop isn't always connected to the network so when > > it boots up, the process hangs when it tries to start the "message bus". > > I figure the process blocks when it tries to change UID to that of the > > dbus user. When the machine isn't connected to the network (ie. no cable > > and wireless isn't available), the process just hangs. > > > > Any suggestions on fixing this? > > So I've implemented one fix. For some reason, even > with /etc/nsswitch.conf configured as follows, FC5 systems still go to > LDAP even if a user exists locally (dbus user exists in /etc/passwd): > > /etc/nsswitch.conf: > ... > passwd: files ldap > shadow: files ldap > group: files ldap > ... > > > So the solution I applied was to edit /etc/ldap.conf and added the entry > "bind_policy hard". This is supposed to make nss_ldap exit after failing > a connection attempt (instead of the default infinite retries). > > My problem now is that none of my DS users can log on to the > newly-started machine. I thought that's what the "Cache User > Information" option in system-config-authentication -> Account > Information does, but it apparently doesn't. Is there a way to cache > LDAP Authentication and Account information so that offline machines > will allow logons from LDAP users? Kind of like how WinXP does? From rmeggins at redhat.com Tue Aug 1 20:53:46 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 01 Aug 2006 14:53:46 -0600 Subject: [Fedora-directory-users] FDS java console - can login, can search, but cannot edit or do anything useful In-Reply-To: <44CFBB89.1080800@concepttechnologyinc.com> References: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> <44CF5626.2090408@redhat.com> <44CF7FC0.5020802@concepttechnologyinc.com> <44CF8451.9060703@redhat.com> <44CFBB89.1080800@concepttechnologyinc.com> Message-ID: <44CFBF5A.4040108@redhat.com> Darren Fulton - CTI wrote: > Richard Megginson wrote: >> Darren Fulton - CTI wrote: >>> >>> >>> Richard Megginson wrote: >>>> Darren Fulton wrote: >>>>> I need help please. The directory server seems to be working fine >>>>> (users are authenticating and contacts lists are available). The >>>>> admin server seems to be fine too (I can login to the FDS Gateway >>>>> and search for users, authenticate as admin, and add contacts). I >>>>> can also login to the directory server console as admin. After >>>>> logging in it looks like this: >>>>> >>>>> http://concepttechnologyinc.com/images/snapshot_fds-console3.png >>>>> >>>>> Which is not how it once looked. >>>>> >>>> What changed? >>>>> I can click the second tab and perform a search. It finds users. >>>>> If I right click on a user object and select "Edit", the curser >>>>> starts throbbing like it is going to do something, but it never >>>>> does. It just keeps throbbing. Same thing if I double click on >>>>> the user. That looks like this: >>>>> http://concepttechnologyinc.com/images/snapshot_fds-console2.png >>>>> >>>>> Same problem occurs if I try and add a user, which is what I've >>>>> been trying to do for a week. >>>>> >>>>> This was not the case a few months ago. >>>>> >>>>> - I'm running 1.0-2.RHEL4.i386 on RHEL 4.3. >>>>> >>>>> - I've rebooted the server >>>>> >>>>> - I have the X11 deprecated libs installed. [root at host2 ~]# rpm >>>>> -qa | grep deprec >>>>> xorg-x11-deprecated-libs-6.8.2-1.EL.13.25.1 >>>>> xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.25.1 >>>>> ############## >>>>> >>>>> - I have tried the most recent Sun Java as well as the IBM Java >>>>> from a couple of the earlier FDS versions that I had backed up. >>>>> ############## >>>>> [dfulton at host2 ~]$ java -version >>>>> java version "1.5.0_06" >>>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) >>>>> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >>>>> ############## >>>>> [dfulton at host2 bin]$ pwd >>>>> /opt/fedora-ds.backup.working.11_03_2005/bin/base/jre/bin >>>>> [dfulton at host2 bin]$ ./java -version >>>>> java version "1.4.2" >>>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2) >>>>> Classic VM (build 1.4.2, J2RE 1.4.2 IBM build >>>>> cxia32142sr1a-20050209 (JIT enabled: jitc)) >>>>> ############## >>>>> >>>>> - When I start the console there is no weird java output in the >>>>> terminal. I login and there still aren't any errors. I search >>>>> for a user, still no errors. But, when I try and start the edit >>>>> of an object returened by the search, it spews a bunch of output: >>>>> >>>> Try startconsole -D 9 > console.log 2>&1 >>>> >>>> That should help us shed some light on what's going on. >>>>> [root at host2 fedora-ds]# java -version >>>>> java version "1.5.0_06" >>>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) >>>>> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >>>>> [root at host2 fedora-ds]# ./startconsole >>>>> ####the stuff below shows up the second I click "Edit" >>>>> Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException >>>>> at >>>>> com.netscape.management.client.ug.ResourceEditor.setupPlugin(UnknownSource) >>>>> >>>>> at >>>>> com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) >>>>> at >>>>> com.netscape.management.client.ug.ResourceEditor.(Unknown >>>>> Source) >>>>> at >>>>> com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown >>>>> Source) >>>>> at >>>>> com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown >>>>> Source) >>>>> at javax.swing.AbstractButton.fireActionPerformed(Unknown >>>>> Source) >>>>> at >>>>> javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) >>>>> at >>>>> javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) >>>>> at javax.swing.DefaultButtonModel.setPressed(Unknown Source) >>>>> at javax.swing.AbstractButton.doClick(Unknown Source) >>>>> at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown >>>>> Source) >>>>> at >>>>> javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(UnknownSource) >>>>> >>>>> at java.awt.Component.processMouseEvent(Unknown Source) >>>>> at javax.swing.JComponent.processMouseEvent(Unknown Source) >>>>> at java.awt.Component.processEvent(Unknown Source) >>>>> at java.awt.Container.processEvent(Unknown Source) >>>>> at java.awt.Component.dispatchEventImpl(Unknown Source) >>>>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>>>> at java.awt.Component.dispatchEvent(Unknown Source) >>>>> at >>>>> java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) >>>>> at >>>>> java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) >>>>> at java.awt.LightweightDispatcher.dispatchEvent(Unknown >>>>> Source) >>>>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>>>> at java.awt.Window.dispatchEventImpl(Unknown Source) >>>>> at java.awt.Component.dispatchEvent(Unknown Source) >>>>> at java.awt.EventQueue.dispatchEvent(Unknown Source) >>>>> at >>>>> java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) >>>>> at >>>>> java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) >>>>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>>>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>>>> at java.awt.EventDispatchThread.run(Unknown Source) >>>>> #################### >>>>> >>>>> - Here is some log output that might help. >>>>> >>>>> >>>>> [root at host2 fedora-ds]# tail -n 50 >>>>> /opt/fedora-ds/slapd-host2/logs/errors >>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>> >>>>> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - signaling >>>>> operation threads >>>>> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - closing down >>>>> internal subsystems and plugins >>>>> [26/Jul/2006:15:00:23 -0500] - Waiting for 4 database threads to stop >>>>> [26/Jul/2006:15:00:24 -0500] - All database threads now stopped >>>>> [26/Jul/2006:15:00:24 -0500] - slapd stopped. >>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>> >>>>> [26/Jul/2006:15:00:32 -0500] - Fedora-Directory/1.0.2 >>>>> B2006.060.1928 starting up >>>>> [26/Jul/2006:15:00:37 -0500] - slapd started. Listening on All >>>>> Interfaces port389 for LDAP requests >>>>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - signaling >>>>> operation threads >>>>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - waiting for >>>>> 27 threads to terminate >>>>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - closing down >>>>> internal subsystems and plugins >>>>> [26/Jul/2006:15:00:40 -0500] - Waiting for 4 database threads to stop >>>>> [26/Jul/2006:15:00:41 -0500] - All database threads now stopped >>>>> [26/Jul/2006:15:00:41 -0500] - slapd stopped. >>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>> >>>>> [26/Jul/2006:15:00:55 -0500] - Fedora-Directory/1.0.2 >>>>> B2006.060.1928 starting up >>>>> [26/Jul/2006:15:00:56 -0500] - slapd started. Listening on All >>>>> Interfaces port389 for LDAP requests >>>>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - signaling >>>>> operation threads >>>>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - waiting for >>>>> 29 threads to terminate >>>>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - closing down >>>>> internal subsystems and plugins >>>>> [26/Jul/2006:15:21:51 -0500] - Waiting for 4 database threads to stop >>>>> [26/Jul/2006:15:21:51 -0500] - All database threads now stopped >>>>> [26/Jul/2006:15:21:52 -0500] - slapd stopped. >>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>> >>>>> [26/Jul/2006:15:22:10 -0500] - Fedora-Directory/1.0.2 >>>>> B2006.060.1928 starting up >>>>> [26/Jul/2006:15:22:10 -0500] - slapd started. Listening on All >>>>> Interfaces port389 for LDAP requests >>>>> [26/Jul/2006:17:37:38 -0500] - slapd shutting down - signaling >>>>> operation threads >>>>> [26/Jul/2006:17:37:41 -0500] - slapd shutting down - waiting for >>>>> 28 threads to terminate >>>>> [26/Jul/2006:17:37:43 -0500] - slapd shutting down - closing down >>>>> internal subsystems and plugins >>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>> >>>>> [26/Jul/2006:17:41:13 -0500] - Fedora-Directory/1.0.2 >>>>> B2006.060.1928 starting up >>>>> [26/Jul/2006:17:41:13 -0500] - Detected Disorderly Shutdown last >>>>> time DirectoryServer was running, recovering database. >>>>> [26/Jul/2006:17:41:18 -0500] - slapd started. Listening on All >>>>> Interfaces port389 for LDAP requests >>>>> >>>>> ################ >>>>> >>>>> Please help if you can. I've been working on it off and on for a >>>>> week now with no luck. Thanks. >>>>> >>> Thank you for the reply. >>> >>> Question: >>> What changed [with the way the first screen of the console looks]? >>> >>> Answer: >>> I thought there were options to open Netscape Root and mydomian. >>> Maybe I'm remembering wrong, but I didn't think it was blank. >> What I meant was - what did _you_ change? You said it used to have >> options to open NetscapeRoot and mydomain - what did you change to >> make them go away? > > I think it happened after an upgrade. However I was able to still use > the console after that by using an older console. That doesn't work > anymore. Here is the thread on that: Upgrade install from 7.1 to 1.x breaks console. You might be able to fix it by editing the entries below. I suggest using db2ldif -s o=netscaperoot > nsroot.ldif , then editing nsroot.ldif to change all of those ou=4.0 to ou=1.0, then reimport using ldif2db. > > https://www.redhat.com/archives/fedora-directory-users/2006-February/msg00186.html > > >>> Request: >>> Try startconsole -D 9 > console.log 2>&1 That should help us shed >>> some light on what's going on. >>> >>> Here are the contents of console.log from beginning -> 3 minutes >>> after attempting to edit a user: >> Hm - it's missing the console view entries. Try this: >> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >> o=netscaperoot cn=user >> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >> o=netscaperoot cn=group >> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >> o=netscaperoot cn=ou >> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >> o=netscaperoot cn=ResourceEditorExtension >> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >> o=netscaperoot cn=topologyplugin >> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >> o=netscaperoot cn=customview >> >> It can't seem to find any of these entries. > > > [root at host2 bin]# ldapsearch -x -h ldaphost -D "cn=directory manager" > -w mypassword -b o=netscaperoot cn=user > ldap_bind: Can't contact LDAP server (-1) > [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D > "cn=directory manager" -w mypassword -b o=netscaperoot cn=user > version: 1 > dn: cn=user,cn=defaultObjectClassesContainer,ou=4.0,ou=Admin,ou=Global > Prefere > nces,ou=concepttechnologyinc.com,o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: nsdefaultObjectClasses > cn: user > nsDefaultObjectClass: top > nsDefaultObjectClass: person > nsDefaultObjectClass: organizationalPerson > nsDefaultObjectClass: inetorgperson > [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D > "cn=directory manager" -w mypassword -b o=netscaperoot cn=group > version: 1 > dn: > cn=group,cn=defaultObjectClassesContainer,ou=4.0,ou=Admin,ou=Global > Prefer > ences,ou=concepttechnologyinc.com,o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: nsdefaultObjectClasses > cn: group > nsDefaultObjectClass: top > nsDefaultObjectClass: groupofuniquenames > [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D > "cn=directory manager" -w mypassword -b o=netscaperoot cn=ou > version: 1 > dn: cn=ou,cn=defaultObjectClassesContainer,ou=4.0,ou=Admin,ou=Global > Preferenc > es,ou=concepttechnologyinc.com,o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: nsdefaultObjectClasses > cn: ou > nsDefaultObjectClass: top > nsDefaultObjectClass: organizationalunit > [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D > "cn=directory manager" -w mypassword -b o=netscaperoot > cn=ResourceEditorExtension > version: 1 > dn: cn=ResourceEditorExtension,ou=4.0,ou=Admin,ou=Global > Preferences,ou=concep > ttechnologyinc.com,o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: extensibleObject > cn: ResourceEditorExtension > nsmerge: ADD_IF_EMPTY > [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D > "cn=directory manager" -w mypassword -b o=netscaperoot > cn=ResourceEditorExtension > version: 1 > dn: cn=ResourceEditorExtension,ou=4.0,ou=Admin,ou=Global > Preferences,ou=concep > ttechnologyinc.com,o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: extensibleObject > cn: ResourceEditorExtension > nsmerge: ADD_IF_EMPTY > [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com -D > "cn=directory manager" -w mypassword -b o=netscaperoot cn=customview > version: 1 > dn: cn=CustomView,ou=4.0,ou=Admin,ou=Global > Preferences,ou=concepttechnologyin > c.com,o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > cn: CustomView > > > >>> >>> [root at host2 fedora-ds]# pwd >>> /opt/fedora-ds >>> [root at host2 fedora-ds]# cat console.log >>> java.util.prefs.userRoot=/root/.fedora-console >>> java.runtime.name=Java(TM) 2 Runtime Environment, Standard Edition >>> sun.boot.library.path=/usr/java/jre1.5.0_06/lib/i386 >>> java.vm.version=1.5.0_06-b05 >>> java.vm.vendor=Sun Microsystems Inc. >>> java.vendor.url=http://java.sun.com/ >>> path.separator=: >>> java.vm.name=Java HotSpot(TM) Client VM >>> file.encoding.pkg=sun.io >>> user.country=US >>> sun.os.patch.level=unknown >>> java.vm.specification.name=Java Virtual Machine Specification >>> user.dir=/opt/fedora-ds >>> java.runtime.version=1.5.0_06-b05 >>> java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment >>> java.endorsed.dirs=/usr/java/jre1.5.0_06/lib/endorsed >>> os.arch=i386 >>> java.io.tmpdir=/tmp >>> line.separator= >>> >>> java.vm.specification.vendor=Sun Microsystems Inc. >>> os.name=Linux >>> sun.jnu.encoding=UTF-8 >>> java.library.path=./lib >>> java.specification.name=Java Platform API Specification >>> java.class.version=49.0 >>> sun.management.compiler=HotSpot Client Compiler >>> os.version=2.6.9-34.0.1.ELsmp >>> user.home=/root >>> user.timezone=America/Chicago >>> java.awt.printerjob=sun.print.PSPrinterJob >>> file.encoding=UTF-8 >>> java.specification.version=1.5 >>> java.class.path=./java/jss3.jar:./java/ldapjdk.jar:./java/fedora-base-1.0.jar:./java/fedora-mcc-1.0.jar:./java/fedora-mcc-1.0_en.jar:./java/fedora-nmclf-1.0.jar:./java/fedora-nmclf-1.0_en.jar >>> >>> user.name=root >>> java.vm.specification.version=1.0 >>> java.home=/usr/java/jre1.5.0_06 >>> sun.arch.data.model=32 >>> java.util.prefs.systemRoot=/root/.fedora-console >>> user.language=en >>> java.specification.vendor=Sun Microsystems Inc. >>> java.vm.info=mixed mode, sharing >>> java.version=1.5.0_06 >>> java.ext.dirs=/usr/java/jre1.5.0_06/lib/ext >>> sun.boot.class.path=/usr/java/jre1.5.0_06/lib/rt.jar:/usr/java/jre1.5.0_06/lib/i18n.jar:/usr/java/jre1.5.0_06/lib/sunrsasign.jar:/usr/java/jre1.5.0_06/lib/jsse.jar:/usr/java/jre1.5.0_06/lib/jce.jar:/usr/java/jre1.5.0_06/lib/charsets.jar:/usr/java/jre1.5.0_06/classes >>> >>> java.vendor=Sun Microsystems Inc. >>> file.separator=/ >>> java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi >>> sun.io.unicode.encoding=UnicodeLittle >>> sun.cpu.endian=little >>> sun.cpu.isalist= >>> ResourceSet: NOT found >>> loader20120943:com.netscape.management.client.console.versioninfo >>> Fedora-Management-Console/1.0 B2006.060.1914 >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/Error.gif >>> RemoteImage: Create RemoteImage cache for loader20120943 >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/Inform.gif >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/Warn.gif >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/Question.gif >>> ResourceSet: NOT found >>> loader20120943:com.netscape.management.client.components.components >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/client/images/logo16.gif >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/client/console/images/login.gif >>> ResourceSet: NOT found >>> loader20120943:com.netscape.management.client.util.default >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.util.default >>> JButtonFactory: button width = 54 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 54 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 72 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 72 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 54 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button width = 72 >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.util.default >>> CommManager> New CommRecord >>> (http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate) >>> http://host2.concepttechnologyinc.com:34877/[0:0] open> Ready >>> http://host2.concepttechnologyinc.com:34877/[0:0] accept> >>> http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> GET \ >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>> /admin-serv/authenticate \ >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> HTTP/1.0 >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> Host: >>> host2.concepttechnologyinc.com:34877 >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> Connection: >>> Keep-Alive >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> User-Agent: >>> Fedora-Management-Console/1.0 >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>> Accept-Language: en >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>> Authorization: Basic \ >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>> YWRtaW46bGRhcGFkbWluOTk3 \ >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> HTTP/1.1 200 OK >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Date: Tue, >>> 01 Aug 2006 16:09:23 GMT >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Server: >>> Apache/2.0 >>> HttpChannel.invoke: admin version = 2.0 >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >>> Admin-Server: Fedora-Administrator/1.0.1 >>> HttpChannel.invoke: admin version = 1.0.1 >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >>> Content-Length: 429 >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Connection: >>> close >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >>> Content-Type: text/html >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Reading 429 >>> bytes... >>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> 429 bytes read >>> Console.replyHandler: adminVersion = 1.0.1 >>> Console: Cannot open: cn=user, >>> cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global >>> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >>> Console: Cannot open cn=group, >>> cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global >>> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >>> Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.0, >>> ou=admin, ou=Global Preferences, ou=concepttechnologyinc.com, >>> o=NetscapeRoot >>> Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, >>> ou=Global Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >>> ResourceSet: NOT found >>> loader20120943:com.netscape.management.client.topology.topology >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.topology.topology >>> RemoteImage: found >>> loader20120943:com/netscape/management/client/images/logo16.gif >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/client/images/ConsoleBanner.gif >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/client/images/warn16.gif >>> ResourceSet: NOT found >>> loader20120943:com.netscape.management.client.default >>> UIPermissions: TopologyEditing yes >>> Cannot open: cn=topologyplugin,ou=1.0, ou=admin, ou=Global >>> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.topology.topology >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.default >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.topology.topology >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.topology.topology >>> UIPermissions: CustomViewEditing yes >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.default >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.default >>> UIPermissions: UGTabVisibility yes >>> UIPermissions: UGEditing yes >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.topology.topology >>> TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for >>> performance tuning >>> Cannot load custom views, error code= 32 >>> >> ou=concepttechnologyinc.com, o=NetscapeRoot> >>> pub defaultView=null >>> user defaultView= >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/client/images/notsecure.gif >>> http://host2.concepttechnologyinc.com:34877/[0:0] close> Closed >>> TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for >>> performance tuning >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.topology.topology >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/user24.gif >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/group24.gif >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/ou24.gif >>> JButtonFactory: button width = 54 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 54 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 72 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 72 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 54 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button width = 72 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 108 >>> JButtonFactory: button height = 19 >>> ResourceSet: NOT found >>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/user.gif >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/group.gif >>> RemoteImage: NOT found >>> loader20120943:com/netscape/management/nmclf/icons/ou.gif >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 72 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 72 >>> JButtonFactory: button height = 19 >>> Search: >>> (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) >>> >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.topology.topology >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> LDAPUtil.getVLVIndex dc=concepttechnologyinc,dc=com 2 >>> (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) >>> cn >>> match=null >>> VLDirectoryTableModel: getVlVIndex=null >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.console.console >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>> ResourceSet: found >>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>> JButtonFactory: button width = 108 >>> JButtonFactory: button height = 19 >>> JButtonFactory: button width = 90 >>> JButtonFactory: button height = 19 >>> Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException >>> at >>> com.netscape.management.client.ug.ResourceEditor.setupPlugin(Unknown >>> Source) >>> at >>> com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) >>> at >>> com.netscape.management.client.ug.ResourceEditor.(Unknown Source) >>> at >>> com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown >>> Source) >>> at >>> com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown >>> Source) >>> at javax.swing.AbstractButton.fireActionPerformed(Unknown >>> Source) >>> at javax.swing.AbstractButton$Handler.actionPerformed(Unknown >>> Source) >>> at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown >>> Source) >>> at javax.swing.DefaultButtonModel.setPressed(Unknown Source) >>> at >>> javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown >>> Source) >>> at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) >>> at java.awt.Component.processMouseEvent(Unknown Source) >>> at javax.swing.JComponent.processMouseEvent(Unknown Source) >>> at java.awt.Component.processEvent(Unknown Source) >>> at java.awt.Container.processEvent(Unknown Source) >>> at java.awt.Component.dispatchEventImpl(Unknown Source) >>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>> at java.awt.Component.dispatchEvent(Unknown Source) >>> at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown >>> Source) >>> at java.awt.LightweightDispatcher.processMouseEvent(Unknown >>> Source) >>> at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) >>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>> at java.awt.Window.dispatchEventImpl(Unknown Source) >>> at java.awt.Component.dispatchEvent(Unknown Source) >>> at java.awt.EventQueue.dispatchEvent(Unknown Source) >>> at >>> java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) >>> at >>> java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) >>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>> at java.awt.EventDispatchThread.run(Unknown Source) >>> [root at host2 fedora-ds]# >>> >>> >>> >>> Best Regards, >>> >>> Darren Fulton >>> Concept Technology, Inc. >>> 1106 17th Avenue South >>> Nashville, TN 37212 >>> >>> Phone - 615.321.6428 Ext. 105 >>> Fax - 615.321.5598 >>> >>> >>> >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From kenwood at thesportsresort.com Tue Aug 1 22:04:25 2006 From: kenwood at thesportsresort.com (Ken Wood) Date: Tue, 1 Aug 2006 15:04:25 -0700 Subject: [Fedora-directory-users] Requirements Message-ID: Sorry if these are really dumb questions but what software is required before Fedora Directory can be installed? Now, I know that Sun Java is needed. I've installed v 1.5.n and it tests out ok. Beyond Java, what else? Do I need OpenLDAP or is that included with RPM? Do I need Berkley SleepyCat or is that included? Do I need OpenSSL or is it included? What about a certificate? I have completed the Setup and FDS provides the login box but then it fails with an error complaining that it could not start the Admin Service. And, this is where I become overwhelmed by a lack of understanding. I cannot find docs that explain how to start the service and/or what the required fields are. I think the service is named 'ns-slapd. If someone could provide an example of how to start the service I would really appreciate the help. Ken Wood TLW Sports Company, LLC Information Systems p. 805.987.2255 c. 720.937.8295 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Aug 1 22:04:43 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 01 Aug 2006 16:04:43 -0600 Subject: [Fedora-directory-users] Requirements In-Reply-To: References: Message-ID: <44CFCFFB.5000604@redhat.com> Ken Wood wrote: > > Sorry if these are really dumb questions but what software is required > before Fedora Directory can be installed? > > Now, I know that Sun Java is needed. I?ve installed v 1.5.n and it > tests out ok. > > Beyond Java, what else? > > Do I need OpenLDAP or is that included with RPM? > No. OpenLDAP is not required, and not included with the RPM. > > Do I need Berkley SleepyCat or is that included? > It is included. > > Do I need OpenSSL or is it included? What about a certificate? > You do not need OpenSSL See http://directory.fedora.redhat.com/wiki/FAQ#What_crypto_engine_does_the_Directory_Server_use.3F and http://directory.fedora.redhat.com/wiki/Howto:SSL > > I have completed the Setup and FDS provides the login box but then it > fails with an error complaining that it could not start the Admin Service. > Err 151? This usually indicates a problem with your DNS or reverse DNS. Look in /opt/fedora-ds/setup for your setup log file. > > And, this is where I become overwhelmed by a lack of understanding. > > I cannot find docs that explain how to start the service and/or what > the required fields are. > > I think the service is named ?ns-slapd. > > If someone could provide an example of how to start the service I > would really appreciate the help. > > ///Ken Wood/ > > /TLW Sports Company, LLC/ > > /Information Systems/ > > /p. 805.987.2255/ > > /c. 720.937.8295/ > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From patrick.morris at hp.com Tue Aug 1 22:04:17 2006 From: patrick.morris at hp.com (Patrick Morris) Date: Tue, 1 Aug 2006 15:04:17 -0700 Subject: [Fedora-directory-users] Requirements In-Reply-To: References: Message-ID: <20060801220417.GE15727@hermes.americas.hpqcorp.net> On Tue, 01 Aug 2006, Ken Wood wrote: > Sorry if these are really dumb questions but what software is required > before Fedora Directory can be installed? Depends how you're installing it and what you're installing it on. On my machines, the only other software I have to install is Apache. As far as I know, Java isn't really a requirement for the server, unless you plan to also run the admin client on it. From jamesc at exa.com Tue Aug 1 23:20:27 2006 From: jamesc at exa.com (James Chamberlain) Date: Tue, 1 Aug 2006 19:20:27 -0400 (EDT) Subject: [Fedora-directory-users] Authentication Cache While Offline In-Reply-To: <1154465084.2721.32.camel@richip.dhs.org> References: <1153893833.2975.9.camel@richip.dhs.org> <1154017530.2975.30.camel@richip.dhs.org> <1154465084.2721.32.camel@richip.dhs.org> Message-ID: Hi Richi, By any chance, have you checked out pam_ccreds? James On Tue, 1 Aug 2006, Richi Plana wrote: > Hi, All. > > Any suggestions/leads?: > > On Thu, 2006-07-27 at 10:25 -0600, Richi Plana wrote: > > Hi, All. > > > > On Wed, 2006-07-26 at 00:03 -0600, Richi Plana wrote: > > > I recently set up fedora-ds and managed to configure several FC5 > > > machines to authenticate and get user information from the LDAP server. > > > Unfortunately, the laptop isn't always connected to the network so when > > > it boots up, the process hangs when it tries to start the "message bus". > > > I figure the process blocks when it tries to change UID to that of the > > > dbus user. When the machine isn't connected to the network (ie. no cable > > > and wireless isn't available), the process just hangs. > > > > > > Any suggestions on fixing this? > > > > So I've implemented one fix. For some reason, even > > with /etc/nsswitch.conf configured as follows, FC5 systems still go to > > LDAP even if a user exists locally (dbus user exists in /etc/passwd): > > > > /etc/nsswitch.conf: > > ... > > passwd: files ldap > > shadow: files ldap > > group: files ldap > > ... > > > > > > So the solution I applied was to edit /etc/ldap.conf and added the entry > > "bind_policy hard". This is supposed to make nss_ldap exit after failing > > a connection attempt (instead of the default infinite retries). > > > > My problem now is that none of my DS users can log on to the > > newly-started machine. I thought that's what the "Cache User > > Information" option in system-config-authentication -> Account > > Information does, but it apparently doesn't. Is there a way to cache > > LDAP Authentication and Account information so that offline machines > > will allow logons from LDAP users? Kind of like how WinXP does? > From dfulton at concepttechnologyinc.com Wed Aug 2 00:01:45 2006 From: dfulton at concepttechnologyinc.com (Darren Fulton - CTI) Date: Tue, 01 Aug 2006 19:01:45 -0500 Subject: [Fedora-directory-users] FDS java console - can login, can search, but cannot edit or do anything useful In-Reply-To: <44CFBF5A.4040108@redhat.com> References: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> <44CF5626.2090408@redhat.com> <44CF7FC0.5020802@concepttechnologyinc.com> <44CF8451.9060703@redhat.com> <44CFBB89.1080800@concepttechnologyinc.com> <44CFBF5A.4040108@redhat.com> Message-ID: <44CFEB69.3060808@concepttechnologyinc.com> Richard Megginson wrote: > Darren Fulton - CTI wrote: >> Richard Megginson wrote: >>> Darren Fulton - CTI wrote: >>>> >>>> >>>> Richard Megginson wrote: >>>>> Darren Fulton wrote: >>>>>> I need help please. The directory server seems to be working >>>>>> fine (users are authenticating and contacts lists are >>>>>> available). The admin server seems to be fine too (I can login >>>>>> to the FDS Gateway and search for users, authenticate as admin, >>>>>> and add contacts). I can also login to the directory server >>>>>> console as admin. After logging in it looks like this: >>>>>> >>>>>> http://concepttechnologyinc.com/images/snapshot_fds-console3.png >>>>>> >>>>>> Which is not how it once looked. >>>>>> >>>>> What changed? >>>>>> I can click the second tab and perform a search. It finds >>>>>> users. If I right click on a user object and select "Edit", the >>>>>> curser starts throbbing like it is going to do something, but it >>>>>> never does. It just keeps throbbing. Same thing if I double >>>>>> click on the user. That looks like this: >>>>>> http://concepttechnologyinc.com/images/snapshot_fds-console2.png >>>>>> >>>>>> Same problem occurs if I try and add a user, which is what I've >>>>>> been trying to do for a week. >>>>>> >>>>>> This was not the case a few months ago. >>>>>> >>>>>> - I'm running 1.0-2.RHEL4.i386 on RHEL 4.3. >>>>>> >>>>>> - I've rebooted the server >>>>>> >>>>>> - I have the X11 deprecated libs installed. [root at host2 ~]# rpm >>>>>> -qa | grep deprec >>>>>> xorg-x11-deprecated-libs-6.8.2-1.EL.13.25.1 >>>>>> xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.25.1 >>>>>> ############## >>>>>> >>>>>> - I have tried the most recent Sun Java as well as the IBM Java >>>>>> from a couple of the earlier FDS versions that I had backed up. >>>>>> ############## >>>>>> [dfulton at host2 ~]$ java -version >>>>>> java version "1.5.0_06" >>>>>> Java(TM) 2 Runtime Environment, Standard Edition (build >>>>>> 1.5.0_06-b05) >>>>>> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >>>>>> ############## >>>>>> [dfulton at host2 bin]$ pwd >>>>>> /opt/fedora-ds.backup.working.11_03_2005/bin/base/jre/bin >>>>>> [dfulton at host2 bin]$ ./java -version >>>>>> java version "1.4.2" >>>>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2) >>>>>> Classic VM (build 1.4.2, J2RE 1.4.2 IBM build >>>>>> cxia32142sr1a-20050209 (JIT enabled: jitc)) >>>>>> ############## >>>>>> >>>>>> - When I start the console there is no weird java output in the >>>>>> terminal. I login and there still aren't any errors. I search >>>>>> for a user, still no errors. But, when I try and start the edit >>>>>> of an object returened by the search, it spews a bunch of output: >>>>>> >>>>> Try startconsole -D 9 > console.log 2>&1 >>>>> >>>>> That should help us shed some light on what's going on. >>>>>> [root at host2 fedora-ds]# java -version >>>>>> java version "1.5.0_06" >>>>>> Java(TM) 2 Runtime Environment, Standard Edition (build >>>>>> 1.5.0_06-b05) >>>>>> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing) >>>>>> [root at host2 fedora-ds]# ./startconsole >>>>>> ####the stuff below shows up the second I click "Edit" >>>>>> Exception in thread "AWT-EventQueue-0" >>>>>> java.lang.NullPointerException >>>>>> at >>>>>> com.netscape.management.client.ug.ResourceEditor.setupPlugin(UnknownSource) >>>>>> >>>>>> at >>>>>> com.netscape.management.client.ug.ResourceEditor.init(Unknown >>>>>> Source) >>>>>> at >>>>>> com.netscape.management.client.ug.ResourceEditor.(Unknown >>>>>> Source) >>>>>> at >>>>>> com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown >>>>>> Source) >>>>>> at >>>>>> com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown >>>>>> Source) >>>>>> at javax.swing.AbstractButton.fireActionPerformed(Unknown >>>>>> Source) >>>>>> at >>>>>> javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) >>>>>> at >>>>>> javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) >>>>>> at javax.swing.DefaultButtonModel.setPressed(Unknown Source) >>>>>> at javax.swing.AbstractButton.doClick(Unknown Source) >>>>>> at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown >>>>>> Source) >>>>>> at >>>>>> javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(UnknownSource) >>>>>> >>>>>> at java.awt.Component.processMouseEvent(Unknown Source) >>>>>> at javax.swing.JComponent.processMouseEvent(Unknown Source) >>>>>> at java.awt.Component.processEvent(Unknown Source) >>>>>> at java.awt.Container.processEvent(Unknown Source) >>>>>> at java.awt.Component.dispatchEventImpl(Unknown Source) >>>>>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>>>>> at java.awt.Component.dispatchEvent(Unknown Source) >>>>>> at >>>>>> java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) >>>>>> at >>>>>> java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) >>>>>> at java.awt.LightweightDispatcher.dispatchEvent(Unknown >>>>>> Source) >>>>>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>>>>> at java.awt.Window.dispatchEventImpl(Unknown Source) >>>>>> at java.awt.Component.dispatchEvent(Unknown Source) >>>>>> at java.awt.EventQueue.dispatchEvent(Unknown Source) >>>>>> at >>>>>> java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown >>>>>> Source) >>>>>> at >>>>>> java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) >>>>>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>>>>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>>>>> at java.awt.EventDispatchThread.run(Unknown Source) >>>>>> #################### >>>>>> >>>>>> - Here is some log output that might help. >>>>>> >>>>>> >>>>>> [root at host2 fedora-ds]# tail -n 50 >>>>>> /opt/fedora-ds/slapd-host2/logs/errors >>>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>>> >>>>>> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - signaling >>>>>> operation threads >>>>>> [26/Jul/2006:15:00:23 -0500] - slapd shutting down - closing down >>>>>> internal subsystems and plugins >>>>>> [26/Jul/2006:15:00:23 -0500] - Waiting for 4 database threads to >>>>>> stop >>>>>> [26/Jul/2006:15:00:24 -0500] - All database threads now stopped >>>>>> [26/Jul/2006:15:00:24 -0500] - slapd stopped. >>>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>>> >>>>>> [26/Jul/2006:15:00:32 -0500] - Fedora-Directory/1.0.2 >>>>>> B2006.060.1928 starting up >>>>>> [26/Jul/2006:15:00:37 -0500] - slapd started. Listening on All >>>>>> Interfaces port389 for LDAP requests >>>>>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - signaling >>>>>> operation threads >>>>>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - waiting for >>>>>> 27 threads to terminate >>>>>> [26/Jul/2006:15:00:40 -0500] - slapd shutting down - closing down >>>>>> internal subsystems and plugins >>>>>> [26/Jul/2006:15:00:40 -0500] - Waiting for 4 database threads to >>>>>> stop >>>>>> [26/Jul/2006:15:00:41 -0500] - All database threads now stopped >>>>>> [26/Jul/2006:15:00:41 -0500] - slapd stopped. >>>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>>> >>>>>> [26/Jul/2006:15:00:55 -0500] - Fedora-Directory/1.0.2 >>>>>> B2006.060.1928 starting up >>>>>> [26/Jul/2006:15:00:56 -0500] - slapd started. Listening on All >>>>>> Interfaces port389 for LDAP requests >>>>>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - signaling >>>>>> operation threads >>>>>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - waiting for >>>>>> 29 threads to terminate >>>>>> [26/Jul/2006:15:21:50 -0500] - slapd shutting down - closing down >>>>>> internal subsystems and plugins >>>>>> [26/Jul/2006:15:21:51 -0500] - Waiting for 4 database threads to >>>>>> stop >>>>>> [26/Jul/2006:15:21:51 -0500] - All database threads now stopped >>>>>> [26/Jul/2006:15:21:52 -0500] - slapd stopped. >>>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>>> >>>>>> [26/Jul/2006:15:22:10 -0500] - Fedora-Directory/1.0.2 >>>>>> B2006.060.1928 starting up >>>>>> [26/Jul/2006:15:22:10 -0500] - slapd started. Listening on All >>>>>> Interfaces port389 for LDAP requests >>>>>> [26/Jul/2006:17:37:38 -0500] - slapd shutting down - signaling >>>>>> operation threads >>>>>> [26/Jul/2006:17:37:41 -0500] - slapd shutting down - waiting for >>>>>> 28 threads to terminate >>>>>> [26/Jul/2006:17:37:43 -0500] - slapd shutting down - closing down >>>>>> internal subsystems and plugins >>>>>> Fedora-Directory/1.0.2 B2006.060.1928 >>>>>> host2.thedomain.com:389 (/opt/fedora-ds/slapd-host2) >>>>>> >>>>>> [26/Jul/2006:17:41:13 -0500] - Fedora-Directory/1.0.2 >>>>>> B2006.060.1928 starting up >>>>>> [26/Jul/2006:17:41:13 -0500] - Detected Disorderly Shutdown last >>>>>> time DirectoryServer was running, recovering database. >>>>>> [26/Jul/2006:17:41:18 -0500] - slapd started. Listening on All >>>>>> Interfaces port389 for LDAP requests >>>>>> >>>>>> ################ >>>>>> >>>>>> Please help if you can. I've been working on it off and on for a >>>>>> week now with no luck. Thanks. >>>>>> >>>> Thank you for the reply. >>>> >>>> Question: >>>> What changed [with the way the first screen of the console looks]? >>>> >>>> Answer: >>>> I thought there were options to open Netscape Root and mydomian. >>>> Maybe I'm remembering wrong, but I didn't think it was blank. >>> What I meant was - what did _you_ change? You said it used to have >>> options to open NetscapeRoot and mydomain - what did you change to >>> make them go away? >> >> I think it happened after an upgrade. However I was able to still >> use the console after that by using an older console. That doesn't >> work anymore. Here is the thread on that: > Upgrade install from 7.1 to 1.x breaks console. You might be able to > fix it by editing the entries below. I suggest using db2ldif -s > o=netscaperoot > nsroot.ldif , then editing nsroot.ldif to change all > of those ou=4.0 to ou=1.0, then reimport using ldif2db. >> >> https://www.redhat.com/archives/fedora-directory-users/2006-February/msg00186.html >> >> >>>> Request: >>>> Try startconsole -D 9 > console.log 2>&1 That should help us shed >>>> some light on what's going on. >>>> >>>> Here are the contents of console.log from beginning -> 3 minutes >>>> after attempting to edit a user: >>> Hm - it's missing the console view entries. Try this: >>> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >>> o=netscaperoot cn=user >>> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >>> o=netscaperoot cn=group >>> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >>> o=netscaperoot cn=ou >>> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >>> o=netscaperoot cn=ResourceEditorExtension >>> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >>> o=netscaperoot cn=topologyplugin >>> ldapsearch -x -h ldaphost -D "cn=directory manager" -w password -b >>> o=netscaperoot cn=customview >>> >>> It can't seem to find any of these entries. >> >> >> [root at host2 bin]# ldapsearch -x -h ldaphost -D "cn=directory manager" >> -w mypassword -b o=netscaperoot cn=user >> ldap_bind: Can't contact LDAP server (-1) >> [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com >> -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=user >> version: 1 >> dn: >> cn=user,cn=defaultObjectClassesContainer,ou=4.0,ou=Admin,ou=Global >> Prefere >> nces,ou=concepttechnologyinc.com,o=NetscapeRoot >> objectClass: top >> objectClass: nsResourceRef >> objectClass: nsdefaultObjectClasses >> cn: user >> nsDefaultObjectClass: top >> nsDefaultObjectClass: person >> nsDefaultObjectClass: organizationalPerson >> nsDefaultObjectClass: inetorgperson >> [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com >> -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=group >> version: 1 >> dn: >> cn=group,cn=defaultObjectClassesContainer,ou=4.0,ou=Admin,ou=Global >> Prefer >> ences,ou=concepttechnologyinc.com,o=NetscapeRoot >> objectClass: top >> objectClass: nsResourceRef >> objectClass: nsdefaultObjectClasses >> cn: group >> nsDefaultObjectClass: top >> nsDefaultObjectClass: groupofuniquenames >> [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com >> -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=ou >> version: 1 >> dn: cn=ou,cn=defaultObjectClassesContainer,ou=4.0,ou=Admin,ou=Global >> Preferenc >> es,ou=concepttechnologyinc.com,o=NetscapeRoot >> objectClass: top >> objectClass: nsResourceRef >> objectClass: nsdefaultObjectClasses >> cn: ou >> nsDefaultObjectClass: top >> nsDefaultObjectClass: organizationalunit >> [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com >> -D "cn=directory manager" -w mypassword -b o=netscaperoot >> cn=ResourceEditorExtension >> version: 1 >> dn: cn=ResourceEditorExtension,ou=4.0,ou=Admin,ou=Global >> Preferences,ou=concep >> ttechnologyinc.com,o=NetscapeRoot >> objectClass: top >> objectClass: nsResourceRef >> objectClass: extensibleObject >> cn: ResourceEditorExtension >> nsmerge: ADD_IF_EMPTY >> [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com >> -D "cn=directory manager" -w mypassword -b o=netscaperoot >> cn=ResourceEditorExtension >> version: 1 >> dn: cn=ResourceEditorExtension,ou=4.0,ou=Admin,ou=Global >> Preferences,ou=concep >> ttechnologyinc.com,o=NetscapeRoot >> objectClass: top >> objectClass: nsResourceRef >> objectClass: extensibleObject >> cn: ResourceEditorExtension >> nsmerge: ADD_IF_EMPTY >> [root at host2 bin]# ./ldapsearch -x -h host2.concepttechnologyinc.com >> -D "cn=directory manager" -w mypassword -b o=netscaperoot cn=customview >> version: 1 >> dn: cn=CustomView,ou=4.0,ou=Admin,ou=Global >> Preferences,ou=concepttechnologyin >> c.com,o=NetscapeRoot >> objectClass: top >> objectClass: nsResourceRef >> cn: CustomView >> >> >> >>>> >>>> [root at host2 fedora-ds]# pwd >>>> /opt/fedora-ds >>>> [root at host2 fedora-ds]# cat console.log >>>> java.util.prefs.userRoot=/root/.fedora-console >>>> java.runtime.name=Java(TM) 2 Runtime Environment, Standard Edition >>>> sun.boot.library.path=/usr/java/jre1.5.0_06/lib/i386 >>>> java.vm.version=1.5.0_06-b05 >>>> java.vm.vendor=Sun Microsystems Inc. >>>> java.vendor.url=http://java.sun.com/ >>>> path.separator=: >>>> java.vm.name=Java HotSpot(TM) Client VM >>>> file.encoding.pkg=sun.io >>>> user.country=US >>>> sun.os.patch.level=unknown >>>> java.vm.specification.name=Java Virtual Machine Specification >>>> user.dir=/opt/fedora-ds >>>> java.runtime.version=1.5.0_06-b05 >>>> java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment >>>> java.endorsed.dirs=/usr/java/jre1.5.0_06/lib/endorsed >>>> os.arch=i386 >>>> java.io.tmpdir=/tmp >>>> line.separator= >>>> >>>> java.vm.specification.vendor=Sun Microsystems Inc. >>>> os.name=Linux >>>> sun.jnu.encoding=UTF-8 >>>> java.library.path=./lib >>>> java.specification.name=Java Platform API Specification >>>> java.class.version=49.0 >>>> sun.management.compiler=HotSpot Client Compiler >>>> os.version=2.6.9-34.0.1.ELsmp >>>> user.home=/root >>>> user.timezone=America/Chicago >>>> java.awt.printerjob=sun.print.PSPrinterJob >>>> file.encoding=UTF-8 >>>> java.specification.version=1.5 >>>> java.class.path=./java/jss3.jar:./java/ldapjdk.jar:./java/fedora-base-1.0.jar:./java/fedora-mcc-1.0.jar:./java/fedora-mcc-1.0_en.jar:./java/fedora-nmclf-1.0.jar:./java/fedora-nmclf-1.0_en.jar >>>> >>>> user.name=root >>>> java.vm.specification.version=1.0 >>>> java.home=/usr/java/jre1.5.0_06 >>>> sun.arch.data.model=32 >>>> java.util.prefs.systemRoot=/root/.fedora-console >>>> user.language=en >>>> java.specification.vendor=Sun Microsystems Inc. >>>> java.vm.info=mixed mode, sharing >>>> java.version=1.5.0_06 >>>> java.ext.dirs=/usr/java/jre1.5.0_06/lib/ext >>>> sun.boot.class.path=/usr/java/jre1.5.0_06/lib/rt.jar:/usr/java/jre1.5.0_06/lib/i18n.jar:/usr/java/jre1.5.0_06/lib/sunrsasign.jar:/usr/java/jre1.5.0_06/lib/jsse.jar:/usr/java/jre1.5.0_06/lib/jce.jar:/usr/java/jre1.5.0_06/lib/charsets.jar:/usr/java/jre1.5.0_06/classes >>>> >>>> java.vendor=Sun Microsystems Inc. >>>> file.separator=/ >>>> java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi >>>> sun.io.unicode.encoding=UnicodeLittle >>>> sun.cpu.endian=little >>>> sun.cpu.isalist= >>>> ResourceSet: NOT found >>>> loader20120943:com.netscape.management.client.console.versioninfo >>>> Fedora-Management-Console/1.0 B2006.060.1914 >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/Error.gif >>>> RemoteImage: Create RemoteImage cache for loader20120943 >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/Inform.gif >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/Warn.gif >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/Question.gif >>>> ResourceSet: NOT found >>>> loader20120943:com.netscape.management.client.components.components >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/client/images/logo16.gif >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/client/console/images/login.gif >>>> ResourceSet: NOT found >>>> loader20120943:com.netscape.management.client.util.default >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.util.default >>>> JButtonFactory: button width = 54 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 54 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 72 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 72 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 54 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button width = 72 >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.util.default >>>> CommManager> New CommRecord >>>> (http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate) >>>> http://host2.concepttechnologyinc.com:34877/[0:0] open> Ready >>>> http://host2.concepttechnologyinc.com:34877/[0:0] accept> >>>> http://host2.concepttechnologyinc.com:34877/admin-serv/authenticate >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> GET \ >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>>> /admin-serv/authenticate \ >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> HTTP/1.0 >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> Host: >>>> host2.concepttechnologyinc.com:34877 >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> Connection: >>>> Keep-Alive >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> User-Agent: >>>> Fedora-Management-Console/1.0 >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>>> Accept-Language: en >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>>> Authorization: Basic \ >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>>> YWRtaW46bGRhcGFkbWluOTk3 \ >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>>> http://host2.concepttechnologyinc.com:34877/[0:0] send> >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> HTTP/1.1 >>>> 200 OK >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Date: Tue, >>>> 01 Aug 2006 16:09:23 GMT >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Server: >>>> Apache/2.0 >>>> HttpChannel.invoke: admin version = 2.0 >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >>>> Admin-Server: Fedora-Administrator/1.0.1 >>>> HttpChannel.invoke: admin version = 1.0.1 >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >>>> Content-Length: 429 >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Connection: >>>> close >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >>>> Content-Type: text/html >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> Reading 429 >>>> bytes... >>>> http://host2.concepttechnologyinc.com:34877/[0:0] recv> 429 bytes read >>>> Console.replyHandler: adminVersion = 1.0.1 >>>> Console: Cannot open: cn=user, >>>> cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global >>>> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >>>> Console: Cannot open cn=group, >>>> cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global >>>> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >>>> Console: Cannot open cn=OU, >>>> cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global >>>> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >>>> Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, >>>> ou=Global Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >>>> ResourceSet: NOT found >>>> loader20120943:com.netscape.management.client.topology.topology >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.topology.topology >>>> RemoteImage: found >>>> loader20120943:com/netscape/management/client/images/logo16.gif >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/client/images/ConsoleBanner.gif >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/client/images/warn16.gif >>>> ResourceSet: NOT found >>>> loader20120943:com.netscape.management.client.default >>>> UIPermissions: TopologyEditing yes >>>> Cannot open: cn=topologyplugin,ou=1.0, ou=admin, ou=Global >>>> Preferences, ou=concepttechnologyinc.com, o=NetscapeRoot >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.topology.topology >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.default >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.topology.topology >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.topology.topology >>>> UIPermissions: CustomViewEditing yes >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.default >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.default >>>> UIPermissions: UGTabVisibility yes >>>> UIPermissions: UGEditing yes >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.topology.topology >>>> TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for >>>> performance tuning >>>> Cannot load custom views, error code= 32 >>>> >>> ou=concepttechnologyinc.com, o=NetscapeRoot> >>>> pub defaultView=null >>>> user defaultView= >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/client/images/notsecure.gif >>>> http://host2.concepttechnologyinc.com:34877/[0:0] close> Closed >>>> TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for >>>> performance tuning >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.topology.topology >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/user24.gif >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/group24.gif >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/ou24.gif >>>> JButtonFactory: button width = 54 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 54 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 72 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 72 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 54 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button width = 72 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 108 >>>> JButtonFactory: button height = 19 >>>> ResourceSet: NOT found >>>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/user.gif >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/group.gif >>>> RemoteImage: NOT found >>>> loader20120943:com/netscape/management/nmclf/icons/ou.gif >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 72 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 72 >>>> JButtonFactory: button height = 19 >>>> Search: >>>> (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) >>>> >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.topology.topology >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> LDAPUtil.getVLVIndex dc=concepttechnologyinc,dc=com 2 >>>> (|(&(objectclass=person)(cn=*test*))(&(objectclass=groupofuniquenames)(cn=*test*))(&(objectclass=organizationalunit)(ou=*test*))(&(objectclass=person)(uid=test))) >>>> cn >>>> match=null >>>> VLDirectoryTableModel: getVlVIndex=null >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.console.console >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>>> ResourceSet: found >>>> loader20120943:com.netscape.management.client.ug.PickerEditorResource >>>> JButtonFactory: button width = 108 >>>> JButtonFactory: button height = 19 >>>> JButtonFactory: button width = 90 >>>> JButtonFactory: button height = 19 >>>> Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException >>>> at >>>> com.netscape.management.client.ug.ResourceEditor.setupPlugin(Unknown >>>> Source) >>>> at >>>> com.netscape.management.client.ug.ResourceEditor.init(Unknown Source) >>>> at >>>> com.netscape.management.client.ug.ResourceEditor.(Unknown >>>> Source) >>>> at >>>> com.netscape.management.client.topology.ug.EditUserGroupPane.editEntry(Unknown >>>> Source) >>>> at >>>> com.netscape.management.client.topology.ug.EditUserGroupPane.actionPerformed(Unknown >>>> Source) >>>> at javax.swing.AbstractButton.fireActionPerformed(Unknown >>>> Source) >>>> at >>>> javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) >>>> at >>>> javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) >>>> at javax.swing.DefaultButtonModel.setPressed(Unknown Source) >>>> at >>>> javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown >>>> Source) >>>> at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) >>>> at java.awt.Component.processMouseEvent(Unknown Source) >>>> at javax.swing.JComponent.processMouseEvent(Unknown Source) >>>> at java.awt.Component.processEvent(Unknown Source) >>>> at java.awt.Container.processEvent(Unknown Source) >>>> at java.awt.Component.dispatchEventImpl(Unknown Source) >>>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>>> at java.awt.Component.dispatchEvent(Unknown Source) >>>> at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown >>>> Source) >>>> at java.awt.LightweightDispatcher.processMouseEvent(Unknown >>>> Source) >>>> at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) >>>> at java.awt.Container.dispatchEventImpl(Unknown Source) >>>> at java.awt.Window.dispatchEventImpl(Unknown Source) >>>> at java.awt.Component.dispatchEvent(Unknown Source) >>>> at java.awt.EventQueue.dispatchEvent(Unknown Source) >>>> at >>>> java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) >>>> at >>>> java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) >>>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>>> at java.awt.EventDispatchThread.pumpEvents(Unknown Source) >>>> at java.awt.EventDispatchThread.run(Unknown Source) >>>> [root at host2 fedora-ds]# >>>> >> > > That seems to have fixed it! Awesome. Thank you Richard. For the record, here are the details of what I did based on Richard's instructions: cd /opt/fedora-ds/slapd-host2/ ./db2ldif -s o=netscaperoot > nsroot.ldif ## That created an ldif file at /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif cat /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif ## That looks good cd /opt/fedora-ds/slapd-host2/ldif/ cp -p 2006_08_01_181049.ldif 2006_08_01_181049.ldif.orig rpl "ou=4.0" "ou=1.0" 2006_08_01_181049.ldif ## If no rpl, manually edit with vi or something cd /opt/fedora-ds/slapd-host2/ ./ldif2db -s o=netscaperoot -i /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif ## That failed with "Unable to import the database because it is being used by another slapd process." /opt/fedora-ds/slapd-host2/stop-slapd ./ldif2db -s o=netscaperoot -i /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif ## That time it seems to have worked. /opt/fedora-ds/slapd-host2/start-slapd cd /opt/fedora-ds ./startconsole ## It Works! -- Best Regards, Darren Fulton Concept Technology, Inc. From rmeggins at redhat.com Wed Aug 2 00:31:33 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 01 Aug 2006 18:31:33 -0600 Subject: [Fedora-directory-users] Upgrading from 7.1 to 1.0.2 In-Reply-To: <44CFEB69.3060808@concepttechnologyinc.com> References: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> <44CF5626.2090408@redhat.com> <44CF7FC0.5020802@concepttechnologyinc.com> <44CF8451.9060703@redhat.com> <44CFBB89.1080800@concepttechnologyinc.com> <44CFBF5A.4040108@redhat.com> <44CFEB69.3060808@concepttechnologyinc.com> Message-ID: <44CFF265.9040107@redhat.com> Darren Fulton - CTI wrote: > That seems to have fixed it! Awesome. Thank you Richard. For the > record, here are the details of what I did based on Richard's > instructions: > > cd /opt/fedora-ds/slapd-host2/ > ./db2ldif -s o=netscaperoot > nsroot.ldif > ## That created an ldif file at > /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif > cat /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif > ## That looks good cd /opt/fedora-ds/slapd-host2/ldif/ > cp -p 2006_08_01_181049.ldif 2006_08_01_181049.ldif.orig > rpl "ou=4.0" "ou=1.0" 2006_08_01_181049.ldif > ## If no rpl, manually edit with vi or something > cd /opt/fedora-ds/slapd-host2/ > ./ldif2db -s o=netscaperoot -i > /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif > ## That failed with "Unable to import the database because it is being > used by another slapd process." > /opt/fedora-ds/slapd-host2/stop-slapd > ./ldif2db -s o=netscaperoot -i > /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif > ## That time it seems to have worked. > /opt/fedora-ds/slapd-host2/start-slapd > cd /opt/fedora-ds > ./startconsole > ## It Works! > > -- > Best Regards, > > Darren Fulton > Concept Technology, Inc. I've updated the Install_Guide with this information - http://directory.fedora.redhat.com/wiki/Install_Guide#Upgrading_from_the_7.1_release -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From beyonddc.storage at gmail.com Wed Aug 2 00:33:39 2006 From: beyonddc.storage at gmail.com (Chun Tat David Chu) Date: Tue, 1 Aug 2006 20:33:39 -0400 Subject: [Fedora-directory-users] Requirements In-Reply-To: <20060801220417.GE15727@hermes.americas.hpqcorp.net> References: <20060801220417.GE15727@hermes.americas.hpqcorp.net> Message-ID: <20e4c38c0608011733g47e89cc8q5e143c74289cedcc@mail.gmail.com> According to Fedora DS Installation Guide http://directory.fedora.redhat.com/wiki/Install_Guide You need the following; 1. Apache 2, worker model. This binary is generally available on RHEL and Fedora Core platforms as /usr/sbin/httpd.worker. It is provided via the httpd package (e.g. up2date httpd or yum install httpd). HP provides a free depot format download which includes the correct version of Apache. For other operating systems, you will have to build it yourself. Especially for Solaris - the binary available from sunfreeware.com is not the worker model. Here are the build and installation instructions for building your own Apache. 2. Java runtime. The JRE is required in order to use the Console. Either the Sun or the IBM JRE version 1.4.2 or later is required. Unfortunately, the console does not (yet) build and run with the open source GNU gcj/Classpath java implementation, but we are working on it. We thought that gcc/gcj 4.1included with Fedora Core 5 would work, but it still has many problems, so your best bet is to use Sun or IBM JRE. For x86_64 platforms, there is a Sun Java 1.5 for AMD64. On 8/1/06, Patrick Morris wrote: > > On Tue, 01 Aug 2006, Ken Wood wrote: > > > Sorry if these are really dumb questions but what software is required > > before Fedora Directory can be installed? > > Depends how you're installing it and what you're installing it on. > > On my machines, the only other software I have to install is Apache. As > far as I know, Java isn't really a requirement for the server, unless > you plan to also run the admin client on it. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From del at babel.com.au Wed Aug 2 09:02:05 2006 From: del at babel.com.au (Del) Date: Wed, 02 Aug 2006 19:02:05 +1000 Subject: [Fedora-directory-users] LDAP and GDM In-Reply-To: <08422C17320455488F792FCD66404BB370FB0C@bnesbexc01.datacom.com.au> References: <08422C17320455488F792FCD66404BB370FB0C@bnesbexc01.datacom.com.au> Message-ID: <44D06A0D.1030301@babel.com.au> Ian Bishop wrote: > I've setup my Fedora box to authenticate SSH session off Fedora > Directory, however I'm having some trouble getting X session to > authenticate. > > I searched on google and found someone with exactly the same problem, > unfortunately noone seemed to have an answer for them at the time: > > http://mail.gnome.org/archives/gdm-list/2003-January/msg00012.html > > > Is anyone successfully authenticating X sessions with GDM & LDAP? I think this bug has been around for a long time, and I can't recall the exact genesis of it, but it appears to be a bug in GDM. For some reason it can't authenticate to LDAP unless SSL is turned on. I recall seeing it in a Red Hat bugzilla list some time back but nobody seemed interested in pursuing it. I've tried searching for it again there recently but there are a lot of bugs reported on that system and the search tools aren't great. It does periodically recurr on bugzilla, e.g. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196297 KDM is probably a better choice. -- Del Babel Com Australia http://www.babel.com.au/ ph: 02 9368 0728 fax: 02 9368 0758 From pbruna at gmail.com Wed Aug 2 17:34:03 2006 From: pbruna at gmail.com (Patricio Bruna V.) Date: Wed, 2 Aug 2006 13:34:03 -0400 Subject: [Fedora-directory-users] LDAP and GDM In-Reply-To: <44D06A0D.1030301@babel.com.au> References: <08422C17320455488F792FCD66404BB370FB0C@bnesbexc01.datacom.com.au> <44D06A0D.1030301@babel.com.au> Message-ID: <200608021334.03537.pbruna@it-linux.cl> El Mi?rcoles, 2 de Agosto de 2006 05:02, Del escribi?: > Ian Bishop wrote: > > I've setup my Fedora box to authenticate SSH session off Fedora > > Directory, however I'm having some trouble getting X session to > > authenticate. > > > > I searched on google and found someone with exactly the same problem, > > unfortunately noone seemed to have an answer for them at the time: > > > > http://mail.gnome.org/archives/gdm-list/2003-January/msg00012.html > > > > > > Is anyone successfully authenticating X sessions with GDM & LDAP? Does your user has the shell atribute in DS? -- Patricio Bruna V. Red Hat Certified Engineer IT Linux Ltda. http://www.it-linux.cl Fono/Fax: (+56-2) 697 11 66 Cel: (+56-8) 288 51 95 From mj at sci.fi Wed Aug 2 19:31:54 2006 From: mj at sci.fi (Mike Jackson) Date: Wed, 02 Aug 2006 22:31:54 +0300 Subject: [Fedora-directory-users] LDAP and GDM In-Reply-To: <44D06A0D.1030301@babel.com.au> References: <08422C17320455488F792FCD66404BB370FB0C@bnesbexc01.datacom.com.au> <44D06A0D.1030301@babel.com.au> Message-ID: <44D0FDAA.5010702@sci.fi> Del wrote: > Ian Bishop wrote: > >> I've setup my Fedora box to authenticate SSH session off Fedora >> Directory, however I'm having some trouble getting X session to >> authenticate. >> >> I searched on google and found someone with exactly the same problem, >> unfortunately noone seemed to have an answer for them at the time: >> >> http://mail.gnome.org/archives/gdm-list/2003-January/msg00012.html >> >> >> Is anyone successfully authenticating X sessions with GDM & LDAP? > > > I think this bug has been around for a long time, and I can't recall > the exact genesis of it, but it appears to be a bug in GDM. For > some reason it can't authenticate to LDAP unless SSL is turned on. > Hi, I have FC5 -> GDM -> LDAP authentication working. The strange thing is that the password must be entered into the first prompt, and username into the second prompt... And sometimes you have to give the username and password combo twice before becoming authenticated. I'm still trying to figure out whether the bug is in the pam modules or GDM... But I haven't really had the time or proper motivation to analyze it with a debugger or ethereal yet. BR, Mike -- http://www.netauth.com - LDAP Directory Consulting From funks at socalsrt4.com Wed Aug 2 22:58:43 2006 From: funks at socalsrt4.com (George Daswani) Date: Wed, 2 Aug 2006 17:58:43 -0500 (CDT) Subject: [Fedora-directory-users] Odd performance problem, server not using indeces Message-ID: <13648.198.102.62.250.1154559523.squirrel@www.marketgroups.com> Hello, I have around 350K users in my test directory, and I'm running into an odd problem with the directory not using indeces for ldapsearches. For example, using the following search string (&(objectClass=organizationalPerson)(employeeNumber=*)) Looking at the console, there's a system index on objectClass (which is set to equality), there's also an index on employeeNumber (both equality, and presence). There are around 5K icasOrgPersons (which can hold the employeeNumber attribute), the rest can't. When the actual search (really slow as if it was using a full scan) is performed, the access log files shows "notes=U" meaning that the search was unindexed. The question is why considering there were indeces built for the attributes in the search filter? Thanks. From rmeggins at redhat.com Wed Aug 2 23:12:07 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 02 Aug 2006 17:12:07 -0600 Subject: [Fedora-directory-users] Odd performance problem, server not using indeces In-Reply-To: <13648.198.102.62.250.1154559523.squirrel@www.marketgroups.com> References: <13648.198.102.62.250.1154559523.squirrel@www.marketgroups.com> Message-ID: <44D13147.9070107@redhat.com> George Daswani wrote: > Hello, > > I have around 350K users in my test directory, and I'm running > into an odd problem with the directory not using indeces for > ldapsearches. > > For example, using the following search string > > (&(objectClass=organizationalPerson)(employeeNumber=*)) > > Looking at the console, there's a system index on objectClass (which is > set to equality), there's also an index on employeeNumber (both equality, > and presence). > > There are around 5K icasOrgPersons (which can hold the employeeNumber > attribute), the rest can't. How many entries match (objectClass=organizationalPerson)? If this number is large, then I think what's happening is that the database first looks up how many match this, and says there are too many. Try using icasOrgPerson or reverse the order of the filters. > When the actual search (really slow as if it > was using a full scan) is performed, the access log files shows "notes=U" > meaning that the search was unindexed. The question is why considering > there were indeces built for the attributes in the search filter? > > Thanks. > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From funks at socalsrt4.com Thu Aug 3 00:21:06 2006 From: funks at socalsrt4.com (George Daswani) Date: Wed, 2 Aug 2006 19:21:06 -0500 (CDT) Subject: [Fedora-directory-users] Odd performance problem, server not using indeces In-Reply-To: <44D13147.9070107@redhat.com> References: <13648.198.102.62.250.1154559523.squirrel@www.marketgroups.com> <44D13147.9070107@redhat.com> Message-ID: <34283.198.102.62.250.1154564466.squirrel@www.marketgroups.com> > George Daswani wrote: >> Hello, >> >> I have around 350K users in my test directory, and I'm running >> into an odd problem with the directory not using indeces for >> ldapsearches. >> >> For example, using the following search string >> >> (&(objectClass=icasOrgPerson)(employeeNumber=*)) >> >> Looking at the console, there's a system index on objectClass (which is >> set to equality), there's also an index on employeeNumber (both >> equality, >> and presence). >> >> There are around 5K icasOrgPersons (which can hold the employeeNumber >> attribute), the rest can't. > How many entries match (objectClass=organizationalPerson)? If this > number is large, then I think what's happening is that the database > first looks up how many match this, and says there are too many. Try > using icasOrgPerson or reverse the order of the filters. I did the following per your statement above.. ldapsearch -D "cn=Directory Manager" -x -W "(&(employeeNumber=*)(objectClass=icasOrgPerson))" -b "ou=Users,ou=Internal,o=TEST,o=US" ou=Users,ou=Internal,o=TEST,o=US only holds icasOrgPerson type users (4778 in total) and all of those records have an employeeNumber. the rest of the users live in ou=Users,ou=External,o=TEST,o=US (around 345K+, none of which are icasOrgPerson's) Running the search string above, the search is still unindexed (returns nentries=4778 notes=U) and is slow. Searches like the following are very fast (indexed per the access log) "(&(employeeNumber=2549)(objectClass=icasOrgPerson))" it's weird that searches are so slow (not using indeces) considering the number of actual icasOrgPerson (objectClass) is quite low (5K out out of the 450K users), and that there's a presence index on the employeeNumber attribute (which only exists in icasOrgPerson objects) along with a searchbase. The index files aren't corrupt and I even recreated the database using ldif2db just to make sure everything was fine with the same result. From rmeggins at redhat.com Thu Aug 3 01:47:48 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 02 Aug 2006 19:47:48 -0600 Subject: [Fedora-directory-users] Odd performance problem, server not using indeces In-Reply-To: <34283.198.102.62.250.1154564466.squirrel@www.marketgroups.com> References: <13648.198.102.62.250.1154559523.squirrel@www.marketgroups.com> <44D13147.9070107@redhat.com> <34283.198.102.62.250.1154564466.squirrel@www.marketgroups.com> Message-ID: <44D155C4.1080703@redhat.com> George Daswani wrote: >> George Daswani wrote: >> >>> Hello, >>> >>> I have around 350K users in my test directory, and I'm running >>> into an odd problem with the directory not using indeces for >>> ldapsearches. >>> >>> For example, using the following search string >>> >>> (&(objectClass=icasOrgPerson)(employeeNumber=*)) >>> >>> Looking at the console, there's a system index on objectClass (which is >>> set to equality), there's also an index on employeeNumber (both >>> equality, >>> and presence). >>> >>> There are around 5K icasOrgPersons (which can hold the employeeNumber >>> attribute), the rest can't. >>> > > >> How many entries match (objectClass=organizationalPerson)? If this >> number is large, then I think what's happening is that the database >> first looks up how many match this, and says there are too many. Try >> using icasOrgPerson or reverse the order of the filters. >> > > I did the following per your statement above.. > > ldapsearch -D "cn=Directory Manager" -x -W > "(&(employeeNumber=*)(objectClass=icasOrgPerson))" -b > "ou=Users,ou=Internal,o=TEST,o=US" > > ou=Users,ou=Internal,o=TEST,o=US only holds icasOrgPerson type users (4778 > in total) and all of those records have an employeeNumber. > > the rest of the users live in > > ou=Users,ou=External,o=TEST,o=US (around 345K+, none of which are > icasOrgPerson's) > > Running the search string above, the search is still unindexed (returns > nentries=4778 notes=U) and is slow. > > Searches like the following are very fast (indexed per the access log) > > "(&(employeeNumber=2549)(objectClass=icasOrgPerson))" > Right. Because there is only one matching entry in the index for employeeNumber. > it's weird that searches are so slow (not using indeces) considering the > number of actual icasOrgPerson (objectClass) is quite low (5K out out of > the 450K users), and that there's a presence index on the employeeNumber > attribute (which only exists in icasOrgPerson objects) along with a > searchbase. > Well, in this case, it has to iterate through the employeeNumber index and return each one of several thousand. > The index files aren't corrupt and I even recreated the database using > ldif2db just to make sure everything was fine with the same result. > > If you really need to perform searches like this that return a very large result set, I suggest you look into the Fedora DS Virtual List View feature which allows you to page through a sorted result set, or increase your nsslapd-idlistscanlimit. See http://www.redhat.com/docs/manuals/dir-server/ag/7.1/index1.html#1095569 for more details. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From richip at richip.dhs.org Thu Aug 3 03:47:37 2006 From: richip at richip.dhs.org (Richi Plana) Date: Wed, 02 Aug 2006 21:47:37 -0600 Subject: [Fedora-directory-users] Authentication Cache While Offline In-Reply-To: References: <1153893833.2975.9.camel@richip.dhs.org> <1154017530.2975.30.camel@richip.dhs.org> <1154465084.2721.32.camel@richip.dhs.org> Message-ID: <1154576857.2721.53.camel@richip.dhs.org> On Tue, 2006-08-01 at 19:20 -0400, James Chamberlain wrote: > Hi Richi, > > By any chance, have you checked out pam_ccreds? Thanks. That did it. With your lead, I found this site: http://www.flyn.org/laptopldap/laptopldap.html ... that has exactly what people need to configure machines for intermittent connectivity. pam_ccreds happens to be installed in a default FC5 installation. Hopefully the config will make its way into system-config-authentication soon. -- Richi From funks at socalsrt4.com Thu Aug 3 07:53:16 2006 From: funks at socalsrt4.com (George Daswani) Date: Thu, 3 Aug 2006 02:53:16 -0500 (CDT) Subject: [Fedora-directory-users] Odd performance problem, server not using indeces In-Reply-To: <44D155C4.1080703@redhat.com> References: <13648.198.102.62.250.1154559523.squirrel@www.marketgroups.com> <44D13147.9070107@redhat.com> <34283.198.102.62.250.1154564466.squirrel@www.marketgroups.com> <44D155C4.1080703@redhat.com> Message-ID: <2503.69.234.99.128.1154591596.squirrel@www.marketgroups.com> > George Daswani wrote: >>> George Daswani wrote: >>> >> >> I did the following per your statement above.. >> >> ldapsearch -D "cn=Directory Manager" -x -W >> "(&(employeeNumber=*)(objectClass=icasOrgPerson))" -b >> "ou=Users,ou=Internal,o=TEST,o=US" >> >> ou=Users,ou=Internal,o=TEST,o=US only holds icasOrgPerson type users >> (4778 >> in total) and all of those records have an employeeNumber. >> >> the rest of the users live in >> >> ou=Users,ou=External,o=TEST,o=US (around 345K+, none of which are >> icasOrgPerson's) >> >> Running the search string above, the search is still unindexed (returns >> nentries=4778 notes=U) and is slow. >> >> Searches like the following are very fast (indexed per the access log) >> >> "(&(employeeNumber=2549)(objectClass=icasOrgPerson))" >> > Right. Because there is only one matching entry in the index for > employeeNumber. >> it's weird that searches are so slow (not using indeces) considering the >> number of actual icasOrgPerson (objectClass) is quite low (5K out out of >> the 450K users), and that there's a presence index on the employeeNumber >> attribute (which only exists in icasOrgPerson objects) along with a >> searchbase. >> > Well, in this case, it has to iterate through the employeeNumber index > and return each one of several thousand. >> The index files aren't corrupt and I even recreated the database using >> ldif2db just to make sure everything was fine with the same result. >> >> > If you really need to perform searches like this that return a very > large result set, I suggest you look into the Fedora DS Virtual List > View feature which allows you to page through a sorted result set, or > increase your nsslapd-idlistscanlimit. > > See > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/index1.html#1095569 > for more details. >> >> Richard, thanks for the tip, the default value of the nsslapd-idlistscanlimit is 4K, and the result set that i'm looking at is around 4778 entries so that it's past the tipping point and is not using the indeces. I originally found it odd because I was expecting index handling to be somewhat like how openldap 2.3.25 uses it (I loaded the same data set, same indeces, same hardware, os) and openldap didn't break a sweat returning the result set (instantaneous and fast, the difference between 15 seconds vs 154+ seconds on FDS). I'll bump up the nsslapd-idlistscanlimit to 5K or so and will try again (i'll do some further research in regards to a vlvindex). It's normal for the ldap server in our use-case to generate such large user entries. Non-LDAP aware systems import such data nightly - such is life I guess. G From jamsda_1 at yahoo.com Thu Aug 3 21:14:33 2006 From: jamsda_1 at yahoo.com (jamsda) Date: Thu, 3 Aug 2006 14:14:33 -0700 (PDT) Subject: [Fedora-directory-users] FDS Replication problem Message-ID: <20060803211433.11008.qmail@web50909.mail.yahoo.com> Hello, I have a 4-way multi-master configured with FDS. One of the hosts is not receiving/sending replicated data. I tried removing the replication argreements with the mmr.pl application (to try re-creating the agreement), but it's not letting me. Here's the error message trying to remove testhost1's agreement: perl mmr.pl --host1 testhost1 --host2 testhost2 --bindpw --remove "removing replication agreement from testhost1 -> testhost2 Can't call method "dn" on an undefined value at mmr.pl line 200, line 397" When I run the mmr.pl with --display, the agreement appears to be ok: perl mmr.pl --host1 testhost1 --host2 testhost2 --bindpw --display replication agreements from testhost1 ->testhost2 ->testhost3 replication agreements from testhost2 ->testhost1 ->testhost4 Here's the commands I used to create the 4-way multi-master agreement: perl mmr.pl --host1 testhost1 --host1_id 1 --host2 testhost2 --host2_id 2 --bindpw --repmanpw --create perl mmr.pl --host1 testhost3 --host1_id 3 --host2 testhost4 --host2_id 4 --bindpw --repmanpw --create perl mmr.pl --host1 testhost3 --host1_id 3 --host2 testhost1 --host2_id 1 --bindpw --repmanpw --create perl mmr.pl --host1 testhost4 --host1_id 4 --host2 testhost2 --host2_id 2 --bindpw --repmanpw --create The other 3 hosts are working fine. I'm not sure if there are any other ways to troubleshoot this. Anybody have any ideas? Thanks, Jim __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From rmeggins at redhat.com Fri Aug 4 15:45:37 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 04 Aug 2006 09:45:37 -0600 Subject: [Fedora-directory-users] Error at work of the utility ldapsearch. In-Reply-To: References: Message-ID: <44D36BA1.7050405@redhat.com> One problem may be that you have to specify some additional option when creating the MS CA cert or server certs issued by this CA. Is this a root CA or did you get a CA certificate from somewhere else? Do this: cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P slapd-asterisk1- -L -n ad-cert Safonov Alexey wrote: > Thanks Richard! > > In my opinion it the certificate of the CA. Certificates you can see details > of reception of it on a screenshot (see the attached file) > > Safonov Alexey > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard > Megginson > Sent: Friday, July 28, 2006 5:45 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Error at work of the utility > ldapsearch. > > > Safonov Alexey wrote: > >> Thanks Richard! >> >> Now I start so: >> [root at asterisk1 bin]# ./ldapsearch -Z -P >> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K >> /opt/fedora-ds/alias/slapd-asterisk1-key3.db -h >> rv-vm1.mup-example.vrn.ru -p 636 -D >> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s >> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v >> >> Also I receive a error: >> >> ldapsearch: started Fri Jul 28 16:21:39 2006 >> >> ldap_init( srv-vm1.mup-example.vrn.ru, 636 ) >> ldaptool_getcertpath -- /opt/fedora-ds/alias/slapd-asterisk1-cert8.db >> ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db >> ldaptool_getmodpath -- (null) >> ldaptool_getdonglefilename -- (null) >> ldap_simple_bind: Can't contact LDAP server >> SSL error -8156 (Issuer certificate is invalid.) >> >> Though the certificate ad-cert (from Windows DC) is established. The >> > utility > >> certutil and Fedora Management Console (Manage Certificates) shows it. >> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P >> slapd-asterisk1- >> CA certificate CTu,u,u >> server-cert u,u,u >> Server-Cert u,u,u >> ad-cert CT,C,C >> >> Help my! >> >> > Is ad-cert the certificate of the AD server or the certificate of the CA > that issued the AD cert? An SSL client only needs to trust the CA cert > of the issuer of the server certs it wants to use. > >> Safonov Alexey >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard >> Megginson >> Sent: Thursday, July 27, 2006 7:36 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Error at work of the utility >> ldapsearch. >> >> >> Safonov Alexey wrote: >> >> >>> Hi ! >>> >>> I ask to help to solve a problem with the utility ldapsearch. >>> >>> is a problem to carry out synchronization between FDS and AD. Has made >>> > the > >>> following: >>> 1) Install FDS >>> 2) Configuring SSL Enabled FDS. For this purpose has started script >>> setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh) >>> > from > >>> HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL) >>> 3) Restart FDS. >>> netstat -atupn | grep ns- >>> tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd >>> tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd >>> 4) Enable SSL on AD. >>> Install Certificate Service >>> Check util ldp.exe: >>> Connected param: Server- srv-vm1.mup-example.vrn.ru >>> Port - 636 >>> Checkbox "SSL" >>> ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1); >>> Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, >>> LDAP_VERSION3); >>> Error <0x0> = ldap_connect(hLdap, NULL); >>> Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); >>> Host supports SSL, SSL cipher strength = 128 bits >>> Established connection to srv-vm1.mup-example.vrn.ru. >>> Retrieving base DSA information... >>> ..... >>> 5) Import AD CA certificate in DER mode. >>> 6) Copy, convert (PEM) and install AD CA certificate in FDS. Check: >>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P >>> slapd-asterisk1- >>> CA certificate CTu,u,u >>> server-cert u,u,u >>> Server-Cert u,u,u >>> ad-cert CT,C,C <- install this >>> >>> 6) [root at asterisk1 alias]# ldapsearch -Z -P >>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h >>> rv-vm1.mup-example.vrn.ru -p 636 -D >>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s >>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" >>> >>> >>> >> That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses >> openssl for crypto, which is completely different than NSS. You need to >> use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >> cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >> >> >>> Error: >>> ldapsearch: unabel to parse protocol version >>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>> >>> Help my! >>> Thanks >>> >>> ------------------------------------------------------ >>> My Setup: >>> >>> Fedora Core 5 (i386) >>> Fedora Directory Server 1.0.2 >>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>> ------------------------------------------------------ >>> >> use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >> cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >> >> >>> Error: >>> ldapsearch: unabel to parse protocol version >>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>> >>> Help my! >>> Thanks >>> >>> ------------------------------------------------------ >>> My Setup: >>> >>> Fedora Core 5 (i386) >>> Fedora Directory Server 1.0.2 >>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>> ------------------------------------------------------ >>> > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From triswimjoe at hotmail.com Fri Aug 4 18:43:20 2006 From: triswimjoe at hotmail.com (Joe Sheehan) Date: Fri, 04 Aug 2006 14:43:20 -0400 Subject: [Fedora-directory-users] LDAP Error In-Reply-To: <44D36BA1.7050405@redhat.com> Message-ID: Has anyone seen this before? Possible causes? Thanks Joe Start Slapd Server Config FATAL Slapd ERROR LDAP authentication failed for url: ldap://nodename.my.nis:1389 Netscaperoot user id admin (151: unknown error) Fatal slapd did not add directory server information into configuration server ... >From: Richard Megginson >Reply-To: "General discussion list for the Fedora Directory server >project." >To: "General discussion list for the Fedora Directory server project." > >Subject: Re: [Fedora-directory-users] Error at work of the utility >ldapsearch. >Date: Fri, 04 Aug 2006 09:45:37 -0600 > >One problem may be that you have to specify some additional option when >creating the MS CA cert or server certs issued by this CA. Is this a root >CA or did you get a CA certificate from somewhere else? > >Do this: >cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P slapd-asterisk1- >-L -n ad-cert > >Safonov Alexey wrote: >>Thanks Richard! >> >>In my opinion it the certificate of the CA. Certificates you can see >>details >>of reception of it on a screenshot (see the attached file) >> >>Safonov Alexey >> >>-----Original Message----- >>From: fedora-directory-users-bounces at redhat.com >>[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard >>Megginson >>Sent: Friday, July 28, 2006 5:45 PM >>To: General discussion list for the Fedora Directory server project. >>Subject: Re: [Fedora-directory-users] Error at work of the utility >>ldapsearch. >> >> >>Safonov Alexey wrote: >> >>>Thanks Richard! >>> >>>Now I start so: >>>[root at asterisk1 bin]# ./ldapsearch -Z -P >>>/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K >>>/opt/fedora-ds/alias/slapd-asterisk1-key3.db -h >>>rv-vm1.mup-example.vrn.ru -p 636 -D >>>"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s >>>base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v >>> >>>Also I receive a error: >>> >>>ldapsearch: started Fri Jul 28 16:21:39 2006 >>> >>>ldap_init( srv-vm1.mup-example.vrn.ru, 636 ) >>>ldaptool_getcertpath -- /opt/fedora-ds/alias/slapd-asterisk1-cert8.db >>>ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db >>>ldaptool_getmodpath -- (null) >>>ldaptool_getdonglefilename -- (null) >>>ldap_simple_bind: Can't contact LDAP server >>> SSL error -8156 (Issuer certificate is invalid.) >>> >>>Though the certificate ad-cert (from Windows DC) is established. The >>> >>utility >> >>>certutil and Fedora Management Console (Manage Certificates) shows it. >>>[root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P >>>slapd-asterisk1- >>>CA certificate CTu,u,u >>>server-cert u,u,u >>>Server-Cert u,u,u >>>ad-cert CT,C,C >>> >>>Help my! >>> >>> >>Is ad-cert the certificate of the AD server or the certificate of the CA >>that issued the AD cert? An SSL client only needs to trust the CA cert >>of the issuer of the server certs it wants to use. >> >>>Safonov Alexey >>> >>>-----Original Message----- >>>From: fedora-directory-users-bounces at redhat.com >>>[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard >>>Megginson >>>Sent: Thursday, July 27, 2006 7:36 PM >>>To: General discussion list for the Fedora Directory server project. >>>Subject: Re: [Fedora-directory-users] Error at work of the utility >>>ldapsearch. >>> >>> >>>Safonov Alexey wrote: >>> >>> >>>>Hi ! >>>> >>>>I ask to help to solve a problem with the utility ldapsearch. >>>> >>>>is a problem to carry out synchronization between FDS and AD. Has made >>>> >>the >> >>>>following: >>>>1) Install FDS >>>>2) Configuring SSL Enabled FDS. For this purpose has started script >>>>setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh) >>>> >>from >> >>>>HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL) >>>>3) Restart FDS. >>>> netstat -atupn | grep ns- >>>>tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd >>>>tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd >>>>4) Enable SSL on AD. >>>>Install Certificate Service >>>>Check util ldp.exe: >>>>Connected param: Server- srv-vm1.mup-example.vrn.ru >>>> Port - 636 >>>> Checkbox "SSL" >>>>ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1); >>>>Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, >>>>LDAP_VERSION3); >>>>Error <0x0> = ldap_connect(hLdap, NULL); >>>>Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); >>>>Host supports SSL, SSL cipher strength = 128 bits >>>>Established connection to srv-vm1.mup-example.vrn.ru. >>>>Retrieving base DSA information... >>>>..... >>>>5) Import AD CA certificate in DER mode. >>>>6) Copy, convert (PEM) and install AD CA certificate in FDS. Check: >>>>[root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P >>>>slapd-asterisk1- >>>>CA certificate CTu,u,u >>>>server-cert u,u,u >>>>Server-Cert u,u,u >>>>ad-cert CT,C,C <- install this >>>> >>>>6) [root at asterisk1 alias]# ldapsearch -Z -P >>>>/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h >>>>rv-vm1.mup-example.vrn.ru -p 636 -D >>>>"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s >>>>base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" >>>> >>>> >>>> >>>That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses >>>openssl for crypto, which is completely different than NSS. You need to >>>use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>> >>> >>>>Error: >>>>ldapsearch: unabel to parse protocol version >>>>"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>> >>>>Help my! >>>>Thanks >>>> >>>>------------------------------------------------------ >>>>My Setup: >>>> >>>>Fedora Core 5 (i386) >>>>Fedora Directory Server 1.0.2 >>>>Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>------------------------------------------------------ >>>> >>>use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>> >>> >>>>Error: >>>>ldapsearch: unabel to parse protocol version >>>>"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>> >>>>Help my! >>>>Thanks >>>> >>>>------------------------------------------------------ >>>>My Setup: >>>> >>>>Fedora Core 5 (i386) >>>>Fedora Directory Server 1.0.2 >>>>Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>------------------------------------------------------ >>>> >> >> >> >>------------------------------------------------------------------------ >> >>------------------------------------------------------------------------ >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> ><< smime.p7s >> >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users From rmeggins at redhat.com Fri Aug 4 20:04:23 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 04 Aug 2006 14:04:23 -0600 Subject: [Fedora-directory-users] LDAP Error In-Reply-To: References: Message-ID: <44D3A847.400@redhat.com> Joe Sheehan wrote: > Has anyone seen this before? Possible causes? Thanks Joe > > > Start Slapd Server Config > > FATAL Slapd ERROR LDAP authentication failed for url: > ldap://nodename.my.nis:1389 Netscaperoot user id admin > (151: unknown error) This usually indicates a problem with DNS or reverse DNS setup. > > Fatal slapd did not add directory server information into > configuration server > > ... > > > > >> From: Richard Megginson >> Reply-To: "General discussion list for the Fedora Directory server >> project." >> To: "General discussion list for the Fedora Directory server >> project." >> Subject: Re: [Fedora-directory-users] Error at work of the utility >> ldapsearch. >> Date: Fri, 04 Aug 2006 09:45:37 -0600 >> >> One problem may be that you have to specify some additional option >> when creating the MS CA cert or server certs issued by this CA. Is >> this a root CA or did you get a CA certificate from somewhere else? >> >> Do this: >> cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P >> slapd-asterisk1- -L -n ad-cert >> >> Safonov Alexey wrote: >>> Thanks Richard! >>> >>> In my opinion it the certificate of the CA. Certificates you can see >>> details >>> of reception of it on a screenshot (see the attached file) >>> >>> Safonov Alexey >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces at redhat.com >>> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard >>> Megginson >>> Sent: Friday, July 28, 2006 5:45 PM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] Error at work of the utility >>> ldapsearch. >>> >>> >>> Safonov Alexey wrote: >>> >>>> Thanks Richard! >>>> >>>> Now I start so: >>>> [root at asterisk1 bin]# ./ldapsearch -Z -P >>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K >>>> /opt/fedora-ds/alias/slapd-asterisk1-key3.db -h >>>> rv-vm1.mup-example.vrn.ru -p 636 -D >>>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s >>>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v >>>> >>>> Also I receive a error: >>>> >>>> ldapsearch: started Fri Jul 28 16:21:39 2006 >>>> >>>> ldap_init( srv-vm1.mup-example.vrn.ru, 636 ) >>>> ldaptool_getcertpath -- /opt/fedora-ds/alias/slapd-asterisk1-cert8.db >>>> ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db >>>> ldaptool_getmodpath -- (null) >>>> ldaptool_getdonglefilename -- (null) >>>> ldap_simple_bind: Can't contact LDAP server >>>> SSL error -8156 (Issuer certificate is invalid.) >>>> >>>> Though the certificate ad-cert (from Windows DC) is established. The >>>> >>> utility >>> >>>> certutil and Fedora Management Console (Manage Certificates) shows it. >>>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P >>>> slapd-asterisk1- >>>> CA certificate CTu,u,u >>>> server-cert u,u,u >>>> Server-Cert u,u,u >>>> ad-cert CT,C,C >>>> >>>> Help my! >>>> >>>> >>> Is ad-cert the certificate of the AD server or the certificate of >>> the CA >>> that issued the AD cert? An SSL client only needs to trust the CA cert >>> of the issuer of the server certs it wants to use. >>> >>>> Safonov Alexey >>>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces at redhat.com >>>> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard >>>> Megginson >>>> Sent: Thursday, July 27, 2006 7:36 PM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: Re: [Fedora-directory-users] Error at work of the utility >>>> ldapsearch. >>>> >>>> >>>> Safonov Alexey wrote: >>>> >>>> >>>>> Hi ! >>>>> >>>>> I ask to help to solve a problem with the utility ldapsearch. >>>>> >>>>> is a problem to carry out synchronization between FDS and AD. Has >>>>> made >>>>> >>> the >>> >>>>> following: >>>>> 1) Install FDS >>>>> 2) Configuring SSL Enabled FDS. For this purpose has started script >>>>> setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh) >>>>> >>> from >>> >>>>> HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL) >>>>> 3) Restart FDS. >>>>> netstat -atupn | grep ns- >>>>> tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd >>>>> tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd >>>>> 4) Enable SSL on AD. >>>>> Install Certificate Service >>>>> Check util ldp.exe: >>>>> Connected param: Server- srv-vm1.mup-example.vrn.ru >>>>> Port - 636 >>>>> Checkbox "SSL" >>>>> ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1); >>>>> Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, >>>>> LDAP_VERSION3); >>>>> Error <0x0> = ldap_connect(hLdap, NULL); >>>>> Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); >>>>> Host supports SSL, SSL cipher strength = 128 bits >>>>> Established connection to srv-vm1.mup-example.vrn.ru. >>>>> Retrieving base DSA information... >>>>> ..... >>>>> 5) Import AD CA certificate in DER mode. >>>>> 6) Copy, convert (PEM) and install AD CA certificate in FDS. Check: >>>>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P >>>>> slapd-asterisk1- >>>>> CA certificate CTu,u,u >>>>> server-cert u,u,u >>>>> Server-Cert u,u,u >>>>> ad-cert CT,C,C <- install this >>>>> >>>>> 6) [root at asterisk1 alias]# ldapsearch -Z -P >>>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h >>>>> rv-vm1.mup-example.vrn.ru -p 636 -D >>>>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s >>>>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" >>>>> >>>>> >>>>> >>>> That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses >>>> openssl for crypto, which is completely different than NSS. You >>>> need to >>>> use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>> cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>> >>>> >>>>> Error: >>>>> ldapsearch: unabel to parse protocol version >>>>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>> >>>>> Help my! >>>>> Thanks >>>>> >>>>> ------------------------------------------------------ >>>>> My Setup: >>>>> >>>>> Fedora Core 5 (i386) >>>>> Fedora Directory Server 1.0.2 >>>>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>> ------------------------------------------------------ >>>>> >>>> use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>> cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>> >>>> >>>>> Error: >>>>> ldapsearch: unabel to parse protocol version >>>>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>> >>>>> Help my! >>>>> Thanks >>>>> >>>>> ------------------------------------------------------ >>>>> My Setup: >>>>> >>>>> Fedora Core 5 (i386) >>>>> Fedora Directory Server 1.0.2 >>>>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>> ------------------------------------------------------ >>>>> >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> > > >> << smime.p7s >> > > > > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Diana.Shepard at cusys.edu Fri Aug 4 20:09:41 2006 From: Diana.Shepard at cusys.edu (Diana Shepard) Date: Fri, 4 Aug 2006 14:09:41 -0600 Subject: [Fedora-directory-users] FW: Can't start console Message-ID: <7315857F21D51B449CC55ADE3A568318ECB66C@ex2k3.ad.cusys.edu> Still having this same problem. Can anyone offer any suggestions? Thought maybe I could uninstall the admin-serv and reinstall it, but even though an uninstall of the admin-serv only is an option, an install of the admin-serv isn't. I found this regarding a Windows ldap console (mine is a Linux install): http://directory.fedora.redhat.com/wiki?title=Howto:WindowsConsole&redir ect=no "SSL Copying over the jar files will get the Administration Console going, but SSL will not be functional. If you point it at an Administration Server listening with https you'll see an exception thrown like this one: Exception in thread "main" java.lang.UnsatisfiedLinkError: no jss3 in java.library.path" That exception is similar to mine: "Exception in thread "main" java.lang.UnsatisfiedLinkError: /opt/fedora-ds/lib/libjss3.so: /opt/fedora-ds/lib/libjss3.so" but my Administration Server is not "listening with SSL". Why does it think I am?????? Diana Shepard University of Colorado, Boulder > -----Original Message----- > From: Diana Shepard > Sent: Friday, July 21, 2006 1:54 PM > To: 'fedora-directory-users at redhat.com' > Subject: Can't start console > > Thanks for the responses. Here are answers: > > [root at ldap2 ~]# java -version > java version "1.4.2_04" > Java(TM) 2 Runtime Environment, Standard Edition (build > 1.4.2_04-b05) Java HotSpot(TM) Client VM (build 1.4.2_04-b05, > mixed mode) > > > [root at ldap2 ~]# ls -l /opt/fedora-ds/lib/libjss3.so > -rwxr-xr-x 1 root root 213324 Nov 15 2005 > /opt/fedora-ds/lib/libjss3.so > > > [root at ldap2 ~]# echo $LD_LIBRARY_PATH > /opt/fedora-ds/lib:/opt/fedora-ds/shared/lib > > > > [root at ldap2 ~]# ldd /opt/fedora-ds/lib/libjss3.so > libnss3.so => /opt/fedora-ds/shared/lib/libnss3.so > (0x0000002a95682000) > libsmime3.so => > /opt/fedora-ds/shared/lib/libsmime3.so (0x0000002a95807000) > libssl3.so => /opt/fedora-ds/shared/lib/libssl3.so > (0x0000002a95932000) > libplc4.so => /opt/fedora-ds/shared/lib/libplc4.so > (0x0000002a95a5f000) > libplds4.so => /opt/fedora-ds/shared/lib/libplds4.so > (0x0000002a95b64000) > libnspr4.so => /opt/fedora-ds/shared/lib/libnspr4.so > (0x0000002a95c67000) > libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a95dad000) > libsoftokn3.so => > /opt/fedora-ds/shared/lib/libsoftokn3.so (0x0000002a95fe1000) > libpthread.so.0 => /lib64/tls/libpthread.so.0 > (0x0000002a9613b000) > libdl.so.2 => /lib64/libdl.so.2 (0x0000002a96251000) > /lib64/ld-linux-x86-64.so.2 (0x000000552aaaa000) > > Diana Shepard > University of Colorado, Boulder > > > > -----Original Message----- > > From: fedora-directory-users-bounces at redhat.com > > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of > > fedora-directory-users-request at redhat.com > > Sent: Friday, July 21, 2006 10:00 AM > > To: fedora-directory-users at redhat.com > > Subject: Fedora-directory-users Digest, Vol 14, Issue 22 > > > > Send Fedora-directory-users mailing list submissions to > > fedora-directory-users at redhat.com > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > or, via email, send a message with subject or body 'help' to > > fedora-directory-users-request at redhat.com > > > > You can reach the person managing the list at > > fedora-directory-users-owner at redhat.com > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Fedora-directory-users digest..." > > > > > > Today's Topics: > > > > 1. Can't start console (Diana Shepard) > > 2. Re: Can't start console (Richard Megginson) > > 3. Re: Can't start console (brian) > > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Thu, 20 Jul 2006 16:02:18 -0600 > > From: "Diana Shepard" > > Subject: [Fedora-directory-users] Can't start console > > To: > > Message-ID: > > <7315857F21D51B449CC55ADE3A568318C37FEB at ex2k3.ad.cusys.edu> > > Content-Type: text/plain; charset="us-ascii" > > > > I have Fedora DS v1.0.2 installed on Linux AS v. 4, 64-bit. > > > > I get the following when I try /opt/fedora-ds/startconsole. > > The libjss3.so file does indeed exist. I tried setting and > exporting > > > > LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib:/opt/fedora-ds/lib > > > > to no avail. What the heck does it want? > > > > [root at ldap2 fedora-ds]# ./startconsole Exception in thread "main" > > java.lang.UnsatisfiedLinkError: > > /opt/fedora-ds/lib/libjss3.so: /opt/fedora-ds/lib/libjss3.so: > > cannot open shared object file: No such file or directory > > at java.lang.ClassLoader$NativeLibrary.load(Native Method) > > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) > > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) > > at java.lang.Runtime.loadLibrary0(Runtime.java:788) > > at java.lang.System.loadLibrary(System.java:834) > > at > > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManage > > r.java:133 > > 0) > > at > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) > > at > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) > > at > > > com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown > > Source) > > at > > com.netscape.management.client.util.UtilConsoleGlobals.getLDAP > > SSLSocketF > > actory(Unknown Source) > > at > > com.netscape.management.client.console.Console.LDAPinitializat > > ion(Unknow > > n Source) > > at > > com.netscape.management.client.console.Console.(Unknown > > Source) > > at > com.netscape.management.client.console.Console.main(Unknown > > Source) > > > > Diana Shepard > > University of Colorado,Boulder > > University Management Systems > > > > > > -------------- next part -------------- An HTML attachment was > > scrubbed... > > URL: > > https://www.redhat.com/archives/fedora-directory-users/attachm > ents/20060720/d1742a42/attachment.html > > > > ------------------------------ > > > > Message: 2 > > Date: Thu, 20 Jul 2006 19:09:19 -0600 > > From: Richard Megginson > > Subject: Re: [Fedora-directory-users] Can't start console > > To: "General discussion list for the Fedora Directory > server project." > > > > Message-ID: <44C0293F.6020505 at redhat.com> > > Content-Type: text/plain; charset="iso-8859-1" > > > > Which jre are you using? > > > > Diana Shepard wrote: > > > > > > I have Fedora DS v1.0.2 installed on Linux AS v. 4, 64-bit. > > > > > > I get the following when I try /opt/fedora-ds/startconsole. The > > > libjss3.so file does indeed exist. I tried setting and exporting > > > > > > LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib:/opt/fedora-ds/lib > > > > > > to no avail. What the heck does it want? > > > > > > [root at ldap2 fedora-ds]# ./startconsole Exception in thread "main" > > > java.lang.UnsatisfiedLinkError: > > > /opt/fedora-ds/lib/libjss3.so: > > /opt/fedora-ds/lib/libjss3.so: cannot > > > open shared object file: No such file or directory > > > > > > at java.lang.ClassLoader$NativeLibrary.load(Native Method) > > > at > java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) > > > at > java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) > > > at java.lang.Runtime.loadLibrary0(Runtime.java:788) > > > at java.lang.System.loadLibrary(System.java:834) > > > at > > > > > > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1 > > > 330) > > > > > > at > > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) > > > at > > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) > > > at > > > > > > com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown > > > Source) > > > at > > > > > > com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocke > > > tFactory(Unknown > > > Source) > > > at > > > > > > com.netscape.management.client.console.Console.LDAPinitialization(Unkn > > > own > > > Source) > > > at > > > > > > com.netscape.management.client.console.Console.(Unknown Source) > > > at > > com.netscape.management.client.console.Console.main(Unknown > > > Source) > > > > > > Diana Shepard > > > University of Colorado,Boulder > > > University Management Systems > > > > > > > > > > > > ---------------------------------------------------------------------- > > > -- > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -------------- next part -------------- A non-text attachment was > > scrubbed... > > Name: smime.p7s > > Type: application/x-pkcs7-signature > > Size: 3178 bytes > > Desc: S/MIME Cryptographic Signature > > Url : > > https://www.redhat.com/archives/fedora-directory-users/attachm > ents/20060720/01edfbce/smime.bin > > > > ------------------------------ > > > > Message: 3 > > Date: Fri, 21 Jul 2006 11:58:52 -0400 > > From: brian > > Subject: Re: [Fedora-directory-users] Can't start console > > To: "General discussion list for the Fedora Directory > server project." > > > > Message-ID: <1153497532.22758.6.camel at localhost.localdomain> > > Content-Type: text/plain > > > > what does "ls -l /opt/fedora-ds/lib/libjss3.so" show? > > > > On Thu, 2006-07-20 at 16:02 -0600, Diana Shepard wrote: > > > I have Fedora DS v1.0.2 installed on Linux AS v. 4, 64-bit. > > > > > > I get the following when I try /opt/fedora-ds/startconsole. The > > > libjss3.so file does indeed exist. I tried setting and exporting > > > > > > LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib:/opt/fedora-ds/lib > > > > > > to no avail. What the heck does it want? > > > > > > [root at ldap2 fedora-ds]# ./startconsole Exception in thread "main" > > > java.lang.UnsatisfiedLinkError: /opt/fedora-ds/lib/libjss3.so: > > > /opt/fedora-ds/lib/libjss3.so: cannot open shared object > > file: No such > > > file or directory > > > > > > at > java.lang.ClassLoader$NativeLibrary.load(Native Method) > > > at > > java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) > > > at > java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) > > > at java.lang.Runtime.loadLibrary0(Runtime.java:788) > > > at java.lang.System.loadLibrary(System.java:834) > > > at > > > > > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManage > > r.java:1330) > > > at > > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) > > > at > > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) > > > at > > > > > > com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown > > > Source) > > > at > > > > > com.netscape.management.client.util.UtilConsoleGlobals.getLDAP > > SSLSocketFactory(Unknown Source) > > > at > > > > > com.netscape.management.client.console.Console.LDAPinitializat > > ion(Unknown Source) > > > at > > > > > > com.netscape.management.client.console.Console.(Unknown Source) > > > at > > com.netscape.management.client.console.Console.main(Unknown > > > Source) > > > > > > Diana Shepard > > > University of Colorado,Boulder > > > University Management Systems > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > ------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > End of Fedora-directory-users Digest, Vol 14, Issue 22 > > ****************************************************** > > > From triswimjoe at hotmail.com Fri Aug 4 20:14:41 2006 From: triswimjoe at hotmail.com (Joe Sheehan) Date: Fri, 04 Aug 2006 16:14:41 -0400 Subject: [Fedora-directory-users] LDAP Error In-Reply-To: <44D3A847.400@redhat.com> Message-ID: google(ing) for this - it basically says the same thing as you've stated. Is there a way to fix this by hand or is LDAP corrupted beyond fixing unless you uninstall and re-install. Joe >From: Richard Megginson >Reply-To: "General discussion list for the Fedora Directory server >project." >To: "General discussion list for the Fedora Directory server project." > >Subject: Re: [Fedora-directory-users] LDAP Error >Date: Fri, 04 Aug 2006 14:04:23 -0600 > >Joe Sheehan wrote: >>Has anyone seen this before? Possible causes? Thanks Joe >> >> >>Start Slapd Server Config >> >>FATAL Slapd ERROR LDAP authentication failed for url: >>ldap://nodename.my.nis:1389 Netscaperoot user id admin (151: >>unknown error) >This usually indicates a problem with DNS or reverse DNS setup. >> >>Fatal slapd did not add directory server information into configuration >>server >> >>... >> >> >> >> >>>From: Richard Megginson >>>Reply-To: "General discussion list for the Fedora Directory server >>>project." >>>To: "General discussion list for the Fedora Directory server project." >>> >>>Subject: Re: [Fedora-directory-users] Error at work of the utility >>>ldapsearch. >>>Date: Fri, 04 Aug 2006 09:45:37 -0600 >>> >>>One problem may be that you have to specify some additional option when >>>creating the MS CA cert or server certs issued by this CA. Is this a >>>root CA or did you get a CA certificate from somewhere else? >>> >>>Do this: >>>cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P slapd-asterisk1- >>>-L -n ad-cert >>> >>>Safonov Alexey wrote: >>>>Thanks Richard! >>>> >>>>In my opinion it the certificate of the CA. Certificates you can see >>>>details >>>>of reception of it on a screenshot (see the attached file) >>>> >>>>Safonov Alexey >>>> >>>>-----Original Message----- >>>>From: fedora-directory-users-bounces at redhat.com >>>>[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard >>>>Megginson >>>>Sent: Friday, July 28, 2006 5:45 PM >>>>To: General discussion list for the Fedora Directory server project. >>>>Subject: Re: [Fedora-directory-users] Error at work of the utility >>>>ldapsearch. >>>> >>>> >>>>Safonov Alexey wrote: >>>> >>>>>Thanks Richard! >>>>> >>>>>Now I start so: >>>>>[root at asterisk1 bin]# ./ldapsearch -Z -P >>>>>/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K >>>>>/opt/fedora-ds/alias/slapd-asterisk1-key3.db -h >>>>>rv-vm1.mup-example.vrn.ru -p 636 -D >>>>>"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s >>>>>base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v >>>>> >>>>>Also I receive a error: >>>>> >>>>>ldapsearch: started Fri Jul 28 16:21:39 2006 >>>>> >>>>>ldap_init( srv-vm1.mup-example.vrn.ru, 636 ) >>>>>ldaptool_getcertpath -- /opt/fedora-ds/alias/slapd-asterisk1-cert8.db >>>>>ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db >>>>>ldaptool_getmodpath -- (null) >>>>>ldaptool_getdonglefilename -- (null) >>>>>ldap_simple_bind: Can't contact LDAP server >>>>> SSL error -8156 (Issuer certificate is invalid.) >>>>> >>>>>Though the certificate ad-cert (from Windows DC) is established. The >>>>> >>>>utility >>>> >>>>>certutil and Fedora Management Console (Manage Certificates) shows it. >>>>>[root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P >>>>>slapd-asterisk1- >>>>>CA certificate CTu,u,u >>>>>server-cert u,u,u >>>>>Server-Cert u,u,u >>>>>ad-cert CT,C,C >>>>> >>>>>Help my! >>>>> >>>>> >>>>Is ad-cert the certificate of the AD server or the certificate of the CA >>>>that issued the AD cert? An SSL client only needs to trust the CA cert >>>>of the issuer of the server certs it wants to use. >>>> >>>>>Safonov Alexey >>>>> >>>>>-----Original Message----- >>>>>From: fedora-directory-users-bounces at redhat.com >>>>>[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard >>>>>Megginson >>>>>Sent: Thursday, July 27, 2006 7:36 PM >>>>>To: General discussion list for the Fedora Directory server project. >>>>>Subject: Re: [Fedora-directory-users] Error at work of the utility >>>>>ldapsearch. >>>>> >>>>> >>>>>Safonov Alexey wrote: >>>>> >>>>> >>>>>>Hi ! >>>>>> >>>>>>I ask to help to solve a problem with the utility ldapsearch. >>>>>> >>>>>>is a problem to carry out synchronization between FDS and AD. Has made >>>>>> >>>>the >>>> >>>>>>following: >>>>>>1) Install FDS >>>>>>2) Configuring SSL Enabled FDS. For this purpose has started script >>>>>>setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh) >>>>>> >>>>from >>>> >>>>>>HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL) >>>>>>3) Restart FDS. >>>>>> netstat -atupn | grep ns- >>>>>>tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd >>>>>>tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd >>>>>>4) Enable SSL on AD. >>>>>>Install Certificate Service >>>>>>Check util ldp.exe: >>>>>>Connected param: Server- srv-vm1.mup-example.vrn.ru >>>>>> Port - 636 >>>>>> Checkbox "SSL" >>>>>>ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1); >>>>>>Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, >>>>>>LDAP_VERSION3); >>>>>>Error <0x0> = ldap_connect(hLdap, NULL); >>>>>>Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); >>>>>>Host supports SSL, SSL cipher strength = 128 bits >>>>>>Established connection to srv-vm1.mup-example.vrn.ru. >>>>>>Retrieving base DSA information... >>>>>>..... >>>>>>5) Import AD CA certificate in DER mode. >>>>>>6) Copy, convert (PEM) and install AD CA certificate in FDS. Check: >>>>>>[root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P >>>>>>slapd-asterisk1- >>>>>>CA certificate CTu,u,u >>>>>>server-cert u,u,u >>>>>>Server-Cert u,u,u >>>>>>ad-cert CT,C,C <- install this >>>>>> >>>>>>6) [root at asterisk1 alias]# ldapsearch -Z -P >>>>>>/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h >>>>>>rv-vm1.mup-example.vrn.ru -p 636 -D >>>>>>"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s >>>>>>base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" >>>>>> >>>>>> >>>>>> >>>>>That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses >>>>>openssl for crypto, which is completely different than NSS. You need >>>>>to >>>>>use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>>>cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>>> >>>>> >>>>>>Error: >>>>>>ldapsearch: unabel to parse protocol version >>>>>>"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>>> >>>>>>Help my! >>>>>>Thanks >>>>>> >>>>>>------------------------------------------------------ >>>>>>My Setup: >>>>>> >>>>>>Fedora Core 5 (i386) >>>>>>Fedora Directory Server 1.0.2 >>>>>>Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>>>------------------------------------------------------ >>>>>> >>>>>use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>>>cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>>> >>>>> >>>>>>Error: >>>>>>ldapsearch: unabel to parse protocol version >>>>>>"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>>> >>>>>>Help my! >>>>>>Thanks >>>>>> >>>>>>------------------------------------------------------ >>>>>>My Setup: >>>>>> >>>>>>Fedora Core 5 (i386) >>>>>>Fedora Directory Server 1.0.2 >>>>>>Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>>>------------------------------------------------------ >>>>>> >>>> >>>> >>>> >>>>------------------------------------------------------------------------ >>>> >>>> >>>>------------------------------------------------------------------------ >>>> >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users at redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >> >> >>><< smime.p7s >> >> >> >> >> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users at redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users ><< smime.p7s >> >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users From mj at sci.fi Fri Aug 4 21:00:48 2006 From: mj at sci.fi (Mike Jackson) Date: Sat, 05 Aug 2006 00:00:48 +0300 Subject: [Fedora-directory-users] FDS Replication problem In-Reply-To: <20060803211433.11008.qmail@web50909.mail.yahoo.com> References: <20060803211433.11008.qmail@web50909.mail.yahoo.com> Message-ID: <44D3B580.1010908@sci.fi> jamsda wrote: > Hello, > > I have a 4-way multi-master configured with FDS. One > of the hosts is not receiving/sending replicated data. > I tried removing the replication argreements with the > mmr.pl application (to try re-creating the agreement), > but it's not letting me. > Here's the error message trying to remove testhost1's > agreement: > > perl mmr.pl --host1 testhost1 --host2 testhost2 > --bindpw --remove > > "removing replication agreement from testhost1 -> > testhost2 > Can't call method "dn" on an undefined value at mmr.pl > line 200, line 397" > > Hi, It's my script. I will have a look at it maybe tomorrow. Send me your dse.ldif from testhost1 if you want faster results. BR, Mike -- http://www.netauth.com - LDAP Directory Consulting From rmeggins at redhat.com Fri Aug 4 21:26:21 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 04 Aug 2006 15:26:21 -0600 Subject: [Fedora-directory-users] LDAP Error In-Reply-To: References: Message-ID: <44D3BB7D.8030507@redhat.com> Joe Sheehan wrote: > google(ing) for this - it basically says the same thing as you've stated. > Is there a way to fix this by hand Fix your DNS and reverse DNS set up. Are you also using NIS for hostname resolution? You may have to make sure NIS and DNS hosts resolve to the same IP addresses. > or is LDAP corrupted beyond fixing unless you > uninstall and re-install. This has nothing to do with ldap corruption. Although, once you fix your DNS and reverse DNS, you will need to re install from scratch. This is unfortunately the easiest way to ensure proper Admin Server set up. > > Joe > > >> From: Richard Megginson >> Reply-To: "General discussion list for the Fedora Directory server >> project." >> To: "General discussion list for the Fedora Directory server >> project." >> Subject: Re: [Fedora-directory-users] LDAP Error >> Date: Fri, 04 Aug 2006 14:04:23 -0600 >> >> Joe Sheehan wrote: >>> Has anyone seen this before? Possible causes? Thanks Joe >>> >>> >>> Start Slapd Server Config >>> >>> FATAL Slapd ERROR LDAP authentication failed for url: >>> ldap://nodename.my.nis:1389 Netscaperoot user id admin >>> (151: unknown error) >> This usually indicates a problem with DNS or reverse DNS setup. >>> >>> Fatal slapd did not add directory server information into >>> configuration server >>> >>> ... >>> >>> >>> >>> >>>> From: Richard Megginson >>>> Reply-To: "General discussion list for the Fedora Directory server >>>> project." >>>> To: "General discussion list for the Fedora Directory server >>>> project." >>>> Subject: Re: [Fedora-directory-users] Error at work of the utility >>>> ldapsearch. >>>> Date: Fri, 04 Aug 2006 09:45:37 -0600 >>>> >>>> One problem may be that you have to specify some additional option >>>> when creating the MS CA cert or server certs issued by this CA. Is >>>> this a root CA or did you get a CA certificate from somewhere else? >>>> >>>> Do this: >>>> cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P >>>> slapd-asterisk1- -L -n ad-cert >>>> >>>> Safonov Alexey wrote: >>>>> Thanks Richard! >>>>> >>>>> In my opinion it the certificate of the CA. Certificates you can >>>>> see details >>>>> of reception of it on a screenshot (see the attached file) >>>>> >>>>> Safonov Alexey >>>>> >>>>> -----Original Message----- >>>>> From: fedora-directory-users-bounces at redhat.com >>>>> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of >>>>> Richard >>>>> Megginson >>>>> Sent: Friday, July 28, 2006 5:45 PM >>>>> To: General discussion list for the Fedora Directory server project. >>>>> Subject: Re: [Fedora-directory-users] Error at work of the utility >>>>> ldapsearch. >>>>> >>>>> >>>>> Safonov Alexey wrote: >>>>> >>>>>> Thanks Richard! >>>>>> >>>>>> Now I start so: >>>>>> [root at asterisk1 bin]# ./ldapsearch -Z -P >>>>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K >>>>>> /opt/fedora-ds/alias/slapd-asterisk1-key3.db -h >>>>>> rv-vm1.mup-example.vrn.ru -p 636 -D >>>>>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w >>>>>> secret01 -s >>>>>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v >>>>>> >>>>>> Also I receive a error: >>>>>> >>>>>> ldapsearch: started Fri Jul 28 16:21:39 2006 >>>>>> >>>>>> ldap_init( srv-vm1.mup-example.vrn.ru, 636 ) >>>>>> ldaptool_getcertpath -- >>>>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db >>>>>> ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db >>>>>> ldaptool_getmodpath -- (null) >>>>>> ldaptool_getdonglefilename -- (null) >>>>>> ldap_simple_bind: Can't contact LDAP server >>>>>> SSL error -8156 (Issuer certificate is invalid.) >>>>>> >>>>>> Though the certificate ad-cert (from Windows DC) is established. The >>>>>> >>>>> utility >>>>> >>>>>> certutil and Fedora Management Console (Manage Certificates) >>>>>> shows it. >>>>>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d >>>>>> . -P >>>>>> slapd-asterisk1- >>>>>> CA certificate CTu,u,u >>>>>> server-cert u,u,u >>>>>> Server-Cert u,u,u >>>>>> ad-cert CT,C,C >>>>>> >>>>>> Help my! >>>>>> >>>>>> >>>>> Is ad-cert the certificate of the AD server or the certificate of >>>>> the CA >>>>> that issued the AD cert? An SSL client only needs to trust the CA >>>>> cert >>>>> of the issuer of the server certs it wants to use. >>>>> >>>>>> Safonov Alexey >>>>>> >>>>>> -----Original Message----- >>>>>> From: fedora-directory-users-bounces at redhat.com >>>>>> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of >>>>>> Richard >>>>>> Megginson >>>>>> Sent: Thursday, July 27, 2006 7:36 PM >>>>>> To: General discussion list for the Fedora Directory server project. >>>>>> Subject: Re: [Fedora-directory-users] Error at work of the utility >>>>>> ldapsearch. >>>>>> >>>>>> >>>>>> Safonov Alexey wrote: >>>>>> >>>>>> >>>>>>> Hi ! >>>>>>> >>>>>>> I ask to help to solve a problem with the utility ldapsearch. >>>>>>> >>>>>>> is a problem to carry out synchronization between FDS and AD. >>>>>>> Has made >>>>>>> >>>>> the >>>>> >>>>>>> following: >>>>>>> 1) Install FDS >>>>>>> 2) Configuring SSL Enabled FDS. For this purpose has started script >>>>>>> setupssl.sh >>>>>>> (http://directory.fedora.redhat.com/download/setupssl.sh) >>>>>>> >>>>> from >>>>> >>>>>>> HOWTO "Howto:SSL" >>>>>>> (http://directory.fedora.redhat.com/wiki/Howto:SSL) >>>>>>> 3) Restart FDS. >>>>>>> netstat -atupn | grep ns- >>>>>>> tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd >>>>>>> tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd >>>>>>> 4) Enable SSL on AD. >>>>>>> Install Certificate Service >>>>>>> Check util ldp.exe: >>>>>>> Connected param: Server- srv-vm1.mup-example.vrn.ru >>>>>>> Port - 636 >>>>>>> Checkbox "SSL" >>>>>>> ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1); >>>>>>> Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, >>>>>>> LDAP_VERSION3); >>>>>>> Error <0x0> = ldap_connect(hLdap, NULL); >>>>>>> Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); >>>>>>> Host supports SSL, SSL cipher strength = 128 bits >>>>>>> Established connection to srv-vm1.mup-example.vrn.ru. >>>>>>> Retrieving base DSA information... >>>>>>> ..... >>>>>>> 5) Import AD CA certificate in DER mode. >>>>>>> 6) Copy, convert (PEM) and install AD CA certificate in FDS. Check: >>>>>>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d >>>>>>> . -P >>>>>>> slapd-asterisk1- >>>>>>> CA certificate CTu,u,u >>>>>>> server-cert u,u,u >>>>>>> Server-Cert u,u,u >>>>>>> ad-cert CT,C,C <- install this >>>>>>> >>>>>>> 6) [root at asterisk1 alias]# ldapsearch -Z -P >>>>>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h >>>>>>> rv-vm1.mup-example.vrn.ru -p 636 -D >>>>>>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w >>>>>>> secret01 -s >>>>>>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" >>>>>>> >>>>>>> >>>>>>> >>>>>> That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses >>>>>> openssl for crypto, which is completely different than NSS. You >>>>>> need to >>>>>> use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>>>> cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>>>> >>>>>> >>>>>>> Error: >>>>>>> ldapsearch: unabel to parse protocol version >>>>>>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>>>> >>>>>>> Help my! >>>>>>> Thanks >>>>>>> >>>>>>> ------------------------------------------------------ >>>>>>> My Setup: >>>>>>> >>>>>>> Fedora Core 5 (i386) >>>>>>> Fedora Directory Server 1.0.2 >>>>>>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>>>> ------------------------------------------------------ >>>>>>> >>>>>> use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>>>> cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>>>> >>>>>> >>>>>>> Error: >>>>>>> ldapsearch: unabel to parse protocol version >>>>>>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>>>> >>>>>>> Help my! >>>>>>> Thanks >>>>>>> >>>>>>> ------------------------------------------------------ >>>>>>> My Setup: >>>>>>> >>>>>>> Fedora Core 5 (i386) >>>>>>> Fedora Directory Server 1.0.2 >>>>>>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>>>> ------------------------------------------------------ >>>>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>> >>> >>>> << smime.p7s >> >>> >>> >>> >>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >> << smime.p7s >> > > > > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jamsda_1 at yahoo.com Fri Aug 4 21:33:51 2006 From: jamsda_1 at yahoo.com (jamsda) Date: Fri, 4 Aug 2006 14:33:51 -0700 (PDT) Subject: [Fedora-directory-users] FDS Replication problem In-Reply-To: <44D3B580.1010908@sci.fi> Message-ID: <20060804213351.29512.qmail@web50902.mail.yahoo.com> Thanks for the response Mike!! I attached dse.ldif.testhost1 and dse.ldif.testhost2. One thing I already noticed after doing a diff is a difference on "modifiersName" on testhost1: modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot compared to "modifiersName" on testhost2: modifiersName: cn=directory manager Thanks, Jim --- Mike Jackson wrote: > jamsda wrote: > > Hello, > > > > I have a 4-way multi-master configured with FDS. > One > > of the hosts is not receiving/sending replicated > data. > > I tried removing the replication argreements with > the > > mmr.pl application (to try re-creating the > agreement), > > but it's not letting me. > > Here's the error message trying to remove > testhost1's > > agreement: > > > > perl mmr.pl --host1 testhost1 --host2 testhost2 > > --bindpw --remove > > > > "removing replication agreement from testhost1 -> > > testhost2 > > Can't call method "dn" on an undefined value at > mmr.pl > > line 200, line 397" > > > > > > Hi, > It's my script. I will have a look at it maybe > tomorrow. > > Send me your dse.ldif from testhost1 if you want > faster results. > > > BR, > Mike > -- > http://www.netauth.com - LDAP Directory Consulting > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -------------- next part -------------- A non-text attachment was scrubbed... Name: dse.ldif.testhost1 Type: application/octet-stream Size: 54853 bytes Desc: 2864183249-dse.ldif.testhost1 URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: dse.ldif.testhost2 Type: application/octet-stream Size: 47910 bytes Desc: 3909903887-dse.ldif.testhost2 URL: From triswimjoe at hotmail.com Fri Aug 4 21:42:24 2006 From: triswimjoe at hotmail.com (Joe Sheehan) Date: Fri, 04 Aug 2006 17:42:24 -0400 Subject: [Fedora-directory-users] LDAP Error In-Reply-To: <44D3BB7D.8030507@redhat.com> Message-ID: Thanks - we will definitely take your advice. Curious if switching the order within the nsswitch.conf would do the trick. Joe >From: Richard Megginson >Reply-To: "General discussion list for the Fedora Directory server >project." >To: "General discussion list for the Fedora Directory server project." > >Subject: Re: [Fedora-directory-users] LDAP Error >Date: Fri, 04 Aug 2006 15:26:21 -0600 > >Joe Sheehan wrote: >>google(ing) for this - it basically says the same thing as you've stated. >>Is there a way to fix this by hand >Fix your DNS and reverse DNS set up. Are you also using NIS for hostname >resolution? You may have to make sure NIS and DNS hosts resolve to the >same IP addresses. >>or is LDAP corrupted beyond fixing unless you >>uninstall and re-install. >This has nothing to do with ldap corruption. Although, once you fix your >DNS and reverse DNS, you will need to re install from scratch. This is >unfortunately the easiest way to ensure proper Admin Server set up. >> >>Joe >> >> >>>From: Richard Megginson >>>Reply-To: "General discussion list for the Fedora Directory server >>>project." >>>To: "General discussion list for the Fedora Directory server project." >>> >>>Subject: Re: [Fedora-directory-users] LDAP Error >>>Date: Fri, 04 Aug 2006 14:04:23 -0600 >>> >>>Joe Sheehan wrote: >>>>Has anyone seen this before? Possible causes? Thanks Joe >>>> >>>> >>>>Start Slapd Server Config >>>> >>>>FATAL Slapd ERROR LDAP authentication failed for url: >>>>ldap://nodename.my.nis:1389 Netscaperoot user id admin (151: >>>>unknown error) >>>This usually indicates a problem with DNS or reverse DNS setup. >>>> >>>>Fatal slapd did not add directory server information into configuration >>>>server >>>> >>>>... >>>> >>>> >>>> >>>> >>>>>From: Richard Megginson >>>>>Reply-To: "General discussion list for the Fedora Directory server >>>>>project." >>>>>To: "General discussion list for the Fedora Directory server project." >>>>> >>>>>Subject: Re: [Fedora-directory-users] Error at work of the utility >>>>>ldapsearch. >>>>>Date: Fri, 04 Aug 2006 09:45:37 -0600 >>>>> >>>>>One problem may be that you have to specify some additional option when >>>>>creating the MS CA cert or server certs issued by this CA. Is this a >>>>>root CA or did you get a CA certificate from somewhere else? >>>>> >>>>>Do this: >>>>>cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P >>>>>slapd-asterisk1- -L -n ad-cert >>>>> >>>>>Safonov Alexey wrote: >>>>>>Thanks Richard! >>>>>> >>>>>>In my opinion it the certificate of the CA. Certificates you can see >>>>>>details >>>>>>of reception of it on a screenshot (see the attached file) >>>>>> >>>>>>Safonov Alexey >>>>>> >>>>>>-----Original Message----- >>>>>>From: fedora-directory-users-bounces at redhat.com >>>>>>[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard >>>>>>Megginson >>>>>>Sent: Friday, July 28, 2006 5:45 PM >>>>>>To: General discussion list for the Fedora Directory server project. >>>>>>Subject: Re: [Fedora-directory-users] Error at work of the utility >>>>>>ldapsearch. >>>>>> >>>>>> >>>>>>Safonov Alexey wrote: >>>>>> >>>>>>>Thanks Richard! >>>>>>> >>>>>>>Now I start so: >>>>>>>[root at asterisk1 bin]# ./ldapsearch -Z -P >>>>>>>/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K >>>>>>>/opt/fedora-ds/alias/slapd-asterisk1-key3.db -h >>>>>>>rv-vm1.mup-example.vrn.ru -p 636 -D >>>>>>>"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s >>>>>>>base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v >>>>>>> >>>>>>>Also I receive a error: >>>>>>> >>>>>>>ldapsearch: started Fri Jul 28 16:21:39 2006 >>>>>>> >>>>>>>ldap_init( srv-vm1.mup-example.vrn.ru, 636 ) >>>>>>>ldaptool_getcertpath -- /opt/fedora-ds/alias/slapd-asterisk1-cert8.db >>>>>>>ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db >>>>>>>ldaptool_getmodpath -- (null) >>>>>>>ldaptool_getdonglefilename -- (null) >>>>>>>ldap_simple_bind: Can't contact LDAP server >>>>>>> SSL error -8156 (Issuer certificate is invalid.) >>>>>>> >>>>>>>Though the certificate ad-cert (from Windows DC) is established. The >>>>>>> >>>>>>utility >>>>>> >>>>>>>certutil and Fedora Management Console (Manage Certificates) shows >>>>>>>it. >>>>>>>[root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P >>>>>>>slapd-asterisk1- >>>>>>>CA certificate CTu,u,u >>>>>>>server-cert u,u,u >>>>>>>Server-Cert u,u,u >>>>>>>ad-cert CT,C,C >>>>>>> >>>>>>>Help my! >>>>>>> >>>>>>> >>>>>>Is ad-cert the certificate of the AD server or the certificate of the >>>>>>CA >>>>>>that issued the AD cert? An SSL client only needs to trust the CA >>>>>>cert >>>>>>of the issuer of the server certs it wants to use. >>>>>> >>>>>>>Safonov Alexey >>>>>>> >>>>>>>-----Original Message----- >>>>>>>From: fedora-directory-users-bounces at redhat.com >>>>>>>[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of >>>>>>>Richard >>>>>>>Megginson >>>>>>>Sent: Thursday, July 27, 2006 7:36 PM >>>>>>>To: General discussion list for the Fedora Directory server project. >>>>>>>Subject: Re: [Fedora-directory-users] Error at work of the utility >>>>>>>ldapsearch. >>>>>>> >>>>>>> >>>>>>>Safonov Alexey wrote: >>>>>>> >>>>>>> >>>>>>>>Hi ! >>>>>>>> >>>>>>>>I ask to help to solve a problem with the utility ldapsearch. >>>>>>>> >>>>>>>>is a problem to carry out synchronization between FDS and AD. Has >>>>>>>>made >>>>>>>> >>>>>>the >>>>>> >>>>>>>>following: >>>>>>>>1) Install FDS >>>>>>>>2) Configuring SSL Enabled FDS. For this purpose has started script >>>>>>>>setupssl.sh >>>>>>>>(http://directory.fedora.redhat.com/download/setupssl.sh) >>>>>>>> >>>>>>from >>>>>> >>>>>>>>HOWTO "Howto:SSL" >>>>>>>>(http://directory.fedora.redhat.com/wiki/Howto:SSL) >>>>>>>>3) Restart FDS. >>>>>>>> netstat -atupn | grep ns- >>>>>>>>tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd >>>>>>>>tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd >>>>>>>>4) Enable SSL on AD. >>>>>>>>Install Certificate Service >>>>>>>>Check util ldp.exe: >>>>>>>>Connected param: Server- srv-vm1.mup-example.vrn.ru >>>>>>>> Port - 636 >>>>>>>> Checkbox "SSL" >>>>>>>>ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1); >>>>>>>>Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, >>>>>>>>LDAP_VERSION3); >>>>>>>>Error <0x0> = ldap_connect(hLdap, NULL); >>>>>>>>Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); >>>>>>>>Host supports SSL, SSL cipher strength = 128 bits >>>>>>>>Established connection to srv-vm1.mup-example.vrn.ru. >>>>>>>>Retrieving base DSA information... >>>>>>>>..... >>>>>>>>5) Import AD CA certificate in DER mode. >>>>>>>>6) Copy, convert (PEM) and install AD CA certificate in FDS. Check: >>>>>>>>[root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . >>>>>>>>-P >>>>>>>>slapd-asterisk1- >>>>>>>>CA certificate CTu,u,u >>>>>>>>server-cert u,u,u >>>>>>>>Server-Cert u,u,u >>>>>>>>ad-cert CT,C,C <- install this >>>>>>>> >>>>>>>>6) [root at asterisk1 alias]# ldapsearch -Z -P >>>>>>>>/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h >>>>>>>>rv-vm1.mup-example.vrn.ru -p 636 -D >>>>>>>>"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 >>>>>>>>-s >>>>>>>>base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses >>>>>>>openssl for crypto, which is completely different than NSS. You need >>>>>>>to >>>>>>>use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>>>>>cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>>>>> >>>>>>> >>>>>>>>Error: >>>>>>>>ldapsearch: unabel to parse protocol version >>>>>>>>"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>>>>> >>>>>>>>Help my! >>>>>>>>Thanks >>>>>>>> >>>>>>>>------------------------------------------------------ >>>>>>>>My Setup: >>>>>>>> >>>>>>>>Fedora Core 5 (i386) >>>>>>>>Fedora Directory Server 1.0.2 >>>>>>>>Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>>>>>------------------------------------------------------ >>>>>>>> >>>>>>>use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>>>>>cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>>>>> >>>>>>> >>>>>>>>Error: >>>>>>>>ldapsearch: unabel to parse protocol version >>>>>>>>"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>>>>> >>>>>>>>Help my! >>>>>>>>Thanks >>>>>>>> >>>>>>>>------------------------------------------------------ >>>>>>>>My Setup: >>>>>>>> >>>>>>>>Fedora Core 5 (i386) >>>>>>>>Fedora Directory Server 1.0.2 >>>>>>>>Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>>>>>------------------------------------------------------ >>>>>>>> >>>>>> >>>>>> >>>>>> >>>>>>------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> >>>>>>------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> >>>>>>-- >>>>>>Fedora-directory-users mailing list >>>>>>Fedora-directory-users at redhat.com >>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>> >>>> >>>>><< smime.p7s >> >>>> >>>> >>>> >>>> >>>>>-- >>>>>Fedora-directory-users mailing list >>>>>Fedora-directory-users at redhat.com >>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users at redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >>><< smime.p7s >> >> >> >> >> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users at redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users ><< smime.p7s >> >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users From rmeggins at redhat.com Fri Aug 4 22:26:36 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 04 Aug 2006 16:26:36 -0600 Subject: [Fedora-directory-users] LDAP Error In-Reply-To: References: Message-ID: <44D3C99C.8070803@redhat.com> Joe Sheehan wrote: > Thanks - we will definitely take your advice. > Curious if switching the order within the nsswitch.conf would do the > trick. It might. > > Joe > > >> From: Richard Megginson >> Reply-To: "General discussion list for the Fedora Directory server >> project." >> To: "General discussion list for the Fedora Directory server >> project." >> Subject: Re: [Fedora-directory-users] LDAP Error >> Date: Fri, 04 Aug 2006 15:26:21 -0600 >> >> Joe Sheehan wrote: >>> google(ing) for this - it basically says the same thing as you've >>> stated. >>> Is there a way to fix this by hand >> Fix your DNS and reverse DNS set up. Are you also using NIS for >> hostname resolution? You may have to make sure NIS and DNS hosts >> resolve to the same IP addresses. >>> or is LDAP corrupted beyond fixing unless you >>> uninstall and re-install. >> This has nothing to do with ldap corruption. Although, once you fix >> your DNS and reverse DNS, you will need to re install from scratch. >> This is unfortunately the easiest way to ensure proper Admin Server >> set up. >>> >>> Joe >>> >>> >>>> From: Richard Megginson >>>> Reply-To: "General discussion list for the Fedora Directory server >>>> project." >>>> To: "General discussion list for the Fedora Directory server >>>> project." >>>> Subject: Re: [Fedora-directory-users] LDAP Error >>>> Date: Fri, 04 Aug 2006 14:04:23 -0600 >>>> >>>> Joe Sheehan wrote: >>>>> Has anyone seen this before? Possible causes? Thanks Joe >>>>> >>>>> >>>>> Start Slapd Server Config >>>>> >>>>> FATAL Slapd ERROR LDAP authentication failed for url: >>>>> ldap://nodename.my.nis:1389 Netscaperoot user id admin >>>>> (151: unknown error) >>>> This usually indicates a problem with DNS or reverse DNS setup. >>>>> >>>>> Fatal slapd did not add directory server information into >>>>> configuration server >>>>> >>>>> ... >>>>> >>>>> >>>>> >>>>> >>>>>> From: Richard Megginson >>>>>> Reply-To: "General discussion list for the Fedora Directory >>>>>> server project." >>>>>> To: "General discussion list for the Fedora Directory server >>>>>> project." >>>>>> Subject: Re: [Fedora-directory-users] Error at work of the >>>>>> utility ldapsearch. >>>>>> Date: Fri, 04 Aug 2006 09:45:37 -0600 >>>>>> >>>>>> One problem may be that you have to specify some additional >>>>>> option when creating the MS CA cert or server certs issued by >>>>>> this CA. Is this a root CA or did you get a CA certificate from >>>>>> somewhere else? >>>>>> >>>>>> Do this: >>>>>> cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P >>>>>> slapd-asterisk1- -L -n ad-cert >>>>>> >>>>>> Safonov Alexey wrote: >>>>>>> Thanks Richard! >>>>>>> >>>>>>> In my opinion it the certificate of the CA. Certificates you can >>>>>>> see details >>>>>>> of reception of it on a screenshot (see the attached file) >>>>>>> >>>>>>> Safonov Alexey >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: fedora-directory-users-bounces at redhat.com >>>>>>> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of >>>>>>> Richard >>>>>>> Megginson >>>>>>> Sent: Friday, July 28, 2006 5:45 PM >>>>>>> To: General discussion list for the Fedora Directory server >>>>>>> project. >>>>>>> Subject: Re: [Fedora-directory-users] Error at work of the utility >>>>>>> ldapsearch. >>>>>>> >>>>>>> >>>>>>> Safonov Alexey wrote: >>>>>>> >>>>>>>> Thanks Richard! >>>>>>>> >>>>>>>> Now I start so: >>>>>>>> [root at asterisk1 bin]# ./ldapsearch -Z -P >>>>>>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K >>>>>>>> /opt/fedora-ds/alias/slapd-asterisk1-key3.db -h >>>>>>>> rv-vm1.mup-example.vrn.ru -p 636 -D >>>>>>>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w >>>>>>>> secret01 -s >>>>>>>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v >>>>>>>> >>>>>>>> Also I receive a error: >>>>>>>> >>>>>>>> ldapsearch: started Fri Jul 28 16:21:39 2006 >>>>>>>> >>>>>>>> ldap_init( srv-vm1.mup-example.vrn.ru, 636 ) >>>>>>>> ldaptool_getcertpath -- >>>>>>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db >>>>>>>> ldaptool_getkeypath -- >>>>>>>> /opt/fedora-ds/alias/slapd-asterisk1-key3.db >>>>>>>> ldaptool_getmodpath -- (null) >>>>>>>> ldaptool_getdonglefilename -- (null) >>>>>>>> ldap_simple_bind: Can't contact LDAP server >>>>>>>> SSL error -8156 (Issuer certificate is invalid.) >>>>>>>> >>>>>>>> Though the certificate ad-cert (from Windows DC) is >>>>>>>> established. The >>>>>>>> >>>>>>> utility >>>>>>> >>>>>>>> certutil and Fedora Management Console (Manage Certificates) >>>>>>>> shows it. >>>>>>>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L >>>>>>>> -d . -P >>>>>>>> slapd-asterisk1- >>>>>>>> CA certificate CTu,u,u >>>>>>>> server-cert u,u,u >>>>>>>> Server-Cert u,u,u >>>>>>>> ad-cert CT,C,C >>>>>>>> >>>>>>>> Help my! >>>>>>>> >>>>>>>> >>>>>>> Is ad-cert the certificate of the AD server or the certificate >>>>>>> of the CA >>>>>>> that issued the AD cert? An SSL client only needs to trust the >>>>>>> CA cert >>>>>>> of the issuer of the server certs it wants to use. >>>>>>> >>>>>>>> Safonov Alexey >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: fedora-directory-users-bounces at redhat.com >>>>>>>> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of >>>>>>>> Richard >>>>>>>> Megginson >>>>>>>> Sent: Thursday, July 27, 2006 7:36 PM >>>>>>>> To: General discussion list for the Fedora Directory server >>>>>>>> project. >>>>>>>> Subject: Re: [Fedora-directory-users] Error at work of the utility >>>>>>>> ldapsearch. >>>>>>>> >>>>>>>> >>>>>>>> Safonov Alexey wrote: >>>>>>>> >>>>>>>> >>>>>>>>> Hi ! >>>>>>>>> >>>>>>>>> I ask to help to solve a problem with the utility ldapsearch. >>>>>>>>> >>>>>>>>> is a problem to carry out synchronization between FDS and AD. >>>>>>>>> Has made >>>>>>>>> >>>>>>> the >>>>>>> >>>>>>>>> following: >>>>>>>>> 1) Install FDS >>>>>>>>> 2) Configuring SSL Enabled FDS. For this purpose has started >>>>>>>>> script >>>>>>>>> setupssl.sh >>>>>>>>> (http://directory.fedora.redhat.com/download/setupssl.sh) >>>>>>>>> >>>>>>> from >>>>>>> >>>>>>>>> HOWTO "Howto:SSL" >>>>>>>>> (http://directory.fedora.redhat.com/wiki/Howto:SSL) >>>>>>>>> 3) Restart FDS. >>>>>>>>> netstat -atupn | grep ns- >>>>>>>>> tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd >>>>>>>>> tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd >>>>>>>>> 4) Enable SSL on AD. >>>>>>>>> Install Certificate Service >>>>>>>>> Check util ldp.exe: >>>>>>>>> Connected param: Server- srv-vm1.mup-example.vrn.ru >>>>>>>>> Port - 636 >>>>>>>>> Checkbox "SSL" >>>>>>>>> ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1); >>>>>>>>> Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, >>>>>>>>> LDAP_VERSION3); >>>>>>>>> Error <0x0> = ldap_connect(hLdap, NULL); >>>>>>>>> Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); >>>>>>>>> Host supports SSL, SSL cipher strength = 128 bits >>>>>>>>> Established connection to srv-vm1.mup-example.vrn.ru. >>>>>>>>> Retrieving base DSA information... >>>>>>>>> ..... >>>>>>>>> 5) Import AD CA certificate in DER mode. >>>>>>>>> 6) Copy, convert (PEM) and install AD CA certificate in FDS. >>>>>>>>> Check: >>>>>>>>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L >>>>>>>>> -d . -P >>>>>>>>> slapd-asterisk1- >>>>>>>>> CA certificate CTu,u,u >>>>>>>>> server-cert u,u,u >>>>>>>>> Server-Cert u,u,u >>>>>>>>> ad-cert CT,C,C <- install this >>>>>>>>> >>>>>>>>> 6) [root at asterisk1 alias]# ldapsearch -Z -P >>>>>>>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h >>>>>>>>> rv-vm1.mup-example.vrn.ru -p 636 -D >>>>>>>>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w >>>>>>>>> secret01 -s >>>>>>>>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> That's /usr/bin/ldapsearch, which is openldap ldapsearch, which >>>>>>>> uses >>>>>>>> openssl for crypto, which is completely different than NSS. >>>>>>>> You need to >>>>>>>> use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>>>>>> cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>>>>>> >>>>>>>> >>>>>>>>> Error: >>>>>>>>> ldapsearch: unabel to parse protocol version >>>>>>>>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>>>>>> >>>>>>>>> Help my! >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> ------------------------------------------------------ >>>>>>>>> My Setup: >>>>>>>>> >>>>>>>>> Fedora Core 5 (i386) >>>>>>>>> Fedora Directory Server 1.0.2 >>>>>>>>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>>>>>> ------------------------------------------------------ >>>>>>>>> >>>>>>>> use the ldapsearch in /opt/fedora-ds/shared/bin e.g. >>>>>>>> cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... >>>>>>>> >>>>>>>> >>>>>>>>> Error: >>>>>>>>> ldapsearch: unabel to parse protocol version >>>>>>>>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" >>>>>>>>> >>>>>>>>> Help my! >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> ------------------------------------------------------ >>>>>>>>> My Setup: >>>>>>>>> >>>>>>>>> Fedora Core 5 (i386) >>>>>>>>> Fedora Directory Server 1.0.2 >>>>>>>>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) >>>>>>>>> ------------------------------------------------------ >>>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>> >>>>> >>>>>> << smime.p7s >> >>>>> >>>>> >>>>> >>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>>> << smime.p7s >> >>> >>> >>> >>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >> << smime.p7s >> > > > > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From pkime at Shopzilla.com Sat Aug 5 03:48:14 2006 From: pkime at Shopzilla.com (Philip Kime) Date: Fri, 4 Aug 2006 20:48:14 -0700 Subject: [Fedora-directory-users] Admin Express replication monitor problems Message-ID: <9C0091F428E697439E7A773FFD083427025FCF@szexchange.Shopzilla.inc> Everything in my LDAP setup (FDS 1.0.2) runs over SSL but when I go into the Admin Express interface and click on the "Replication Status" link to take me to the replication monitoring page, the URL is hard-coded with serverport=389 which it passes to the template-repl-monitor-cgi.pl script. Of course, it can't connect on 389 so it fails. Anybody know how to get the Admin Express interface to pass port 636 to the script? PK -- Philip Kime NOPS Systems Architect 310 401 0407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From dfulton at concepttechnologyinc.com Sat Aug 5 15:21:20 2006 From: dfulton at concepttechnologyinc.com (Darren Fulton - CTI) Date: Sat, 05 Aug 2006 10:21:20 -0500 Subject: [Fedora-directory-users] Upgrading from 7.1 to 1.0.2 In-Reply-To: <44CFF265.9040107@redhat.com> References: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> <44CF5626.2090408@redhat.com> <44CF7FC0.5020802@concepttechnologyinc.com> <44CF8451.9060703@redhat.com> <44CFBB89.1080800@concepttechnologyinc.com> <44CFBF5A.4040108@redhat.com> <44CFEB69.3060808@concepttechnologyinc.com> <44CFF265.9040107@redhat.com> Message-ID: <44D4B770.6000701@concepttechnologyinc.com> Richard Megginson wrote: > Darren Fulton - CTI wrote: >> That seems to have fixed it! Awesome. Thank you Richard. For the >> record, here are the details of what I did based on Richard's >> instructions: >> >> cd /opt/fedora-ds/slapd-host2/ >> ./db2ldif -s o=netscaperoot > nsroot.ldif >> ## That created an ldif file at >> /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif >> cat /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif >> ## That looks good cd /opt/fedora-ds/slapd-host2/ldif/ >> cp -p 2006_08_01_181049.ldif 2006_08_01_181049.ldif.orig >> rpl "ou=4.0" "ou=1.0" 2006_08_01_181049.ldif >> ## If no rpl, manually edit with vi or something >> cd /opt/fedora-ds/slapd-host2/ >> ./ldif2db -s o=netscaperoot -i >> /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif >> ## That failed with "Unable to import the database because it is >> being used by another slapd process." >> /opt/fedora-ds/slapd-host2/stop-slapd >> ./ldif2db -s o=netscaperoot -i >> /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif >> ## That time it seems to have worked. >> /opt/fedora-ds/slapd-host2/start-slapd >> cd /opt/fedora-ds >> ./startconsole >> ## It Works! >> >> -- >> Best Regards, >> >> Darren Fulton >> Concept Technology, Inc. > I've updated the Install_Guide with this information - > http://directory.fedora.redhat.com/wiki/Install_Guide#Upgrading_from_the_7.1_release > > I had to repeat the process above one more time and make two additional replacements to the ldif file referenced above in order to make the console work 100%. For whatever reason, the console was still trying to load the old jar files. I replaced all references to "ds71.jar" with "ds10.jar" AND all references to "admserv70.jar" with "admserv10.jar". One warning for you if you ever have to do this. In the ldif file, there were some instances of white space and line wrap. Here is one example: ...MigrateCreate at ds71 .jar at cn... #Note the line break after ds71 and a space before .jar A simple find and replace wouldn't have worked. So, the procedure that Richard cited is good, but also modify those jar file references while you're making the "ou=4.0" to "ou=1.0" changes if you still have the old jar file references. -- Best Regards, Darren Fulton Concept Technology, Inc. From mj at sci.fi Sat Aug 5 18:26:02 2006 From: mj at sci.fi (Mike Jackson) Date: Sat, 05 Aug 2006 21:26:02 +0300 Subject: [Fedora-directory-users] FDS Replication problem In-Reply-To: <20060804213351.29512.qmail@web50902.mail.yahoo.com> References: <20060804213351.29512.qmail@web50902.mail.yahoo.com> Message-ID: <44D4E2BA.2090107@sci.fi> jamsda wrote: > Thanks for the response Mike!! > > I attached dse.ldif.testhost1 and dse.ldif.testhost2. > One thing I already noticed after doing a diff is a > difference on "modifiersName" on testhost1: > > modifiersName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > > compared to "modifiersName" on testhost2: > > modifiersName: cn=directory manager > Hi, Doesn't matter. I think you have either DNS or shell escaping problems, but it could also be a bug in one of the perl modules when using strange hostnames like you do. Are you able to resolve all hostnames used from all machines involved? BR, Mike -- http://www.netauth.com - LDAP Directory Consulting From alex-saf at archit.vrn.ru Sun Aug 6 09:21:35 2006 From: alex-saf at archit.vrn.ru (Safonov Alexey) Date: Sun, 6 Aug 2006 13:21:35 +0400 Subject: [Fedora-directory-users] Error at work of the utility ldapsearch. In-Reply-To: <44D36BA1.7050405@redhat.com> Message-ID: Thanks Richard! I created the certificate directly on a server srv-vm1.mu-example.vrn.ru after start of service of certification. Output command certutil -d . -P slapd-asterisk1- -L -n ad-cert: [root at asterisk1 alias]# ../shared/bin/certutil -d . -P slapd-asterisk1- -L -n ad-cert Certificate: Data: Version: 3 (0x2) Serial Number: 73:bf:d5:d6:2d:48:c6:a7:47:f9:d4:a4:34:3f:ab:f3 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=srv-vm1,DC=mup-example,DC=vrn,DC=ru" Validity: Not Before: Wed Jul 26 08:23:12 2006 Not After : Tue Jul 26 08:32:35 2011 Subject: "CN=srv-vm1,DC=mup-example,DC=vrn,DC=ru" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:05:76:84:a6:c9:37:65:1b:2c:69:94:71:74:09:82: f9:88:a0:f9:4f:42:ac:20:2d:36:9c:dd:0d:19:1f:17: 2e:c2:7d:fc:28:bc:e0:ee:46:36:86:ae:59:c5:f4:76: ed:46:5e:d6:8c:62:8b:f2:17:8d:a0:bf:d3:cf:0e:e3: 5e:e5:d7:b2:8c:31:8d:be:4e:2f:21:68:75:a4:b8:cd: 7f:e6:fa:95:22:48:44:97:d3:d8:7f:5f:a8:71:de:e1: 46:d2:0b:17:8d:94:a3:f8:d6:44:7d:7b:36:53:6d:66: 02:14:e8:d6:35:7d:3a:58:ca:c0:48:83:8c:17:61:6c: a1:47:45:e2:76:ed:3b:16:d9:8f:16:5b:8d:4a:a5:49: 79:e5:c4:83:86:66:39:ce:8b:db:fe:3e:cd:35:0f:51: d3:13:63:17:3f:5a:91:2c:ec:73:cc:38:df:44:c8:77: 4a:80:c8:10:37:fc:b1:66:59:85:9f:ac:3a:85:d9:c3: 97:8f:03:1b:35:85:48:1c:1b:2f:8c:ed:5f:82:93:be: dd:0e:b1:19:5c:5f:da:fc:c8:49:a8:64:c4:eb:67:e9: 60:d3:49:3e:da:40:42:f7:a1:42:06:cd:8b:2f:e2:aa: 3e:21:f2:78:b3:37:fc:65:65:21:01:df:3e:c7:17:15 Exponent: 65537 (0x10001) Signed Extensions: Name: Microsoft Enrollment Cert Type Extension Data: "CA" Name: Certificate Key Usage Usages: Digital Signature Certificate Signing CRL Signing Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Subject Key ID Data: 12:ab:df:2c:ec:92:bd:f0:94:29:d2:cf:a2:00:92:bc: b6:35:ca:e5 Name: CRL Distribution Points URI: "ldap:///CN=srv-vm1,CN=srv-vm1,CN=CDP,CN=Public%20Key%20Serv ices,CN=Services,CN=Configuration,DC=mup-example,DC=vrn,DC=ru ?certificateRevocationList?base?objectClass=cRLDistributionPo int" Name: Microsoft CertServ CA version Data: 0 (0x0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 20:87:df:98:51:90:d5:37:14:57:70:04:83:83:87:92: ef:89:46:b7:3c:47:24:02:d9:28:d9:ee:57:07:1c:9e: 31:4e:c5:09:71:c7:fa:b1:d4:75:2c:d0:b1:c4:84:f1: 88:d5:bb:10:74:fe:1f:6d:8e:68:08:85:77:04:d4:8b: 7a:6c:aa:26:a0:d2:fa:7e:3f:f8:c9:d0:2b:e6:d5:ca: 79:49:31:9a:08:2c:72:43:5a:bb:58:fc:30:4e:15:29: 30:75:af:17:3a:7d:8b:07:4c:62:4d:7b:58:fb:a1:5d: 8d:b2:67:19:e0:bd:f6:e8:b9:a7:fc:e6:3c:23:b1:8d: ce:44:ef:b3:68:8f:65:4c:ab:7b:b1:3e:b1:6d:2a:f0: 25:d4:8c:f1:c6:45:4e:3f:3e:1f:b6:90:8b:83:fb:32: 00:ec:3b:92:b5:2b:60:f6:ed:b1:fe:e8:45:ea:05:cd: b7:03:34:bb:5e:87:9e:f2:a7:eb:0f:61:b3:24:41:5a: 97:18:fe:66:73:78:07:30:3a:8f:88:b3:94:5c:b5:4c: cd:0e:cc:d2:3c:45:f2:e4:10:98:ac:68:5a:af:1f:29: 04:1c:fd:5b:a5:73:2e:5c:16:55:c3:36:64:e7:82:7b: a0:78:aa:28:0e:e6:65:d4:e1:08:11:8b:14:2e:30:c1 Fingerprint (MD5): 36:D0:AF:D6:69:7C:8C:AF:32:72:04:D0:52:74:6B:F9 Fingerprint (SHA1): 29:D3:29:CE:70:B1:E9:0A:64:C7:63:A5:B1:95:3D:95:6D:A7:CF:08 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Safonov Alexey -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard Megginson Sent: Friday, August 04, 2006 7:46 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Error at work of the utility ldapsearch. One problem may be that you have to specify some additional option when creating the MS CA cert or server certs issued by this CA. Is this a root CA or did you get a CA certificate from somewhere else? Do this: cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P slapd-asterisk1- -L -n ad-cert Safonov Alexey wrote: > Thanks Richard! > > In my opinion it the certificate of the CA. Certificates you can see details > of reception of it on a screenshot (see the attached file) > > Safonov Alexey > From giles.chamberlin at tandberg.net Mon Aug 7 15:53:13 2006 From: giles.chamberlin at tandberg.net (Giles Chamberlin) Date: Mon, 07 Aug 2006 16:53:13 +0100 Subject: [Fedora-directory-users] Importing an LDIF schema Message-ID: I'm trying to import a existing schema into my fedora installation. The schema is defined in http://lab.ac.uab.edu/vnet/documents/ldif/commURI.ldif.txt So far I've copied that file to my installations config directory, renamed to 98commURI.ldif and restarted my instance of fedora ds. This generates an error message: dse - The entry cn=schema in file /opt/fedora-ds/slapd-mist/config/schema/98comURI.ldif is invalid, error code 21 (Invalid syntax) - attribute type commURI: Missing attribute syntax OID [07/Aug/2006:16:36:39 +0100] dse - Please edit the file to correct the reported problems and then restart the server. The directory server is a fresh installation of fedora-ds-1.0.2-1.RHEL.i386 Can anyone point me in the right direction? -- Giles Chamberlin From patrick.morris at hp.com Mon Aug 7 16:00:05 2006 From: patrick.morris at hp.com (Morris, Patrick) Date: Mon, 7 Aug 2006 12:00:05 -0400 Subject: [Fedora-directory-users] Importing an LDIF schema In-Reply-To: Message-ID: It looks like...well, like you're missing the syntax OID on the commURI attribute. Just a guess. :) > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Giles Chamberlin > Sent: Monday, August 07, 2006 8:53 AM > To: fedora-directory-users at redhat.com > Subject: [Fedora-directory-users] Importing an LDIF schema > > I'm trying to import a existing schema into my fedora installation. > The schema is defined in > http://lab.ac.uab.edu/vnet/documents/ldif/commURI.ldif.txt > > So far I've copied that file to my installations config > directory, renamed to 98commURI.ldif and restarted my > instance of fedora ds. > > This generates an error message: > > dse - The entry cn=schema in file > /opt/fedora-ds/slapd-mist/config/schema/98comURI.ldif is > invalid, error code 21 (Invalid syntax) - attribute type > commURI: Missing attribute syntax OID > [07/Aug/2006:16:36:39 +0100] dse - Please edit the file to > correct the reported problems and then restart the server. > > > The directory server is a fresh installation of > fedora-ds-1.0.2-1.RHEL.i386 Can anyone point me in the right > direction? > > -- > Giles Chamberlin > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From giles.chamberlin at tandberg.net Mon Aug 7 16:36:23 2006 From: giles.chamberlin at tandberg.net (Giles Chamberlin) Date: Mon, 7 Aug 2006 18:36:23 +0200 Subject: [Fedora-directory-users] Importing an LDIF schema Message-ID: <01C679F7AECF2B47B489F735B7EE49000148D37A@47mail.eu.tandberg.int> I've got a hunch that you're probably right, given the error message and all. But I can't see where that's missing. I'm new to all this LDIF stuff, so stumbling a little, but comparing the commURI schema with those distributed with Fedora DS they look about right. Specifically the commURI is defined with attributetypes: (0.0.8.350.1.1.1.1.1 NAME 'commURI' DESC 'Labeled URI format to point to the distinguished name of the commUniqueId' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) Which looks to me comparable with those distributed with Fedora DS. Probably something very simple, but all held gratefully accepted. Giles -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Morris, Patrick Sent: 07 August 2006 17:00 To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Importing an LDIF schema It looks like...well, like you're missing the syntax OID on the commURI attribute. Just a guess. :) > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Giles Chamberlin > Sent: Monday, August 07, 2006 8:53 AM > To: fedora-directory-users at redhat.com > Subject: [Fedora-directory-users] Importing an LDIF schema > > I'm trying to import a existing schema into my fedora installation. > The schema is defined in > http://lab.ac.uab.edu/vnet/documents/ldif/commURI.ldif.txt > > So far I've copied that file to my installations config > directory, renamed to 98commURI.ldif and restarted my > instance of fedora ds. > > This generates an error message: > > dse - The entry cn=schema in file > /opt/fedora-ds/slapd-mist/config/schema/98comURI.ldif is > invalid, error code 21 (Invalid syntax) - attribute type > commURI: Missing attribute syntax OID > [07/Aug/2006:16:36:39 +0100] dse - Please edit the file to > correct the reported problems and then restart the server. > > > The directory server is a fresh installation of > fedora-ds-1.0.2-1.RHEL.i386 Can anyone point me in the right > direction? > > -- > Giles Chamberlin > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From prowley at redhat.com Mon Aug 7 17:06:10 2006 From: prowley at redhat.com (Pete Rowley) Date: Mon, 07 Aug 2006 10:06:10 -0700 Subject: [Fedora-directory-users] Importing an LDIF schema In-Reply-To: <01C679F7AECF2B47B489F735B7EE49000148D37A@47mail.eu.tandberg.int> References: <01C679F7AECF2B47B489F735B7EE49000148D37A@47mail.eu.tandberg.int> Message-ID: <44D77302.5060709@redhat.com> Giles Chamberlin wrote: >Probably something very simple, but all held gratefully accepted. > > > The schema parser is a bit crusty, one thing to try is spacing - the parser can be very sensitive to spaces. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Mon Aug 7 17:14:48 2006 From: nhosoi at redhat.com (Noriko Hosoi) Date: Mon, 07 Aug 2006 10:14:48 -0700 Subject: [Fedora-directory-users] Importing an LDIF schema In-Reply-To: <01C679F7AECF2B47B489F735B7EE49000148D37A@47mail.eu.tandberg.int> References: <01C679F7AECF2B47B489F735B7EE49000148D37A@47mail.eu.tandberg.int> Message-ID: <44D77508.1030106@redhat.com> Instead of copying the file to your config/schema, could you try adding the schema using "ldapmodify" to your FDS? $ cd /opt/fedora-ds/shared/bin $ ./ldapmodify -h -p -D -w -f /tmp/commURI.ldif.txt Note: I had to comment out the delete lines before running the command line: #delete: attributetypes #attributetypes: (0.0.8.350.1.1.1.1.1 NAME 'commURI' ) #- #delete: objectclasses #objectclasses: (0.0.8.350.1.1.1.2.1 NAME 'commURIObject' ) #- Once it's added, you'd see commURI and commURIObject in 99user.ldif: objectClasses: ( 0.0.8.350.1.1.1.2.1 NAME 'commURIObject' DESC 'object that co ntains the URI attribute type' SUP top AUXILIARY MAY commURI X-ORIGIN 'user defined' ) [...] attributeTypes: ( 0.0.8.350.1.1.1.1.1 NAME 'commURI' DESC 'Labeled URI format to point to the distinguished name of the commUniqueId' EQUALITY caseExactMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) Thanks, --noriko Giles Chamberlin wrote: > I've got a hunch that you're probably right, given the error message and > all. But I can't see where that's missing. I'm new to all this LDIF > stuff, so stumbling a little, but comparing the commURI schema with > those distributed with Fedora DS they look about right. Specifically > the commURI is defined with > > attributetypes: (0.0.8.350.1.1.1.1.1 > NAME 'commURI' > DESC 'Labeled URI format to point to the distinguished name of the > commUniqueId' > EQUALITY caseExactMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) > > Which looks to me comparable with those distributed with Fedora DS. > > Probably something very simple, but all held gratefully accepted. > > Giles > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Morris, > Patrick > Sent: 07 August 2006 17:00 > To: General discussion list for the Fedora Directory server project. > Subject: RE: [Fedora-directory-users] Importing an LDIF schema > > It looks like...well, like you're missing the syntax OID on the commURI > attribute. Just a guess. :) > > >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf >> Of Giles Chamberlin >> Sent: Monday, August 07, 2006 8:53 AM >> To: fedora-directory-users at redhat.com >> Subject: [Fedora-directory-users] Importing an LDIF schema >> >> I'm trying to import a existing schema into my fedora installation. >> The schema is defined in >> http://lab.ac.uab.edu/vnet/documents/ldif/commURI.ldif.txt >> >> So far I've copied that file to my installations config >> directory, renamed to 98commURI.ldif and restarted my >> instance of fedora ds. >> >> This generates an error message: >> >> dse - The entry cn=schema in file >> /opt/fedora-ds/slapd-mist/config/schema/98comURI.ldif is >> invalid, error code 21 (Invalid syntax) - attribute type >> commURI: Missing attribute syntax OID >> [07/Aug/2006:16:36:39 +0100] dse - Please edit the file to >> correct the reported problems and then restart the server. >> >> >> The directory server is a fresh installation of >> fedora-ds-1.0.2-1.RHEL.i386 Can anyone point me in the right >> direction? >> >> -- >> Giles Chamberlin >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3170 bytes Desc: S/MIME Cryptographic Signature URL: From jamsda_1 at yahoo.com Mon Aug 7 17:15:02 2006 From: jamsda_1 at yahoo.com (jamsda) Date: Mon, 7 Aug 2006 10:15:02 -0700 (PDT) Subject: [Fedora-directory-users] FDS Replication problem In-Reply-To: <44D4E2BA.2090107@sci.fi> Message-ID: <20060807171503.57629.qmail@web50904.mail.yahoo.com> Yeah, I tested the pings by hostnames and all four servers resolve. They are resolving using local /etc/hosts although. I have a question about the dse.ldif file. Can that file be modified by hand, or does it require some binary such as ldapmodify to make changes to it? Thanks, Jim --- Mike Jackson wrote: > jamsda wrote: > > Thanks for the response Mike!! > > > > I attached dse.ldif.testhost1 and > dse.ldif.testhost2. > > One thing I already noticed after doing a diff is > a > > difference on "modifiersName" on testhost1: > > > > modifiersName: > > > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > > > > compared to "modifiersName" on testhost2: > > > > modifiersName: cn=directory manager > > > > Hi, > Doesn't matter. > > I think you have either DNS or shell escaping > problems, but it could > also be a bug in one of the perl modules when using > strange hostnames > like you do. Are you able to resolve all hostnames > used from all > machines involved? > > > BR, > Mike > -- > http://www.netauth.com - LDAP Directory Consulting > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From mj at sci.fi Mon Aug 7 17:22:38 2006 From: mj at sci.fi (Mike Jackson) Date: Mon, 07 Aug 2006 20:22:38 +0300 Subject: [Fedora-directory-users] FDS Replication problem In-Reply-To: <20060807171503.57629.qmail@web50904.mail.yahoo.com> References: <20060807171503.57629.qmail@web50904.mail.yahoo.com> Message-ID: <44D776DE.5030107@sci.fi> jamsda wrote: > Yeah, I tested the pings by hostnames and all four > servers resolve. They are resolving using local > /etc/hosts although. That's the problem. FDS doesn't use /etc/hosts. The one machine which isn't working is in another domain, not resolvable by the system, e.g. /etc/resolv.conf listed search domain and/or nameservers. > I have a question about the dse.ldif file. Can that > file be modified by hand, or does it require some > binary such as ldapmodify to make changes to it? > You can modify it by hand if you stop the server first. Changes during runtime will be lost. If you modify it during runtime via LDAP, then changes are saved. BR, Mike -- http://www.netauth.com - LDAP Directory Consulting From ABliss at preferredcare.org Mon Aug 7 18:51:23 2006 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 7 Aug 2006 14:51:23 -0400 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: Message-ID: Hi everyone, I'm running fds on 2 servers, a supplier and consumer, both are running redhat ES 4; I noticed today and for the last few days that the supplier directory server is running very, very slow, top reveals that ns-slapd is killing the cpu; these are running on server class hardware, roughly 1.5 GHZ hp proliant servers; the consumer directory server cpu utilization is almost 0 (99 % idol); I don't really know how to being to troubleshoot this problem; I've seen similar issues on oracle database servers when database indexes were corrupt and had to be rebuilt....Any ideas as to how to begin to troubleshoot this? Thanks very much. 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. From mj at sci.fi Mon Aug 7 18:53:48 2006 From: mj at sci.fi (Mike Jackson) Date: Mon, 07 Aug 2006 21:53:48 +0300 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: References: Message-ID: <44D78C3C.9050405@sci.fi> Bliss, Aaron wrote: > Hi everyone, > I'm running fds on 2 servers, a supplier and consumer, both are running > redhat ES 4; I noticed today and for the last few days that the supplier > directory server is running very, very slow, top reveals that ns-slapd > is killing the cpu; these are running on server class hardware, roughly > 1.5 GHZ hp proliant servers; the consumer directory server cpu > utilization is almost 0 (99 % idol); I don't really know how to being to > troubleshoot this problem; I've seen similar issues on oracle database > servers when database indexes were corrupt and had to be rebuilt....Any > ideas as to how to begin to troubleshoot this? Thanks very much. > > 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd I have also seen ns-slapd utilize quite a lot of cpu in some cases. However, the question I always ask first is that "is it hurting something?". If the answer is "no", or "I don't know", then I generally ignore it. So far, I haven't had a positive answer to the questions. Is the client-facing performance of your servers suffering somehow which you can clearly document? > Confidentiality Notice: > The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. Sorry, you sent your confidential message to a public mailing list which is likely to be indexed by google. You have no guarantee of confidentiality. BR, Mike -- http://www.netauth.com - LDAP Directory Consulting From rmeggins at redhat.com Mon Aug 7 19:05:40 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Aug 2006 13:05:40 -0600 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: References: Message-ID: <44D78F04.20104@redhat.com> Bliss, Aaron wrote: > Hi everyone, > I'm running fds on 2 servers, a supplier and consumer, both are running > redhat ES 4; I noticed today and for the last few days that the supplier > directory server is running very, very slow, top reveals that ns-slapd > is killing the cpu; these are running on server class hardware, roughly > 1.5 GHZ hp proliant servers; the consumer directory server cpu > utilization is almost 0 (99 % idol); I don't really know how to being to > troubleshoot this problem; I've seen similar issues on oracle database > servers when database indexes were corrupt and had to be rebuilt....Any > ideas as to how to begin to troubleshoot this? Thanks very much. > > 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd > Do you have a lot of delete operations? It could be that the tombstone reaping thread is working overtime. You can turn on replication logging and look for tombstone messages. > Confidentiality Notice: > The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From patrick.morris at hp.com Mon Aug 7 19:09:16 2006 From: patrick.morris at hp.com (Patrick Morris) Date: Mon, 7 Aug 2006 12:09:16 -0700 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: References: Message-ID: <20060807190916.GA30863@hermes.americas.hpqcorp.net> On Mon, 07 Aug 2006, Bliss, Aaron wrote: > Hi everyone, > I'm running fds on 2 servers, a supplier and consumer, both are running > redhat ES 4; I noticed today and for the last few days that the supplier > directory server is running very, very slow, top reveals that ns-slapd > is killing the cpu; these are running on server class hardware, roughly > 1.5 GHZ hp proliant servers; the consumer directory server cpu > utilization is almost 0 (99 % idol); I don't really know how to being to > troubleshoot this problem; I've seen similar issues on oracle database > servers when database indexes were corrupt and had to be rebuilt....Any > ideas as to how to begin to troubleshoot this? Thanks very much. > > 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd Not much to go on here, but I'd start with the basics I'd look at for any overloaded server. have you looked in the access logs to see if the increased load is coming from an external source? Anything in the error logs? Anything in the system logs? How's memory looking on the box? Anything changed recently? From ABliss at preferredcare.org Mon Aug 7 19:12:51 2006 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 7 Aug 2006 15:12:51 -0400 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: <44D78F04.20104@redhat.com> Message-ID: Replication logging: Is this the "Enable Changelog" checkbox? It's currently enabled; does this need to be enabled? Thanks again. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Monday, August 07, 2006 3:06 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd Bliss, Aaron wrote: > Hi everyone, > I'm running fds on 2 servers, a supplier and consumer, both are running > redhat ES 4; I noticed today and for the last few days that the supplier > directory server is running very, very slow, top reveals that ns-slapd > is killing the cpu; these are running on server class hardware, roughly > 1.5 GHZ hp proliant servers; the consumer directory server cpu > utilization is almost 0 (99 % idol); I don't really know how to being to > troubleshoot this problem; I've seen similar issues on oracle database > servers when database indexes were corrupt and had to be rebuilt....Any > ideas as to how to begin to troubleshoot this? Thanks very much. > > 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd > Do you have a lot of delete operations? It could be that the tombstone reaping thread is working overtime. You can turn on replication logging and look for tombstone messages. > Confidentiality Notice: > The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Mon Aug 7 19:20:10 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Aug 2006 13:20:10 -0600 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: References: Message-ID: <44D7926A.8070400@redhat.com> Bliss, Aaron wrote: > Replication logging: > Is this the "Enable Changelog" checkbox? It's currently enabled; does > this need to be enabled? Thanks again. > No, not the changelog. http://directory.fedora.redhat.com/wiki/FAQ#Troubleshooting > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, August 07, 2006 3:06 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd > > Bliss, Aaron wrote: > >> Hi everyone, >> I'm running fds on 2 servers, a supplier and consumer, both are >> > running > >> redhat ES 4; I noticed today and for the last few days that the >> > supplier > >> directory server is running very, very slow, top reveals that ns-slapd >> is killing the cpu; these are running on server class hardware, >> > roughly > >> 1.5 GHZ hp proliant servers; the consumer directory server cpu >> utilization is almost 0 (99 % idol); I don't really know how to being >> > to > >> troubleshoot this problem; I've seen similar issues on oracle database >> servers when database indexes were corrupt and had to be >> > rebuilt....Any > >> ideas as to how to begin to troubleshoot this? Thanks very much. >> >> 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd >> >> > Do you have a lot of delete operations? It could be that the tombstone > reaping thread is working overtime. You can turn on replication logging > > and look for tombstone messages. > >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this information > is prohibited. If you have received this communication in error, please > notify the sender immediately by telephone and destroy the copies you > received. > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From graham.freeman at cernio.com Mon Aug 7 19:51:51 2006 From: graham.freeman at cernio.com (Graham Freeman) Date: Mon, 07 Aug 2006 12:51:51 -0700 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: References: Message-ID: <6201-SnapperMsg4238C62DC0FD4A6B@[10.198.38.52]> Is this a publicly-queryable server? Any chance you're getting nailed by directory harvester bots? What does that server's bandwidth consumption look like? Graham Freeman Cernio Technology Cooperative http://cernio.com/cooperative/ (Sent from my handheld - pardon my brevity.) ...... Original Message ....... On Mon, 7 Aug 2006 14:51:23 -0400 "Bliss, Aaron" wrote: >Hi everyone, >I'm running fds on 2 servers, a supplier and consumer, both are running >redhat ES 4; I noticed today and for the last few days that the supplier >directory server is running very, very slow, top reveals that ns-slapd >is killing the cpu; these are running on server class hardware, roughly >1.5 GHZ hp proliant servers; the consumer directory server cpu >utilization is almost 0 (99 % idol); I don't really know how to being to >troubleshoot this problem; I've seen similar issues on oracle database >servers when database indexes were corrupt and had to be rebuilt....Any >ideas as to how to begin to troubleshoot this? Thanks very much. > >1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd > From ABliss at preferredcare.org Mon Aug 7 19:53:18 2006 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 7 Aug 2006 15:53:18 -0400 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: <6201-SnapperMsg4238C62DC0FD4A6B@[10.198.38.52]> Message-ID: No, this isn't publicly query able. -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Graham Freeman Sent: Monday, August 07, 2006 3:52 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd Is this a publicly-queryable server? Any chance you're getting nailed by directory harvester bots? What does that server's bandwidth consumption look like? Graham Freeman Cernio Technology Cooperative http://cernio.com/cooperative/ (Sent from my handheld - pardon my brevity.) ..... Original Message ....... On Mon, 7 Aug 2006 14:51:23 -0400 "Bliss, Aaron" wrote: >Hi everyone, >I'm running fds on 2 servers, a supplier and consumer, both are running >redhat ES 4; I noticed today and for the last few days that the supplier >directory server is running very, very slow, top reveals that ns-slapd >is killing the cpu; these are running on server class hardware, roughly >1.5 GHZ hp proliant servers; the consumer directory server cpu >utilization is almost 0 (99 % idol); I don't really know how to being to >troubleshoot this problem; I've seen similar issues on oracle database >servers when database indexes were corrupt and had to be rebuilt....Any >ideas as to how to begin to troubleshoot this? Thanks very much. > >1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. From ABliss at preferredcare.org Mon Aug 7 20:32:11 2006 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 7 Aug 2006 16:32:11 -0400 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: <44D7926A.8070400@redhat.com> Message-ID: I'm attempting to turn the logging level back to zero, however I'm having much difficulty using both the bundled ldapmodify as well as the ldapmodify that is part of openldap; here is the syntax that I'm using: /ldapmodify -D "cn=diretory manager" -w mypassword -f /tmp/errors.ldif Here is the contents of /tmp/errors.ldif dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 0 This results in ldap_simple_bind: No such object Please advise and thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Monday, August 07, 2006 3:20 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd Bliss, Aaron wrote: > Replication logging: > Is this the "Enable Changelog" checkbox? It's currently enabled; does > this need to be enabled? Thanks again. > No, not the changelog. http://directory.fedora.redhat.com/wiki/FAQ#Troubleshooting > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, August 07, 2006 3:06 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd > > Bliss, Aaron wrote: > >> Hi everyone, >> I'm running fds on 2 servers, a supplier and consumer, both are >> > running > >> redhat ES 4; I noticed today and for the last few days that the >> > supplier > >> directory server is running very, very slow, top reveals that ns-slapd >> is killing the cpu; these are running on server class hardware, >> > roughly > >> 1.5 GHZ hp proliant servers; the consumer directory server cpu >> utilization is almost 0 (99 % idol); I don't really know how to being >> > to > >> troubleshoot this problem; I've seen similar issues on oracle database >> servers when database indexes were corrupt and had to be >> > rebuilt....Any > >> ideas as to how to begin to troubleshoot this? Thanks very much. >> >> 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd >> >> > Do you have a lot of delete operations? It could be that the tombstone > reaping thread is working overtime. You can turn on replication logging > > and look for tombstone messages. > >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this information > is prohibited. If you have received this communication in error, please > notify the sender immediately by telephone and destroy the copies you > received. > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From gholbert at broadcom.com Mon Aug 7 20:33:12 2006 From: gholbert at broadcom.com (George Holbert) Date: Mon, 07 Aug 2006 13:33:12 -0700 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: References: Message-ID: <44D7A388.6040009@broadcom.com> Double-check your bind DN. Looks like you're missing a 'c': "cn=directory manager" instead of: "cn=diretory manager" Bliss, Aaron wrote: > I'm attempting to turn the logging level back to zero, however I'm > having much difficulty using both the bundled ldapmodify as well as the > ldapmodify that is part of openldap; here is the syntax that I'm using: > /ldapmodify -D "cn=diretory manager" -w mypassword -f /tmp/errors.ldif > > Here is the contents of /tmp/errors.ldif > > dn: cn=config > changetype: modify > replace: nsslapd-errorlog-level > nsslapd-errorlog-level: 0 > > This results in ldap_simple_bind: No such object > > Please advise and thanks. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, August 07, 2006 3:20 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd > > Bliss, Aaron wrote: > >> Replication logging: >> Is this the "Enable Changelog" checkbox? It's currently enabled; does >> this need to be enabled? Thanks again. >> >> > No, not the changelog. > http://directory.fedora.redhat.com/wiki/FAQ#Troubleshooting > >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >> > Richard > >> Megginson >> Sent: Monday, August 07, 2006 3:06 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd >> >> Bliss, Aaron wrote: >> >> >>> Hi everyone, >>> I'm running fds on 2 servers, a supplier and consumer, both are >>> >>> >> running >> >> >>> redhat ES 4; I noticed today and for the last few days that the >>> >>> >> supplier >> >> >>> directory server is running very, very slow, top reveals that >>> > ns-slapd > >>> is killing the cpu; these are running on server class hardware, >>> >>> >> roughly >> >> >>> 1.5 GHZ hp proliant servers; the consumer directory server cpu >>> utilization is almost 0 (99 % idol); I don't really know how to being >>> >>> >> to >> >> >>> troubleshoot this problem; I've seen similar issues on oracle >>> > database > >>> servers when database indexes were corrupt and had to be >>> >>> >> rebuilt....Any >> >> >>> ideas as to how to begin to troubleshoot this? Thanks very much. >>> >>> 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd >>> >>> >>> >> Do you have a lot of delete operations? It could be that the >> > tombstone > >> reaping thread is working overtime. You can turn on replication >> > logging > >> and look for tombstone messages. >> >> >>> Confidentiality Notice: >>> The information contained in this electronic message is intended for >>> >>> >> the exclusive use of the individual or entity named above and may >> contain privileged or confidential information. If the reader of this >> message is not the intended recipient or the employee or agent >> responsible to deliver it to the intended recipient, you are hereby >> notified that dissemination, distribution or copying of this >> > information > >> is prohibited. If you have received this communication in error, >> > please > >> notify the sender immediately by telephone and destroy the copies you >> received. >> >> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From ABliss at preferredcare.org Mon Aug 7 20:37:21 2006 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 7 Aug 2006 16:37:21 -0400 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: <44D7A388.6040009@broadcom.com> Message-ID: Yep, still having that cpu issue though; it's so weird that the supplier is running at such a high cpu rate and the consumer is 100% idol..... -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of George Holbert Sent: Monday, August 07, 2006 4:33 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd Double-check your bind DN. Looks like you're missing a 'c': "cn=directory manager" instead of: "cn=diretory manager" Bliss, Aaron wrote: > I'm attempting to turn the logging level back to zero, however I'm > having much difficulty using both the bundled ldapmodify as well as the > ldapmodify that is part of openldap; here is the syntax that I'm using: > /ldapmodify -D "cn=diretory manager" -w mypassword -f /tmp/errors.ldif > > Here is the contents of /tmp/errors.ldif > > dn: cn=config > changetype: modify > replace: nsslapd-errorlog-level > nsslapd-errorlog-level: 0 > > This results in ldap_simple_bind: No such object > > Please advise and thanks. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, August 07, 2006 3:20 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd > > Bliss, Aaron wrote: > >> Replication logging: >> Is this the "Enable Changelog" checkbox? It's currently enabled; does >> this need to be enabled? Thanks again. >> >> > No, not the changelog. > http://directory.fedora.redhat.com/wiki/FAQ#Troubleshooting > >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >> > Richard > >> Megginson >> Sent: Monday, August 07, 2006 3:06 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd >> >> Bliss, Aaron wrote: >> >> >>> Hi everyone, >>> I'm running fds on 2 servers, a supplier and consumer, both are >>> >>> >> running >> >> >>> redhat ES 4; I noticed today and for the last few days that the >>> >>> >> supplier >> >> >>> directory server is running very, very slow, top reveals that >>> > ns-slapd > >>> is killing the cpu; these are running on server class hardware, >>> >>> >> roughly >> >> >>> 1.5 GHZ hp proliant servers; the consumer directory server cpu >>> utilization is almost 0 (99 % idol); I don't really know how to being >>> >>> >> to >> >> >>> troubleshoot this problem; I've seen similar issues on oracle >>> > database > >>> servers when database indexes were corrupt and had to be >>> >>> >> rebuilt....Any >> >> >>> ideas as to how to begin to troubleshoot this? Thanks very much. >>> >>> 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd >>> >>> >>> >> Do you have a lot of delete operations? It could be that the >> > tombstone > >> reaping thread is working overtime. You can turn on replication >> > logging > >> and look for tombstone messages. >> >> >>> Confidentiality Notice: >>> The information contained in this electronic message is intended for >>> >>> >> the exclusive use of the individual or entity named above and may >> contain privileged or confidential information. If the reader of this >> message is not the intended recipient or the employee or agent >> responsible to deliver it to the intended recipient, you are hereby >> notified that dissemination, distribution or copying of this >> > information > >> is prohibited. If you have received this communication in error, >> > please > >> notify the sender immediately by telephone and destroy the copies you >> received. >> >> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From ABliss at preferredcare.org Mon Aug 7 20:50:11 2006 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 7 Aug 2006 16:50:11 -0400 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: Message-ID: I think I figured out why, I'm not sure, but the servers are getting pounded with queries for a particular test user; do you guys have any idea what is the best way to handle this scenario? Perhaps it would be best just to delete the test user from the directory and create it locally? Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, August 07, 2006 4:32 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] High cpu utilizaton by slapd I'm attempting to turn the logging level back to zero, however I'm having much difficulty using both the bundled ldapmodify as well as the ldapmodify that is part of openldap; here is the syntax that I'm using: /ldapmodify -D "cn=diretory manager" -w mypassword -f /tmp/errors.ldif Here is the contents of /tmp/errors.ldif dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 0 This results in ldap_simple_bind: No such object Please advise and thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Monday, August 07, 2006 3:20 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd Bliss, Aaron wrote: > Replication logging: > Is this the "Enable Changelog" checkbox? It's currently enabled; does > this need to be enabled? Thanks again. > No, not the changelog. http://directory.fedora.redhat.com/wiki/FAQ#Troubleshooting > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, August 07, 2006 3:06 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd > > Bliss, Aaron wrote: > >> Hi everyone, >> I'm running fds on 2 servers, a supplier and consumer, both are >> > running > >> redhat ES 4; I noticed today and for the last few days that the >> > supplier > >> directory server is running very, very slow, top reveals that ns-slapd >> is killing the cpu; these are running on server class hardware, >> > roughly > >> 1.5 GHZ hp proliant servers; the consumer directory server cpu >> utilization is almost 0 (99 % idol); I don't really know how to being >> > to > >> troubleshoot this problem; I've seen similar issues on oracle database >> servers when database indexes were corrupt and had to be >> > rebuilt....Any > >> ideas as to how to begin to troubleshoot this? Thanks very much. >> >> 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd >> >> > Do you have a lot of delete operations? It could be that the tombstone > reaping thread is working overtime. You can turn on replication logging > > and look for tombstone messages. > >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this information > is prohibited. If you have received this communication in error, please > notify the sender immediately by telephone and destroy the copies you > received. > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From joshkel at gmail.com Mon Aug 7 21:06:02 2006 From: joshkel at gmail.com (Josh Kelley) Date: Mon, 7 Aug 2006 17:06:02 -0400 Subject: [Fedora-directory-users] Default search base? Message-ID: <97cbd1a90608071406y1e7f47eye831c7f88f2a0215@mail.gmail.com> OpenLDAP has a defaultsearchbase configuration directive that lets you specify the default search base to use if the client doesn't provide one. Does FDS have a similar feature? I checked the docs and poked around in the Admin Console and couldn't find it. Josh Kelley From rmeggins at redhat.com Mon Aug 7 21:11:09 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 07 Aug 2006 15:11:09 -0600 Subject: [Fedora-directory-users] Default search base? In-Reply-To: <97cbd1a90608071406y1e7f47eye831c7f88f2a0215@mail.gmail.com> References: <97cbd1a90608071406y1e7f47eye831c7f88f2a0215@mail.gmail.com> Message-ID: <44D7AC6D.1090403@redhat.com> Josh Kelley wrote: > OpenLDAP has a defaultsearchbase configuration directive that lets you > specify the default search base to use if the client doesn't provide > one. Does FDS have a similar feature? I checked the docs and poked > around in the Admin Console and couldn't find it. If you want something that the client can query for and follow, then yes. If you want something that the server will automatically follow when it gets a request for a base of "" and a scope of one or sub, then no. > > Josh Kelley > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Mon Aug 7 21:12:16 2006 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 7 Aug 2006 17:12:16 -0400 Subject: [Fedora-directory-users] High cpu utilizaton by slapd In-Reply-To: Message-ID: Found some bad code on a database server; it was querying the ldap servers to death !!! Thanks everyone for your help. Aaron -----Original Message----- From: Bliss, Aaron Sent: Monday, August 07, 2006 4:50 PM To: Bliss, Aaron; General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] High cpu utilizaton by slapd I think I figured out why, I'm not sure, but the servers are getting pounded with queries for a particular test user; do you guys have any idea what is the best way to handle this scenario? Perhaps it would be best just to delete the test user from the directory and create it locally? Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, August 07, 2006 4:32 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] High cpu utilizaton by slapd I'm attempting to turn the logging level back to zero, however I'm having much difficulty using both the bundled ldapmodify as well as the ldapmodify that is part of openldap; here is the syntax that I'm using: /ldapmodify -D "cn=diretory manager" -w mypassword -f /tmp/errors.ldif Here is the contents of /tmp/errors.ldif dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 0 This results in ldap_simple_bind: No such object Please advise and thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Monday, August 07, 2006 3:20 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd Bliss, Aaron wrote: > Replication logging: > Is this the "Enable Changelog" checkbox? It's currently enabled; does > this need to be enabled? Thanks again. > No, not the changelog. http://directory.fedora.redhat.com/wiki/FAQ#Troubleshooting > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, August 07, 2006 3:06 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] High cpu utilizaton by slapd > > Bliss, Aaron wrote: > >> Hi everyone, >> I'm running fds on 2 servers, a supplier and consumer, both are >> > running > >> redhat ES 4; I noticed today and for the last few days that the >> > supplier > >> directory server is running very, very slow, top reveals that ns-slapd >> is killing the cpu; these are running on server class hardware, >> > roughly > >> 1.5 GHZ hp proliant servers; the consumer directory server cpu >> utilization is almost 0 (99 % idol); I don't really know how to being >> > to > >> troubleshoot this problem; I've seen similar issues on oracle database >> servers when database indexes were corrupt and had to be >> > rebuilt....Any > >> ideas as to how to begin to troubleshoot this? Thanks very much. >> >> 1806 ldap 15 0 517m 33m 14m S 90.6 3.3 4:56.21 ns-slapd >> >> > Do you have a lot of delete operations? It could be that the tombstone > reaping thread is working overtime. You can turn on replication logging > > and look for tombstone messages. > >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this information > is prohibited. If you have received this communication in error, please > notify the sender immediately by telephone and destroy the copies you > received. > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From mikerthomsen at gmail.com Tue Aug 8 12:30:42 2006 From: mikerthomsen at gmail.com (Michael Thomsen) Date: Tue, 8 Aug 2006 08:30:42 -0400 Subject: [Fedora-directory-users] Help with the directory server locking up Message-ID: <22bb517f0608080530i1e9190dfnc5180114115320b6@mail.gmail.com> I have a problem that is causing my team to look at migrating to Fedora Directory Server, but we need some help on it first. We are currently running into some sort of threading race condition with Netscape Directory Server. After a while, it just locks up at 99% CPU utilization. Has anyone besides us seen this behavior with NDS or FDS? If someone has some information about this issue and it being resolved in FDS, I am pretty sure that I could convince my people to make the switch to FDS. Thanks for any help, Mike From rmeggins at redhat.com Tue Aug 8 13:47:26 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 Aug 2006 07:47:26 -0600 Subject: [Fedora-directory-users] Help with the directory server locking up In-Reply-To: <22bb517f0608080530i1e9190dfnc5180114115320b6@mail.gmail.com> References: <22bb517f0608080530i1e9190dfnc5180114115320b6@mail.gmail.com> Message-ID: <44D895EE.1050300@redhat.com> Michael Thomsen wrote: > I have a problem that is causing my team to look at migrating to > Fedora Directory Server, but we need some help on it first. We are > currently running into some sort of threading race condition with > Netscape Directory Server. After a while, it just locks up at 99% CPU > utilization. Has anyone besides us seen this behavior with NDS or FDS? What version of NDS? What platform? Do you use replication? What other operations? What applications are using NDS? > If someone has some information about this issue and it being resolved > in FDS, I am pretty sure that I could convince my people to make the > switch to FDS. > > Thanks for any help, > > Mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Tue Aug 8 13:48:27 2006 From: mj at sci.fi (mj at sci.fi) Date: Tue, 8 Aug 2006 16:48:27 +0300 (EEST) Subject: [Fedora-directory-users] Help with the directory server locking up Message-ID: <15676429.185441155044908388.JavaMail.mj@sci.fi> Michael Thomsen kirjoitti: > I have a problem that is causing my team to look at migrating to > Fedora Directory Server, but we need some help on it first. We are > currently running into some sort of threading race condition with > Netscape Directory Server. After a while, it just locks up at 99% CPU > utilization. Has anyone besides us seen this behavior with NDS or FDS? > If someone has some information about this issue and it being resolved > in FDS, I am pretty sure that I could convince my people to make the > switch to FDS. > Hi, I have previously been responsible for lots of NDS servers, and have experienced the same problems at times. If you're running on HP-UX, there are some OS level patches to help with some of these problems. There are also sometimes problems with HP-UX's ldapclientd looping... BR, Mike From mikerthomsen at gmail.com Tue Aug 8 14:03:26 2006 From: mikerthomsen at gmail.com (Michael Thomsen) Date: Tue, 8 Aug 2006 10:03:26 -0400 Subject: [Fedora-directory-users] Help with the directory server locking up In-Reply-To: <44D895EE.1050300@redhat.com> References: <22bb517f0608080530i1e9190dfnc5180114115320b6@mail.gmail.com> <44D895EE.1050300@redhat.com> Message-ID: <22bb517f0608080703u31d82d75mb855c43537ebc28a@mail.gmail.com> NDS 6.11 Solars 9/05 The only patch that we have installed so far is the patch cluster for Solaris 9 from Feb 3, 2006. It's not running replication and is being used in basically a default installation sort of configuration. The application that uses it is a simple Java client, nothing that should be causing any problems. This is something new that has appeared out of the blue. Thanks, Mike On 8/8/06, Richard Megginson wrote: > Michael Thomsen wrote: > > I have a problem that is causing my team to look at migrating to > > Fedora Directory Server, but we need some help on it first. We are > > currently running into some sort of threading race condition with > > Netscape Directory Server. After a while, it just locks up at 99% CPU > > utilization. Has anyone besides us seen this behavior with NDS or FDS? > What version of NDS? What platform? Do you use replication? What > other operations? What applications are using NDS? > > If someone has some information about this issue and it being resolved > > in FDS, I am pretty sure that I could convince my people to make the > > switch to FDS. > > > > Thanks for any help, > > > > Mike > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > From mj at sci.fi Tue Aug 8 14:19:10 2006 From: mj at sci.fi (mj at sci.fi) Date: Tue, 8 Aug 2006 17:19:10 +0300 (EEST) Subject: [Fedora-directory-users] Help with the directory server locking up Message-ID: <2538197.193541155046750947.JavaMail.mj@sci.fi> Michael Thomsen kirjoitti: > NDS 6.11 > Solars 9/05 > > The only patch that we have installed so far is the patch cluster for > Solaris 9 from Feb 3, 2006. It's not running replication and is being > used in basically a default installation sort of configuration. The > application that uses it is a simple Java client, nothing that should > be causing any problems. This is something new that has appeared out > of the blue. JNDI has, or used to have, a bug which sends LDAP controls with every operation. IIRC, a workaround can be made in the client code telling JNDI not to use the control. This may or may not help you, but worth noting. The problem and solution, as I found about 1-2 years ago, is listed in one OpenLDAP mailing list message, but I couldn't find it just now. Anyhow, you can see see the buggy JNDI behaviour I am referring to if you sniff the packets with ethereal. BR, -- mike From mikerthomsen at gmail.com Tue Aug 8 14:20:17 2006 From: mikerthomsen at gmail.com (Michael Thomsen) Date: Tue, 8 Aug 2006 10:20:17 -0400 Subject: [Fedora-directory-users] Help with the directory server locking up In-Reply-To: <2538197.193541155046750947.JavaMail.mj@sci.fi> References: <2538197.193541155046750947.JavaMail.mj@sci.fi> Message-ID: <22bb517f0608080720i17d8eecq5d527b05016d785@mail.gmail.com> Thanks. I'll forward this to the guys I work with! On 8/8/06, mj at sci.fi wrote: > Michael Thomsen kirjoitti: > > NDS 6.11 > > Solars 9/05 > > > > The only patch that we have installed so far is the patch cluster for > > Solaris 9 from Feb 3, 2006. It's not running replication and is being > > used in basically a default installation sort of configuration. The > > application that uses it is a simple Java client, nothing that should > > be causing any problems. This is something new that has appeared out > > of the blue. > > JNDI has, or used to have, a bug which sends LDAP controls with every operation. IIRC, a workaround can be made in the client code telling JNDI not to use the control. This may or may not help you, but worth noting. > > The problem and solution, as I found about 1-2 years ago, is listed in one OpenLDAP mailing list message, but I couldn't find it just now. Anyhow, you can see see the buggy JNDI behaviour I am referring to if you sniff the packets with ethereal. > > > BR, > -- > mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From mj at sci.fi Tue Aug 8 14:26:36 2006 From: mj at sci.fi (mj at sci.fi) Date: Tue, 8 Aug 2006 17:26:36 +0300 (EEST) Subject: [Fedora-directory-users] Help with the directory server locking up Message-ID: <25867452.195721155047196975.JavaMail.mj@sci.fi> Michael Thomsen kirjoitti: > Thanks. I'll forward this to the guys I work with! > Found it (in a different place): http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4361587 -- mike From Samuel.Adams at BROOKS.AF.MIL Tue Aug 8 18:20:24 2006 From: Samuel.Adams at BROOKS.AF.MIL (Adams Samuel D Contr AFRL/HEDR) Date: Tue, 8 Aug 2006 13:20:24 -0500 Subject: [Fedora-directory-users] TLS authentication Message-ID: <8BF06A36E7AD424197195998D9A0B8E147FE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> Basically I am trying to use FDS for LDAP authentication for centralized authentication on my Linux network and a need to make sure that it is secure. I figured that enabling TLS for authentication would be a good start. I read the Red Hat Directory Server administrator guide chapter on TLS and followed the howto at http://directory.fedora.redhat.com/wiki/Howto:SSL. It looks like I have TLS enabled because I can get my Linux clients using the OpenLDAP PAM module to authenticate with TLS enabled, but my LDAP server will also let them authenticate without TLS! If someone authenticates without TLS, does that mean that their login credentials are being passed in the clear? How do I make the FDS to only allow TLS authentication? My basic goal is to make this secure. I also have two medium vulnerabilities the keep popping up with ISS that I need to resolve but can't seem to find the proper configuration in the admin console. " LDAP NullBind: LDAP anonymous access to directory The NULL bind entry allows a user to access the Lightweight Directory Access Protocol (LDAP) directory anonymously. An attacker could take advantage of the NULL bind entry to anonymously view files on the LDAP director. Remedy: Disable the NULL bind entry or control the entry with Access Control Lists (ACLs). References:" --and-- " LDAP Schema: LDAP schema information gathering An attacker could access the Lightweight Directory Access Protocol (LDAP) schema to gain information about the LDAP server. The LDAP server dumps its schema, which can show all necessary attributes needed for an object, including hidden or non-readable attributes. An attacker could use this information to access directory listings and plan further attacks. Remedy: Disable the cn=schema entry or allow only authorized users to view the entry. References:" Any recommendations on any of these points would be helpful... Thanks, Sam Adams General Dynamics - Information Technology From rmeggins at redhat.com Tue Aug 8 19:18:25 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 Aug 2006 13:18:25 -0600 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E147FE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E147FE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44D8E381.4070000@redhat.com> Adams Samuel D Contr AFRL/HEDR wrote: > Basically I am trying to use FDS for LDAP authentication for centralized > authentication on my Linux network and a need to make sure that it is > secure. I figured that enabling TLS for authentication would be a good > start. I read the Red Hat Directory Server administrator guide chapter > on TLS and followed the howto at > http://directory.fedora.redhat.com/wiki/Howto:SSL. It looks like I have > TLS enabled because I can get my Linux clients using the OpenLDAP PAM > module to authenticate with TLS enabled, but my LDAP server will also > let them authenticate without TLS! > > If someone authenticates without TLS, does that mean that their login > credentials are being passed in the clear? > Yes. But how are they authenticating other than PAM? That is, if PAM is set to use TLS, how can they login through PAM without TLS? > How do I make the FDS to only allow TLS authentication? > I don't think you can. The startTLS operation requires the non-secure port. If you just want to use LDAPS (TLS without startTLS) then you can disable the non-secure port. Then all server traffic must be encrypted. > My basic goal is to make this secure. > > I also have two medium vulnerabilities the keep popping up with ISS that > I need to resolve but can't seem to find the proper configuration in the > admin console. > > " LDAP NullBind: LDAP anonymous access to directory > > The NULL bind entry allows a user to access the Lightweight Directory > Access Protocol (LDAP) directory anonymously. An attacker could take > advantage of the NULL bind entry to anonymously view files on the LDAP > director. > Remedy: > Disable the NULL bind entry or control the entry with Access Control > Lists (ACLs). > References:" > Yes, you can disable access with ACIs by removing the anonymous search ACI. However, this may disable apps like PAM that first need to perform a search for the user's userid (e.g. at a login prompt). Some apps (like PAM) allow you to perform the search as a real user, so you can grant search access to only that user. You can also use SASL/Kerberos to avoid sending cleartext passwords over the wire. > --and-- > > " LDAP Schema: LDAP schema information gathering > > An attacker could access the Lightweight Directory Access Protocol > (LDAP) schema to gain information about the LDAP server. The LDAP server > dumps its schema, which can show all necessary attributes needed for an > object, including hidden or non-readable attributes. An attacker could > use this information to access directory listings and plan further > attacks. > Remedy: > Disable the cn=schema entry or allow only authorized users to view the > entry. > References:" > Again, you can simply remove the anonymous search ACI on this entry, but this may break some applications that require anonymous access to query the schema. > Any recommendations on any of these points would be helpful... Thanks, > > Sam Adams > General Dynamics - Information Technology > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Tue Aug 8 19:47:13 2006 From: mj at sci.fi (Mike Jackson) Date: Tue, 08 Aug 2006 22:47:13 +0300 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E147FE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E147FE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44D8EA41.5090402@sci.fi> Adams Samuel D Contr AFRL/HEDR wrote: > I also have two medium vulnerabilities the keep popping up with ISS that > I need to resolve but can't seem to find the proper configuration in the > admin console. > > " LDAP NullBind: LDAP anonymous access to directory > > The NULL bind entry allows a user to access the Lightweight Directory > Access Protocol (LDAP) directory anonymously. An attacker could take > advantage of the NULL bind entry to anonymously view files on the LDAP > director. > Remedy: > Disable the NULL bind entry or control the entry with Access Control > Lists (ACLs). > References:" > > --and-- > > " LDAP Schema: LDAP schema information gathering > > An attacker could access the Lightweight Directory Access Protocol > (LDAP) schema to gain information about the LDAP server. The LDAP server > dumps its schema, which can show all necessary attributes needed for an > object, including hidden or non-readable attributes. An attacker could > use this information to access directory listings and plan further > attacks. > Remedy: > Disable the cn=schema entry or allow only authorized users to view the > entry. > References:" Those are not vulnerabilities, they are deliberate features in the LDAPv3 standard. Those two nessus/ISS tests, among other LDAP related tests, are born of senseless "rationale" which was contributed to nessus several years ago by a nessus mailing list member. Back then, the nessus engine creator was asking the nessus mailing list to submit any kind of test they could think of, so they could eventually brag about having 10k types of scans. There was no quality control involved, tests were just accepted at face value. And many of the explanations are not logical or rational if you really sit down and think about them. I think nessus and ISS trade or sell tests to/with each other, or something... Anyhow, one of their key marketing points is the number of included tests. It is up to a directory architect to consider the security ramifications of his or her design, not nessus or ISS. If you want to allow anon access to some portion of your directory, and lock down other portionss, then there is absolutely nothing wrong or insecure about that. Companies have public (anonymously accessible) portions of their website, don't they? Is that a vulnerability? As well, claiming that anonymous schema discovery is a vulnerability is just plain nonsense. Knowing the name of an attribute which is not anonymously readable doesn't help you in any way, shape, or form to plan an attack on an LDAP server. And the LDAP standard does not contain support for "hidden" attributes, unless you consider operational attributes which need to be explicitly requested. Operational attributes have well known names and are not easily extendable by directory architects. Sorry for the rant, but I'm particularly fed up with the self-proclaimed "security experts" spreading misinformation like this and trying to take over the networks with fud. BR, mike From prowley at redhat.com Tue Aug 8 20:11:16 2006 From: prowley at redhat.com (Pete Rowley) Date: Tue, 08 Aug 2006 13:11:16 -0700 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E147FE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E147FE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44D8EFE4.4000306@redhat.com> Adams Samuel D Contr AFRL/HEDR wrote: >I also have two medium vulnerabilities the keep popping up with ISS that >I need to resolve but can't seem to find the proper configuration in the >admin console. > >" LDAP NullBind: LDAP anonymous access to directory > > > > ... >" LDAP Schema: LDAP schema information gathering > > > In addition to the other posters comments I would point out that with zero access control configured in the DS nobody but the directory manager can do anything - zero access by default. The best method of securing the server is to start with that blank sheet and selectively enable targeted operations for targeted users/groups on targeted sets of entries. For example, your requirement is that pam operates: add the aci that makes that happen and no more. The default aci's added on install should be treated as examples only that just happen to be suitable for casual evaluation. Most deployments can get away with very few aci's in order to enforce their policy. Adding aci's when something is found not to work correctly due to insufficient access is a lot less painful than the ramifications of overly broad grants of access. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From Samuel.Adams at BROOKS.AF.MIL Tue Aug 8 20:16:58 2006 From: Samuel.Adams at BROOKS.AF.MIL (Adams Samuel D Contr AFRL/HEDR) Date: Tue, 8 Aug 2006 15:16:58 -0500 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <44D8EA41.5090402@sci.fi> Message-ID: <8BF06A36E7AD424197195998D9A0B8E147FEBB@FBRMLBR01.Enterprise.afmc.ds.af.mil> Haha, I know exactly what you mean! My workplace is full of "security experts" that don't even know what ICMP is. I could send you some results of some serious "ping vulnerabilities" so we all could get a good laugh, but I digress. Knowing how to run an ISS or Nessus scan does not necessarily make you a security expert. Anyway, should I worry about clients using the LDAP to authenticate without TLS? Do I need to set my directory server such that users can only authenticate only if they have TLS enabled? Sam Adams General Dynamics - Information Technology Phone: 210.536.5945 -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Mike Jackson Sent: Tuesday, August 08, 2006 2:47 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] TLS authentication Adams Samuel D Contr AFRL/HEDR wrote: > I also have two medium vulnerabilities the keep popping up with ISS that > I need to resolve but can't seem to find the proper configuration in the > admin console. > > " LDAP NullBind: LDAP anonymous access to directory > > The NULL bind entry allows a user to access the Lightweight Directory > Access Protocol (LDAP) directory anonymously. An attacker could take > advantage of the NULL bind entry to anonymously view files on the LDAP > director. > Remedy: > Disable the NULL bind entry or control the entry with Access Control > Lists (ACLs). > References:" > > --and-- > > " LDAP Schema: LDAP schema information gathering > > An attacker could access the Lightweight Directory Access Protocol > (LDAP) schema to gain information about the LDAP server. The LDAP server > dumps its schema, which can show all necessary attributes needed for an > object, including hidden or non-readable attributes. An attacker could > use this information to access directory listings and plan further > attacks. > Remedy: > Disable the cn=schema entry or allow only authorized users to view the > entry. > References:" Those are not vulnerabilities, they are deliberate features in the LDAPv3 standard. Those two nessus/ISS tests, among other LDAP related tests, are born of senseless "rationale" which was contributed to nessus several years ago by a nessus mailing list member. Back then, the nessus engine creator was asking the nessus mailing list to submit any kind of test they could think of, so they could eventually brag about having 10k types of scans. There was no quality control involved, tests were just accepted at face value. And many of the explanations are not logical or rational if you really sit down and think about them. I think nessus and ISS trade or sell tests to/with each other, or something... Anyhow, one of their key marketing points is the number of included tests. It is up to a directory architect to consider the security ramifications of his or her design, not nessus or ISS. If you want to allow anon access to some portion of your directory, and lock down other portionss, then there is absolutely nothing wrong or insecure about that. Companies have public (anonymously accessible) portions of their website, don't they? Is that a vulnerability? As well, claiming that anonymous schema discovery is a vulnerability is just plain nonsense. Knowing the name of an attribute which is not anonymously readable doesn't help you in any way, shape, or form to plan an attack on an LDAP server. And the LDAP standard does not contain support for "hidden" attributes, unless you consider operational attributes which need to be explicitly requested. Operational attributes have well known names and are not easily extendable by directory architects. Sorry for the rant, but I'm particularly fed up with the self-proclaimed "security experts" spreading misinformation like this and trying to take over the networks with fud. BR, mike -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From prowley at redhat.com Tue Aug 8 20:31:36 2006 From: prowley at redhat.com (Pete Rowley) Date: Tue, 08 Aug 2006 13:31:36 -0700 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E147FEBB@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E147FEBB@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44D8F4A8.50401@redhat.com> Adams Samuel D Contr AFRL/HEDR wrote: >Anyway, should I worry about clients using the LDAP to authenticate >without TLS? > That really depends on your deployment - how sensitive would you be to someone having their credentials sniffed off the wire? How likely is it that someone will attempt a non-encrypted bind? YMMV. > Do I need to set my directory server such that users can >only authenticate only if they have TLS enabled? > > By the time the bind code is evaluating whether a secure transport was used the credentials have already passed over the wire. If you are sensitive to this, then I would suggest you disable the non-secure port by setting its port # to zero, then the only way to attempt a bind is over the secure port using SSL. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Tue Aug 8 20:25:58 2006 From: mj at sci.fi (Mike Jackson) Date: Tue, 08 Aug 2006 23:25:58 +0300 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E147FEBB@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E147FEBB@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44D8F356.5090504@sci.fi> Adams Samuel D Contr AFRL/HEDR wrote: > Haha, I know exactly what you mean! My workplace is full of "security > experts" that don't even know what ICMP is. I could send you some > results of some serious "ping vulnerabilities" so we all could get a > good laugh, but I digress. Knowing how to run an ISS or Nessus scan > does not necessarily make you a security expert. Those ping vulnerabilities are the best :-) > Anyway, should I worry about clients using the LDAP to authenticate > without TLS? Do I need to set my directory server such that users can > only authenticate only if they have TLS enabled? As LDAP is easily decodable with e.g. ethereal, passwords can be extracted in plain text. So, yes, I would avoid sending passwords across the network in plain text without transport security. I think that it's easier to configure all of your authentication handlers (PAM, web apps, IMAP server, etc) to use SSL/TLS than it is to try to force the LDAP server to only allow TLS users bind privileges... Configuring PAM to use TLS is really simple. Just put the CA cert in /etc/openldap/cacerts, configure /etc/openldap/ldap.conf, configure pam_ldap /etc/ldap.conf, and you're done. You can write a fairly small shell script to automate the procedure... BR, Mike From rmeggins at redhat.com Tue Aug 8 20:40:05 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 Aug 2006 14:40:05 -0600 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <44D8F4A8.50401@redhat.com> References: <8BF06A36E7AD424197195998D9A0B8E147FEBB@FBRMLBR01.Enterprise.afmc.ds.af.mil> <44D8F4A8.50401@redhat.com> Message-ID: <44D8F6A5.7000203@redhat.com> Pete Rowley wrote: > Adams Samuel D Contr AFRL/HEDR wrote: > >> Anyway, should I worry about clients using the LDAP to authenticate >> without TLS? >> > That really depends on your deployment - how sensitive would you be to > someone having their credentials sniffed off the wire? How likely is > it that someone will attempt a non-encrypted bind? YMMV. > >> Do I need to set my directory server such that users can >> only authenticate only if they have TLS enabled? >> > By the time the bind code is evaluating whether a secure transport was > used the credentials have already passed over the wire. If you are > sensitive to this, then I would suggest you disable the non-secure > port by setting its port # to zero, then the only way to attempt a > bind is over the secure port using SSL. Since LDAP suggests to use startTLS to start up TLS sessions on the non-secure port, there should be a way to disallow operations before the startTLS happens. Fedora DS does not support this. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From alan.ferrier at iplay.com Wed Aug 9 10:22:12 2006 From: alan.ferrier at iplay.com (Alan Ferrier) Date: Wed, 09 Aug 2006 11:22:12 +0100 Subject: [Fedora-directory-users] FDS + Samba + IdealX Message-ID: <44D9B754.1090409@iplay.com> Hi guys, I'm attempting to integrate FDS + the IdealX scripts to handle User, Group and Computer Management. It's all going reasonably well - I can authenticate against the Samba Domain and do most admin type tasks. I'm having an issue when attempting to add a Computer to the Domain, however. It's blowing chunks with an "Insufficient 'write' privilege" error. Log snippet below. Running "/usr/sbin/smbldap-useradd -w marisa$" from the command line works fine. I've tried adding an ACI for the admin user for "sambadomainname=bridges,dc=digitalbridges,dc=sys" but this doesn't appear to change anything. Any hints greatly appreciated! Alan [2006/08/09 11:12:57, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/08/09 11:12:57, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/08/09 11:12:57, 2] lib/smbldap.c:smbldap_open_connection(722) smbldap_open_connection: connection opened [2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) init_sam_from_ldap: Entry found for user: alan.ferrier [2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199) init_group_from_ldap: Entry found for group: 513 [2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199) init_group_from_ldap: Entry found for group: 1002 [2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199) init_group_from_ldap: Entry found for group: 1003 [2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199) init_group_from_ldap: Entry found for group: 1025 [2006/08/09 11:12:57, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [alan.ferrier] -> [alan.ferrier] -> [alan.ferrier] succeeded [2006/08/09 11:12:57, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670) Returning domain sid for domain BRIDGES -> S-1-5-21-683103908-991045669-825688854 [2006/08/09 11:12:57, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670) Returning domain sid for domain BRIDGES -> S-1-5-21-683103908-991045669-825688854 Error: Insufficient 'write' privilege to the 'uidNumber' attribute of entry 'sambadomainname=bridges,dc=digitalbridges,dc=sys'. [2006/08/09 11:12:58, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w marisa$' gave 1 [2006/08/09 11:12:59, 2] smbd/server.c:exit_server(614) Closing connections -- ----------------------------- e-Commerce Systems Manager I-play 3 Pitreavie Court Pitreavie Business Park Dunfermline KY11 8UU UK Tel: +44 (0) 1383 723234 Fax: +44 (0) 1383 723235 Mob: +44 (0) 7796 148326 ============================= ________________________________________________________________________ E-mail is an informal method of communication and may be subject to data corruption, interception and unauthorised amendment for which I-play, a trading name of Digital Bridges Ltd will accept no liability. Therefore, it will normally be inappropriate to rely on information contained on e-mail without obtaining written confirmation. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. (C) 2005. I-play is a trademark and trading name of Digital Bridges Limited. All Rights Reserved. ________________________________________________________________________ This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. For further information visit http://www.messagelabs.com/stats.asp From mj at sci.fi Wed Aug 9 11:53:19 2006 From: mj at sci.fi (mj at sci.fi) Date: Wed, 9 Aug 2006 14:53:19 +0300 (EEST) Subject: [Fedora-directory-users] FDS + Samba + IdealX Message-ID: <32316791.458961155124400226.JavaMail.mj@sci.fi> Alan Ferrier kirjoitti: > Hi guys, > > I'm attempting to integrate FDS + the IdealX scripts to handle User, > Group and Computer Management. It's all going reasonably well - I can > authenticate against the Samba Domain and do most admin type tasks. I'm > having an issue when attempting to add a Computer to the Domain, > however. It's blowing chunks with an "Insufficient 'write' privilege" > error. Log snippet below. > > Running "/usr/sbin/smbldap-useradd -w marisa$" from the command line > works fine. > > I've tried adding an ACI for the admin user for > "sambadomainname=bridges,dc=digitalbridges,dc=sys" but this doesn't > appear to change anything. > > Any hints greatly appreciated! Hint: Submit FDS access logfile snippets containing your failed operations. BR, Mike From alan.ferrier at iplay.com Wed Aug 9 12:13:03 2006 From: alan.ferrier at iplay.com (Alan Ferrier) Date: Wed, 09 Aug 2006 13:13:03 +0100 Subject: [Fedora-directory-users] FDS + Samba + IdealX In-Reply-To: <32316791.458961155124400226.JavaMail.mj@sci.fi> References: <32316791.458961155124400226.JavaMail.mj@sci.fi> Message-ID: <44D9D14F.7010200@iplay.com> Good point ;) [09/Aug/2006:11:12:56 +0000] conn=1284 fd=64 slot=64 connection from 127.0.0.1 to 127.0.0.1 [09/Aug/2006:11:12:56 +0000] conn=1284 op=0 BIND dn="uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" method=128 version=3 [09/Aug/2006:11:12:56 +0000] conn=1284 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" [09/Aug/2006:11:12:56 +0000] conn=1284 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl" [09/Aug/2006:11:12:56 +0000] conn=1284 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1284 op=2 SRCH base="dc=digitalbridges,dc=sys" scope=2 filter="(&(uid=alan.ferrier)(objectClass=sambaSamAccount))" attrs="u id uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName samb aHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sa mbaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modi fyTimestamp" [09/Aug/2006:11:12:56 +0000] conn=1284 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1285 fd=65 slot=65 connection from 127.0.0.1 to 127.0.0.1 [09/Aug/2006:11:12:56 +0000] conn=1285 op=0 BIND dn="uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" method=128 version=3 [09/Aug/2006:11:12:56 +0000] conn=1285 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" [09/Aug/2006:11:12:56 +0000] conn=1285 op=1 SRCH base="ou=People,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=alan.ferrier))" a ttrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [09/Aug/2006:11:12:56 +0000] conn=1285 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1285 op=2 SRCH base="ou=People,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=alan.ferrier))" a ttrs=ALL [09/Aug/2006:11:12:56 +0000] conn=1285 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1285 op=3 SRCH base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixGroup)(|(memberUid=alan.ferrie r)(uniqueMember=uid=alan.ferrier,ou=People,dc=DIGITALBRIDGES,dc=SYS)))" attrs="gidNumber" [09/Aug/2006:11:12:56 +0000] conn=1285 op=3 RESULT err=0 tag=101 nentries=3 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1285 op=4 SRCH base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixGroup)(uniqueMember=cn=Schema Admins,ou=Groups,dc=DIGITALBRIDGES,dc=SYS))" attrs="gidNumber" [09/Aug/2006:11:12:56 +0000] conn=1285 op=4 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1285 op=5 SRCH base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixGroup)(uniqueMember=cn=Enterpr ise Admins,ou=Groups,dc=DIGITALBRIDGES,dc=SYS))" attrs="gidNumber" [09/Aug/2006:11:12:56 +0000] conn=1285 op=5 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1285 op=6 SRCH base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixGroup)(uniqueMember=cn=operati ons,ou=Groups,dc=DIGITALBRIDGES,dc=SYS))" attrs="gidNumber" [09/Aug/2006:11:12:56 +0000] conn=1285 op=6 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1284 op=3 SRCH base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=513))" attrs="gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass" [09/Aug/2006:11:12:56 +0000] conn=1284 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1284 op=4 SRCH base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=1002)) " attrs="gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass" [09/Aug/2006:11:12:56 +0000] conn=1284 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1284 op=5 SRCH base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=1003)) " attrs="gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass" [09/Aug/2006:11:12:56 +0000] conn=1284 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1284 op=6 SRCH base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=1025)) " attrs="gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass" [09/Aug/2006:11:12:56 +0000] conn=1284 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1284 op=7 SRCH base="dc=digitalbridges,dc=sys" scope=2 filter="(&(uid=marisa$)(objectClass=sambaSamAccount))" attrs="uid ui dNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHome Drive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDo mainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTim estamp" [09/Aug/2006:11:12:56 +0000] conn=1284 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1286 fd=66 slot=66 connection from 127.0.0.1 to 127.0.0.1 [09/Aug/2006:11:12:56 +0000] conn=1285 op=7 UNBIND [09/Aug/2006:11:12:56 +0000] conn=1285 op=7 fd=65 closed - U1 [09/Aug/2006:11:12:56 +0000] conn=1286 op=0 BIND dn="" method=128 version=3 [09/Aug/2006:11:12:56 +0000] conn=1286 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [09/Aug/2006:11:12:56 +0000] conn=1286 op=1 SRCH base="ou=People,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=marisa$))" attrs= "uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [09/Aug/2006:11:12:56 +0000] conn=1286 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1286 op=2 SRCH base="ou=Computers,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=marisa$))" att rs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [09/Aug/2006:11:12:56 +0000] conn=1286 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1286 op=3 SRCH base="ou=People,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=MARISA$))" attrs= "uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [09/Aug/2006:11:12:56 +0000] conn=1286 op=3 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:56 +0000] conn=1286 op=4 SRCH base="ou=Computers,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=MARISA$))" att rs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [09/Aug/2006:11:12:56 +0000] conn=1286 op=4 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:57 +0000] conn=1287 fd=65 slot=65 connection from 127.0.0.1 to 127.0.0.1 [09/Aug/2006:11:12:57 +0000] conn=1287 op=0 SRCH base="dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=marisa$))" attrs=ALL [09/Aug/2006:11:12:57 +0000] conn=1287 op=0 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:57 +0000] conn=1287 op=1 SRCH base="sambaDomainName=BRIDGES,dc=digitalbridges,dc=sys" scope=0 filter="(objectClass=sambaUnixIdPool)" attrs =ALL [09/Aug/2006:11:12:57 +0000] conn=1287 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [09/Aug/2006:11:12:57 +0000] conn=1287 op=2 MOD dn="sambaDomainName=BRIDGES,dc=digitalbridges,dc=sys" [09/Aug/2006:11:12:57 +0000] conn=1287 op=2 RESULT err=50 tag=103 nentries=0 etime=0 [09/Aug/2006:11:12:57 +0000] conn=1287 op=-1 fd=65 closed - B1 [09/Aug/2006:11:12:57 +0000] conn=1286 op=5 SRCH base="ou=People,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=marisa$))" attrs= "uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [09/Aug/2006:11:12:57 +0000] conn=1286 op=5 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:57 +0000] conn=1286 op=6 SRCH base="ou=Computers,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=marisa$))" att rs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [09/Aug/2006:11:12:57 +0000] conn=1286 op=6 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:57 +0000] conn=1286 op=7 SRCH base="ou=People,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=MARISA$))" attrs= "uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [09/Aug/2006:11:12:57 +0000] conn=1286 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:57 +0000] conn=1286 op=8 SRCH base="ou=Computers,dc=digitalbridges,dc=sys" scope=2 filter="(&(objectClass=posixAccount)(uid=MARISA$))" att rs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [09/Aug/2006:11:12:57 +0000] conn=1286 op=8 RESULT err=0 tag=101 nentries=0 etime=0 [09/Aug/2006:11:12:58 +0000] conn=1286 op=-1 fd=66 closed - B1 [09/Aug/2006:11:12:58 +0000] conn=1284 op=-1 fd=64 closed - B1 mj at sci.fi wrote: > Alan Ferrier kirjoitti: >> Hi guys, >> >> I'm attempting to integrate FDS + the IdealX scripts to handle User, >> Group and Computer Management. It's all going reasonably well - I can >> authenticate against the Samba Domain and do most admin type tasks. >> I'm having an issue when attempting to add a Computer to the Domain, >> however. It's blowing chunks with an "Insufficient 'write' privilege" >> error. Log snippet below. >> >> Running "/usr/sbin/smbldap-useradd -w marisa$" from the command line >> works fine. >> >> I've tried adding an ACI for the admin user for >> "sambadomainname=bridges,dc=digitalbridges,dc=sys" but this doesn't >> appear to change anything. >> >> Any hints greatly appreciated! > > > Hint: Submit FDS access logfile snippets containing your failed > operations. > > BR, > Mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- ----------------------------- e-Commerce Systems Manager I-play 3 Pitreavie Court Pitreavie Business Park Dunfermline KY11 8UU UK Tel: +44 (0) 1383 723234 Fax: +44 (0) 1383 723235 Mob: +44 (0) 7796 148326 ============================= ________________________________________________________________________ E-mail is an informal method of communication and may be subject to data corruption, interception and unauthorised amendment for which I-play, a trading name of Digital Bridges Ltd will accept no liability. Therefore, it will normally be inappropriate to rely on information contained on e-mail without obtaining written confirmation. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. (C) 2005. I-play is a trademark and trading name of Digital Bridges Limited. All Rights Reserved. ________________________________________________________________________ This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. For further information visit http://www.messagelabs.com/stats.asp From rmeggins at redhat.com Wed Aug 9 14:11:49 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Aug 2006 08:11:49 -0600 Subject: [Fedora-directory-users] FDS + Samba + IdealX In-Reply-To: <44D9D14F.7010200@iplay.com> References: <32316791.458961155124400226.JavaMail.mj@sci.fi> <44D9D14F.7010200@iplay.com> Message-ID: <44D9ED25.9070107@redhat.com> Alan Ferrier wrote: > Good point ;) > > [09/Aug/2006:11:12:56 +0000] conn=1284 fd=64 slot=64 connection from > 127.0.0.1 to 127.0.0.1 > [09/Aug/2006:11:12:56 +0000] conn=1284 op=0 BIND > dn="uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" > method=128 version=3 > [09/Aug/2006:11:12:56 +0000] conn=1284 op=0 RESULT err=0 tag=97 > nentries=0 etime=0 > dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" > [09/Aug/2006:11:12:56 +0000] conn=1284 op=1 SRCH base="" scope=0 > filter="(objectClass=*)" attrs="supportedControl" > [09/Aug/2006:11:12:56 +0000] conn=1284 op=1 RESULT err=0 tag=101 > nentries=1 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1284 op=2 SRCH > base="dc=digitalbridges,dc=sys" scope=2 > filter="(&(uid=alan.ferrier)(objectClass=sambaSamAccount))" attrs="u > id uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange > sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn > displayName samb > aHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description > sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword > sambaNTPassword sa > mbaDomainName objectClass sambaAcctFlags sambaMungedDial > sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory > modifyTimestamp sambaLogonHours modi > fyTimestamp" > [09/Aug/2006:11:12:56 +0000] conn=1284 op=2 RESULT err=0 tag=101 > nentries=1 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1285 fd=65 slot=65 connection from > 127.0.0.1 to 127.0.0.1 > [09/Aug/2006:11:12:56 +0000] conn=1285 op=0 BIND > dn="uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" > method=128 version=3 > [09/Aug/2006:11:12:56 +0000] conn=1285 op=0 RESULT err=0 tag=97 > nentries=0 etime=0 > dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" > [09/Aug/2006:11:12:56 +0000] conn=1285 op=1 SRCH > base="ou=People,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=alan.ferrier))" a > ttrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell > gecos description objectClass" > [09/Aug/2006:11:12:56 +0000] conn=1285 op=1 RESULT err=0 tag=101 > nentries=1 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1285 op=2 SRCH > base="ou=People,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=alan.ferrier))" a > ttrs=ALL > [09/Aug/2006:11:12:56 +0000] conn=1285 op=2 RESULT err=0 tag=101 > nentries=1 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1285 op=3 SRCH > base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixGroup)(|(memberUid=alan.ferrie > r)(uniqueMember=uid=alan.ferrier,ou=People,dc=DIGITALBRIDGES,dc=SYS)))" > attrs="gidNumber" > [09/Aug/2006:11:12:56 +0000] conn=1285 op=3 RESULT err=0 tag=101 > nentries=3 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1285 op=4 SRCH > base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixGroup)(uniqueMember=cn=Schema > Admins,ou=Groups,dc=DIGITALBRIDGES,dc=SYS))" attrs="gidNumber" > [09/Aug/2006:11:12:56 +0000] conn=1285 op=4 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1285 op=5 SRCH > base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixGroup)(uniqueMember=cn=Enterpr > ise Admins,ou=Groups,dc=DIGITALBRIDGES,dc=SYS))" attrs="gidNumber" > [09/Aug/2006:11:12:56 +0000] conn=1285 op=5 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1285 op=6 SRCH > base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixGroup)(uniqueMember=cn=operati > ons,ou=Groups,dc=DIGITALBRIDGES,dc=SYS))" attrs="gidNumber" > [09/Aug/2006:11:12:56 +0000] conn=1285 op=6 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1284 op=3 SRCH > base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=sambaGroupMapping)(gidNumber=513))" > attrs="gidNumber sambaSID sambaGroupType sambaSIDList description > displayName cn objectClass" > [09/Aug/2006:11:12:56 +0000] conn=1284 op=3 RESULT err=0 tag=101 > nentries=1 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1284 op=4 SRCH > base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=sambaGroupMapping)(gidNumber=1002)) > " attrs="gidNumber sambaSID sambaGroupType sambaSIDList description > displayName cn objectClass" > [09/Aug/2006:11:12:56 +0000] conn=1284 op=4 RESULT err=0 tag=101 > nentries=1 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1284 op=5 SRCH > base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=sambaGroupMapping)(gidNumber=1003)) > " attrs="gidNumber sambaSID sambaGroupType sambaSIDList description > displayName cn objectClass" > [09/Aug/2006:11:12:56 +0000] conn=1284 op=5 RESULT err=0 tag=101 > nentries=1 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1284 op=6 SRCH > base="ou=Groups,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=sambaGroupMapping)(gidNumber=1025)) > " attrs="gidNumber sambaSID sambaGroupType sambaSIDList description > displayName cn objectClass" > [09/Aug/2006:11:12:56 +0000] conn=1284 op=6 RESULT err=0 tag=101 > nentries=1 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1284 op=7 SRCH > base="dc=digitalbridges,dc=sys" scope=2 > filter="(&(uid=marisa$)(objectClass=sambaSamAccount))" attrs="uid ui > dNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange > sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn > displayName sambaHome > Drive sambaHomePath sambaLogonScript sambaProfilePath description > sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword > sambaNTPassword sambaDo > mainName objectClass sambaAcctFlags sambaMungedDial > sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory > modifyTimestamp sambaLogonHours modifyTim > estamp" > [09/Aug/2006:11:12:56 +0000] conn=1284 op=7 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1286 fd=66 slot=66 connection from > 127.0.0.1 to 127.0.0.1 > [09/Aug/2006:11:12:56 +0000] conn=1285 op=7 UNBIND > [09/Aug/2006:11:12:56 +0000] conn=1285 op=7 fd=65 closed - U1 > [09/Aug/2006:11:12:56 +0000] conn=1286 op=0 BIND dn="" method=128 > version=3 > [09/Aug/2006:11:12:56 +0000] conn=1286 op=0 RESULT err=0 tag=97 > nentries=0 etime=0 dn="" > [09/Aug/2006:11:12:56 +0000] conn=1286 op=1 SRCH > base="ou=People,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=marisa$))" attrs= > "uid userPassword uidNumber gidNumber cn homeDirectory loginShell > gecos description objectClass" > [09/Aug/2006:11:12:56 +0000] conn=1286 op=1 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1286 op=2 SRCH > base="ou=Computers,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=marisa$))" att > rs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell > gecos description objectClass" > [09/Aug/2006:11:12:56 +0000] conn=1286 op=2 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1286 op=3 SRCH > base="ou=People,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=MARISA$))" attrs= > "uid userPassword uidNumber gidNumber cn homeDirectory loginShell > gecos description objectClass" > [09/Aug/2006:11:12:56 +0000] conn=1286 op=3 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:56 +0000] conn=1286 op=4 SRCH > base="ou=Computers,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=MARISA$))" att > rs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell > gecos description objectClass" > [09/Aug/2006:11:12:56 +0000] conn=1286 op=4 RESULT err=0 tag=101 > nentries=0 etime=0 Start here > [09/Aug/2006:11:12:57 +0000] conn=1287 fd=65 slot=65 connection from > 127.0.0.1 to 127.0.0.1 > [09/Aug/2006:11:12:57 +0000] conn=1287 op=0 SRCH > base="dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=marisa$))" attrs=ALL > [09/Aug/2006:11:12:57 +0000] conn=1287 op=0 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:57 +0000] conn=1287 op=1 SRCH > base="sambaDomainName=BRIDGES,dc=digitalbridges,dc=sys" scope=0 > filter="(objectClass=sambaUnixIdPool)" attrs > =ALL > [09/Aug/2006:11:12:57 +0000] conn=1287 op=1 RESULT err=0 tag=101 > nentries=1 etime=0 > [09/Aug/2006:11:12:57 +0000] conn=1287 op=2 MOD > dn="sambaDomainName=BRIDGES,dc=digitalbridges,dc=sys" > [09/Aug/2006:11:12:57 +0000] conn=1287 op=2 RESULT err=50 tag=103 > nentries=0 etime=0 The client does not BIND (that is, it does not authenticate as an identity) so all operations are done as anonymous. By default (and for good reason!) no write operations are allowed by anonymous. You must somehow configure your client to use a BIND identity so that you can set an appropriate ACI to allow that identity to update the directory server. > [09/Aug/2006:11:12:57 +0000] conn=1287 op=-1 fd=65 closed - B1 > [09/Aug/2006:11:12:57 +0000] conn=1286 op=5 SRCH > base="ou=People,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=marisa$))" attrs= > "uid userPassword uidNumber gidNumber cn homeDirectory loginShell > gecos description objectClass" > [09/Aug/2006:11:12:57 +0000] conn=1286 op=5 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:57 +0000] conn=1286 op=6 SRCH > base="ou=Computers,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=marisa$))" att > rs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell > gecos description objectClass" > [09/Aug/2006:11:12:57 +0000] conn=1286 op=6 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:57 +0000] conn=1286 op=7 SRCH > base="ou=People,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=MARISA$))" attrs= > "uid userPassword uidNumber gidNumber cn homeDirectory loginShell > gecos description objectClass" > [09/Aug/2006:11:12:57 +0000] conn=1286 op=7 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:57 +0000] conn=1286 op=8 SRCH > base="ou=Computers,dc=digitalbridges,dc=sys" scope=2 > filter="(&(objectClass=posixAccount)(uid=MARISA$))" att > rs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell > gecos description objectClass" > [09/Aug/2006:11:12:57 +0000] conn=1286 op=8 RESULT err=0 tag=101 > nentries=0 etime=0 > [09/Aug/2006:11:12:58 +0000] conn=1286 op=-1 fd=66 closed - B1 > [09/Aug/2006:11:12:58 +0000] conn=1284 op=-1 fd=64 closed - B1 > > > mj at sci.fi wrote: >> Alan Ferrier kirjoitti: >>> Hi guys, >>> >>> I'm attempting to integrate FDS + the IdealX scripts to handle User, >>> Group and Computer Management. It's all going reasonably well - I >>> can authenticate against the Samba Domain and do most admin type >>> tasks. I'm having an issue when attempting to add a Computer to the >>> Domain, however. It's blowing chunks with an "Insufficient 'write' >>> privilege" error. Log snippet below. >>> >>> Running "/usr/sbin/smbldap-useradd -w marisa$" from the command line >>> works fine. >>> >>> I've tried adding an ACI for the admin user for >>> "sambadomainname=bridges,dc=digitalbridges,dc=sys" but this doesn't >>> appear to change anything. >>> >>> Any hints greatly appreciated! >> >> >> Hint: Submit FDS access logfile snippets containing your failed >> operations. >> >> BR, >> Mike >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mgg at stargate.net Wed Aug 9 15:52:12 2006 From: mgg at stargate.net (Martin G. Greenberg) Date: Wed, 09 Aug 2006 11:52:12 -0400 Subject: [Fedora-directory-users] FDS support for CLDAP Message-ID: <44DA04AC.4010103@stargate.net> I'm setting up a Windows domain controller using Samba/FDS and I'm stuck getting the PCs to join the domain. They're attempting to query the FC5 box running FDS using CLDAP (i.e. UDP) and FDS is only listening for TCP (i.e. LDAP) queries. Anyone know how to get FDS to respond to CLDAP queries (or get the !@#$!@# Windows boxes to use LDAP)? - MGG From rmeggins at redhat.com Wed Aug 9 15:57:29 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Aug 2006 09:57:29 -0600 Subject: [Fedora-directory-users] FDS support for CLDAP In-Reply-To: <44DA04AC.4010103@stargate.net> References: <44DA04AC.4010103@stargate.net> Message-ID: <44DA05E9.5020608@redhat.com> Martin G. Greenberg wrote: > I'm setting up a Windows domain controller using Samba/FDS and > I'm stuck getting the PCs to join the domain. They're attempting > to query the FC5 box running FDS using CLDAP (i.e. UDP) and > FDS is only listening for TCP (i.e. LDAP) queries. > > Anyone know how to get FDS to respond to CLDAP queries (or FDS does not support CLDAP. It looks like it may have a long time ago. > get the !@#$!@# Windows boxes to use LDAP)? > > - MGG > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From mj at sci.fi Wed Aug 9 15:48:45 2006 From: mj at sci.fi (Mike Jackson) Date: Wed, 09 Aug 2006 18:48:45 +0300 Subject: [Fedora-directory-users] FDS support for CLDAP In-Reply-To: <44DA04AC.4010103@stargate.net> References: <44DA04AC.4010103@stargate.net> Message-ID: <44DA03DD.1010400@sci.fi> Martin G. Greenberg wrote: > I'm setting up a Windows domain controller using Samba/FDS and > I'm stuck getting the PCs to join the domain. They're attempting > to query the FC5 box running FDS using CLDAP (i.e. UDP) and > FDS is only listening for TCP (i.e. LDAP) queries. > > Anyone know how to get FDS to respond to CLDAP queries (or > get the !@#$!@# Windows boxes to use LDAP)? How to get windows boxes to use standard LDAP? Hmm... Anyhow, FDS doesn't support UDP. I would check out Samba 4. It is supposed to have an AD implementation included. BR, Mike -- http://www.netauth.com - LDAP Directory Consulting From pbruna at it-linux.cl Wed Aug 9 15:39:58 2006 From: pbruna at it-linux.cl (Patricio Bruna V.) Date: Wed, 9 Aug 2006 11:39:58 -0400 Subject: [Fedora-directory-users] grant admin console access Message-ID: <200608091139.58617.pbruna@it-linux.cl> i've noticed that if the directory admin server cannot map the ip to a hostname it will not allow the access. How can i pass this? -- Patricio Bruna V. Red Hat Certified Engineer IT Linux Ltda. http://www.it-linux.cl Fono/Fax: (+56-2) 697 11 66 Cel: (+56-8) 288 51 95 From rmeggins at redhat.com Wed Aug 9 16:17:47 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Aug 2006 10:17:47 -0600 Subject: [Fedora-directory-users] grant admin console access In-Reply-To: <200608091139.58617.pbruna@it-linux.cl> References: <200608091139.58617.pbruna@it-linux.cl> Message-ID: <44DA0AAB.9010204@redhat.com> Patricio Bruna V. wrote: > i've noticed that if the directory admin server cannot map the ip to a > hostname it will not allow the access. > How can i pass this? > http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt#How_to_set_the_hosts.2FIP_addresses_allowed_to_access_the_Admin_Server -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From imarks at comcast.net Wed Aug 9 18:54:00 2006 From: imarks at comcast.net (Ian Marks) Date: Wed, 09 Aug 2006 14:54:00 -0400 Subject: [Fedora-directory-users] Admin Server Failure Message-ID: <44DA2F48.8040500@comcast.net> Does anyone have a good idea where I can start troubleshooting the error below. I get the error when I attempt to start the admin server. I also posted an error from the htttpd logs which could be related. I'm running Centos 4.3 with FDS 1.0.2. /opt/fedora-ds/admin-serv/logs/error [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed /var/log/httpd/error_log [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable Thanks, Ian From rmeggins at redhat.com Wed Aug 9 19:02:55 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Aug 2006 13:02:55 -0600 Subject: [Fedora-directory-users] Admin Server Failure In-Reply-To: <44DA2F48.8040500@comcast.net> References: <44DA2F48.8040500@comcast.net> Message-ID: <44DA315F.6060201@redhat.com> Ian Marks wrote: > Does anyone have a good idea where I can start troubleshooting the > error below. I get the error when I attempt to start the admin > server. I also posted an error from the htttpd logs which could be > related. I'm running Centos 4.3 with FDS 1.0.2. > > /opt/fedora-ds/admin-serv/logs/error > [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: Failed > to create PSET handle (pset error = ) > Configuration Failed 1) The directory server must be up and running before attempting to start the admin server 2) If the DS is running, what is the output of doing sh -xv start-admin? > > /var/log/httpd/error_log > [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK > [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable > > Thanks, > Ian > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From bkosick at mxlogic.com Wed Aug 9 19:00:49 2006 From: bkosick at mxlogic.com (Brian Kosick) Date: Wed, 09 Aug 2006 13:00:49 -0600 Subject: [Fedora-directory-users] Admin Server Failure In-Reply-To: <44DA2F48.8040500@comcast.net> References: <44DA2F48.8040500@comcast.net> Message-ID: <1155150049.2670.29.camel@localhost.localdomain> Without more info.... Make sure that you have the openssl rpm installed. Brian On Wed, 2006-08-09 at 14:54 -0400, Ian Marks wrote: > Does anyone have a good idea where I can start troubleshooting the error > below. I get the error when I attempt to start the admin server. I > also posted an error from the htttpd logs which could be related. I'm > running Centos 4.3 with FDS 1.0.2. > > /opt/fedora-ds/admin-serv/logs/error > [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: Failed > to create PSET handle (pset error = ) > Configuration Failed > > /var/log/httpd/error_log > [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK > [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable > > Thanks, > Ian > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From rcritten at redhat.com Wed Aug 9 19:03:23 2006 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 09 Aug 2006 15:03:23 -0400 Subject: [Fedora-directory-users] Admin Server Failure In-Reply-To: <44DA2F48.8040500@comcast.net> References: <44DA2F48.8040500@comcast.net> Message-ID: <44DA317B.7060409@redhat.com> Ian Marks wrote: > Does anyone have a good idea where I can start troubleshooting the error > below. I get the error when I attempt to start the admin server. I > also posted an error from the htttpd logs which could be related. I'm > running Centos 4.3 with FDS 1.0.2. > > /opt/fedora-ds/admin-serv/logs/error > [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: Failed > to create PSET handle (pset error = ) > Configuration Failed > > /var/log/httpd/error_log > [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK > [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable That just means that Apache lacks LDAPS support. You can ignore this, there is nothing you can do about it short building your own Apache. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From imarks at comcast.net Wed Aug 9 19:09:53 2006 From: imarks at comcast.net (Ian Marks) Date: Wed, 09 Aug 2006 15:09:53 -0400 Subject: [Fedora-directory-users] Admin Server Failure In-Reply-To: <44DA315F.6060201@redhat.com> References: <44DA2F48.8040500@comcast.net> <44DA315F.6060201@redhat.com> Message-ID: <44DA3301.2030400@comcast.net> I have the following ssl packages installed. rpm -qa |grep ssl openssl-0.9.7a-43.8 mod_ssl-2.0.52-22.ent.centos4 openssl-devel-0.9.7a-43.8 xmlsec1-openssl-1.2.6-3 The directory server is running and appears to be working correctly. Several other hosts are able to authenticate via pam against this DS server. Here is the output of "sh -xv start-admin", minus the copyright stuff: SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT + SERVER_ROOT=/opt/fedora-ds + export SERVER_ROOT NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT + NETSITE_ROOT=/opt/fedora-ds + export NETSITE_ROOT ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT + ADMSERV_ROOT=/opt/fedora-ds/admin-serv + export ADMSERV_ROOT unset PASSWORD_PIPE + unset PASSWORD_PIPE LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export LD_LIBRARY_PATH + LD_LIBRARY_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib: + export LD_LIBRARY_PATH LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; export LIBPATH + LIBPATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:::/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib + export LIBPATH SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH + SHLIB_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:: + export SHLIB_PATH NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME + NS_SERVER_HOME=/opt/fedora-ds + export NS_SERVER_HOME PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH + PATH=/opt/fedora-ds/bin/admin/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin + export PATH HTTPD=/usr/sbin//httpd.worker + HTTPD=/usr/sbin//httpd.worker # see if httpd is linked with the openldap libraries - we need to override them OS=`uname -s` uname -s ++ uname -s + OS=Linux if [ $OS = "Linux" ]; then hasol=0 /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1 if [ $hasol -eq 1 ] ; then LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so ${SERVER_ROOT}/bin/admin/lib/libldap50.so" export LD_PRELOAD fi fi + '[' Linux = Linux ']' + hasol=0 + /usr/bin/ldd /usr/sbin//httpd.worker + grep libldap + hasol=1 + '[' 1 -eq 1 ']' + LD_PRELOAD='/opt/fedora-ds/bin/admin/lib/libssl3.so /opt/fedora-ds/bin/admin/lib/libldap50.so' + export LD_PRELOAD $HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf "$@" + /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf Richard Megginson wrote: > Ian Marks wrote: >> Does anyone have a good idea where I can start troubleshooting the >> error below. I get the error when I attempt to start the admin >> server. I also posted an error from the htttpd logs which could be >> related. I'm running Centos 4.3 with FDS 1.0.2. >> >> /opt/fedora-ds/admin-serv/logs/error >> [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: >> Failed to create PSET handle (pset error = ) >> Configuration Failed > 1) The directory server must be up and running before attempting to > start the admin server > 2) If the DS is running, what is the output of doing sh -xv start-admin? >> >> /var/log/httpd/error_log >> [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK >> [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable >> >> Thanks, >> Ian >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Wed Aug 9 19:18:04 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Aug 2006 13:18:04 -0600 Subject: [Fedora-directory-users] Admin Server Failure In-Reply-To: <44DA3301.2030400@comcast.net> References: <44DA2F48.8040500@comcast.net> <44DA315F.6060201@redhat.com> <44DA3301.2030400@comcast.net> Message-ID: <44DA34EC.7070800@redhat.com> Ian Marks wrote: > I have the following ssl packages installed. > rpm -qa |grep ssl > openssl-0.9.7a-43.8 > mod_ssl-2.0.52-22.ent.centos4 > openssl-devel-0.9.7a-43.8 > xmlsec1-openssl-1.2.6-3 > > The directory server is running and appears to be working correctly. > Several other hosts are able to authenticate via pam against this DS > server. Here is the output of "sh -xv start-admin", minus the > copyright stuff: > > SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT > + SERVER_ROOT=/opt/fedora-ds > + export SERVER_ROOT > NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT > + NETSITE_ROOT=/opt/fedora-ds > + export NETSITE_ROOT > ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT > + ADMSERV_ROOT=/opt/fedora-ds/admin-serv > + export ADMSERV_ROOT > > unset PASSWORD_PIPE > + unset PASSWORD_PIPE > > LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export > LD_LIBRARY_PATH > + LD_LIBRARY_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib: > + export LD_LIBRARY_PATH > LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; > export LIBPATH > + > LIBPATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:::/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib > > + export LIBPATH > SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH > + SHLIB_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:: > + export SHLIB_PATH > > NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME > + NS_SERVER_HOME=/opt/fedora-ds > + export NS_SERVER_HOME > PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH > + > PATH=/opt/fedora-ds/bin/admin/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin > > + export PATH > > HTTPD=/usr/sbin//httpd.worker > + HTTPD=/usr/sbin//httpd.worker > > # see if httpd is linked with the openldap libraries - we need to > override them > OS=`uname -s` > uname -s > ++ uname -s > + OS=Linux > if [ $OS = "Linux" ]; then > hasol=0 > > /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1 > > if [ $hasol -eq 1 ] ; then > LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so > ${SERVER_ROOT}/bin/admin/lib/libldap50.so" > export LD_PRELOAD > fi > fi > + '[' Linux = Linux ']' > + hasol=0 > + /usr/bin/ldd /usr/sbin//httpd.worker > + grep libldap > + hasol=1 > + '[' 1 -eq 1 ']' > + LD_PRELOAD='/opt/fedora-ds/bin/admin/lib/libssl3.so > /opt/fedora-ds/bin/admin/lib/libldap50.so' > + export LD_PRELOAD > > $HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf "$@" > + /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/config/httpd.conf So it correctly detects that httpd is linked against openldap and does the LD_PRELOAD. Next, try turning up the debug level. First, edit admin-serv/config/httpd.conf and change LogLevel to debug. Then, do start-admin -e debug. There should be a bunch of stuff in admin-serv/logs/error > > > > > Richard Megginson wrote: >> Ian Marks wrote: >>> Does anyone have a good idea where I can start troubleshooting the >>> error below. I get the error when I attempt to start the admin >>> server. I also posted an error from the htttpd logs which could be >>> related. I'm running Centos 4.3 with FDS 1.0.2. >>> >>> /opt/fedora-ds/admin-serv/logs/error >>> [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: >>> Failed to create PSET handle (pset error = ) >>> Configuration Failed >> 1) The directory server must be up and running before attempting to >> start the admin server >> 2) If the DS is running, what is the output of doing sh -xv start-admin? >>> >>> /var/log/httpd/error_log >>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK >>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable >>> >>> Thanks, >>> Ian >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From imarks at comcast.net Wed Aug 9 19:27:26 2006 From: imarks at comcast.net (Ian Marks) Date: Wed, 09 Aug 2006 15:27:26 -0400 Subject: [Fedora-directory-users] Admin Server Failure In-Reply-To: <44DA34EC.7070800@redhat.com> References: <44DA2F48.8040500@comcast.net> <44DA315F.6060201@redhat.com> <44DA3301.2030400@comcast.net> <44DA34EC.7070800@redhat.com> Message-ID: <44DA371E.2020707@comcast.net> Here is the last few lines from the error log after enabling debug. [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): populate_tasks_from_server(): Added task entry [cn=htmladmin,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora administration server,cn=server group,cn=cac.example.com,ou=example.com,o=netscaperoot:htmladmin:] for user [LocalSuper] [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): populate_tasks_from_server(): Added task entry [cn=statpingserv,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora administration server,cn=server group,cn=cac.example.com,ou=example.com,o=netscaperoot:statpingserv:] for user [LocalSuper] [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): populate_tasks_from_server(): Added task entry [cn=viewdata,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora administration server,cn=server group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewdata:] for user [LocalSuper] [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): populate_tasks_from_server(): Added task entry [cn=viewlog,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora administration server,cn=server group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewlog:] for user [LocalSuper] [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): populate_tasks_from_server(): Added task entry [cn=monreplication,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora administration server,cn=server group,cn=cac.example.com,ou=example.com,o=netscaperoot:monreplication:] for user [LocalSuper] [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): populate_tasks_from_server(): Added task entry [cn=repl-monitor-cgi.pl,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora administration server,cn=server group,cn=cac.example.com,ou=example.com,o=netscaperoot:repl-monitor-cgi.pl:] for user [LocalSuper] [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): populate_tasks_from_server(): Added task entry [cn=sync-task-sie-data,cn=commands,cn=admin-serv-cac,cn=fedora administration server,cn=server group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for user [LocalSuper] [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): populate_tasks_from_server(): Added task entry [cn=change-sie-password,cn=commands,cn=admin-serv-cac,cn=fedora administration server,cn=server group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for user [LocalSuper] [Wed Aug 09 19:22:22 2006] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Ian Richard Megginson wrote: > Ian Marks wrote: >> I have the following ssl packages installed. >> rpm -qa |grep ssl >> openssl-0.9.7a-43.8 >> mod_ssl-2.0.52-22.ent.centos4 >> openssl-devel-0.9.7a-43.8 >> xmlsec1-openssl-1.2.6-3 >> >> The directory server is running and appears to be working correctly. >> Several other hosts are able to authenticate via pam against this DS >> server. Here is the output of "sh -xv start-admin", minus the >> copyright stuff: >> >> SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT >> + SERVER_ROOT=/opt/fedora-ds >> + export SERVER_ROOT >> NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT >> + NETSITE_ROOT=/opt/fedora-ds >> + export NETSITE_ROOT >> ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT >> + ADMSERV_ROOT=/opt/fedora-ds/admin-serv >> + export ADMSERV_ROOT >> >> unset PASSWORD_PIPE >> + unset PASSWORD_PIPE >> >> LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export >> LD_LIBRARY_PATH >> + LD_LIBRARY_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib: >> + export LD_LIBRARY_PATH >> LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; >> export LIBPATH >> + >> LIBPATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:::/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib >> >> + export LIBPATH >> SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH >> + SHLIB_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:: >> + export SHLIB_PATH >> >> NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME >> + NS_SERVER_HOME=/opt/fedora-ds >> + export NS_SERVER_HOME >> PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH >> + >> PATH=/opt/fedora-ds/bin/admin/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin >> >> + export PATH >> >> HTTPD=/usr/sbin//httpd.worker >> + HTTPD=/usr/sbin//httpd.worker >> >> # see if httpd is linked with the openldap libraries - we need to >> override them >> OS=`uname -s` >> uname -s >> ++ uname -s >> + OS=Linux >> if [ $OS = "Linux" ]; then >> hasol=0 >> >> /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1 >> >> if [ $hasol -eq 1 ] ; then >> LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so >> ${SERVER_ROOT}/bin/admin/lib/libldap50.so" >> export LD_PRELOAD >> fi >> fi >> + '[' Linux = Linux ']' >> + hasol=0 >> + /usr/bin/ldd /usr/sbin//httpd.worker >> + grep libldap >> + hasol=1 >> + '[' 1 -eq 1 ']' >> + LD_PRELOAD='/opt/fedora-ds/bin/admin/lib/libssl3.so >> /opt/fedora-ds/bin/admin/lib/libldap50.so' >> + export LD_PRELOAD >> >> $HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf "$@" >> + /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f >> /opt/fedora-ds/admin-serv/config/httpd.conf > So it correctly detects that httpd is linked against openldap and does > the LD_PRELOAD. Next, try turning up the debug level. First, edit > admin-serv/config/httpd.conf and change LogLevel to debug. Then, do > start-admin -e debug. There should be a bunch of stuff in > admin-serv/logs/error >> >> >> >> >> Richard Megginson wrote: >>> Ian Marks wrote: >>>> Does anyone have a good idea where I can start troubleshooting the >>>> error below. I get the error when I attempt to start the admin >>>> server. I also posted an error from the htttpd logs which could be >>>> related. I'm running Centos 4.3 with FDS 1.0.2. >>>> >>>> /opt/fedora-ds/admin-serv/logs/error >>>> [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: >>>> Failed to create PSET handle (pset error = ) >>>> Configuration Failed >>> 1) The directory server must be up and running before attempting to >>> start the admin server >>> 2) If the DS is running, what is the output of doing sh -xv >>> start-admin? >>>> >>>> /var/log/httpd/error_log >>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK >>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable >>>> >>>> Thanks, >>>> Ian >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Wed Aug 9 19:39:59 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 Aug 2006 13:39:59 -0600 Subject: [Fedora-directory-users] Admin Server Failure In-Reply-To: <44DA371E.2020707@comcast.net> References: <44DA2F48.8040500@comcast.net> <44DA315F.6060201@redhat.com> <44DA3301.2030400@comcast.net> <44DA34EC.7070800@redhat.com> <44DA371E.2020707@comcast.net> Message-ID: <44DA3A0F.3090806@redhat.com> Ian Marks wrote: > Here is the last few lines from the error log after enabling debug. > > > [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): > populate_tasks_from_server(): Added task entry > [cn=htmladmin,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora > administration server,cn=server > group,cn=cac.example.com,ou=example.com,o=netscaperoot:htmladmin:] for > user [LocalSuper] > [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): > populate_tasks_from_server(): Added task entry > [cn=statpingserv,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora > administration server,cn=server > group,cn=cac.example.com,ou=example.com,o=netscaperoot:statpingserv:] > for user [LocalSuper] > [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): > populate_tasks_from_server(): Added task entry > [cn=viewdata,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora > administration server,cn=server > group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewdata:] for > user [LocalSuper] > [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): > populate_tasks_from_server(): Added task entry > [cn=viewlog,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora > administration server,cn=server > group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewlog:] for > user [LocalSuper] > [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): > populate_tasks_from_server(): Added task entry > [cn=monreplication,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora > administration server,cn=server > group,cn=cac.example.com,ou=example.com,o=netscaperoot:monreplication:] > for user [LocalSuper] > [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): > populate_tasks_from_server(): Added task entry > [cn=repl-monitor-cgi.pl,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora > administration server,cn=server > group,cn=cac.example.com,ou=example.com,o=netscaperoot:repl-monitor-cgi.pl:] > for user [LocalSuper] > [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): > populate_tasks_from_server(): Added task entry > [cn=sync-task-sie-data,cn=commands,cn=admin-serv-cac,cn=fedora > administration server,cn=server > group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for > user [LocalSuper] > [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): > populate_tasks_from_server(): Added task entry > [cn=change-sie-password,cn=commands,cn=admin-serv-cac,cn=fedora > administration server,cn=server > group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for > user [LocalSuper] > [Wed Aug 09 19:22:22 2006] [crit] host_ip_init(): PSET failure: Failed > to create PSET handle (pset error = ) Hm - just pset? The other ldap stuff is working fine. Please post your admin-serv/config/adm.conf and shared/config/dbswitch.conf - be sure to obscure any sensitive information first. > > > Ian > > Richard Megginson wrote: >> Ian Marks wrote: >>> I have the following ssl packages installed. >>> rpm -qa |grep ssl >>> openssl-0.9.7a-43.8 >>> mod_ssl-2.0.52-22.ent.centos4 >>> openssl-devel-0.9.7a-43.8 >>> xmlsec1-openssl-1.2.6-3 >>> >>> The directory server is running and appears to be working >>> correctly. Several other hosts are able to authenticate via pam >>> against this DS server. Here is the output of "sh -xv start-admin", >>> minus the copyright stuff: >>> >>> SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT >>> + SERVER_ROOT=/opt/fedora-ds >>> + export SERVER_ROOT >>> NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT >>> + NETSITE_ROOT=/opt/fedora-ds >>> + export NETSITE_ROOT >>> ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT >>> + ADMSERV_ROOT=/opt/fedora-ds/admin-serv >>> + export ADMSERV_ROOT >>> >>> unset PASSWORD_PIPE >>> + unset PASSWORD_PIPE >>> >>> LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export >>> LD_LIBRARY_PATH >>> + LD_LIBRARY_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib: >>> + export LD_LIBRARY_PATH >>> LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; >>> export LIBPATH >>> + >>> LIBPATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:::/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib >>> >>> + export LIBPATH >>> SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH >>> + SHLIB_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:: >>> + export SHLIB_PATH >>> >>> NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME >>> + NS_SERVER_HOME=/opt/fedora-ds >>> + export NS_SERVER_HOME >>> PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH >>> + >>> PATH=/opt/fedora-ds/bin/admin/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin >>> >>> + export PATH >>> >>> HTTPD=/usr/sbin//httpd.worker >>> + HTTPD=/usr/sbin//httpd.worker >>> >>> # see if httpd is linked with the openldap libraries - we need to >>> override them >>> OS=`uname -s` >>> uname -s >>> ++ uname -s >>> + OS=Linux >>> if [ $OS = "Linux" ]; then >>> hasol=0 >>> >>> /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1 >>> >>> if [ $hasol -eq 1 ] ; then >>> LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so >>> ${SERVER_ROOT}/bin/admin/lib/libldap50.so" >>> export LD_PRELOAD >>> fi >>> fi >>> + '[' Linux = Linux ']' >>> + hasol=0 >>> + /usr/bin/ldd /usr/sbin//httpd.worker >>> + grep libldap >>> + hasol=1 >>> + '[' 1 -eq 1 ']' >>> + LD_PRELOAD='/opt/fedora-ds/bin/admin/lib/libssl3.so >>> /opt/fedora-ds/bin/admin/lib/libldap50.so' >>> + export LD_PRELOAD >>> >>> $HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf >>> "$@" >>> + /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f >>> /opt/fedora-ds/admin-serv/config/httpd.conf >> So it correctly detects that httpd is linked against openldap and >> does the LD_PRELOAD. Next, try turning up the debug level. First, >> edit admin-serv/config/httpd.conf and change LogLevel to debug. >> Then, do start-admin -e debug. There should be a bunch of stuff in >> admin-serv/logs/error >>> >>> >>> >>> >>> Richard Megginson wrote: >>>> Ian Marks wrote: >>>>> Does anyone have a good idea where I can start troubleshooting the >>>>> error below. I get the error when I attempt to start the admin >>>>> server. I also posted an error from the htttpd logs which could >>>>> be related. I'm running Centos 4.3 with FDS 1.0.2. >>>>> >>>>> /opt/fedora-ds/admin-serv/logs/error >>>>> [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: >>>>> Failed to create PSET handle (pset error = ) >>>>> Configuration Failed >>>> 1) The directory server must be up and running before attempting to >>>> start the admin server >>>> 2) If the DS is running, what is the output of doing sh -xv >>>> start-admin? >>>>> >>>>> /var/log/httpd/error_log >>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP LDAP >>>>> SDK >>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable >>>>> >>>>> Thanks, >>>>> Ian >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From imarks at comcast.net Wed Aug 9 20:14:31 2006 From: imarks at comcast.net (Ian Marks) Date: Wed, 09 Aug 2006 16:14:31 -0400 Subject: [Fedora-directory-users] Admin Server Failure In-Reply-To: <44DA3A0F.3090806@redhat.com> References: <44DA2F48.8040500@comcast.net> <44DA315F.6060201@redhat.com> <44DA3301.2030400@comcast.net> <44DA34EC.7070800@redhat.com> <44DA371E.2020707@comcast.net> <44DA3A0F.3090806@redhat.com> Message-ID: <44DA4227.6040704@comcast.net> I really appreciate your help!! adm.conf ldapHost: cac.example.com ldapPort: 389 sie: cn=admin-serv-cac, cn=Fedora Administration Server, cn=Server Group, cn=cac.example.com, ou=example.com, o=NetscapeRoot siepid: xxxxxxxx isie: cn=Fedora Administration Server, cn=Server Group, cn=cac.example.com, ou=example.com, o=NetscapeRoot port: 1389 ldapStart: slapd-cac/start-slapd dbswitch.conf directory default ldap://cac.example.com:389/o%3DNetscapeRoot Richard Megginson wrote: > Ian Marks wrote: >> Here is the last few lines from the error log after enabling debug. >> >> >> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >> populate_tasks_from_server(): Added task entry >> [cn=htmladmin,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >> administration server,cn=server >> group,cn=cac.example.com,ou=example.com,o=netscaperoot:htmladmin:] >> for user [LocalSuper] >> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >> populate_tasks_from_server(): Added task entry >> [cn=statpingserv,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >> administration server,cn=server >> group,cn=cac.example.com,ou=example.com,o=netscaperoot:statpingserv:] >> for user [LocalSuper] >> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >> populate_tasks_from_server(): Added task entry >> [cn=viewdata,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >> administration server,cn=server >> group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewdata:] for >> user [LocalSuper] >> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >> populate_tasks_from_server(): Added task entry >> [cn=viewlog,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >> administration server,cn=server >> group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewlog:] for >> user [LocalSuper] >> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >> populate_tasks_from_server(): Added task entry >> [cn=monreplication,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >> administration server,cn=server >> group,cn=cac.example.com,ou=example.com,o=netscaperoot:monreplication:] >> for user [LocalSuper] >> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >> populate_tasks_from_server(): Added task entry >> [cn=repl-monitor-cgi.pl,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >> administration server,cn=server >> group,cn=cac.example.com,ou=example.com,o=netscaperoot:repl-monitor-cgi.pl:] >> for user [LocalSuper] >> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >> populate_tasks_from_server(): Added task entry >> [cn=sync-task-sie-data,cn=commands,cn=admin-serv-cac,cn=fedora >> administration server,cn=server >> group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for >> user [LocalSuper] >> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >> populate_tasks_from_server(): Added task entry >> [cn=change-sie-password,cn=commands,cn=admin-serv-cac,cn=fedora >> administration server,cn=server >> group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for >> user [LocalSuper] >> [Wed Aug 09 19:22:22 2006] [crit] host_ip_init(): PSET failure: >> Failed to create PSET handle (pset error = ) > Hm - just pset? The other ldap stuff is working fine. Please post > your admin-serv/config/adm.conf and shared/config/dbswitch.conf - be > sure to obscure any sensitive information first. >> >> >> Ian >> >> Richard Megginson wrote: >>> Ian Marks wrote: >>>> I have the following ssl packages installed. >>>> rpm -qa |grep ssl >>>> openssl-0.9.7a-43.8 >>>> mod_ssl-2.0.52-22.ent.centos4 >>>> openssl-devel-0.9.7a-43.8 >>>> xmlsec1-openssl-1.2.6-3 >>>> >>>> The directory server is running and appears to be working >>>> correctly. Several other hosts are able to authenticate via pam >>>> against this DS server. Here is the output of "sh -xv >>>> start-admin", minus the copyright stuff: >>>> >>>> SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT >>>> + SERVER_ROOT=/opt/fedora-ds >>>> + export SERVER_ROOT >>>> NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT >>>> + NETSITE_ROOT=/opt/fedora-ds >>>> + export NETSITE_ROOT >>>> ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT >>>> + ADMSERV_ROOT=/opt/fedora-ds/admin-serv >>>> + export ADMSERV_ROOT >>>> >>>> unset PASSWORD_PIPE >>>> + unset PASSWORD_PIPE >>>> >>>> LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export >>>> LD_LIBRARY_PATH >>>> + LD_LIBRARY_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib: >>>> + export LD_LIBRARY_PATH >>>> LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; >>>> export LIBPATH >>>> + >>>> LIBPATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:::/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib >>>> >>>> + export LIBPATH >>>> SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH >>>> + SHLIB_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:: >>>> + export SHLIB_PATH >>>> >>>> NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME >>>> + NS_SERVER_HOME=/opt/fedora-ds >>>> + export NS_SERVER_HOME >>>> PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH >>>> + >>>> PATH=/opt/fedora-ds/bin/admin/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin >>>> >>>> + export PATH >>>> >>>> HTTPD=/usr/sbin//httpd.worker >>>> + HTTPD=/usr/sbin//httpd.worker >>>> >>>> # see if httpd is linked with the openldap libraries - we need to >>>> override them >>>> OS=`uname -s` >>>> uname -s >>>> ++ uname -s >>>> + OS=Linux >>>> if [ $OS = "Linux" ]; then >>>> hasol=0 >>>> >>>> /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1 >>>> >>>> if [ $hasol -eq 1 ] ; then >>>> LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so >>>> ${SERVER_ROOT}/bin/admin/lib/libldap50.so" >>>> export LD_PRELOAD >>>> fi >>>> fi >>>> + '[' Linux = Linux ']' >>>> + hasol=0 >>>> + /usr/bin/ldd /usr/sbin//httpd.worker >>>> + grep libldap >>>> + hasol=1 >>>> + '[' 1 -eq 1 ']' >>>> + LD_PRELOAD='/opt/fedora-ds/bin/admin/lib/libssl3.so >>>> /opt/fedora-ds/bin/admin/lib/libldap50.so' >>>> + export LD_PRELOAD >>>> >>>> $HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf >>>> "$@" >>>> + /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f >>>> /opt/fedora-ds/admin-serv/config/httpd.conf >>> So it correctly detects that httpd is linked against openldap and >>> does the LD_PRELOAD. Next, try turning up the debug level. First, >>> edit admin-serv/config/httpd.conf and change LogLevel to debug. >>> Then, do start-admin -e debug. There should be a bunch of stuff in >>> admin-serv/logs/error >>>> >>>> >>>> >>>> >>>> Richard Megginson wrote: >>>>> Ian Marks wrote: >>>>>> Does anyone have a good idea where I can start troubleshooting >>>>>> the error below. I get the error when I attempt to start the >>>>>> admin server. I also posted an error from the htttpd logs which >>>>>> could be related. I'm running Centos 4.3 with FDS 1.0.2. >>>>>> >>>>>> /opt/fedora-ds/admin-serv/logs/error >>>>>> [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: >>>>>> Failed to create PSET handle (pset error = ) >>>>>> Configuration Failed >>>>> 1) The directory server must be up and running before attempting >>>>> to start the admin server >>>>> 2) If the DS is running, what is the output of doing sh -xv >>>>> start-admin? >>>>>> >>>>>> /var/log/httpd/error_log >>>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP >>>>>> LDAP SDK >>>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable >>>>>> >>>>>> Thanks, >>>>>> Ian >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From imarks at comcast.net Wed Aug 9 20:21:40 2006 From: imarks at comcast.net (Ian Marks) Date: Wed, 09 Aug 2006 16:21:40 -0400 Subject: [Fedora-directory-users] Admin Server Failure In-Reply-To: <44DA4227.6040704@comcast.net> References: <44DA2F48.8040500@comcast.net> <44DA315F.6060201@redhat.com> <44DA3301.2030400@comcast.net> <44DA34EC.7070800@redhat.com> <44DA371E.2020707@comcast.net> <44DA3A0F.3090806@redhat.com> <44DA4227.6040704@comcast.net> Message-ID: <44DA43D4.4030806@comcast.net> Thanks again for all your help, I think I just figured it out. The dbswitch.conf file was owned by root when it should have been owned by nobody. Ian Ian Marks wrote: > I really appreciate your help!! > > adm.conf > ldapHost: cac.example.com > ldapPort: 389 > sie: cn=admin-serv-cac, cn=Fedora Administration Server, cn=Server > Group, cn=cac.example.com, ou=example.com, o=NetscapeRoot > siepid: xxxxxxxx > isie: cn=Fedora Administration Server, cn=Server Group, > cn=cac.example.com, ou=example.com, o=NetscapeRoot > port: 1389 > ldapStart: slapd-cac/start-slapd > > > dbswitch.conf > > directory default ldap://cac.example.com:389/o%3DNetscapeRoot > > > Richard Megginson wrote: >> Ian Marks wrote: >>> Here is the last few lines from the error log after enabling debug. >>> >>> >>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >>> populate_tasks_from_server(): Added task entry >>> [cn=htmladmin,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >>> administration server,cn=server >>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:htmladmin:] >>> for user [LocalSuper] >>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >>> populate_tasks_from_server(): Added task entry >>> [cn=statpingserv,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >>> administration server,cn=server >>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:statpingserv:] >>> for user [LocalSuper] >>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >>> populate_tasks_from_server(): Added task entry >>> [cn=viewdata,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >>> administration server,cn=server >>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewdata:] >>> for user [LocalSuper] >>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >>> populate_tasks_from_server(): Added task entry >>> [cn=viewlog,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >>> administration server,cn=server >>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewlog:] for >>> user [LocalSuper] >>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >>> populate_tasks_from_server(): Added task entry >>> [cn=monreplication,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >>> administration server,cn=server >>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:monreplication:] >>> for user [LocalSuper] >>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >>> populate_tasks_from_server(): Added task entry >>> [cn=repl-monitor-cgi.pl,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora >>> administration server,cn=server >>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:repl-monitor-cgi.pl:] >>> for user [LocalSuper] >>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >>> populate_tasks_from_server(): Added task entry >>> [cn=sync-task-sie-data,cn=commands,cn=admin-serv-cac,cn=fedora >>> administration server,cn=server >>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for >>> user [LocalSuper] >>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): >>> populate_tasks_from_server(): Added task entry >>> [cn=change-sie-password,cn=commands,cn=admin-serv-cac,cn=fedora >>> administration server,cn=server >>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for >>> user [LocalSuper] >>> [Wed Aug 09 19:22:22 2006] [crit] host_ip_init(): PSET failure: >>> Failed to create PSET handle (pset error = ) >> Hm - just pset? The other ldap stuff is working fine. Please post >> your admin-serv/config/adm.conf and shared/config/dbswitch.conf - be >> sure to obscure any sensitive information first. >>> >>> >>> Ian >>> >>> Richard Megginson wrote: >>>> Ian Marks wrote: >>>>> I have the following ssl packages installed. >>>>> rpm -qa |grep ssl >>>>> openssl-0.9.7a-43.8 >>>>> mod_ssl-2.0.52-22.ent.centos4 >>>>> openssl-devel-0.9.7a-43.8 >>>>> xmlsec1-openssl-1.2.6-3 >>>>> >>>>> The directory server is running and appears to be working >>>>> correctly. Several other hosts are able to authenticate via pam >>>>> against this DS server. Here is the output of "sh -xv >>>>> start-admin", minus the copyright stuff: >>>>> >>>>> SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT >>>>> + SERVER_ROOT=/opt/fedora-ds >>>>> + export SERVER_ROOT >>>>> NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT >>>>> + NETSITE_ROOT=/opt/fedora-ds >>>>> + export NETSITE_ROOT >>>>> ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT >>>>> + ADMSERV_ROOT=/opt/fedora-ds/admin-serv >>>>> + export ADMSERV_ROOT >>>>> >>>>> unset PASSWORD_PIPE >>>>> + unset PASSWORD_PIPE >>>>> >>>>> LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export >>>>> LD_LIBRARY_PATH >>>>> + LD_LIBRARY_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib: >>>>> + export LD_LIBRARY_PATH >>>>> LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; >>>>> export LIBPATH >>>>> + >>>>> LIBPATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:::/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib >>>>> >>>>> + export LIBPATH >>>>> SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH >>>>> + SHLIB_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:: >>>>> + export SHLIB_PATH >>>>> >>>>> NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME >>>>> + NS_SERVER_HOME=/opt/fedora-ds >>>>> + export NS_SERVER_HOME >>>>> PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH >>>>> + >>>>> PATH=/opt/fedora-ds/bin/admin/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin >>>>> >>>>> + export PATH >>>>> >>>>> HTTPD=/usr/sbin//httpd.worker >>>>> + HTTPD=/usr/sbin//httpd.worker >>>>> >>>>> # see if httpd is linked with the openldap libraries - we need to >>>>> override them >>>>> OS=`uname -s` >>>>> uname -s >>>>> ++ uname -s >>>>> + OS=Linux >>>>> if [ $OS = "Linux" ]; then >>>>> hasol=0 >>>>> >>>>> /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && >>>>> hasol=1 >>>>> >>>>> if [ $hasol -eq 1 ] ; then >>>>> LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so >>>>> ${SERVER_ROOT}/bin/admin/lib/libldap50.so" >>>>> export LD_PRELOAD >>>>> fi >>>>> fi >>>>> + '[' Linux = Linux ']' >>>>> + hasol=0 >>>>> + /usr/bin/ldd /usr/sbin//httpd.worker >>>>> + grep libldap >>>>> + hasol=1 >>>>> + '[' 1 -eq 1 ']' >>>>> + LD_PRELOAD='/opt/fedora-ds/bin/admin/lib/libssl3.so >>>>> /opt/fedora-ds/bin/admin/lib/libldap50.so' >>>>> + export LD_PRELOAD >>>>> >>>>> $HTTPD -k start -d $ADMSERV_ROOT -f >>>>> $ADMSERV_ROOT/config/httpd.conf "$@" >>>>> + /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f >>>>> /opt/fedora-ds/admin-serv/config/httpd.conf >>>> So it correctly detects that httpd is linked against openldap and >>>> does the LD_PRELOAD. Next, try turning up the debug level. First, >>>> edit admin-serv/config/httpd.conf and change LogLevel to debug. >>>> Then, do start-admin -e debug. There should be a bunch of stuff in >>>> admin-serv/logs/error >>>>> >>>>> >>>>> >>>>> >>>>> Richard Megginson wrote: >>>>>> Ian Marks wrote: >>>>>>> Does anyone have a good idea where I can start troubleshooting >>>>>>> the error below. I get the error when I attempt to start the >>>>>>> admin server. I also posted an error from the htttpd logs which >>>>>>> could be related. I'm running Centos 4.3 with FDS 1.0.2. >>>>>>> >>>>>>> /opt/fedora-ds/admin-serv/logs/error >>>>>>> [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: >>>>>>> Failed to create PSET handle (pset error = ) >>>>>>> Configuration Failed >>>>>> 1) The directory server must be up and running before attempting >>>>>> to start the admin server >>>>>> 2) If the DS is running, what is the output of doing sh -xv >>>>>> start-admin? >>>>>>> >>>>>>> /var/log/httpd/error_log >>>>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP >>>>>>> LDAP SDK >>>>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable >>>>>>> >>>>>>> Thanks, >>>>>>> Ian >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From felipe.alfaro at gmail.com Wed Aug 9 23:45:14 2006 From: felipe.alfaro at gmail.com (Felipe Alfaro Solana) Date: Wed, 9 Aug 2006 16:45:14 -0700 Subject: [Fedora-directory-users] FDS support for CLDAP In-Reply-To: <44DA03DD.1010400@sci.fi> References: <44DA04AC.4010103@stargate.net> <44DA03DD.1010400@sci.fi> Message-ID: <6f6293f10608091645s19786288o1d054a940170ed8d@mail.gmail.com> > How to get windows boxes to use standard LDAP? Hmm... Anyhow, FDS > doesn't support UDP. AFAIK, Windows boxes use standard LDAP, but a non-standard Kerberos implementation. From pkime at Shopzilla.com Thu Aug 10 05:35:33 2006 From: pkime at Shopzilla.com (Philip Kime) Date: Wed, 9 Aug 2006 22:35:33 -0700 Subject: [Fedora-directory-users] How to monitor replication? Message-ID: <9C0091F428E697439E7A773FFD083427025FF8@szexchange.Shopzilla.inc> Does anyone know of any way of monitoring replication? I just want to know if it stops for some reason. The repliction monitor script seems to be buggy and I can't get it to work at all with a completely SSL'ed LDAP infra of Fedora 1.0.2 servers. SNMP doesn't seem to have relevant counters. Even just the schema parts to check for errors of the error log string to look for would be useful. PK -- Philip Kime NOPS Systems Architect 310 401 0407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Aug 11 00:04:55 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 10 Aug 2006 18:04:55 -0600 Subject: [Fedora-directory-users] Upgrading from 7.1 to 1.0.2 In-Reply-To: <44D4B770.6000701@concepttechnologyinc.com> References: <4706484.2251154398715605.JavaMail.root@host3.concepttechnologyinc.com> <44CF5626.2090408@redhat.com> <44CF7FC0.5020802@concepttechnologyinc.com> <44CF8451.9060703@redhat.com> <44CFBB89.1080800@concepttechnologyinc.com> <44CFBF5A.4040108@redhat.com> <44CFEB69.3060808@concepttechnologyinc.com> <44CFF265.9040107@redhat.com> <44D4B770.6000701@concepttechnologyinc.com> Message-ID: <44DBC9A7.4090604@redhat.com> Darren Fulton - CTI wrote: > Richard Megginson wrote: > >> Darren Fulton - CTI wrote: >>> That seems to have fixed it! Awesome. Thank you Richard. For the >>> record, here are the details of what I did based on Richard's >>> instructions: >>> >>> cd /opt/fedora-ds/slapd-host2/ >>> ./db2ldif -s o=netscaperoot > nsroot.ldif >>> ## That created an ldif file at >>> /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif >>> cat /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif >>> ## That looks good cd /opt/fedora-ds/slapd-host2/ldif/ >>> cp -p 2006_08_01_181049.ldif 2006_08_01_181049.ldif.orig >>> rpl "ou=4.0" "ou=1.0" 2006_08_01_181049.ldif >>> ## If no rpl, manually edit with vi or something >>> cd /opt/fedora-ds/slapd-host2/ >>> ./ldif2db -s o=netscaperoot -i >>> /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif >>> ## That failed with "Unable to import the database because it is >>> being used by another slapd process." >>> /opt/fedora-ds/slapd-host2/stop-slapd >>> ./ldif2db -s o=netscaperoot -i >>> /opt/fedora-ds/slapd-host2/ldif/2006_08_01_181049.ldif >>> ## That time it seems to have worked. >>> /opt/fedora-ds/slapd-host2/start-slapd >>> cd /opt/fedora-ds >>> ./startconsole >>> ## It Works! >>> >>> -- >>> Best Regards, >>> >>> Darren Fulton >>> Concept Technology, Inc. >> I've updated the Install_Guide with this information - >> http://directory.fedora.redhat.com/wiki/Install_Guide#Upgrading_from_the_7.1_release >> >> > I had to repeat the process above one more time and make two > additional replacements to the ldif file referenced above in order to > make the console work 100%. For whatever reason, the console was > still trying to load the old jar files. I replaced all references to > "ds71.jar" with "ds10.jar" AND all references to "admserv70.jar" with > "admserv10.jar". > One warning for you if you ever have to do this. In the ldif file, > there were some instances of white space and line wrap. Here is one > example: > > ...MigrateCreate at ds71 > .jar at cn... > > #Note the line break after ds71 and a space before .jar > > A simple find and replace wouldn't have worked. So, the procedure > that Richard cited is good, but also modify those jar file references > while you're making the "ou=4.0" to "ou=1.0" changes if you still > have the old jar file references. Thanks Darren. I've updated http://directory.fedora.redhat.com/wiki/Install_Guide#Upgrading_from_the_7.1_release One thing I forgot - you can disable line wrapping in db2ldif by using the -U command line argument, which should make parsing the ldif file considerably easier. > > -- > Best Regards, > > Darren Fulton > Concept Technology, Inc. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Aug 11 00:25:05 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 10 Aug 2006 18:25:05 -0600 Subject: [Fedora-directory-users] How to monitor replication? In-Reply-To: <9C0091F428E697439E7A773FFD083427025FF8@szexchange.Shopzilla.inc> References: <9C0091F428E697439E7A773FFD083427025FF8@szexchange.Shopzilla.inc> Message-ID: <44DBCE61.9020109@redhat.com> Philip Kime wrote: > Does anyone know of any way of monitoring replication? I just want to > know if it stops for some reason. The repliction monitor script seems > to be buggy and I can't get it to work at all with a completely SSL'ed > LDAP infra of Fedora 1.0.2 servers. Can you post the contents of your config file? Be sure to remove any sensitive information. For SSL to work, you must supply the full pathname of your the cert8.db containing the CA cert that issued the LDAP server cert. The format of the config file is as follows: $host:$port:$binddn:$password:$certdbfilename If using SSL, port should be SSL port. Although, it should work without SSL - you should be able to use the non-secure port to monitor replication. > SNMP doesn't seem to have relevant counters. Even just the schema > parts to check for errors of the error log string to look for would be > useful. > > PK > > -- > Philip Kime > NOPS Systems Architect > 310 401 0407 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Aug 11 16:01:10 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 11 Aug 2006 10:01:10 -0600 Subject: [Fedora-directory-users] Init script to Suse 9x 10x In-Reply-To: <1153512142.5660.4.camel@localhost.localdomain> References: <1153512142.5660.4.camel@localhost.localdomain> Message-ID: <44DCA9C6.1090305@redhat.com> Carlos Cesario wrote: > Hi peoples, I make two scripts (slapd-aplication and admin server) to > Suse 9x 10x system. > > I based from scripts to RH (in wiki) > > If somebody found any error please make the fix or report to list :) > Thanks! http://directory.fedora.redhat.com/wiki/Howto:SysVInit#Init_Scripts_for_Suse_9.2F10 > > Excuse me by my English :) > > > Instructions to setup: (to default path install) > > #####fedora-ds script###### > chmod 755 fedora-ds > cp fedora-ds /etc/init.d/ > ln -s /etc/init.d/fedora-ds /usr/sbin/rcfedora-ds > > Edit /etc/init.d/fedora-ds and change APP_NAME var valeu to name of you > aplication > > and enable the service in yast or in console > chkconfing fedora-ds on > > ########################### > > ######fedora-ds-admin###### > chmod 755 fedora-ds-admin > cp fedora-ds-admin /etc/init.d/ > ln -s /etc/init.d/fedora-ds-admin /usr/sbin/rcfedora-ds-admin > and enable the service in yast or in console > chkconfing fedora-ds-admin on > ########################## > > I find that it is this > > thanks > > Carlos Cesario > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From elebsack at mitre.org Fri Aug 11 17:28:30 2006 From: elebsack at mitre.org (Lebsack, Eliot) Date: Fri, 11 Aug 2006 13:28:30 -0400 Subject: [Fedora-directory-users] smbpasswd crashing FDS Message-ID: <3DD2072FFE53004EA1A74D7E483D43157CCD4E@IMCSRV2.MITRE.ORG> Good afternoon. In my quest to set up FDS with Samba (CentOS 4.3), I've managed to get samba and the directory configured so that it is successful in affecting a password change via the "ldap passwd sync = yes" option in the smb.conf file. When I attempt to change the password in my Windows XP client using the standard XP dialogs, it accepts the new password, but then promptly crashes the Directory Server. This behavior has also been observed with the executable smbpasswd. I'm running FDS 1.0.2. I'd sure like samba to control the "userPassword" LDAP attribute when a password is changed, but this is a show-stopper to be sure. Has anyone else observed this problem? Regards, Eliot -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Aug 11 17:37:00 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 11 Aug 2006 11:37:00 -0600 Subject: [Fedora-directory-users] smbpasswd crashing FDS In-Reply-To: <3DD2072FFE53004EA1A74D7E483D43157CCD4E@IMCSRV2.MITRE.ORG> References: <3DD2072FFE53004EA1A74D7E483D43157CCD4E@IMCSRV2.MITRE.ORG> Message-ID: <44DCC03C.5000904@redhat.com> Lebsack, Eliot wrote: > Good afternoon. > > In my quest to set up FDS with Samba (CentOS 4.3), I've managed to > get samba and the directory configured so that it is successful in > affecting > a password change via the "ldap passwd sync = yes" option in the > smb.conf file. > > When I attempt to change the password in my Windows XP client using > the standard > XP dialogs, it accepts the new password, but then promptly crashes the > Directory Server. > This behavior has also been observed with the executable smbpasswd. > I'm running FDS > 1.0.2. I'd sure like samba to control the "userPassword" LDAP > attribute when a password > is changed, but this is a show-stopper to be sure. Has anyone else > observed this problem? https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179723 > > Regards, > > Eliot > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From cjs at cjs226.com Mon Aug 14 00:27:17 2006 From: cjs at cjs226.com (Clif Smith) Date: Sun, 13 Aug 2006 19:27:17 -0500 Subject: [Fedora-directory-users] Anyone have any AIX clients? Message-ID: <1ea252fb0608131727x271e387co209a8f5e0a8d4ba4@mail.gmail.com> While my Linux and Soalris servers are working great, I've been trying to get my AIX servers to auth against FDS to no avail. I can su to users, but can't login. Anyone have any documentation, experience, etc.? Thanks, Clif -------------- next part -------------- An HTML attachment was scrubbed... URL: From Samuel.Adams at BROOKS.AF.MIL Mon Aug 14 15:01:25 2006 From: Samuel.Adams at BROOKS.AF.MIL (Adams, Samuel D Contr AFRL/HEDR) Date: Mon, 14 Aug 2006 10:01:25 -0500 Subject: [Fedora-directory-users] GIDs Message-ID: <8BF06A36E7AD424197195998D9A0B8E14B80D9@FBRMLBR01.Enterprise.afmc.ds.af.mil> How do I, or can I use the directory server to centrally serve POSIX groups to my Linux clients? I can add a group, but it doesn't have a place to put a GID. Sam Adams General Dynamics - Information Technology Phone: 210.536.5945 -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick.morris at hp.com Mon Aug 14 18:33:30 2006 From: patrick.morris at hp.com (Patrick Morris) Date: Mon, 14 Aug 2006 11:33:30 -0700 Subject: [Fedora-directory-users] GIDs In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E14B80D9@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E14B80D9@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <20060814183330.GL30863@hermes.americas.hpqcorp.net> On Mon, 14 Aug 2006, Adams, Samuel D Contr AFRL/HEDR wrote: > How do I, or can I use the directory server to centrally serve POSIX > groups to my Linux clients? I can add a group, but it doesn't have a > place to put a GID. Try gidNumber. -- Patrick Morris Snapfish/HP 303 Second Street Suite 500, South Tower San Francisco, CA 94107 (415) 979-3727 From nattaponv at hotmail.com Wed Aug 16 04:35:57 2006 From: nattaponv at hotmail.com (nattapon viroonsri) Date: Wed, 16 Aug 2006 04:35:57 +0000 Subject: [Fedora-directory-users] Role or Group usage Message-ID: Could anyone recommend me difference between group and role or give some usage example ? Regards, Nattapon _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From nattaponv at hotmail.com Wed Aug 16 04:40:29 2006 From: nattaponv at hotmail.com (nattapon viroonsri) Date: Wed, 16 Aug 2006 04:40:29 +0000 Subject: [Fedora-directory-users] Role or Group Usage Message-ID: Could anyone recommend me difference between group and role or give some usage example ? Regards, Nattapon _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From Samuel.Adams at BROOKS.AF.MIL Wed Aug 16 20:22:54 2006 From: Samuel.Adams at BROOKS.AF.MIL (Adams, Samuel D Contr AFRL/HEDR) Date: Wed, 16 Aug 2006 15:22:54 -0500 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <44D8EFE4.4000306@redhat.com> Message-ID: <8BF06A36E7AD424197195998D9A0B8E14B88B9@FBRMLBR01.Enterprise.afmc.ds.af.mil> I have been adding, modifying, and removing ACIs on different parts of my directory, generally breaking things. The restore feature has been useful lately. For example, if you talk away the anonymous access aci or at least anonymous read to the various parts of your directory, you can certainly prevent anonymous access to that part of the directory, but then a lot of important features break like PAM or seeing those parts in the admin console. Is there an easier way of modifying ACIs a know beforehand what the effect will be other than modifying them in the GUI or changing the expression and restarting the server? Sam Adams General Dynamics - Information Technology Phone: 210.536.5945 -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Pete Rowley Sent: Tuesday, August 08, 2006 3:11 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] TLS authentication Adams Samuel D Contr AFRL/HEDR wrote: >I also have two medium vulnerabilities the keep popping up with ISS that >I need to resolve but can't seem to find the proper configuration in the >admin console. > >" LDAP NullBind: LDAP anonymous access to directory > > > > ... >" LDAP Schema: LDAP schema information gathering > > > In addition to the other posters comments I would point out that with zero access control configured in the DS nobody but the directory manager can do anything - zero access by default. The best method of securing the server is to start with that blank sheet and selectively enable targeted operations for targeted users/groups on targeted sets of entries. For example, your requirement is that pam operates: add the aci that makes that happen and no more. The default aci's added on install should be treated as examples only that just happen to be suitable for casual evaluation. Most deployments can get away with very few aci's in order to enforce their policy. Adding aci's when something is found not to work correctly due to insufficient access is a lot less painful than the ramifications of overly broad grants of access. -- Pete From rmeggins at redhat.com Wed Aug 16 20:40:11 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 16 Aug 2006 14:40:11 -0600 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E14B88B9@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E14B88B9@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44E382AB.6010608@redhat.com> Adams, Samuel D Contr AFRL/HEDR wrote: > I have been adding, modifying, and removing ACIs on different parts of > my directory, generally breaking things. The restore feature has been > useful lately. For example, if you talk away the anonymous access aci > or at least anonymous read to the various parts of your directory, you > can certainly prevent anonymous access to that part of the directory, > but then a lot of important features break like PAM or seeing those > parts in the admin console. > http://www.redhat.com/docs/manuals/dir-server/release-notes/ger.html I believe you can view effective rights in the console as well. > Is there an easier way of modifying ACIs a know beforehand what the > effect will be other than modifying them in the GUI or changing the > expression and restarting the server? > > Sam Adams > General Dynamics - Information Technology > Phone: 210.536.5945 > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Pete > Rowley > Sent: Tuesday, August 08, 2006 3:11 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] TLS authentication > > Adams Samuel D Contr AFRL/HEDR wrote: > > >> I also have two medium vulnerabilities the keep popping up with ISS >> > that > >> I need to resolve but can't seem to find the proper configuration in >> > the > >> admin console. >> >> " LDAP NullBind: LDAP anonymous access to directory >> >> >> >> >> > ... > > >> " LDAP Schema: LDAP schema information gathering >> >> >> >> > In addition to the other posters comments I would point out that with > zero access control configured in the DS nobody but the directory > manager can do anything - zero access by default. The best method of > securing the server is to start with that blank sheet and selectively > enable targeted operations for targeted users/groups on targeted sets of > > entries. For example, your requirement is that pam operates: add the aci > > that makes that happen and no more. The default aci's added on install > should be treated as examples only that just happen to be suitable for > casual evaluation. > > Most deployments can get away with very few aci's in order to enforce > their policy. Adding aci's when something is found not to work correctly > > due to insufficient access is a lot less painful than the ramifications > of overly broad grants of access. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From tuxkumar at gmail.com Thu Aug 17 13:32:50 2006 From: tuxkumar at gmail.com (Saravana Kumar) Date: Thu, 17 Aug 2006 19:02:50 +0530 Subject: [Fedora-directory-users] FDS hangs Message-ID: Hi, I am running FDS in one of my servers. It serves authinfo(username & password) and automount info to about 50 clients. During peak hours(when the number of connections to the server are high) it is very difficult to operate in the client machines and the server fails to respond. Then i end up in hard rebooting the server. After reboot slapd would not start(i have scripts to start fds and fds-admin). I have to run ./setup/setup again to start the fds-admin. Can some one tell me why is this happenning? Is it a bug? The only error i see in the slapd logs is this: 17/Aug/2006:15:18:15 +051800] - Listening for new connections again [17/Aug/2006:15:18:15 +051800] - Not listening for new connections - too many fds open Thanks in advance for any pointers. --- SK From rmeggins at redhat.com Thu Aug 17 14:21:31 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 17 Aug 2006 08:21:31 -0600 Subject: [Fedora-directory-users] FDS hangs In-Reply-To: References: Message-ID: <44E47B6B.5010105@redhat.com> You need to increase the number of file descriptors. See http://directory.fedora.redhat.com/wiki/Performance_Tuning#Linux and http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf - search for nsslapd-maxdescriptors Saravana Kumar wrote: > Hi, > > I am running FDS in one of my servers. It serves authinfo(username & > password) and automount info to about 50 clients. During peak hours(when > the number of connections to the server are high) it is very difficult to > operate in the client machines and the server fails to respond. Then i end > up in hard rebooting the server. After reboot slapd would not start(i have > scripts to start fds and fds-admin). I have to run ./setup/setup again to > start the fds-admin. > > Can some one tell me why is this happenning? Is it a bug? > > The only error i see in the slapd logs is this: > 17/Aug/2006:15:18:15 +051800] - Listening for new connections again > [17/Aug/2006:15:18:15 +051800] - Not listening for new connections - too > many fds open > > > Thanks in advance for any pointers. > > --- > SK > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Samuel.Adams at BROOKS.AF.MIL Thu Aug 17 14:22:18 2006 From: Samuel.Adams at BROOKS.AF.MIL (Adams, Samuel D Contr AFRL/HEDR) Date: Thu, 17 Aug 2006 09:22:18 -0500 Subject: [Fedora-directory-users] SASL Message-ID: <8BF06A36E7AD424197195998D9A0B8E14EEDC9@FBRMLBR01.Enterprise.afmc.ds.af.mil> I was wondering if I enable SASL on the directory server, can you configure your clients with MIT krb5, or must you use the OpenLDAP client with SASL? And, do you know if the RHEL4 SASL built into the OpenLDAP client. Sam Adams General Dynamics - Information Technology Phone: 210.536.5945 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Aug 17 14:33:39 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 17 Aug 2006 08:33:39 -0600 Subject: [Fedora-directory-users] SASL In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E14EEDC9@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E14EEDC9@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44E47E43.4050502@redhat.com> Adams, Samuel D Contr AFRL/HEDR wrote: > > I was wondering if I enable SASL on the directory server, can you > configure your clients with MIT krb5, or must you use the OpenLDAP > client with SASL? > Fedora DS supports SASL/Kerberos authentication, from any standard SASL/GSSAPI client. The OpenLDAP client libraries and command line tools (e.g. /usr/bin/ldapsearch, et. al.) support SASL/GSSAPI authentication. The Mozilla LDAP C SDK clients (/opt/fedora-ds/shared/bin) do not. > > And, do you know if the RHEL4 SASL built into the OpenLDAP client. > The RHEL4 OpenLDAP client libraries and command line tools (e.g. /usr/bin/ldapsearch, et. al.) support SASL/GSSAPI authentication. > > > > /*/Sam Adams/*/ > > General Dynamics - Information Technology > > Phone: 210.536.5945 > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Samuel.Adams at BROOKS.AF.MIL Thu Aug 17 15:22:13 2006 From: Samuel.Adams at BROOKS.AF.MIL (Adams, Samuel D Contr AFRL/HEDR) Date: Thu, 17 Aug 2006 10:22:13 -0500 Subject: [Fedora-directory-users] binding to the LDAP Message-ID: <8BF06A36E7AD424197195998D9A0B8E14EEE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> I have been tweaking my ACIs on my directory server, and I more or less feel good about its security posture except for one thing, it is still allowing unencrypted authentication. My clients are configured to use TLS for authentication which is good, but if I turn off TLS on the client, it still can authenticate which is bad. Assuming everything is configured properly on the client, this works, but I would feel better if my LDAP wouldn't even let a client bind if it is not using TLS. Can I do this through an ACI or some other setting on the server? Sam Adams General Dynamics - Information Technology Phone: 210.536.5945 -------------- next part -------------- An HTML attachment was scrubbed... URL: From elebsack at mitre.org Thu Aug 17 17:29:39 2006 From: elebsack at mitre.org (Lebsack, Eliot) Date: Thu, 17 Aug 2006 13:29:39 -0400 Subject: [Fedora-directory-users] smbpasswd crashing FDS In-Reply-To: <44DCC03C.5000904@redhat.com> Message-ID: <3DD2072FFE53004EA1A74D7E483D4315827E4B@IMCSRV2.MITRE.ORG> Rich, Thanks for the pointer. I rebuilt with the two files modified (but kept the rest of the source code tree the same), and noticed that smbpasswd does not crash the Directory now. Thanks again! Eliot ====================================== Eliot Lebsack Lead Communications Engineer The MITRE Corporation Bedford, MA -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Friday, August 11, 2006 1:37 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] smbpasswd crashing FDS Lebsack, Eliot wrote: > Good afternoon. > > In my quest to set up FDS with Samba (CentOS 4.3), I've managed to > get samba and the directory configured so that it is successful in > affecting > a password change via the "ldap passwd sync = yes" option in the > smb.conf file. > > When I attempt to change the password in my Windows XP client using > the standard > XP dialogs, it accepts the new password, but then promptly crashes the > Directory Server. > This behavior has also been observed with the executable smbpasswd. > I'm running FDS > 1.0.2. I'd sure like samba to control the "userPassword" LDAP > attribute when a password > is changed, but this is a show-stopper to be sure. Has anyone else > observed this problem? https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179723 > > Regards, > > Eliot > > > ----------------------------------------------------------------------- - > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Thu Aug 17 17:38:35 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 17 Aug 2006 11:38:35 -0600 Subject: [Fedora-directory-users] binding to the LDAP In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E14EEE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E14EEE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44E4A99B.5050001@redhat.com> Adams, Samuel D Contr AFRL/HEDR wrote: > > I have been tweaking my ACIs on my directory server, and I more or > less feel good about its security posture except for one thing, it is > still allowing unencrypted authentication. My clients are configured > to use TLS for authentication which is good, but if I turn off TLS on > the client, it still can authenticate which is bad. Assuming > everything is configured properly on the client, this works, but I > would feel better if my LDAP wouldn?t even let a client bind if it is > not using TLS. Can I do this through an ACI or some other setting on > the server? > No. There is no way to do this with Fedora DS. I suggest filing an enhancement request against Fedora Directory Server at http://bugzilla.redhat.com > > /*/Sam Adams/*/ > > General Dynamics - Information Technology > > Phone: 210.536.5945 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From tuxkumar at gmail.com Fri Aug 18 06:09:53 2006 From: tuxkumar at gmail.com (Saravana Kumar) Date: Fri, 18 Aug 2006 11:39:53 +0530 Subject: [Fedora-directory-users] Re: FDS hangs References: <44E47B6B.5010105@redhat.com> Message-ID: Richard Megginson wrote: > You need to increase the number of file descriptors. > See http://directory.fedora.redhat.com/wiki/Performance_Tuning#Linux > and > http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf - search > for nsslapd-maxdescriptors > > Saravana Kumar wrote: >> Hi, >> >> I am running FDS in one of my servers. It serves authinfo(username & >> password) and automount info to about 50 clients. During peak hours(when >> the number of connections to the server are high) it is very difficult to >> operate in the client machines and the server fails to respond. Then i >> end up in hard rebooting the server. After reboot slapd would not start(i >> have scripts to start fds and fds-admin). I have to run ./setup/setup >> again to start the fds-admin. >> >> Can some one tell me why is this happenning? Is it a bug? >> >> The only error i see in the slapd logs is this: >> 17/Aug/2006:15:18:15 +051800] - Listening for new connections again >> [17/Aug/2006:15:18:15 +051800] - Not listening for new connections - too >> many fds open >> >> >> Thanks in advance for any pointers. >> >> --- >> SK >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> Thanks Richard, After posting here i infact got to this page: http://www.redhat.com/docs/manuals/dir-server/cli/config.htm and checked nsslapd-maxdescriptors(it is 1024) and nsslapd-ntconntablesize(is 1024). My /proc/sys/fs/file-max is already 102432. I tried to change the nslapd-ntconntablesize from adminconsole, it failed with the error nsslapd-maxdescriptor is 1024. Then i tried to change maxdescriptor to 4096 it failed with the error maxfile descriptors must range from 1 to 1024 (the current file descriptors). Any idea? Regds, SK From playactor at gmail.com Fri Aug 18 15:27:15 2006 From: playactor at gmail.com (Eric Brown) Date: Fri, 18 Aug 2006 10:27:15 -0500 Subject: [Fedora-directory-users] Biulding an RPM without the Java Components Message-ID: I have been trying to build with the dsbuild package and the BUILD_RPM and NOJAVA flags, but I get the following errors when it gets to building the Mission Control Console: === Packaging Mission Control Console Apps ====== cd mcc; gmake BUILD_OPT=1 NO_MOCHA=1 NO_JAVA=1 NSPR_BASENAME=libnspr4 USE_PTHREADS=1 SECURITY=domestic BUILD_MODE=ext BUILD_MODULE=SETUP_MCC -w gmake[3]: Entering directory `/home/erbrow/dsbuild-fds102/ds/adminserver/work/fedora-adminserver-1.0.2/mcc' rm -rf ../built/domestic/mcc/dist/Linux2.6 rm -rf ../built/domestic/mcc/dist/Other-UNIX mkdir -p ../built/domestic/mcc/dist/Linux2.6 # Combine the client zip files from base and admin cd ../built/package/Linux2.6_x86_glibc_PTH_OPT.OBJ/base/unzipped/client; \ tar cvf ../../../../../domestic/mcc/dist/Linux2.6/uxmcc.tar * /bin/sh: line 0: cd: ../built/package/Linux2.6_x86_glibc_PTH_OPT.OBJ/base/unzipped/client: No such file or directory tar: ../../../../../domestic/mcc/dist/Linux2.6/uxmcc.tar: Cannot open: No such file or directory tar: Error is not recoverable: exiting now gmake[3]: *** [all] Error 2 gmake[3]: Leaving directory `/home/erbrow/dsbuild-fds102/ds/adminserver/work/fedora-adminserver-1.0.2/mcc' make[2]: *** [pkgMcc] Error 2 make[2]: Leaving directory `/home/erbrow/dsbuild-fds102/ds/adminserver/work/fedora-adminserver-1.0.2' make[1]: *** [build-work/fedora-adminserver-1.0.2/Makefile] Error 2 make[1]: Leaving directory `/home/erbrow/dsbuild-fds102/ds/adminserver' make: *** [dep-../../ds/adminserver] Error 2 Has anyone built the rpm without the java components? From rmeggins at redhat.com Fri Aug 18 16:00:21 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 18 Aug 2006 10:00:21 -0600 Subject: [Fedora-directory-users] Biulding an RPM without the Java Components In-Reply-To: References: Message-ID: <44E5E415.6080706@redhat.com> Edit ds/adminserver/work/fedora-adminserver-1.0.2/Makefile - look for the line PACKAGEDEPS += pkgBase pkgAdmin pkgMcc end_time remove pkgMcc from this line Eric Brown wrote: > I have been trying to build with the dsbuild package and the BUILD_RPM > and NOJAVA flags, but I get the following errors when it gets to > building the Mission Control Console: > > === Packaging Mission Control Console Apps ====== > > cd mcc; gmake BUILD_OPT=1 NO_MOCHA=1 NO_JAVA=1 NSPR_BASENAME=libnspr4 > USE_PTHREADS=1 SECURITY=domestic BUILD_MODE=ext BUILD_MODULE=SETUP_MCC > -w > gmake[3]: Entering directory > `/home/erbrow/dsbuild-fds102/ds/adminserver/work/fedora-adminserver-1.0.2/mcc' > > rm -rf ../built/domestic/mcc/dist/Linux2.6 > rm -rf ../built/domestic/mcc/dist/Other-UNIX > mkdir -p ../built/domestic/mcc/dist/Linux2.6 > # Combine the client zip files from base and admin > cd > ../built/package/Linux2.6_x86_glibc_PTH_OPT.OBJ/base/unzipped/client; \ > tar cvf ../../../../../domestic/mcc/dist/Linux2.6/uxmcc.tar * > /bin/sh: line 0: cd: > ../built/package/Linux2.6_x86_glibc_PTH_OPT.OBJ/base/unzipped/client: > No such file or directory > tar: ../../../../../domestic/mcc/dist/Linux2.6/uxmcc.tar: Cannot open: > No such file or directory > tar: Error is not recoverable: exiting now > gmake[3]: *** [all] Error 2 > gmake[3]: Leaving directory > `/home/erbrow/dsbuild-fds102/ds/adminserver/work/fedora-adminserver-1.0.2/mcc' > > make[2]: *** [pkgMcc] Error 2 > make[2]: Leaving directory > `/home/erbrow/dsbuild-fds102/ds/adminserver/work/fedora-adminserver-1.0.2' > > make[1]: *** [build-work/fedora-adminserver-1.0.2/Makefile] Error 2 > make[1]: Leaving directory `/home/erbrow/dsbuild-fds102/ds/adminserver' > make: *** [dep-../../ds/adminserver] Error 2 > > > Has anyone built the rpm without the java components? > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Aug 18 16:24:03 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 18 Aug 2006 10:24:03 -0600 Subject: [Fedora-directory-users] Re: FDS hangs In-Reply-To: References: <44E47B6B.5010105@redhat.com> Message-ID: <44E5E9A3.9080203@redhat.com> Saravana Kumar wrote: > Richard Megginson wrote: > > >> You need to increase the number of file descriptors. >> See http://directory.fedora.redhat.com/wiki/Performance_Tuning#Linux >> and >> http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf - search >> for nsslapd-maxdescriptors >> >> Saravana Kumar wrote: >> >>> Hi, >>> >>> I am running FDS in one of my servers. It serves authinfo(username & >>> password) and automount info to about 50 clients. During peak hours(when >>> the number of connections to the server are high) it is very difficult to >>> operate in the client machines and the server fails to respond. Then i >>> end up in hard rebooting the server. After reboot slapd would not start(i >>> have scripts to start fds and fds-admin). I have to run ./setup/setup >>> again to start the fds-admin. >>> >>> Can some one tell me why is this happenning? Is it a bug? >>> >>> The only error i see in the slapd logs is this: >>> 17/Aug/2006:15:18:15 +051800] - Listening for new connections again >>> [17/Aug/2006:15:18:15 +051800] - Not listening for new connections - too >>> many fds open >>> >>> >>> Thanks in advance for any pointers. >>> >>> --- >>> SK >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> > > Thanks Richard, > > After posting here i infact got to this page: > http://www.redhat.com/docs/manuals/dir-server/cli/config.htm > and checked nsslapd-maxdescriptors(it is 1024) and > nsslapd-ntconntablesize(is 1024). My /proc/sys/fs/file-max is already > 102432. > > I tried to change the nslapd-ntconntablesize from adminconsole, it failed > with the error nsslapd-maxdescriptor is 1024. Then i tried to change > maxdescriptor to 4096 it failed with the error maxfile descriptors must > range from 1 to 1024 (the current file descriptors). > You may have to edit the slapd-instance/start-slapd script to set ulimit -n 8192 or something like that first. What does ulimit -n say? > Any idea? > > Regds, > SK > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From playactor at gmail.com Fri Aug 18 16:43:19 2006 From: playactor at gmail.com (Eric Brown) Date: Fri, 18 Aug 2006 11:43:19 -0500 Subject: [Fedora-directory-users] RE: Biulding an RPM without the Java Message-ID: Thanks, that worked just fine. From jrussler at helix.nih.gov Mon Aug 21 12:51:36 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Mon, 21 Aug 2006 08:51:36 -0400 Subject: [Fedora-directory-users] binding to the LDAP In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E14EEE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E14EEE1D@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44E9AC58.9050805@helix.nih.gov> You can configure your clients to use the SSL port (636) and block the vanilla LDAP port (389) via a firewall. From jrussler at helix.nih.gov Mon Aug 21 12:52:38 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Mon, 21 Aug 2006 08:52:38 -0400 Subject: [Fedora-directory-users] leak Message-ID: <44E9AC96.4030009@helix.nih.gov> I've seen one recent mention on this list about leaks in the directory server but I have a ns-slapd process that grows by dozens of megabytes a day. At least once a week I restart the directory server after it eats up ~90% of the system memory. Right now it's a 1.2G process and it sure isn't cached data because there are not that many entries in this thing. I don't recall the issue being this extreme when I first set it up. Cold the leak be associated with replication or some other subsystem not active in a fresh install? -- Jason Russler Helix Systems, NIH, DHHS From frits.hoogland at gmail.com Mon Aug 21 13:28:00 2006 From: frits.hoogland at gmail.com (Frits Hoogland) Date: Mon, 21 Aug 2006 15:28:00 +0200 Subject: [Fedora-directory-users] leak In-Reply-To: <44E9AC96.4030009@helix.nih.gov> References: <44E9AC96.4030009@helix.nih.gov> Message-ID: Same here, 'reasonable' usage, constant leaking. We are using multimaster replication. Haven't had any responses, though. frits On 8/21/06, Jason Russler wrote: > > I've seen one recent mention on this list about leaks in the directory > server but I have a ns-slapd process that grows by dozens of megabytes a > day. At least once a week I restart the directory server after it eats > up ~90% of the system memory. Right now it's a 1.2G process and it sure > isn't cached data because there are not that many entries in this > thing. I don't recall the issue being this extreme when I first set it > up. Cold the leak be associated with replication or some other > subsystem not active in a fresh install? > -- > Jason Russler > Helix Systems, NIH, DHHS > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Aug 21 13:53:43 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Aug 2006 07:53:43 -0600 Subject: [Fedora-directory-users] leak In-Reply-To: References: <44E9AC96.4030009@helix.nih.gov> Message-ID: <44E9BAE7.60502@redhat.com> Frits Hoogland wrote: > Same here, 'reasonable' usage, constant leaking. > We are using multimaster replication. > > Haven't had any responses, though. Are you guys using SSL? What OS version? I'm assuming you are using FDS 1.0.2. > > frits > > On 8/21/06, * Jason Russler* > wrote: > > I've seen one recent mention on this list about leaks in the directory > server but I have a ns-slapd process that grows by dozens of > megabytes a > day. At least once a week I restart the directory server after it > eats > up ~90% of the system memory. Right now it's a 1.2G process and > it sure > isn't cached data because there are not that many entries in this > thing. I don't recall the issue being this extreme when I first > set it > up. Cold the leak be associated with replication or some other > subsystem not active in a fresh install? > -- > Jason Russler > Helix Systems, NIH, DHHS > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From joshkel at gmail.com Mon Aug 21 14:17:11 2006 From: joshkel at gmail.com (Josh Kelley) Date: Mon, 21 Aug 2006 10:17:11 -0400 Subject: [Fedora-directory-users] Fetching nsAccountLock? Message-ID: <97cbd1a90608210717q125d45e5p3cefb44b87271d24@mail.gmail.com> I have some Perl scripts for enabling and disabling that I'm trying to update for FDS, and I'm havint trouble retrieving the nsAccountLock attribute. I'm assuming that it's not being returned because it's an operational attribute; I can use it for search criteria, but I haven't figured out any way to retrieve it. Any pointers? Thanks. Josh Kelley From rmeggins at redhat.com Mon Aug 21 14:27:48 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Aug 2006 08:27:48 -0600 Subject: [Fedora-directory-users] Fetching nsAccountLock? In-Reply-To: <97cbd1a90608210717q125d45e5p3cefb44b87271d24@mail.gmail.com> References: <97cbd1a90608210717q125d45e5p3cefb44b87271d24@mail.gmail.com> Message-ID: <44E9C2E4.9090403@redhat.com> Josh Kelley wrote: > I have some Perl scripts for enabling and disabling that I'm trying to > update for FDS, and I'm havint trouble retrieving the nsAccountLock > attribute. I'm assuming that it's not being returned because it's an > operational attribute; I can use it for search criteria, but I haven't > figured out any way to retrieve it. Any pointers? Since it is an operational attribute, you must explicitly provide it in the list of attributes to be returned in your search requests. > > Thanks. > > Josh Kelley > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From frits.hoogland at gmail.com Mon Aug 21 14:33:19 2006 From: frits.hoogland at gmail.com (Frits Hoogland) Date: Mon, 21 Aug 2006 16:33:19 +0200 Subject: [Fedora-directory-users] leak In-Reply-To: <44E9BAE7.60502@redhat.com> References: <44E9AC96.4030009@helix.nih.gov> <44E9BAE7.60502@redhat.com> Message-ID: Yes. Version 1.0.2. Yes using SSL. os: Debian GNU/Linux 3.1 (aka sarge) On 8/21/06, Richard Megginson wrote: > > Frits Hoogland wrote: > > Same here, 'reasonable' usage, constant leaking. > > We are using multimaster replication. > > > > Haven't had any responses, though. > Are you guys using SSL? What OS version? I'm assuming you are using > FDS 1.0.2. > > > > frits > > > > On 8/21/06, * Jason Russler* > > wrote: > > > > I've seen one recent mention on this list about leaks in the > directory > > server but I have a ns-slapd process that grows by dozens of > > megabytes a > > day. At least once a week I restart the directory server after it > > eats > > up ~90% of the system memory. Right now it's a 1.2G process and > > it sure > > isn't cached data because there are not that many entries in this > > thing. I don't recall the issue being this extreme when I first > > set it > > up. Cold the leak be associated with replication or some other > > subsystem not active in a fresh install? > > -- > > Jason Russler > > Helix Systems, NIH, DHHS > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshkel at gmail.com Mon Aug 21 14:35:13 2006 From: joshkel at gmail.com (Josh Kelley) Date: Mon, 21 Aug 2006 10:35:13 -0400 Subject: [Fedora-directory-users] Fetching nsAccountLock? In-Reply-To: <44E9C2E4.9090403@redhat.com> References: <97cbd1a90608210717q125d45e5p3cefb44b87271d24@mail.gmail.com> <44E9C2E4.9090403@redhat.com> Message-ID: <97cbd1a90608210735h637c576ai191803c4cf9884b0@mail.gmail.com> On 8/21/06, Richard Megginson wrote: > Josh Kelley wrote: > > I have some Perl scripts for enabling and disabling that I'm trying to > > update for FDS, and I'm havint trouble retrieving the nsAccountLock > > attribute. I'm assuming that it's not being returned because it's an > > operational attribute; I can use it for search criteria, but I haven't > > figured out any way to retrieve it. Any pointers? > Since it is an operational attribute, you must explicitly provide it in > the list of attributes to be returned in your search requests. I was certain I'd tried that before mailing the list... Oh well. That worked; thanks for your help. Josh Kelley From pengle at rice.edu Mon Aug 21 14:46:00 2006 From: pengle at rice.edu (Paul Engle) Date: Mon, 21 Aug 2006 09:46:00 -0500 Subject: [Fedora-directory-users] leak In-Reply-To: References: <44E9AC96.4030009@helix.nih.gov> <44E9BAE7.60502@redhat.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > On 8/21/06, Richard Megginson wrote: > > Frits Hoogland wrote: >> Same here, 'reasonable' usage, constant leaking. >> We are using multimaster replication. >> >> Haven't had any responses, though. > Are you guys using SSL? What OS version? I'm assuming you are using > FDS 1.0.2. Seeing the same thing here. FDS 1.0.2 using SSL, on RHEL4. Once the server went production and started getting hits, the memory started creeping up. Resident memory size remains fairly constant, but the virutal image grows to consume all available resources. -paul - -- Paul D. Engle | Rice University Sr. Systems Administrator | Information Technology - MS119 (713) 348-4702 | P.O. Box 1892 pengle at rice.edu | Houston, TX 77251-1892 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFE6ccpCpkISWtyHNsRAqzzAJ0R9Q0PHMF2DLlx3s7ApkW2tsaQ6ACffKR7 QpWKqaXzdqiEyNO6ylwBx/I= =NPYN -----END PGP SIGNATURE----- From david.bogen at icecube.wisc.edu Mon Aug 21 15:16:40 2006 From: david.bogen at icecube.wisc.edu (david.bogen at icecube.wisc.edu) Date: Mon, 21 Aug 2006 10:16:40 -0500 (CDT) Subject: [Fedora-directory-users] leak In-Reply-To: References: <44E9AC96.4030009@helix.nih.gov> <44E9BAE7.60502@redhat.com> Message-ID: <49419.172.16.223.37.1156173400.squirrel@webmail.icecube.wisc.edu> I'll reply with another "me too." We're using FDS 1.0.2 on x86_64 with SSL. With less than two thousand entries in the directory the resident size is 3.6GB, the virtual image is over 5GB, and both are still growing. It's like that old Johnny Cash song: "How high is the water, mama?" "Five feet high and risin'..." David From jrussler at helix.nih.gov Mon Aug 21 15:17:05 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Mon, 21 Aug 2006 11:17:05 -0400 Subject: [Fedora-directory-users] leak In-Reply-To: <44E9BAE7.60502@redhat.com> References: <44E9AC96.4030009@helix.nih.gov> <44E9BAE7.60502@redhat.com> Message-ID: <44E9CE71.8070107@helix.nih.gov> Ah yes, using the SSL port rather than a "start TLS" session on 389. FDS 1.0.2. I did switch to that a while ago. > Are you guys using SSL? What OS version? I'm assuming you are using > FDS 1.0.2. >> >> > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From Nick.Johnson at exeter.ac.uk Mon Aug 21 15:29:12 2006 From: Nick.Johnson at exeter.ac.uk (Nick Johnson) Date: Mon, 21 Aug 2006 16:29:12 +0100 Subject: [Fedora-directory-users] leak In-Reply-To: <49419.172.16.223.37.1156173400.squirrel@webmail.icecube.wisc.edu> References: <44E9AC96.4030009@helix.nih.gov> <44E9BAE7.60502@redhat.com> <49419.172.16.223.37.1156173400.squirrel@webmail.icecube.wisc.edu> Message-ID: <44E9D148.3080302@exeter.ac.uk> Another "me too". We are running FDS 1.0.2 on RHEL4 with SSL. Here is a crude measure showing the change after running a short soak test: $ ps -ely|grep ns-slapd S UID PID PPID C PRI NI RSS SZ WCHAN TTY TIME CMD S 389 19007 1 0 75 0 282044 220799 - ? 00:06:52 ns-slapd and later: S 389 19007 1 0 75 0 324100 231461 - ? 00:14:52 ns-slapd Regards Nick Johnson -------------- next part -------------- A non-text attachment was scrubbed... Name: nick.johnson.vcf Type: text/x-vcard Size: 301 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3269 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Aug 21 16:40:40 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Aug 2006 10:40:40 -0600 Subject: [Fedora-directory-users] leak In-Reply-To: <44E9D148.3080302@exeter.ac.uk> References: <44E9AC96.4030009@helix.nih.gov> <44E9BAE7.60502@redhat.com> <49419.172.16.223.37.1156173400.squirrel@webmail.icecube.wisc.edu> <44E9D148.3080302@exeter.ac.uk> Message-ID: <44E9E208.60506@redhat.com> This might be a leak in NSS 3.11. There has since been NSS 3.11.1 and 3.11.2. For those of you who feel inclined to build NSPR and NSS - http://directory.fedora.redhat.com/wiki/Building#Mozilla.org_components Note that the CVS tag for the latest NSPR 4.6.2 is NSPR_4_6_2_RTM and the CVS tag for NSS is NSS_3_11_2_RTM. Also note that DBM is now part of NSS, so you do not have to check out dbm separately, just do the following (after checking out NSPR): cvs -z3 co -r NSS_3_9_3_RTM mozilla/security/coreconf mozilla/security/nss mozilla/security/dbm Then make -C mozilla/security/nss BUILD_OPT=1 [USE_64=1] nss_build_all Once this is done, find the nspr and nss shared libs under mozilla/dist//lib. You will need to replace the following libs in bin/slapd/lib with the ones from mozilla/dist//lib: libfreebl3.chk libfreebl3.so libnspr4.so libnss3.so libplc4.so libplds4.so libsmime3.so libsoftokn3.chk libsoftokn3.so libssl3.so For those of you unable or unwilling to build NSS/NSPR for yourself, drop me a line and let me know what OS, version, and arch you are using. I may be able to build binaries for RHEL/FC 32 bit and 64 bit platforms. Nick Johnson wrote: > Another "me too". We are running FDS 1.0.2 on RHEL4 with SSL. Here is > a crude measure showing the change after running a short soak test: > $ ps -ely|grep ns-slapd > S UID PID PPID C PRI NI RSS SZ WCHAN TTY TIME CMD > S 389 19007 1 0 75 0 282044 220799 - ? 00:06:52 ns-slapd > and later: > S 389 19007 1 0 75 0 324100 231461 - ? 00:14:52 ns-slapd > > Regards > Nick Johnson > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jrussler at helix.nih.gov Mon Aug 21 17:19:40 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Mon, 21 Aug 2006 13:19:40 -0400 Subject: [Fedora-directory-users] leak In-Reply-To: <44E9E208.60506@redhat.com> References: <44E9AC96.4030009@helix.nih.gov> <44E9BAE7.60502@redhat.com> <49419.172.16.223.37.1156173400.squirrel@webmail.icecube.wisc.edu> <44E9D148.3080302@exeter.ac.uk> <44E9E208.60506@redhat.com> Message-ID: <44E9EB2C.5010903@helix.nih.gov> Excellent, thanks for the info. Richard Megginson wrote: > This might be a leak in NSS 3.11. There has since been NSS 3.11.1 and > 3.11.2. For those of you who feel inclined to build NSPR and NSS - > http://directory.fedora.redhat.com/wiki/Building#Mozilla.org_components > > Note that the CVS tag for the latest NSPR 4.6.2 is NSPR_4_6_2_RTM and > the CVS tag for NSS is NSS_3_11_2_RTM. Also note that DBM is now part > of NSS, so you do not have to check out dbm separately, just do the > following (after checking out NSPR): > > cvs -z3 co -r NSS_3_9_3_RTM mozilla/security/coreconf > mozilla/security/nss mozilla/security/dbm > > Then > make -C mozilla/security/nss BUILD_OPT=1 [USE_64=1] nss_build_all > > > Once this is done, find the nspr and nss shared libs under > mozilla/dist//lib. You will need to replace the following > libs in bin/slapd/lib with the ones from mozilla/dist//lib: > libfreebl3.chk libfreebl3.so libnspr4.so libnss3.so libplc4.so > libplds4.so libsmime3.so libsoftokn3.chk libsoftokn3.so libssl3.so > > For those of you unable or unwilling to build NSS/NSPR for yourself, > drop me a line and let me know what OS, version, and arch you are > using. I may be able to build binaries for RHEL/FC 32 bit and 64 bit > platforms. > > Nick Johnson wrote: >> Another "me too". We are running FDS 1.0.2 on RHEL4 with SSL. Here is >> a crude measure showing the change after running a short soak test: >> $ ps -ely|grep ns-slapd >> S UID PID PPID C PRI NI RSS SZ WCHAN TTY TIME CMD >> S 389 19007 1 0 75 0 282044 220799 - ? 00:06:52 ns-slapd >> and later: >> S 389 19007 1 0 75 0 324100 231461 - ? 00:14:52 ns-slapd >> >> Regards >> Nick Johnson >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From prowley at redhat.com Mon Aug 21 20:02:25 2006 From: prowley at redhat.com (Pete Rowley) Date: Mon, 21 Aug 2006 13:02:25 -0700 Subject: [Fedora-directory-users] TLS authentication In-Reply-To: <44E382AB.6010608@redhat.com> References: <8BF06A36E7AD424197195998D9A0B8E14B88B9@FBRMLBR01.Enterprise.afmc.ds.af.mil> <44E382AB.6010608@redhat.com> Message-ID: <44EA1151.9040405@redhat.com> > Adams, Samuel D Contr AFRL/HEDR wrote: > >> Is there an easier way of modifying ACIs a know beforehand what the >> effect will be other than modifying them in the GUI or changing the >> expression and restarting the server? > > You don't need to restart the server after changing access control, like most DS configuration it allows dynamic modification. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Aug 21 20:38:14 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Aug 2006 14:38:14 -0600 Subject: [Fedora-directory-users] leak In-Reply-To: <44E9D148.3080302@exeter.ac.uk> References: <44E9AC96.4030009@helix.nih.gov> <44E9BAE7.60502@redhat.com> <49419.172.16.223.37.1156173400.squirrel@webmail.icecube.wisc.edu> <44E9D148.3080302@exeter.ac.uk> Message-ID: <44EA19B6.9030206@redhat.com> Please refer to this bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193043 for more information about the memory leak. The original reporter said that the memory usage went down back to expected values after applying the new nspr/nss. That bug also has instructions about how to checkout and build nspr/nss. Nick Johnson wrote: > Another "me too". We are running FDS 1.0.2 on RHEL4 with SSL. Here is > a crude measure showing the change after running a short soak test: > $ ps -ely|grep ns-slapd > S UID PID PPID C PRI NI RSS SZ WCHAN TTY TIME CMD > S 389 19007 1 0 75 0 282044 220799 - ? 00:06:52 ns-slapd > and later: > S 389 19007 1 0 75 0 324100 231461 - ? 00:14:52 ns-slapd > > Regards > Nick Johnson > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Aug 21 21:05:37 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Aug 2006 15:05:37 -0600 Subject: [Fedora-directory-users] Binaries to fix memory leak for RHEL4 x86_64 Message-ID: <44EA2021.50109@redhat.com> The following tarball contains the nspr/nss .so and .chk files needed to address the memory leak for RHEL4 x86_64. Instructions: 1) stop-slapd 2) download and unpack http://directory.fedora.redhat.com/download/nspr-4.6.2-nss-3.11.1-RHEL4-x86_64.tar.gz into /opt/fedora-ds/bin/slapd/lib 3) start-slapd 4) stop-admin 5) same as step 2 in bin/admin/lib 6) start-admin You can also replace the other copies of nspr/nss elsewhere in /opt/fedora-ds, but this memory leak won't affect command line apps. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From david.bogen at icecube.wisc.edu Mon Aug 21 21:50:37 2006 From: david.bogen at icecube.wisc.edu (David Bogen) Date: Mon, 21 Aug 2006 16:50:37 -0500 Subject: [Fedora-directory-users] Binaries to fix memory leak for RHEL4 x86_64 In-Reply-To: <44EA2021.50109@redhat.com> References: <44EA2021.50109@redhat.com> Message-ID: <44EA2AAD.9080909@icecube.wisc.edu> The bug report cited in the "leak" thread mentioned this: 'Unfortunately, this will "break" RPM if the files are replaced. So, please be careful and keep the backups of the files and run your test.' The files that I got from your last e-mail do seem to help the situation (according to preliminary results) on a test system, but now I'm concerned about what sort of obstacles I've created for future upgrades. Will future RPMs give me trouble because I've replaced these files? Or, do I need to keep my backups of the originals around forever and remember to replace the originals before applying future upgrades? David -- David Bogen :: (608) 263-0168 Unix SysAdmin :: IceCube Project david.bogen at icecube.wisc.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3298 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Aug 21 21:57:41 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 Aug 2006 15:57:41 -0600 Subject: [Fedora-directory-users] Binaries to fix memory leak for RHEL4 x86_64 In-Reply-To: <44EA2AAD.9080909@icecube.wisc.edu> References: <44EA2021.50109@redhat.com> <44EA2AAD.9080909@icecube.wisc.edu> Message-ID: <44EA2C55.8050704@redhat.com> David Bogen wrote: > The bug report cited in the "leak" thread mentioned this: > > 'Unfortunately, this will "break" RPM if the files are replaced. So, > please be careful and keep the backups of the files and run your test.' > > The files that I got from your last e-mail do seem to help the situation > (according to preliminary results) on a test system, but now I'm > concerned about what sort of obstacles I've created for future upgrades. > > Will future RPMs give me trouble because I've replaced these files? Or, > do I need to keep my backups of the originals around forever and > remember to replace the originals before applying future upgrades? > No. Future versions of fds will be much more easily upgradeable in this respect. This will (hopefully) be the last version that has these sorts of packaging issues. So for now, don't worry about it. > David > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Samuel.Adams at BROOKS.AF.MIL Tue Aug 22 13:54:43 2006 From: Samuel.Adams at BROOKS.AF.MIL (Adams, Samuel D Contr AFRL/HEDR) Date: Tue, 22 Aug 2006 08:54:43 -0500 Subject: [Fedora-directory-users] Anonymous bind with restrictive ACIs Message-ID: <8BF06A36E7AD424197195998D9A0B8E14EF84A@FBRMLBR01.Enterprise.afmc.ds.af.mil> Does anyone know what the minimum set of attributes are that need to be anonymously readable and still allow the OpenLDAP PAM client to authenticate? I tried to lock it down to only allow username, but that was too restrictive. Now I just have it restricting only the userPassword, but I thing there is room for further tightening. Sam Adams General Dynamics - Information Technology Phone: 210.536.5945 -------------- next part -------------- An HTML attachment was scrubbed... URL: From prowley at redhat.com Tue Aug 22 18:30:37 2006 From: prowley at redhat.com (Pete Rowley) Date: Tue, 22 Aug 2006 11:30:37 -0700 Subject: [Fedora-directory-users] Anonymous bind with restrictive ACIs In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E14EF84A@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E14EF84A@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44EB4D4D.7050504@redhat.com> Adams, Samuel D Contr AFRL/HEDR wrote: > Does anyone know what the minimum set of attributes are that need to > be anonymously readable and still allow the OpenLDAP PAM client to > authenticate? > > > > I tried to lock it down to only allow username, but that was too > restrictive. Now I just have it restricting only the userPassword, > but I thing there is room for further tightening. > I don't know offhand but you can either look in the logs for the request, or use ethereal to sniff the packets to get the attributes requested. Perhaps you forgot to allow access to objectclass? -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Aug 22 18:43:21 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 22 Aug 2006 12:43:21 -0600 Subject: [Fedora-directory-users] Binaries to fix memory leak for RHEL4 i386 (32 bit) Message-ID: <44EB5049.7060004@redhat.com> The following tarball contains the nspr/nss .so and .chk files needed to address the memory leak for RHEL4 i386: Instructions: 1) stop-slapd 2) download and unpack http://directory.fedora.redhat.com/download/nspr-4.6.2-nss-3.11.1-RHEL4-i386.tar.gz into /opt/fedora-ds/bin/slapd/lib 3) start-slapd 4) stop-admin 5) same as step 2 in bin/admin/lib 6) start-admin You can also replace the other copies of nspr/nss elsewhere in /opt/fedora-ds, but this memory leak won't affect command line apps. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From marco at sif.it Wed Aug 23 07:28:52 2006 From: marco at sif.it (Marco Bellacosa) Date: Wed, 23 Aug 2006 09:28:52 +0200 Subject: [Fedora-directory-users] problem starting slapd Message-ID: <44EC03B4.3000807@sif.it> Dear all, I got problems while restarting my fedora-ds. In particular, when I try to start the server via start-slapd I receive the following message: [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert server-cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 - Peer's Certificate has expired.) [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are valid\ Then, if I try to menage certificates via console, I am not able to log in the console, I get the message: Cannot connect to the Admin Server ..... The URL is not correct or the server is not running. Therefore, I cannot start the server because my certificate is no more valid and I cannot menage certificate because my console doesn't open (it seems to me). Can anyone help me? Thanks, marco From tuxkumar at gmail.com Wed Aug 23 10:13:55 2006 From: tuxkumar at gmail.com (Saravana Kumar) Date: Wed, 23 Aug 2006 15:43:55 +0530 Subject: [Fedora-directory-users] Re: Re: FDS hangs References: <44E47B6B.5010105@redhat.com> <44E5E9A3.9080203@redhat.com> Message-ID: Richard Megginson wrote: > Saravana Kumar wrote: >> Richard Megginson wrote: >> >> >>> You need to increase the number of file descriptors. >>> See http://directory.fedora.redhat.com/wiki/Performance_Tuning#Linux >>> and >>> http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf - search >>> for nsslapd-maxdescriptors >>> >>> Saravana Kumar wrote: >>> >>>> Hi, >>>> >>>> I am running FDS in one of my servers. It serves authinfo(username & >>>> password) and automount info to about 50 clients. During peak >>>> hours(when the number of connections to the server are high) it is very >>>> difficult to operate in the client machines and the server fails to >>>> respond. Then i end up in hard rebooting the server. After reboot slapd >>>> would not start(i have scripts to start fds and fds-admin). I have to >>>> run ./setup/setup again to start the fds-admin. >>>> >>>> Can some one tell me why is this happenning? Is it a bug? >>>> >>>> The only error i see in the slapd logs is this: >>>> 17/Aug/2006:15:18:15 +051800] - Listening for new connections again >>>> [17/Aug/2006:15:18:15 +051800] - Not listening for new connections - >>>> [too >>>> many fds open >>>> >>>> >>>> Thanks in advance for any pointers. >>>> >>>> --- >>>> SK >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >> >> Thanks Richard, >> >> After posting here i infact got to this page: >> http://www.redhat.com/docs/manuals/dir-server/cli/config.htm >> and checked nsslapd-maxdescriptors(it is 1024) and >> nsslapd-ntconntablesize(is 1024). My /proc/sys/fs/file-max is already >> 102432. >> >> I tried to change the nslapd-ntconntablesize from adminconsole, it failed >> with the error nsslapd-maxdescriptor is 1024. Then i tried to change >> maxdescriptor to 4096 it failed with the error maxfile descriptors must >> range from 1 to 1024 (the current file descriptors). >> > You may have to edit the slapd-instance/start-slapd script to set ulimit > -n 8192 or something like that first. What does ulimit -n say? ulimit -n says 1024. It set the value manually like this ulimit -n 8192(also put it in /etc/profile). Restarted fds admin server. Tried to change the nsslapd-maxdescriptors but it gives the same error again. TIA, SK From mikael.kermorgant at gmail.com Wed Aug 23 11:28:03 2006 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Wed, 23 Aug 2006 13:28:03 +0200 Subject: [Fedora-directory-users] account expiration Message-ID: <9711147e0608230428q1d292713t54691b607787a8ef@mail.gmail.com> Hello, I'd like to set up an expiration policy on my server but I've not found any way of doing it in the docs. I'd like to define for each user an expiration date. Has someone on this list set up something similar ? If so, what attribute have you used ? Thanks in advance, -- Mikael Kermorgant From rmeggins at redhat.com Wed Aug 23 13:50:07 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 23 Aug 2006 07:50:07 -0600 Subject: [Fedora-directory-users] problem starting slapd In-Reply-To: <44EC03B4.3000807@sif.it> References: <44EC03B4.3000807@sif.it> Message-ID: <44EC5D0F.8090704@redhat.com> Marco Bellacosa wrote: > Dear all, > > I got problems while restarting my fedora-ds. In particular, > when I try to start the server via start-slapd I receive the following > message: > > [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: > verify certificate failed for cert server-cert of family > cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 > - Peer's Certificate has expired.) > [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are valid\ > > Then, if I try to menage certificates via console, I am not able to > log in the console, I get the message: > > Cannot connect to the Admin Server ..... > The URL is not correct or the server is not running. > > Therefore, I cannot start the server because my certificate is no more > valid and I cannot menage certificate because my console doesn't open > (it seems to me). Can anyone help me? Looks like you will have to generate a new server (or CA?) cert. Do you have a CA? See http://directory.fedora.redhat.com/wiki/Howto:SSL for some examples of how to use the command line certutil tool. > > Thanks, > marco > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Aug 23 13:51:59 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 23 Aug 2006 07:51:59 -0600 Subject: [Fedora-directory-users] Re: Re: FDS hangs In-Reply-To: References: <44E47B6B.5010105@redhat.com> <44E5E9A3.9080203@redhat.com> Message-ID: <44EC5D7F.2090009@redhat.com> Saravana Kumar wrote: > Richard Megginson wrote: > > >> Saravana Kumar wrote: >> >>> Richard Megginson wrote: >>> >>> >>> >>>> You need to increase the number of file descriptors. >>>> See http://directory.fedora.redhat.com/wiki/Performance_Tuning#Linux >>>> and >>>> http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf - search >>>> for nsslapd-maxdescriptors >>>> >>>> Saravana Kumar wrote: >>>> >>>> >>>>> Hi, >>>>> >>>>> I am running FDS in one of my servers. It serves authinfo(username & >>>>> password) and automount info to about 50 clients. During peak >>>>> hours(when the number of connections to the server are high) it is very >>>>> difficult to operate in the client machines and the server fails to >>>>> respond. Then i end up in hard rebooting the server. After reboot slapd >>>>> would not start(i have scripts to start fds and fds-admin). I have to >>>>> run ./setup/setup again to start the fds-admin. >>>>> >>>>> Can some one tell me why is this happenning? Is it a bug? >>>>> >>>>> The only error i see in the slapd logs is this: >>>>> 17/Aug/2006:15:18:15 +051800] - Listening for new connections again >>>>> [17/Aug/2006:15:18:15 +051800] - Not listening for new connections - >>>>> [too >>>>> many fds open >>>>> >>>>> >>>>> Thanks in advance for any pointers. >>>>> >>>>> --- >>>>> SK >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>> Thanks Richard, >>> >>> After posting here i infact got to this page: >>> http://www.redhat.com/docs/manuals/dir-server/cli/config.htm >>> and checked nsslapd-maxdescriptors(it is 1024) and >>> nsslapd-ntconntablesize(is 1024). My /proc/sys/fs/file-max is already >>> 102432. >>> >>> I tried to change the nslapd-ntconntablesize from adminconsole, it failed >>> with the error nsslapd-maxdescriptor is 1024. Then i tried to change >>> maxdescriptor to 4096 it failed with the error maxfile descriptors must >>> range from 1 to 1024 (the current file descriptors). >>> >>> >> You may have to edit the slapd-instance/start-slapd script to set ulimit >> -n 8192 or something like that first. What does ulimit -n say? >> > ulimit -n says 1024. > > It set the value manually like this ulimit -n 8192(also put it > in /etc/profile). Try putting it in /opt/fedora-ds/slapd-instance/start-slapd > Restarted fds admin server. admin server or directory server? > Tried to change the > nsslapd-maxdescriptors but it gives the same error again. > Yes. The ulimit -n didn't take effect for the directory server for some reason. > TIA, > SK > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Aug 23 13:54:20 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 23 Aug 2006 07:54:20 -0600 Subject: [Fedora-directory-users] account expiration In-Reply-To: <9711147e0608230428q1d292713t54691b607787a8ef@mail.gmail.com> References: <9711147e0608230428q1d292713t54691b607787a8ef@mail.gmail.com> Message-ID: <44EC5E0C.8030302@redhat.com> Mikael Kermorgant wrote: > Hello, > > I'd like to set up an expiration policy on my server but I've not > found any way of doing it in the docs. > I'd like to define for each user an expiration date. > > Has someone on this list set up something similar ? If so, what > attribute have you used ? There is no account expiration, only password expiration. I suppose you could use password expiration with no user password change - that would effectively lock out the user when their password expires. One of our long time community members has written a design doc for advanced account policy - http://directory.fedora.redhat.com/wiki/Account_Policy_Design > > Thanks in advance, > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jrussler at helix.nih.gov Wed Aug 23 17:15:38 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Wed, 23 Aug 2006 13:15:38 -0400 Subject: [Fedora-directory-users] Anonymous bind with restrictive ACIs In-Reply-To: <8BF06A36E7AD424197195998D9A0B8E14EF84A@FBRMLBR01.Enterprise.afmc.ds.af.mil> References: <8BF06A36E7AD424197195998D9A0B8E14EF84A@FBRMLBR01.Enterprise.afmc.ds.af.mil> Message-ID: <44EC8D3A.7090000@helix.nih.gov> Adams, Samuel D Contr AFRL/HEDR wrote: > Does anyone know what the minimum set of attributes are that need to be > anonymously readable and still allow the OpenLDAP PAM client to > authenticate? > Well, if you want everything to work, you'll need access to any data that would normally be available via a passwd file: shell, home, gecos, uid, username, primary group id in addition to some other data relating to password policy. PAM needs much of that stuff _before_ a bind is initiated. Just watch the access log during a login. > I tried to lock it down to only allow username, but that was too > restrictive. Now I just have it restricting only the userPassword, but > I thing there is room for further tightening. > > > > Sam Adams > > General Dynamics - Information Technology > > Phone: 210.536.5945 > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From jrussler at helix.nih.gov Wed Aug 23 17:19:29 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Wed, 23 Aug 2006 13:19:29 -0400 Subject: [Fedora-directory-users] account expiration In-Reply-To: <9711147e0608230428q1d292713t54691b607787a8ef@mail.gmail.com> References: <9711147e0608230428q1d292713t54691b607787a8ef@mail.gmail.com> Message-ID: <44EC8E21.3060606@helix.nih.gov> I use cron and a special user with a restrictive ACI to lock old accounts. Not pretty, but hey... Mikael Kermorgant wrote: > Hello, > > I'd like to set up an expiration policy on my server but I've not > found any way of doing it in the docs. > I'd like to define for each user an expiration date. > > Has someone on this list set up something similar ? If so, what > attribute have you used ? > > Thanks in advance, > From pkime at Shopzilla.com Wed Aug 23 19:23:20 2006 From: pkime at Shopzilla.com (Philip Kime) Date: Wed, 23 Aug 2006 12:23:20 -0700 Subject: [Fedora-directory-users] Memory leak in FDS? Message-ID: <9C0091F428E697439E7A773FFD083427026074@szexchange.Shopzilla.inc> My new LDAP infra has started to be used fairly heavily recently and today, it died - top reported: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 25708 ldap 15 0 11.9g 7.1g 3624 D 0.3 91.6 17168:00 ns-slapd This looks like the memory leak I've seen rumours of? I'm using 64-bit on CentOS, version 1.0.2. PK -- Philip Kime NOPS Systems Architect 310 401 0407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Aug 23 22:11:00 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 23 Aug 2006 16:11:00 -0600 Subject: [Fedora-directory-users] Memory leak in FDS? In-Reply-To: <9C0091F428E697439E7A773FFD083427026074@szexchange.Shopzilla.inc> References: <9C0091F428E697439E7A773FFD083427026074@szexchange.Shopzilla.inc> Message-ID: <44ECD274.9010607@redhat.com> Philip Kime wrote: > My new LDAP infra has started to be used fairly heavily recently and > today, it died - top reported: > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 25708 ldap 15 0 11.9g 7.1g 3624 D 0.3 91.6 17168:00 ns-slapd > > This looks like the memory leak I've seen rumours of? I'm using 64-bit > on CentOS, version 1.0.2. Are you using SSL? If so, try this - http://directory.fedora.redhat.com/download/nspr-4.6.2-nss-3.11.1-RHEL4-x86_64.tar.gz - and follow the directions in the previous emails in this thread. > > PK > -- > Philip Kime > NOPS Systems Architect > 310 401 0407 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From marco at sif.it Thu Aug 24 08:06:56 2006 From: marco at sif.it (Marco Bellacosa) Date: Thu, 24 Aug 2006 10:06:56 +0200 Subject: [Fedora-directory-users] problem starting slapd References: <44EC03B4.3000807@sif.it> <44EC5D0F.8090704@redhat.com> Message-ID: <44ED5E20.8060409@sif.it> Thanks Richard, Richard Megginson wrote: > Marco Bellacosa wrote: > >> Dear all, >> >> I got problems while restarting my fedora-ds. In particular, >> when I try to start the server via start-slapd I receive the following >> message: >> >> [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: >> verify certificate failed for cert server-cert of family >> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 >> - Peer's Certificate has expired.) >> [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are valid\ >> >> Then, if I try to menage certificates via console, I am not able to >> log in the console, I get the message: >> >> Cannot connect to the Admin Server ..... >> The URL is not correct or the server is not running. >> >> Therefore, I cannot start the server because my certificate is no more >> valid and I cannot menage certificate because my console doesn't open >> (it seems to me). Can anyone help me? > > Looks like you will have to generate a new server (or CA?) cert. Do you > have a CA? See http://directory.fedora.redhat.com/wiki/Howto:SSL for > some examples of how to use the command line certutil tool. > I followed the examples, but now # start-slapd Enter PIN for Internal (Software) Token: I insert the password and [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization Can't find certificate (server-cert) for family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.) [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization: Unable to retrieve private key for cert server-cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.) [24/Aug/2006:09:19:22 +0200] - SSL failure: None of the cipher are valid Please, note that I have my new admin-serv-hostname-cert8.db, slapd-hostname-cert8.db and so on and a valid CA certificate. Thanks in advance, marco >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From mikael.kermorgant at gmail.com Thu Aug 24 08:14:12 2006 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Thu, 24 Aug 2006 10:14:12 +0200 Subject: [Fedora-directory-users] account expiration In-Reply-To: <44EC8E21.3060606@helix.nih.gov> References: <9711147e0608230428q1d292713t54691b607787a8ef@mail.gmail.com> <44EC8E21.3060606@helix.nih.gov> Message-ID: <9711147e0608240114n7ca1b0b4ma24ce59e75f8f0fa@mail.gmail.com> 2006/8/23, Jason Russler : > I use cron and a special user with a restrictive ACI to lock old > accounts. Not pretty, but hey... > I thought about this solution but how do you check the expiration date ? As I want to put a specific life length for each user, I have to store an expiration date somewhere. Is there an existing atribute I could use for this ? Regards, -- Mikael Kermorgant From rmeggins at redhat.com Thu Aug 24 14:06:15 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 24 Aug 2006 08:06:15 -0600 Subject: [Fedora-directory-users] problem starting slapd In-Reply-To: <44ED5E20.8060409@sif.it> References: <44EC03B4.3000807@sif.it> <44EC5D0F.8090704@redhat.com> <44ED5E20.8060409@sif.it> Message-ID: <44EDB257.9050803@redhat.com> Marco Bellacosa wrote: > Thanks Richard, > > Richard Megginson wrote: > > Marco Bellacosa wrote: > > > >> Dear all, > >> > >> I got problems while restarting my fedora-ds. In particular, > >> when I try to start the server via start-slapd I receive the following > >> message: > >> > >> [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: > >> verify certificate failed for cert server-cert of family > >> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 > >> - Peer's Certificate has expired.) > >> [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are > valid\ > >> > >> Then, if I try to menage certificates via console, I am not able to > >> log in the console, I get the message: > >> > >> Cannot connect to the Admin Server ..... > >> The URL is not correct or the server is not running. > >> > >> Therefore, I cannot start the server because my certificate is no more > >> valid and I cannot menage certificate because my console doesn't open > >> (it seems to me). Can anyone help me? > > > > Looks like you will have to generate a new server (or CA?) cert. Do > you > > have a CA? See http://directory.fedora.redhat.com/wiki/Howto:SSL for > > some examples of how to use the command line certutil tool. > > > > I followed the examples, but now > > # start-slapd > Enter PIN for Internal (Software) Token: I insert the password and > > [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization Can't > find certificate (server-cert) for family cn=RSA,cn=encryption,cn=config > (Netscape Portable Runtime error -8174 - security library: bad database.) > [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization: > Unable to retrieve private key for cert server-cert of family > cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - > security library: bad database.) > [24/Aug/2006:09:19:22 +0200] - SSL failure: None of the cipher are valid > > Please, note that I have my new admin-serv-hostname-cert8.db, > slapd-hostname-cert8.db and so on and a valid CA certificate. cd /opt/fedora-ds/alias ../shared/bin/certutil -P slapd-hostname- -d . -L ../shared/bin/certutil -P slapd-hostname- -d . -L -n server-cert ../shared/bin/certutil -P slapd-hostname- -d . -L -n Server-Cert > > > Thanks in advance, > marco > > >> Fedora-directory-users mailing list > >> Fedora-directory-users at redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From timothy at jupiter.stcl.edu Thu Aug 24 15:16:18 2006 From: timothy at jupiter.stcl.edu (Timothy) Date: Thu, 24 Aug 2006 10:16:18 -0500 Subject: [Fedora-directory-users] Slapd stops periodically Message-ID: <200608241016.18455.timothy@jupiter.stcl.edu> I'm having an issue where slapd just stops periodically and there's no info in the logs. My setup: fedora-ds-1.0.2-1.RHEL4 on RHAS4.4. The userRoot database is setup as a consumer for an iPlanet 5.1 (win2k). iPlanet is setup as single master and the replication agreement is set to "always keep the directories in sync". Works perfectly except every couple of days slapd on the fedora-ds box just quits. I googled the archives and don't see anything relevant. Any pointers on how to debug would be appreciated. Thanks, Timothy From bmoyles at playboy.com Thu Aug 24 15:24:49 2006 From: bmoyles at playboy.com (Brian Moyles) Date: Thu, 24 Aug 2006 10:24:49 -0500 Subject: [Fedora-directory-users] Replication of o=NetscapeRoot Message-ID: I've got 2 machines in multimaster replication across a WAN link. I'm replicating our root suffix (userRoot) successfully. I'm storing o=NetscapeRoot on box01 right now, and want to replicate that to 02 (using 2-way multimaster) and have 02 use its local copy so I have console failover as described in the howto in the wiki. What I'm unclear on, though, is where I should be creating the user for replication. Right now, I have cn=Replication Manager, cn=config, meaning that the user is in o=NetscapeRoot. The docs specify that the replication user cannot exist in the database you're replicating...so where should it go? Thanks in advance! Brian Moyles Playboy Enterprises, Inc. From jrussler at helix.nih.gov Thu Aug 24 15:29:33 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Thu, 24 Aug 2006 11:29:33 -0400 Subject: [Fedora-directory-users] Slapd stops periodically In-Reply-To: <200608241016.18455.timothy@jupiter.stcl.edu> References: <200608241016.18455.timothy@jupiter.stcl.edu> Message-ID: <44EDC5DD.7010405@helix.nih.gov> This is a total stab: I'm able to crash my slapd process by setting "pam_password exop" in the ldap.conf file on RHEL4 clients with the server running RHEL4 on x86_64. Timothy wrote: > I'm having an issue where slapd just stops periodically and there's no info in > the logs. > > My setup: > > fedora-ds-1.0.2-1.RHEL4 on RHAS4.4. > > The userRoot database is setup as a consumer for an iPlanet 5.1 (win2k). > iPlanet is setup as single master and the replication agreement is set to > "always keep the directories in sync". > > Works perfectly except every couple of days slapd on the fedora-ds box just > quits. > > I googled the archives and don't see anything relevant. > Any pointers on how to debug would be appreciated. > > Thanks, > Timothy > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From nkinder at redhat.com Thu Aug 24 15:31:54 2006 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 24 Aug 2006 08:31:54 -0700 Subject: [Fedora-directory-users] Replication of o=NetscapeRoot In-Reply-To: References: Message-ID: <44EDC66A.2030903@redhat.com> Brian Moyles wrote: > I've got 2 machines in multimaster replication across a WAN link. I'm > replicating our root suffix (userRoot) successfully. I'm storing > o=NetscapeRoot on box01 right now, and want to replicate that to 02 (using > 2-way multimaster) and have 02 use its local copy so I have console failover > as described in the howto in the wiki. > What I'm unclear on, though, is where I should be creating the user for > replication. Right now, I have cn=Replication Manager, cn=config, meaning > that the user is in o=NetscapeRoot. The docs specify that the replication > user cannot exist in the database you're replicating...so where should it > go? > The "cn=config" suffix is not in "o=Netscape Root". It is it's own suffix that is really uses the dse.ldif file as it's "back-end database". You can use the same user that you already have for replicating "o=Netscape Root". -NGK > > Thanks in advance! > > Brian Moyles > Playboy Enterprises, Inc. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From bmoyles at playboy.com Thu Aug 24 15:33:53 2006 From: bmoyles at playboy.com (Brian Moyles) Date: Thu, 24 Aug 2006 10:33:53 -0500 Subject: =?us-ascii?Q?Re:_=5BFedora-directory-users=5D_Replication_of_o=3DNet?= =?us-ascii?Q?scapeRoot?= In-Reply-To: <44EDC66A.2030903@redhat.com> Message-ID: > The "cn=config" suffix is not in "o=Netscape Root". It is it's own > suffix that is really uses the dse.ldif file as it's "back-end > database". You can use the same user that you already have for > replicating "o=Netscape Root". Oh, that makes sense! I'll give it a shot, thanks very much! Brian From rmeggins at redhat.com Thu Aug 24 15:50:17 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 24 Aug 2006 09:50:17 -0600 Subject: [Fedora-directory-users] Slapd stops periodically In-Reply-To: <44EDC5DD.7010405@helix.nih.gov> References: <200608241016.18455.timothy@jupiter.stcl.edu> <44EDC5DD.7010405@helix.nih.gov> Message-ID: <44EDCAB9.5060305@redhat.com> Jason Russler wrote: > This is a total stab: I'm able to crash my slapd process by setting > "pam_password exop" in the ldap.conf file on RHEL4 clients with the > server running RHEL4 on x86_64. This could be related to https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179723 > > Timothy wrote: >> I'm having an issue where slapd just stops periodically and there's >> no info in the logs. >> >> My setup: >> >> fedora-ds-1.0.2-1.RHEL4 on RHAS4.4. >> >> The userRoot database is setup as a consumer for an iPlanet 5.1 (win2k). >> iPlanet is setup as single master and the replication agreement is >> set to "always keep the directories in sync". >> >> Works perfectly except every couple of days slapd on the fedora-ds >> box just quits. >> >> I googled the archives and don't see anything relevant. >> Any pointers on how to debug would be appreciated. >> >> Thanks, >> Timothy >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Aug 24 15:53:32 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 24 Aug 2006 09:53:32 -0600 Subject: [Fedora-directory-users] Slapd stops periodically In-Reply-To: <200608241016.18455.timothy@jupiter.stcl.edu> References: <200608241016.18455.timothy@jupiter.stcl.edu> Message-ID: <44EDCB7C.8050509@redhat.com> Timothy wrote: > I'm having an issue where slapd just stops periodically and there's no info in > the logs. > > My setup: > > fedora-ds-1.0.2-1.RHEL4 on RHAS4.4. > > The userRoot database is setup as a consumer for an iPlanet 5.1 (win2k). > iPlanet is setup as single master and the replication agreement is set to > "always keep the directories in sync". > > Works perfectly except every couple of days slapd on the fedora-ds box just > quits. > > I googled the archives and don't see anything relevant. > Any pointers on how to debug would be appreciated. > Post excepts of your access and error logs just before the server exits. Once you get it narrowed down, you can try turning up the debug level - http://directory.fedora.redhat.com/wiki/FAQ#Troubleshooting - in general this is a bad idea on a production machine except for a very limited period of time. > Thanks, > Timothy > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From pkime at Shopzilla.com Thu Aug 24 20:37:51 2006 From: pkime at Shopzilla.com (Philip Kime) Date: Thu, 24 Aug 2006 13:37:51 -0700 Subject: [Fedora-directory-users] Memory leak in FDS? Message-ID: <9C0091F428E697439E7A773FFD08342702608C@szexchange.Shopzilla.inc> > Are you using SSL? If so, try this - > http://directory.fedora.redhat.com/download/nspr-4.6.2-nss-3.11.1-RHEL4- x86_64.tar.gz > - and follow the directions in the previous emails in this thread. Yes, it's all SSL. Thanks, I'll try to replicate the leak on a test server and then try these binaries out and report the results. PK From playactor at gmail.com Fri Aug 25 17:03:36 2006 From: playactor at gmail.com (Eric Brown) Date: Fri, 25 Aug 2006 12:03:36 -0500 Subject: [Fedora-directory-users] Building a core DS Message-ID: Is there anyway to build an RPM that contains only the DS (without the admin console, sample ldif's, etc.)? I saw something in the install documentation about just running a core DS, but need to know if that can be built. From rmeggins at redhat.com Fri Aug 25 18:11:43 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 25 Aug 2006 12:11:43 -0600 Subject: [Fedora-directory-users] Building a core DS In-Reply-To: References: Message-ID: <44EF3D5F.8020604@redhat.com> Eric Brown wrote: > Is there anyway to build an RPM that contains only the DS (without the > admin console, sample ldif's, etc.)? I saw something in the install > documentation about just running a core DS, but need to know if that > can be built. I'm not sure. If you look at the file ldapserver/nsconfig.mk, near the top, there is a section that looks like this: USE_ADMINSERVER:=1 USE_CONSOLE:=1 USE_DSMLGW:=1 USE_ORGCHART:=1 USE_DSGW:=1 USE_JAVATOOLS:=1 USE_SETUPUTIL:=1 USE_PERLDAP:=1 GET_JAVA_FROM_PATH := 1 GET_ANT_FROM_PATH := 1 USE_PERL_FROM_PATH := 1 BUILD_JAVA_CODE := 1 You should set all of these to 0 except for USE_PERLDAP and USE_PERL_FROM_PATH. If you are using the one step build method, it may work to set all of these to 0 on the make command line in dsbuild/ds/ldapserver/Makefile > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From pkime at Shopzilla.com Fri Aug 25 21:01:37 2006 From: pkime at Shopzilla.com (Philip Kime) Date: Fri, 25 Aug 2006 14:01:37 -0700 Subject: [Fedora-directory-users] Re: Memory leak in FDS? Message-ID: <9C0091F428E697439E7A773FFD08342702609E@szexchange.Shopzilla.inc> I have performed some stress-testing of FDS 1.0.2 (64 bit) hitting the server with about 4 requests/sec over SSL for ten hours and I can reliably reproduce the memory leak. Under this load it leaks about 1Mb ever 3-4 minutes. I took the server down, replaced all of the NSPR and NSS libs in the /opt/fedora-ds tree with the new ones RM made available nspr-4.6.2 nss-3.11.1 I then restarted the server and did exactly the same stress-test. No leak at all in 14 hours under the same load. Looks fixed to me - nice work, many thanks. Here's the little script I used to replace all the libs quickly to minimise downtime. Unpack the new libs to a folder and inside that folder run this: #!/bin/bash for file in lib* do for efile in `find /opt/fedora-ds -name $file` do mv $efile $efile.bak cp $file $efile chmod 755 $efile done done From pkime at Shopzilla.com Sat Aug 26 03:06:58 2006 From: pkime at Shopzilla.com (Philip Kime) Date: Fri, 25 Aug 2006 20:06:58 -0700 Subject: [Fedora-directory-users] Re: Memory leak in FDS? Message-ID: <9C0091F428E697439E7A773FFD0834270260A3@szexchange.Shopzilla.inc> Hmm, I may have spoken too soon about the memory leak fix - it fixed it when I tested doing about 4 requests per second over SSL but on the server that had the real leak, the load is much higher, after an hour, SNMP reports: RHDS-MIB::dsOneLevelSearchOps.389 = Counter32: 155748 so it's getting a fair few requests and the memory is drifting up slowly, by a megabyte or so every few minutes. I'll keep an eye on it overnight but it looks like it's monotinically increasing ... PK -- Philip Kime NOPS Systems Architect 310 401 0407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jorgecb at gmail.com Sat Aug 26 14:31:00 2006 From: jorgecb at gmail.com (Jorge Santos) Date: Sat, 26 Aug 2006 11:31:00 -0300 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the Admin Server Message-ID: Hi There, I need a help about fds running. i did the download of fedora-ds-1.0.2-1.FC4.i386.opt.rpm package and i follow the instructions in http://directory.fedora.redhat.com/wiki/Setup#Running_Setup but, when i tried to execute the command: # ServerRoot/startconsole -u admin -a http://localhost:1500 the console openned and after i put my password which was configured during installation. But, the follow message is always returned: Cannot connect to the Admin Server "http://localhost:1500" The url is not correct or the server is not running. I'd executed the follow tests: Open my browser and put the url "http://localhost:1500" and the page of Fedora Management Console was openned execute the command telnet: telnet localhost 1500 and the follow message was returned Connected to localhost.localdomain (127.0.0.1) anybody have the some problem??? I'm using the FCS4 att, Jorge Santos -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick.morris at hp.com Sat Aug 26 17:29:58 2006 From: patrick.morris at hp.com (Morris, Patrick) Date: Sat, 26 Aug 2006 13:29:58 -0400 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the AdminServer In-Reply-To: Message-ID: > Hi There, > I need a help about fds running. > i did the download of fedora-ds-1.0.2-1.FC4.i386.opt.rpm > package and i follow the instructions in > > http://directory.fedora.redhat.com/wiki/Setup#Running_Setup > but, when i tried to execute the command: > # ServerRoot/startconsole -u admin -a http://localhost:1500 > the console openned and after i put my password which was > configured during installation. But, the follow message is > always returned: > Cannot connect to the Admin Server "http://localhost:1500" > The url is not correct or the server is not running. > I'd executed the follow tests: > Open my browser and put the url "http://localhost:1500" > and the page of Fedora Management Console was openned > execute the command telnet: telnet localhost 1500 and > the follow message was returned Connected to > localhost.localdomain (127.0.0.1) > > anybody have the some problem??? > I'm using the FCS4 Anything in the admin server logs? From jorgecb at gmail.com Sat Aug 26 18:07:19 2006 From: jorgecb at gmail.com (Jorge Santos) Date: Sat, 26 Aug 2006 15:07:19 -0300 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the AdminServer In-Reply-To: References: Message-ID: in serverRoot/admin-serv/logs/error show this: [Sat Aug 26 14:22:42 2006] [notice] Access Host filter is: *. [Sat Aug 26 14:22:42 2006] [notice] Access Address filter is: * [Sat Aug 26 14:22:42 2006] [notice] Apache/2.0 configured -- resuming normal operations att, Jorge Santos On 8/26/06, Morris, Patrick wrote: > > > Hi There, > > I need a help about fds running. > > i did the download of fedora-ds-1.0.2-1.FC4.i386.opt.rpm > > package and i follow the instructions in > > > > http://directory.fedora.redhat.com/wiki/Setup#Running_Setup > > but, when i tried to execute the command: > > # ServerRoot/startconsole -u admin -a http://localhost:1500 > > the console openned and after i put my password which was > > configured during installation. But, the follow message is > > always returned: > > Cannot connect to the Admin Server "http://localhost:1500" > > The url is not correct or the server is not running. > > I'd executed the follow tests: > > Open my browser and put the url "http://localhost:1500" > > and the page of Fedora Management Console was openned > > execute the command telnet: telnet localhost 1500 and > > the follow message was returned Connected to > > localhost.localdomain (127.0.0.1) > > > > anybody have the some problem??? > > I'm using the FCS4 > > Anything in the admin server logs? > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Aug 28 14:07:08 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Aug 2006 08:07:08 -0600 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the Admin Server In-Reply-To: References: Message-ID: <44F2F88C.8020800@redhat.com> Jorge Santos wrote: > Hi There, > I need a help about fds running. > i did the download of fedora-ds-1.0.2-1.FC4.i386.opt.rpm package and i > follow the instructions in > http://directory.fedora.redhat.com/wiki/Setup#Running_Setup > but, when i tried to execute the command: > # ServerRoot/startconsole -u admin -a http://localhost:1500 > the console openned and after i put my password which was configured > during installation. But, the follow message is always returned: > Cannot connect to the Admin Server "http://localhost:1500" The url is > not correct or the server is not running. > I'd executed the follow tests: > Open my browser and put the url "http://localhost:1500" and the > page of Fedora Management Console was openned > execute the command telnet: telnet localhost 1500 and the follow > message was returned Connected to localhost.localdomain (127.0.0.1 > ) > > anybody have the some problem??? > I'm using the FCS4 try startconsole -D > > att, > Jorge Santos > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jorgecb at gmail.com Mon Aug 28 19:31:04 2006 From: jorgecb at gmail.com (Jorge Santos) Date: Mon, 28 Aug 2006 16:31:04 -0300 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the Admin Server In-Reply-To: <44F2F88C.8020800@redhat.com> References: <44F2F88C.8020800@redhat.com> Message-ID: It's not working yet!!! I ran it as follow: # ./startconsole -D -u admin -a http://localhost:1600/ Fedora-Management-Console/1.0 B2006.060.1930 CommManager> New CommRecord (http://localhost:1600/admin-serv/authenticate) and when I put the password for user "admin" and I got this message: Cannot connect to the Admin Server "http://localhost:1600/" The url is not correct or the server is not running!!! The log's file (/opt/fedora-ds/admin-serv/logs/error) is: [Mon Aug 28 15:37:59 2006] [notice] caught SIGTERM, shutting down [Mon Aug 28 15:38:05 2006] [notice] Access Host filter is: * [Mon Aug 28 15:38:05 2006] [notice] Access Address filter is: * [Mon Aug 28 15:38:06 2006] [notice] Access Host filter is: * [Mon Aug 28 15:38:06 2006] [notice] Access Address filter is: * [Mon Aug 28 15:38:06 2006] [notice] Apache/2.0 configured -- resuming normal operations I don't understand what is happening!!! Jorge Santos On 8/28/06, Richard Megginson wrote: > > Jorge Santos wrote: > > Hi There, > > I need a help about fds running. > > i did the download of fedora-ds-1.0.2-1.FC4.i386.opt.rpm package and i > > follow the instructions in > > http://directory.fedora.redhat.com/wiki/Setup#Running_Setup > > but, when i tried to execute the command: > > # ServerRoot/startconsole -u admin -a http://localhost:1500 > > the console openned and after i put my password which was configured > > during installation. But, the follow message is always returned: > > Cannot connect to the Admin Server "http://localhost:1500" The url is > > not correct or the server is not running. > > I'd executed the follow tests: > > Open my browser and put the url "http://localhost:1500" and the > > page of Fedora Management Console was openned > > execute the command telnet: telnet localhost 1500 and the follow > > message was returned Connected to localhost.localdomain (127.0.0.1 > > ) > > > > anybody have the some problem??? > > I'm using the FCS4 > try startconsole -D > > > > att, > > Jorge Santos > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Aug 28 19:38:09 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Aug 2006 13:38:09 -0600 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the Admin Server In-Reply-To: References: <44F2F88C.8020800@redhat.com> Message-ID: <44F34621.20205@redhat.com> Jorge Santos wrote: > It's not working yet!!! > I ran it as follow: > > # ./startconsole -D -u admin -a http://localhost:1600/ > Fedora-Management-Console/1.0 B2006.060.1930 > CommManager> New CommRecord ( > http://localhost:1600/admin-serv/authenticate) > > and when I put the password for user "admin" and I got this message: > Cannot connect to the Admin Server " http://localhost:1600/" > The url is not correct or the server is not running!!! Weird. Try startconsole -D 9 - that's the max debug level. > > The log's file (/opt/fedora-ds/admin-serv/logs/error) is: > > [Mon Aug 28 15:37:59 2006] [notice] caught SIGTERM, shutting down > [Mon Aug 28 15:38:05 2006] [notice] Access Host filter is: * > [Mon Aug 28 15:38:05 2006] [notice] Access Address filter is: * > [Mon Aug 28 15:38:06 2006] [notice] Access Host filter is: * > [Mon Aug 28 15:38:06 2006] [notice] Access Address filter is: * > [Mon Aug 28 15:38:06 2006] [notice] Apache/2.0 configured -- resuming > normal operations > > I don't understand what is happening!!! > > Jorge Santos > > On 8/28/06, * Richard Megginson* > wrote: > > Jorge Santos wrote: > > Hi There, > > I need a help about fds running. > > i did the download of fedora-ds-1.0.2-1.FC4.i386.opt.rpm package > and i > > follow the instructions in > > http://directory.fedora.redhat.com/wiki/Setup#Running_Setup > > but, when i tried to execute the command: > > # ServerRoot/startconsole -u admin -a http://localhost:1500 > > the console openned and after i put my password which was configured > > during installation. But, the follow message is always returned: > > Cannot connect to the Admin Server " http://localhost:1500" The > url is > > not correct or the server is not running. > > I'd executed the follow tests: > > Open my browser and put the url "http://localhost:1500 > " and the > > page of Fedora Management Console was openned > > execute the command telnet: telnet localhost 1500 and the > follow > > message was returned Connected to localhost.localdomain ( > 127.0.0.1 > > ) > > > > anybody have the some problem??? > > I'm using the FCS4 > try startconsole -D > > > > att, > > Jorge Santos > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From kenwood at thesportsresort.com Mon Aug 28 19:36:00 2006 From: kenwood at thesportsresort.com (kenwood) Date: Mon, 28 Aug 2006 12:36:00 -0700 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the AdminServer Message-ID: <35220502E9F9EC4F8663ECC0580907CD01F8AE@IRIS.virtupt.com> Jorge, Did you start the other services? /opt/fedora-ds ./slapd-slapd-what-you-named-it ./start-admin Then try to start your console. Ken Wood TLW Sports Company, LLC Information Systems p. 805.987.2255 c. 720.937.8295 ________________________________ From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Jorge Santos Sent: Monday, August 28, 2006 12:31 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] [FDS] Error: Cannot connect to the AdminServer It's not working yet!!! I ran it as follow: # ./startconsole -D -u admin -a http://localhost:1600/ Fedora-Management-Console/1.0 B2006.060.1930 CommManager> New CommRecord ( http://localhost:1600/admin-serv/authenticate) and when I put the password for user "admin" and I got this message: Cannot connect to the Admin Server " http://localhost:1600/" The url is not correct or the server is not running!!! The log's file (/opt/fedora-ds/admin-serv/logs/error) is: [Mon Aug 28 15:37:59 2006] [notice] caught SIGTERM, shutting down [Mon Aug 28 15:38:05 2006] [notice] Access Host filter is: * [Mon Aug 28 15:38:05 2006] [notice] Access Address filter is: * [Mon Aug 28 15:38:06 2006] [notice] Access Host filter is: * [Mon Aug 28 15:38:06 2006] [notice] Access Address filter is: * [Mon Aug 28 15:38:06 2006] [notice] Apache/2.0 configured -- resuming normal operations I don't understand what is happening!!! Jorge Santos On 8/28/06, Richard Megginson wrote: Jorge Santos wrote: > Hi There, > I need a help about fds running. > i did the download of fedora-ds-1.0.2-1.FC4.i386.opt.rpm package and i > follow the instructions in > http://directory.fedora.redhat.com/wiki/Setup#Running_Setup > but, when i tried to execute the command: > # ServerRoot/startconsole -u admin -a http://localhost:1500 > the console openned and after i put my password which was configured > during installation. But, the follow message is always returned: > Cannot connect to the Admin Server " http://localhost:1500 " The url is > not correct or the server is not running. > I'd executed the follow tests: > Open my browser and put the url "http://localhost:1500 " and the > page of Fedora Management Console was openned > execute the command telnet: telnet localhost 1500 and the follow > message was returned Connected to localhost.localdomain ( 127.0.0.1 > ) > > anybody have the some problem??? > I'm using the FCS4 try startconsole -D > > att, > Jorge Santos > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From jorgecb at gmail.com Mon Aug 28 20:09:04 2006 From: jorgecb at gmail.com (Jorge Santos) Date: Mon, 28 Aug 2006 17:09:04 -0300 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the AdminServer In-Reply-To: <35220502E9F9EC4F8663ECC0580907CD01F8AE@IRIS.virtupt.com> References: <35220502E9F9EC4F8663ECC0580907CD01F8AE@IRIS.virtupt.com> Message-ID: the other service was running. I'd started the slapd ant then I started the Admin now, I Started the console whith this parameter -D 9 like this: #./startconsole -D 9 -u admin -a http://localhost:1600 java.util.prefs.userRoot=/root/.fedora-console java.runtime.name=Java(TM) 2 Runtime Environment, Standard Edition sun.boot.library.path=/opt/j2sdk1.4.2_10/jre/lib/i386 java.vm.version=1.4.2_10-b03 java.vm.vendor=Sun Microsystems Inc. java.vendor.url=http://java.sun.com/ path.separator=: java.vm.name=Java HotSpot(TM) Client VM file.encoding.pkg=sun.io user.country=BR sun.os.patch.level=unknown java.vm.specification.name=Java Virtual Machine Specification user.dir=/opt/fedora-ds java.runtime.version=1.4.2_10-b03 java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment java.endorsed.dirs=/opt/j2sdk1.4.2_10/jre/lib/endorsed os.arch=i386 java.io.tmpdir=/tmp line.separator= java.vm.specification.vendor=Sun Microsystems Inc. os.name=Linux sun.java2d.fontpath= java.library.path=./lib java.specification.name=Java Platform API Specification java.class.version=48.0 java.util.prefs.PreferencesFactory=java.util.prefs.FileSystemPreferencesFactory os.version=2.6.11-1.1369_FC4 user.home=/root user.timezone=America/Sao_Paulo java.awt.printerjob=sun.print.PSPrinterJob file.encoding=UTF-8 java.specification.version=1.4 java.class.path=./java/jss3.jar:./java/ldapjdk.jar:./java/fedora-base-1.0.jar:./java/fedora-mcc-1.0.jar:./java/fedora-mcc-1.0_en.jar:./java/fedora-nmclf-1.0.jar:./java/fedora-nmclf-1.0_en.jar user.name=root java.vm.specification.version=1.0 java.home=/opt/j2sdk1.4.2_10/jre sun.arch.data.model=32 java.util.prefs.systemRoot=/root/.fedora-console user.language=pt java.specification.vendor=Sun Microsystems Inc. java.vm.info=mixed mode java.version=1.4.2_10 java.ext.dirs=/opt/j2sdk1.4.2_10/jre/lib/ext sun.boot.class.path=/opt/j2sdk1.4.2_10/jre/lib/rt.jar:/opt/j2sdk1.4.2_10/jre/lib/i18n.jar:/opt/j2sdk1.4.2_10/jre/lib/sunrsasign.jar:/opt/j2sdk1.4.2_10/jre/lib/jsse.jar:/opt/j2sdk1.4.2_10/jre/lib/jce.jar:/opt/j2sdk1.4.2_10/jre/lib/charsets.jar:/opt/j2sdk1.4.2_10/jre/classes java.vendor=Sun Microsystems Inc. file.separator=/ java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi sun.io.unicode.encoding=UnicodeLittle sun.cpu.endian=little sun.cpu.isalist= ResourceSet: NOT found loader8089714: com.netscape.management.client.console.versioninfo Fedora-Management-Console/1.0 B2006.060.1930 RemoteImage: NOT found loader8089714:com/netscape/management/nmclf/icons/Error.gif RemoteImage: Create RemoteImage cache for loader8089714 RemoteImage: NOT found loader8089714:com/netscape/management/nmclf/icons/Inform.gif RemoteImage: NOT found loader8089714:com/netscape/management/nmclf/icons/Warn.gif RemoteImage: NOT found loader8089714:com/netscape/management/nmclf/icons/Question.gif ResourceSet: NOT found loader8089714: com.netscape.management.client.components.components RemoteImage: NOT found loader8089714:com/netscape/management/client/images/logo16.gif RemoteImage: NOT found loader8089714:com/netscape/management/client/console/images/login.gif ResourceSet: NOT found loader8089714: com.netscape.management.client.util.default ResourceSet: found loader8089714:com.netscape.management.client.util.default JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button width = 72 ResourceSet: found loader8089714:com.netscape.management.client.util.default CommManager> New CommRecord (http://localhost:1600/admin-serv/authenticate) JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button width = 72 Jorge Santos -------------- next part -------------- An HTML attachment was scrubbed... URL: From jrussler at helix.nih.gov Mon Aug 28 20:46:36 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Mon, 28 Aug 2006 16:46:36 -0400 Subject: [Fedora-directory-users] Re: Memory leak in FDS? In-Reply-To: <9C0091F428E697439E7A773FFD0834270260A3@szexchange.Shopzilla.inc> References: <9C0091F428E697439E7A773FFD0834270260A3@szexchange.Shopzilla.inc> Message-ID: <44F3562C.1010807@helix.nih.gov> The new nss files fixed the issue for me, I've had several million operations and memory use has stayed steady. I'll keep an eye open... Philip Kime wrote: > Hmm, I may have spoken too soon about the memory leak fix - it fixed it > when I tested doing about 4 requests per second over SSL but on the > server that had the real leak, the load is much higher, after an hour, > SNMP reports: > > RHDS-MIB::dsOneLevelSearchOps.389 = Counter32: 155748 > > so it's getting a fair few requests and the memory is drifting up > slowly, by a megabyte or so every few minutes. I'll keep an eye on it > overnight but it looks like it's monotinically increasing ... > > PK > > -- > Philip Kime > NOPS Systems Architect > 310 401 0407 > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From robert+fds at shangri-la.ts.gatech.edu Mon Aug 28 21:03:51 2006 From: robert+fds at shangri-la.ts.gatech.edu (robert+fds at shangri-la.ts.gatech.edu) Date: Mon, 28 Aug 2006 17:03:51 -0400 Subject: [Fedora-directory-users] timelimits and timeouts Message-ID: <20060828210351.GA14793@shangri-la.ts.gatech.edu> I've just set up a couple of directory servers in multi-master mode. I've installed fedora-ds-1.0.2-1.RHEL4.x86_64 on RHEL AS 4. Occasionally, some of our searches have been failing a timeout error (err=3) despite not taking any time at all (etime=0). It's not consistent either; repeat the exact same search again and it succeeds. The dn we are binding to has an "nstimelimit" attribute set to "-1", so that shouldn't be an issue. I tried to set the "nsslapd-timelimit" to "-1" in the dse.ldif file (as documented in the Configuration, Command and File Reference manual) and got the following error when I tried to start up the server: dse - The entry cn=config in file /opt/fedora-ds/slapd-connie/config/dse.ldif is invalid, error code 1 (Operations error) - nsslapd-timelimit: invalid value "-1", time limit must range from 0 to -1 Trying to set it from the java console reports the exact same error. There doesn't seem to be a way to set unlimited timelimits. Has anyone else noticed either of these 2 issues? Timelimit errors with 0 elapsed time and inability to set an unlimited timelimit for the entire server? -- Robert T. Viduya robert at shangri-la.ts.gatech.edu Office of Information Technology Georgia Institute of Technology From Diana.Shepard at cusys.edu Mon Aug 28 21:53:29 2006 From: Diana.Shepard at cusys.edu (Diana Shepard) Date: Mon, 28 Aug 2006 15:53:29 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv only Message-ID: <7315857F21D51B449CC55ADE3A5683180156EA99@ex2k3.ad.cusys.edu> Is there a way to unistall and reinstall the admin-serv only? Mine seems to have gotten corrupted somehow. Diana Shepard University of Colorado -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Aug 28 21:59:40 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Aug 2006 15:59:40 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv only In-Reply-To: <7315857F21D51B449CC55ADE3A5683180156EA99@ex2k3.ad.cusys.edu> References: <7315857F21D51B449CC55ADE3A5683180156EA99@ex2k3.ad.cusys.edu> Message-ID: <44F3674C.1090202@redhat.com> Diana Shepard wrote: > > Is there a way to unistall and reinstall the > admin-serv only? > Maybe, it depends. > > Mine seems to have gotten corrupted > somehow. > What seems to be the problem? > > Diana Shepard > University of Colorado > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Diana.Shepard at cusys.edu Mon Aug 28 22:39:34 2006 From: Diana.Shepard at cusys.edu (Diana Shepard) Date: Mon, 28 Aug 2006 16:39:34 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv Message-ID: <7315857F21D51B449CC55ADE3A5683180156EAB2@ex2k3.ad.cusys.edu> The problem is that whenever I try to start the Directory Server Console via command line "startconsole", I get the following error (libjss3.so is in /opt/fedora-ds/lib, and readable): Exception in thread "main" java.lang.UnsatisfiedLinkError: /opt/fedora-ds/lib/libjss3.so: /opt/fedora-ds/lib/libjss3.so: cannot open shared object file: No such file or directory at java.lang.ClassLoader$NativeLibrary.load(Native Method) at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) at java.lang.Runtime.loadLibrary0(Runtime.java:788) at java.lang.System.loadLibrary(System.java:834) at org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:133 0) at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) at com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown Source) at com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocketF actory(Unknown Source) at com.netscape.management.client.console.Console.LDAPinitialization(Unknow n Source) at com.netscape.management.client.console.Console.(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) Diana Shepard Date: Mon, 28 Aug 2006 15:59:40 -0600 From: Richard Megginson Subject: Re: [Fedora-directory-users] install/uninstall admin-serv only To: "General discussion list for the Fedora Directory server project." Message-ID: <44F3674C.1090202 at redhat.com> Content-Type: text/plain; charset="iso-8859-1" Diana Shepard wrote: > > Is there a way to unistall and reinstall the > admin-serv only? > Maybe, it depends. > > Mine seems to have gotten corrupted > somehow. > What seems to be the problem? > > Diana Shepard > University of Colorado > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Aug 28 22:44:20 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Aug 2006 16:44:20 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <7315857F21D51B449CC55ADE3A5683180156EAB2@ex2k3.ad.cusys.edu> References: <7315857F21D51B449CC55ADE3A5683180156EAB2@ex2k3.ad.cusys.edu> Message-ID: <44F371C3.2070505@redhat.com> Diana Shepard wrote: > > The problem is that whenever I try to start the > Directory Server Console via command line > "startconsole", I get the following error (libjss3.so > is in /opt/fedora-ds/lib, and readable): > What OS and version are you running? 32bit or 64bit? Which java are you using? > > > > Exception in thread "main" java.lang.UnsatisfiedLinkError: > /opt/fedora-ds/lib/libjss3.so: /opt/fedora-ds/lib/libjss3.so: cannot > open shared object file: No such file or directory > > at java.lang.ClassLoader$NativeLibrary.load(Native Method) > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) > at java.lang.Runtime.loadLibrary0(Runtime.java:788) > at java.lang.System.loadLibrary(System.java:834) > at > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1330) > > at > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) > at > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) > at > com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown > Source) > at > com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocketFactory(Unknown > Source) > at > com.netscape.management.client.console.Console.LDAPinitialization(Unknown > Source) > at > com.netscape.management.client.console.Console.(Unknown Source) > at com.netscape.management.client.console.Console.main(Unknown > Source) > > > > Diana Shepard > > Date: Mon, 28 Aug 2006 15:59:40 -0600 > From: Richard Megginson > Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > only > To: "General discussion list for the Fedora Directory server project." > > Message-ID: <44F3674C.1090202 at redhat.com> > Content-Type: text/plain; charset="iso-8859-1" > > Diana Shepard wrote: > > > > Is there a way to unistall and reinstall the > > admin-serv only? > > > Maybe, it depends. > > > > Mine seems to have gotten corrupted > > somehow. > > > What seems to be the problem? > > > > Diana Shepard > > University of Colorado > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Aug 28 22:51:30 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Aug 2006 16:51:30 -0600 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the AdminServer In-Reply-To: References: <35220502E9F9EC4F8663ECC0580907CD01F8AE@IRIS.virtupt.com> Message-ID: <44F37372.5020208@redhat.com> Looks like the output was truncated. Try pastebin.com and paste the link here. Jorge Santos wrote: > the other service was running. > I'd started the slapd > ant then I started the Admin > > now, I Started the console whith this parameter -D 9 > like this: #./startconsole -D 9 -u admin -a http://localhost:1600 > > java.util.prefs.userRoot=/root/.fedora-console > java.runtime.name=Java(TM) 2 Runtime Environment, Standard Edition > sun.boot.library.path=/opt/j2sdk1.4.2_10/jre/lib/i386 > java.vm.version=1.4.2_10-b03 > java.vm.vendor=Sun Microsystems Inc. > java.vendor.url=http://java.sun.com/ > path.separator=: > java.vm.name=Java HotSpot(TM) Client VM > file.encoding.pkg=sun.io > user.country=BR > sun.os.patch.level=unknown > java.vm.specification.name=Java Virtual Machine Specification > user.dir=/opt/fedora-ds > java.runtime.version=1.4.2_10-b03 > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > java.endorsed.dirs=/opt/j2sdk1.4.2_10/jre/lib/endorsed > os.arch=i386 > java.io.tmpdir=/tmp > line.separator= > > java.vm.specification.vendor=Sun Microsystems Inc. > os.name=Linux > sun.java2d.fontpath= > java.library.path=./lib > java.specification.name=Java Platform API Specification > java.class.version=48.0 > java.util.prefs.PreferencesFactory=java.util.prefs.FileSystemPreferencesFactory > os.version=2.6.11-1.1369_FC4 > user.home=/root > user.timezone=America/Sao_Paulo > java.awt.printerjob=sun.print.PSPrinterJob > file.encoding=UTF-8 > java.specification.version=1.4 > java.class.path=./java/jss3.jar:./java/ldapjdk.jar:./java/fedora-base-1.0.jar:./java/fedora-mcc-1.0.jar:./java/fedora-mcc-1.0_en.jar:./java/fedora-nmclf-1.0.jar:./java/fedora-nmclf-1.0_en.jar > > user.name=root > java.vm.specification.version=1.0 > java.home=/opt/j2sdk1.4.2_10/jre > sun.arch.data.model=32 > java.util.prefs.systemRoot=/root/.fedora-console > user.language=pt > java.specification.vendor=Sun Microsystems Inc. > java.vm.info=mixed mode > java.version=1.4.2_10 > java.ext.dirs=/opt/j2sdk1.4.2_10/jre/lib/ext > sun.boot.class.path=/opt/j2sdk1.4.2_10/jre/lib/rt.jar:/opt/j2sdk1.4.2_10/jre/lib/i18n.jar:/opt/j2sdk1.4.2_10/jre/lib/sunrsasign.jar:/opt/j2sdk1.4.2_10/jre/lib/jsse.jar:/opt/j2sdk1.4.2_10/jre/lib/jce.jar:/opt/j2sdk1.4.2_10/jre/lib/charsets.jar:/opt/j2sdk1.4.2_10/jre/classes > > java.vendor=Sun Microsystems Inc. > file.separator=/ > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > sun.io.unicode.encoding=UnicodeLittle > sun.cpu.endian=little > sun.cpu.isalist= > ResourceSet: NOT found loader8089714: > com.netscape.management.client.console.versioninfo > Fedora-Management-Console/1.0 B2006.060.1930 > RemoteImage: NOT found > loader8089714:com/netscape/management/nmclf/icons/Error.gif > RemoteImage: Create RemoteImage cache for loader8089714 > RemoteImage: NOT found > loader8089714:com/netscape/management/nmclf/icons/Inform.gif > RemoteImage: NOT found > loader8089714:com/netscape/management/nmclf/icons/Warn.gif > RemoteImage: NOT found > loader8089714:com/netscape/management/nmclf/icons/Question.gif > ResourceSet: NOT found > loader8089714:com.netscape.management.client.components.components > RemoteImage: NOT found > loader8089714:com/netscape/management/client/images/logo16.gif > RemoteImage: NOT found > loader8089714:com/netscape/management/client/console/images/login.gif > ResourceSet: NOT found > loader8089714:com.netscape.management.client.util.default > ResourceSet: found > loader8089714:com.netscape.management.client.util.default > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button width = 72 > ResourceSet: found > loader8089714:com.netscape.management.client.util.default > CommManager> New CommRecord ( > http://localhost:1600/admin-serv/authenticate) > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button width = 72 > > Jorge Santos > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Diana.Shepard at cusys.edu Mon Aug 28 22:50:16 2006 From: Diana.Shepard at cusys.edu (Diana Shepard) Date: Mon, 28 Aug 2006 16:50:16 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <44F371C3.2070505@redhat.com> Message-ID: <7315857F21D51B449CC55ADE3A5683180156EAB8@ex2k3.ad.cusys.edu> I'm runnins 64-bit RedHat Linux AS, version 4, 64-bit). java 1.4.2_04. Diana Shepard > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Richard Megginson > Sent: Monday, August 28, 2006 4:44 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > > Diana Shepard wrote: > > > > The problem is that whenever I try to start the Directory Server > > Console via command line "startconsole", I get the following error > > (libjss3.so is in /opt/fedora-ds/lib, and readable): > > > What OS and version are you running? 32bit or 64bit? Which > java are you using? > > > > > > > > Exception in thread "main" java.lang.UnsatisfiedLinkError: > > /opt/fedora-ds/lib/libjss3.so: > /opt/fedora-ds/lib/libjss3.so: cannot > > open shared object file: No such file or directory > > > > at java.lang.ClassLoader$NativeLibrary.load(Native Method) > > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) > > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) > > at java.lang.Runtime.loadLibrary0(Runtime.java:788) > > at java.lang.System.loadLibrary(System.java:834) > > at > > > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1 > > 330) > > > > at > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) > > at > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) > > at > > > com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown > > Source) > > at > > > com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocke > > tFactory(Unknown > > Source) > > at > > > com.netscape.management.client.console.Console.LDAPinitialization(Unkn > > own > > Source) > > at > > > com.netscape.management.client.console.Console.(Unknown Source) > > at > com.netscape.management.client.console.Console.main(Unknown > > Source) > > > > > > > > Diana Shepard > > > > Date: Mon, 28 Aug 2006 15:59:40 -0600 > > From: Richard Megginson > > Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > > only > > To: "General discussion list for the Fedora Directory > server project." > > > > Message-ID: <44F3674C.1090202 at redhat.com> > > Content-Type: text/plain; charset="iso-8859-1" > > > > Diana Shepard wrote: > > > > > > Is there a way to unistall and reinstall the admin-serv only? > > > > > Maybe, it depends. > > > > > > Mine seems to have gotten corrupted > > > somehow. > > > > > What seems to be the problem? > > > > > > Diana Shepard > > > University of Colorado > > > > > > > > > > > > ---------------------------------------------------------------------- > > -- > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > From pkime at Shopzilla.com Tue Aug 29 01:50:06 2006 From: pkime at Shopzilla.com (Philip Kime) Date: Mon, 28 Aug 2006 18:50:06 -0700 Subject: [Fedora-directory-users] Re: Memory leak in FDS? Message-ID: <9C0091F428E697439E7A773FFD0834270260B2@szexchange.Shopzilla.inc> > The new nss files fixed the issue for me, I've had several million > operations and memory use has stayed steady. I'll keep an eye open... Well, it's interesting - it's certainly better than it was but memory use is rising almost monotonically - it levelled out at about 245Mb for a while (several days) and is now at almost 300Mb after another few days - this may well just be increased traffic though. I think it probably is fixed to be honest. The leak just masked the normal memory usage patterns. From rmeggins at redhat.com Tue Aug 29 02:36:44 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Aug 2006 20:36:44 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <7315857F21D51B449CC55ADE3A5683180156EAB8@ex2k3.ad.cusys.edu> References: <7315857F21D51B449CC55ADE3A5683180156EAB8@ex2k3.ad.cusys.edu> Message-ID: <44F3A83C.30709@redhat.com> Diana Shepard wrote: > I'm runnins 64-bit RedHat Linux AS, version 4, > 64-bit). java 1.4.2_04. > Is it a 64-bit java executable? I think a 32-bit java might have problems loading 64-bit shared libs such as are included with the 64-bit Fedora DS. > Diana Shepard > > >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf >> Of Richard Megginson >> Sent: Monday, August 28, 2006 4:44 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >> >> Diana Shepard wrote: >> >>> The problem is that whenever I try to start the Directory Server >>> Console via command line "startconsole", I get the following error >>> (libjss3.so is in /opt/fedora-ds/lib, and readable): >>> >>> >> What OS and version are you running? 32bit or 64bit? Which >> java are you using? >> >>> >>> >>> Exception in thread "main" java.lang.UnsatisfiedLinkError: >>> /opt/fedora-ds/lib/libjss3.so: >>> >> /opt/fedora-ds/lib/libjss3.so: cannot >> >>> open shared object file: No such file or directory >>> >>> at java.lang.ClassLoader$NativeLibrary.load(Native Method) >>> at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) >>> at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) >>> at java.lang.Runtime.loadLibrary0(Runtime.java:788) >>> at java.lang.System.loadLibrary(System.java:834) >>> at >>> >>> >> org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1 >> >>> 330) >>> >>> at >>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) >>> at >>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) >>> at >>> >>> >> com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown >> >>> Source) >>> at >>> >>> >> com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocke >> >>> tFactory(Unknown >>> Source) >>> at >>> >>> >> com.netscape.management.client.console.Console.LDAPinitialization(Unkn >> >>> own >>> Source) >>> at >>> >>> >> com.netscape.management.client.console.Console.(Unknown Source) >> >>> at >>> >> com.netscape.management.client.console.Console.main(Unknown >> >>> Source) >>> >>> >>> >>> Diana Shepard >>> >>> Date: Mon, 28 Aug 2006 15:59:40 -0600 >>> From: Richard Megginson >>> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >>> only >>> To: "General discussion list for the Fedora Directory >>> >> server project." >> >>> >>> Message-ID: <44F3674C.1090202 at redhat.com> >>> Content-Type: text/plain; charset="iso-8859-1" >>> >>> Diana Shepard wrote: >>> >>>> Is there a way to unistall and reinstall the admin-serv only? >>>> >>>> >>> Maybe, it depends. >>> >>>> Mine seems to have gotten corrupted >>>> somehow. >>>> >>>> >>> What seems to be the problem? >>> >>>> Diana Shepard >>>> University of Colorado >>>> >>>> >>> >>> >>> >>> >> ---------------------------------------------------------------------- >> >>> -- >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Aug 29 02:40:22 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 28 Aug 2006 20:40:22 -0600 Subject: [Fedora-directory-users] Re: Memory leak in FDS? In-Reply-To: <9C0091F428E697439E7A773FFD0834270260B2@szexchange.Shopzilla.inc> References: <9C0091F428E697439E7A773FFD0834270260B2@szexchange.Shopzilla.inc> Message-ID: <44F3A916.5040401@redhat.com> Philip Kime wrote: >> The new nss files fixed the issue for me, I've had several million >> operations and memory use has stayed steady. I'll keep an eye >> > open... > > Well, it's interesting - it's certainly better than it was but memory > use is rising almost monotonically - it levelled out at about 245Mb for > a while (several days) and is now at almost 300Mb after another few days > - this may well just be increased traffic though. I think it probably is > fixed to be honest. The leak just masked the normal memory usage > patterns. > If you have heavy traffic, hitting on many different entries, you will see memory grow as more entries are loaded into your caches. > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jorgecb at gmail.com Tue Aug 29 10:01:26 2006 From: jorgecb at gmail.com (Jorge Santos) Date: Tue, 29 Aug 2006 07:01:26 -0300 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the AdminServer In-Reply-To: <44F37372.5020208@redhat.com> References: <35220502E9F9EC4F8663ECC0580907CD01F8AE@IRIS.virtupt.com> <44F37372.5020208@redhat.com> Message-ID: Ok, I posted the output. The link is: http://pastebin.com/778682 it's so strange, because I always get this output and I reinstall so many time and the message of error is the same!!! Jorge Santos -------------- next part -------------- An HTML attachment was scrubbed... URL: From devel at fashioncontent.com Mon Aug 28 14:39:17 2006 From: devel at fashioncontent.com (devel - Fashion Content) Date: Mon, 28 Aug 2006 15:39:17 +0100 Subject: [Fedora-directory-users] Cant start console Message-ID: <000101c6cb69$9b2a19b0$0509a8c0@tinkerbell> I have installed 1.02 on FC5. I have gotten as far a running startconsole after starting sldapd & admin-serv. When I try to log in it sais the url is wrong or the server isnt started. The documentation recommends recompiling apache2 in order to get workers, but that seems so braindead that I just ignored it and selected the default FC5 apache2.2 Is that the cause? I have changed the hostname, I suppose that is a more likely cause !? Henrik -------------- next part -------------- An HTML attachment was scrubbed... URL: From devel at fashioncontent.com Mon Aug 28 17:23:46 2006 From: devel at fashioncontent.com (devel - Fashion Content) Date: Mon, 28 Aug 2006 18:23:46 +0100 Subject: [Fedora-directory-users] uninstall Message-ID: <000201c6cb69$9b7664f0$0509a8c0@tinkerbell> The server installation worked fine, except I need to use a different hostname. But the DS admin is now configured with the old hostname, and trying to figure out how to hack it with ldapmodify seems too much time wasted. So I am trying to uninstall. rpm -e fedora-ds-1.0.2-1.Linux ......... hangs ./uninstall -s -u admin ...... hangs So how to I get rid of the bloody thing and start installation over? Henrik From rcritten at redhat.com Tue Aug 29 12:50:44 2006 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 29 Aug 2006 08:50:44 -0400 Subject: [Fedora-directory-users] [FDS] Error: Cannot connect to the AdminServer In-Reply-To: References: <35220502E9F9EC4F8663ECC0580907CD01F8AE@IRIS.virtupt.com> <44F37372.5020208@redhat.com> Message-ID: <44F43824.5090007@redhat.com> Jorge Santos wrote: > Ok, I posted the output. The link is: > http://pastebin.com/778682 > > it's so strange, because I always get this output and I reinstall so many > time and the message of error is the same!!! > > Jorge Santos > How about some simple things to look for: Is localhost defined in /etc/hosts? Is 1600 really the port admin server is running on? (grep Listen /opt/fedora-ds/admin-serv/config/console.conf) Is Apache really started and listening? (telnet localhost 1600, you should get a connection). rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Aug 29 14:22:16 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 29 Aug 2006 08:22:16 -0600 Subject: [Fedora-directory-users] Cant start console In-Reply-To: <000101c6cb69$9b2a19b0$0509a8c0@tinkerbell> References: <000101c6cb69$9b2a19b0$0509a8c0@tinkerbell> Message-ID: <44F44D98.9070607@redhat.com> devel - Fashion Content wrote: > I have installed 1.02 on FC5. > I have gotten as far a running startconsole after starting sldapd & > admin-serv. > When I try to log in it sais the url is wrong or the server isnt started. Try startconsole -D or startconsole -D 9 Also try connecting to the admin server with your web browser. > > The documentation recommends recompiling apache2 in order to get workers, > but that seems so braindead that I just ignored it and selected the > default FC5 apache2.2 > Is that the cause? That's fine. RHEL/Fedora Core ship both versions of Apache - the threaded one is called httpd.worker > > I have changed the hostname, I suppose that is a more likely cause !? Yes. > > Henrik > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Aug 29 14:40:13 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 29 Aug 2006 08:40:13 -0600 Subject: [Fedora-directory-users] uninstall In-Reply-To: <000201c6cb69$9b7664f0$0509a8c0@tinkerbell> References: <000201c6cb69$9b7664f0$0509a8c0@tinkerbell> Message-ID: <44F451CD.8050204@redhat.com> devel - Fashion Content wrote: > The server installation worked fine, except I need to use a different > hostname. > > But the DS admin is now configured with the old hostname, and trying > to figure out how to > hack it with ldapmodify seems too much time wasted. So I am trying to > uninstall. > > rpm -e fedora-ds-1.0.2-1.Linux ......... hangs > ./uninstall -s -u admin ...... hangs > > So how to I get rid of the bloody thing and start installation over? rpm -e is the correct way to remove the software. Hmm - not sure why it's hanging - check the error logs for admin-serv and slapd. You may have to shut down admin server and fedora ds before running rpm -e. > > Henrik > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jrichardson at x-iss.com Tue Aug 29 20:24:13 2006 From: jrichardson at x-iss.com (James Richardson) Date: Tue, 29 Aug 2006 15:24:13 -0500 Subject: [Fedora-directory-users] Problems installing FDS Message-ID: <98E55D6E1B3CFD43BDA59EEB56DD7D723293@sbs01.xiss.private> Hi All, I'm trying to get a test Fedora Directory server up and running and am not having much success. When I complete the setup program I get the following output: ------------------------------------------------------------------------ -- [slapd-fds01]: starting up server ... [slapd-fds01]: Fedora-Directory/1.0.2 B2006.060.1928 [slapd-fds01]: fds01.mydomain.tld:389 (/opt/fedora-ds/slapd-fds01) [slapd-fds01]: [slapd-fds01]: [29/Aug/2006:15:23:05 -0500] - Fedora-Directory/1.0.2 B2006.060.1 928 starting up [slapd-fds01]: [29/Aug/2006:15:23:06 -0500] - slapd started. Listening on All I nterfaces port 389 for LDAP requests Your new directory server has been started. Created new Directory Server Start Slapd Starting Slapd server configuration. Fatal Slapd ERROR: Ldap authentication failed for url ldap://fds01.mydomain.tld: 389/o=NetscapeRoot user id admin (151:Unknown error.) Fatal Slapd Did not add Directory Server information to Configuration Server. Configuring Administration Server... Setting up Administration Server Instance... ERROR: Administration Server configuration failed. You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds ./startconsole -u admin -a http://fds01.mydomain.tld:55573/ INFO Finished with setup, logfile is setup/setup.log [root at fds01 ~]# ------------------------------------------------------------------------ -- I am a bit troubled by the errors it reports. Also, "fds01.mydomain.tld" is in DNS correctly. Also, nothing is listening on port 55573 as it tells me to connect the console to. I also am not using the default Java that comes with CentOS 4.3. I downloaded and installed IBMJava2 1.4.2 and am running it. I could not use the bundled CentOS4.3 Java as it would not run the console application. Can someone please help, I am not sure where to go next. Thanks, James T. Richardson, Jr. jrichardson at x-iss.com eXcellence in IS Solutions, Inc. Office: 713-862-9200 x226 NOTICE: This message may contain privileged or otherwise confidential information. If you are not the intended recipient, please immediately advise the sender by reply email and delete the message and any attachments without using, copying or disclosing the contents. From rmeggins at redhat.com Tue Aug 29 20:30:35 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 29 Aug 2006 14:30:35 -0600 Subject: [Fedora-directory-users] Problems installing FDS In-Reply-To: <98E55D6E1B3CFD43BDA59EEB56DD7D723293@sbs01.xiss.private> References: <98E55D6E1B3CFD43BDA59EEB56DD7D723293@sbs01.xiss.private> Message-ID: <44F4A3EB.6090705@redhat.com> James Richardson wrote: > Hi All, > > I'm trying to get a test Fedora Directory server up and running and am > not having much success. > > When I complete the setup program I get the following output: > > > ------------------------------------------------------------------------ > -- > [slapd-fds01]: starting up server ... > [slapd-fds01]: Fedora-Directory/1.0.2 B2006.060.1928 > [slapd-fds01]: fds01.mydomain.tld:389 (/opt/fedora-ds/slapd-fds01) > [slapd-fds01]: > [slapd-fds01]: [29/Aug/2006:15:23:05 -0500] - Fedora-Directory/1.0.2 > B2006.060.1 > 928 starting up > [slapd-fds01]: [29/Aug/2006:15:23:06 -0500] - slapd started. Listening > on All I > nterfaces port 389 for LDAP requests > Your new directory server has been started. > Created new Directory Server > Start Slapd Starting Slapd server configuration. > Fatal Slapd ERROR: Ldap authentication failed for url > ldap://fds01.mydomain.tld: > 389/o=NetscapeRoot user id admin (151:Unknown error.) > Fatal Slapd Did not add Directory Server information to Configuration > Server. > Configuring Administration Server... > Setting up Administration Server Instance... > ERROR: Administration Server configuration failed. > You can now use the console. Here is the command to use to start the > console: > cd /opt/fedora-ds > ./startconsole -u admin -a http://fds01.mydomain.tld:55573/ > INFO Finished with setup, logfile is setup/setup.log > [root at fds01 ~]# > ------------------------------------------------------------------------ > -- > > I am a bit troubled by the errors it reports. Also, "fds01.mydomain.tld" > is in DNS correctly. err 151 usually indicates some problem with hostname or IP address resolution. Could it be that your /etc/nsswitch.conf or /etc/hosts or NIS settings cause fds01.mydomain.tld to resolve to a different IP, or that the IP resolves to a different hostname? > Also, nothing is listening on port 55573 as it > tells me to connect the console to. > Right. Installation failed, so the admin server is not running. > I also am not using the default Java that comes with CentOS 4.3. I > downloaded and installed IBMJava2 1.4.2 and am running it. I could not > use the bundled CentOS4.3 Java as it would not run the console > application. > Right. > Can someone please help, I am not sure where to go next. > > > > > > Thanks, > > James T. Richardson, Jr. > jrichardson at x-iss.com > eXcellence in IS Solutions, Inc. > Office: 713-862-9200 x226 > NOTICE: > This message may contain privileged or otherwise confidential information. If you are not the intended recipient, please immediately advise the sender by reply email and delete the message and any attachments without using, copying or disclosing the contents. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jrichardson at x-iss.com Tue Aug 29 20:38:34 2006 From: jrichardson at x-iss.com (James Richardson) Date: Tue, 29 Aug 2006 15:38:34 -0500 Subject: [Fedora-directory-users] Problems installing FDS Message-ID: <98E55D6E1B3CFD43BDA59EEB56DD7D723298@sbs01.xiss.private> Doh! I spent a lot of effort tracking this down, making sure I had everything in order.... And I fat-fingered the address in DNS. Install works great now. :) Thanks, James T. Richardson, Jr. jrichardson at x-iss.com eXcellence in IS Solutions, Inc. Office: 713-862-9200 x226 -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Tuesday, August 29, 2006 3:31 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Problems installing FDS James Richardson wrote: > Hi All, > > I'm trying to get a test Fedora Directory server up and running and am > not having much success. > > When I complete the setup program I get the following output: > > > ---------------------------------------------------------------------- > -- > -- > [slapd-fds01]: starting up server ... > [slapd-fds01]: Fedora-Directory/1.0.2 B2006.060.1928 > [slapd-fds01]: fds01.mydomain.tld:389 (/opt/fedora-ds/slapd-fds01) > [slapd-fds01]: > [slapd-fds01]: [29/Aug/2006:15:23:05 -0500] - Fedora-Directory/1.0.2 > B2006.060.1 > 928 starting up > [slapd-fds01]: [29/Aug/2006:15:23:06 -0500] - slapd started. > Listening on All I nterfaces port 389 for LDAP requests Your new > directory server has been started. > Created new Directory Server > Start Slapd Starting Slapd server configuration. > Fatal Slapd ERROR: Ldap authentication failed for url > ldap://fds01.mydomain.tld: > 389/o=NetscapeRoot user id admin (151:Unknown error.) Fatal Slapd Did > not add Directory Server information to Configuration Server. > Configuring Administration Server... > Setting up Administration Server Instance... > ERROR: Administration Server configuration failed. > You can now use the console. Here is the command to use to start the > console: > cd /opt/fedora-ds > ./startconsole -u admin -a http://fds01.mydomain.tld:55573/ INFO > Finished with setup, logfile is setup/setup.log > [root at fds01 ~]# > ---------------------------------------------------------------------- > -- > -- > > I am a bit troubled by the errors it reports. Also, "fds01.mydomain.tld" > is in DNS correctly. err 151 usually indicates some problem with hostname or IP address resolution. Could it be that your /etc/nsswitch.conf or /etc/hosts or NIS settings cause fds01.mydomain.tld to resolve to a different IP, or that the IP resolves to a different hostname? > Also, nothing is listening on port 55573 as it tells me to connect the > console to. > Right. Installation failed, so the admin server is not running. > I also am not using the default Java that comes with CentOS 4.3. I > downloaded and installed IBMJava2 1.4.2 and am running it. I could not > use the bundled CentOS4.3 Java as it would not run the console > application. > Right. > Can someone please help, I am not sure where to go next. > > > > > > Thanks, > > James T. Richardson, Jr. > jrichardson at x-iss.com > eXcellence in IS Solutions, Inc. > Office: 713-862-9200 x226 > NOTICE: > This message may contain privileged or otherwise confidential information. If you are not the intended recipient, please immediately advise the sender by reply email and delete the message and any attachments without using, copying or disclosing the contents. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > NOTICE: This message may contain privileged or otherwise confidential information. If you are not the intended recipient, please immediately advise the sender by reply email and delete the message and any attachments without using, copying or disclosing the contents. From pkime at Shopzilla.com Tue Aug 29 21:29:27 2006 From: pkime at Shopzilla.com (Philip Kime) Date: Tue, 29 Aug 2006 14:29:27 -0700 Subject: [Fedora-directory-users] RE: Fedora-directory-users Digest, Vol 15, Issue 38 Message-ID: <9C0091F428E697439E7A773FFD0834270260BD@szexchange.Shopzilla.inc> > If you have heavy traffic, hitting on many different entries, you will > see memory grow as more entries are loaded into your caches. I think this is what is happening, yes. Presumably, it has to top-out somewhere when everything is in the cache ... PK From rmeggins at redhat.com Tue Aug 29 21:37:32 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 29 Aug 2006 15:37:32 -0600 Subject: [Fedora-directory-users] RE: Fedora-directory-users Digest, Vol 15, Issue 38 In-Reply-To: <9C0091F428E697439E7A773FFD0834270260BD@szexchange.Shopzilla.inc> References: <9C0091F428E697439E7A773FFD0834270260BD@szexchange.Shopzilla.inc> Message-ID: <44F4B39C.10103@redhat.com> Philip Kime wrote: >> If you have heavy traffic, hitting on many different entries, you will >> > > >> see memory grow as more entries are loaded into your caches. >> > > I think this is what is happening, yes. Presumably, it has to top-out > somewhere when everything is in the cache ... > Yes. > PK > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From Diana.Shepard at cusys.edu Tue Aug 29 22:34:14 2006 From: Diana.Shepard at cusys.edu (Diana Shepard) Date: Tue, 29 Aug 2006 16:34:14 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <44F3A83C.30709@redhat.com> Message-ID: <7315857F21D51B449CC55ADE3A5683180156EBF2@ex2k3.ad.cusys.edu> Not sure how to tell if it is "a 64-bit java executable", but a clone of the box (a multi-master replicated environment) has no problems with the admin-server. Diana Shepard > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Richard Megginson > Sent: Monday, August 28, 2006 8:37 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > > Diana Shepard wrote: > > I'm runnins 64-bit RedHat Linux AS, version 4, 64-bit). java > > 1.4.2_04. > > > Is it a 64-bit java executable? I think a 32-bit java might > have problems loading 64-bit shared libs such as are included > with the 64-bit Fedora DS. > > Diana Shepard > > > > > >> -----Original Message----- > >> From: fedora-directory-users-bounces at redhat.com > >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > >> Of Richard Megginson > >> Sent: Monday, August 28, 2006 4:44 PM > >> To: General discussion list for the Fedora Directory > server project. > >> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > >> > >> Diana Shepard wrote: > >> > >>> The problem is that whenever I try to start the Directory Server > >>> Console via command line "startconsole", I get the > following error > >>> (libjss3.so is in /opt/fedora-ds/lib, and readable): > >>> > >>> > >> What OS and version are you running? 32bit or 64bit? Which > >> java are you using? > >> > >>> > >>> > >>> Exception in thread "main" java.lang.UnsatisfiedLinkError: > >>> /opt/fedora-ds/lib/libjss3.so: > >>> > >> /opt/fedora-ds/lib/libjss3.so: cannot > >> > >>> open shared object file: No such file or directory > >>> > >>> at java.lang.ClassLoader$NativeLibrary.load(Native Method) > >>> at > java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) > >>> at > java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) > >>> at java.lang.Runtime.loadLibrary0(Runtime.java:788) > >>> at java.lang.System.loadLibrary(System.java:834) > >>> at > >>> > >>> > >> > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1 > >> > >>> 330) > >>> > >>> at > >>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) > >>> at > >>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) > >>> at > >>> > >>> > >> > com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown > >> > >>> Source) > >>> at > >>> > >>> > >> > com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocke > >> > >>> tFactory(Unknown > >>> Source) > >>> at > >>> > >>> > >> > com.netscape.management.client.console.Console.LDAPinitialization(Unkn > >> > >>> own > >>> Source) > >>> at > >>> > >>> > >> > com.netscape.management.client.console.Console.(Unknown Source) > >> > >>> at > >>> > >> com.netscape.management.client.console.Console.main(Unknown > >> > >>> Source) > >>> > >>> > >>> > >>> Diana Shepard > >>> > >>> Date: Mon, 28 Aug 2006 15:59:40 -0600 > >>> From: Richard Megginson > >>> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > >>> only > >>> To: "General discussion list for the Fedora Directory > >>> > >> server project." > >> > >>> > >>> Message-ID: <44F3674C.1090202 at redhat.com> > >>> Content-Type: text/plain; charset="iso-8859-1" > >>> > >>> Diana Shepard wrote: > >>> > >>>> Is there a way to unistall and reinstall the admin-serv only? > >>>> > >>>> > >>> Maybe, it depends. > >>> > >>>> Mine seems to have gotten corrupted > >>>> somehow. > >>>> > >>>> > >>> What seems to be the problem? > >>> > >>>> Diana Shepard > >>>> University of Colorado > >>>> > >>>> > >>> > >>> > >>> > >>> > >> > ---------------------------------------------------------------------- > >> > >>> -- > >>> > >>> -- > >>> Fedora-directory-users mailing list > >>> Fedora-directory-users at redhat.com > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >>> > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > From rmeggins at redhat.com Tue Aug 29 23:28:05 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 29 Aug 2006 17:28:05 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <7315857F21D51B449CC55ADE3A5683180156EBF2@ex2k3.ad.cusys.edu> References: <7315857F21D51B449CC55ADE3A5683180156EBF2@ex2k3.ad.cusys.edu> Message-ID: <44F4CD85.6020601@redhat.com> Diana Shepard wrote: > Not sure how to tell if it is "a 64-bit java > executable", but a clone of the box > (a multi-master replicated environment) > has no problems with the admin-server. > Weird. To find out if it is a 64-bit native executable, do ls -l `which java` and keep following the symlinks (if any) until you find one that is not a symlink, then do file /path/to/that/java - note that if it points to /etc/alternatives/java, do /usr/sbin/alternatives --display java to find out which java executable it's using. If file tells you its a bourne script, you'll have to look in the bourne script file to find out where the real java executable is. For example, on my FC5 32bit system, I have the IBM JDK installed: # file /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not stripped > Diana Shepard > > >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf >> Of Richard Megginson >> Sent: Monday, August 28, 2006 8:37 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >> >> Diana Shepard wrote: >> >>> I'm runnins 64-bit RedHat Linux AS, version 4, 64-bit). java >>> 1.4.2_04. >>> >>> >> Is it a 64-bit java executable? I think a 32-bit java might >> have problems loading 64-bit shared libs such as are included >> with the 64-bit Fedora DS. >> >>> Diana Shepard >>> >>> >>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces at redhat.com >>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf >>>> Of Richard Megginson >>>> Sent: Monday, August 28, 2006 4:44 PM >>>> To: General discussion list for the Fedora Directory >>>> >> server project. >> >>>> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >>>> >>>> Diana Shepard wrote: >>>> >>>> >>>>> The problem is that whenever I try to start the Directory Server >>>>> Console via command line "startconsole", I get the >>>>> >> following error >> >>>>> (libjss3.so is in /opt/fedora-ds/lib, and readable): >>>>> >>>>> >>>>> >>>> What OS and version are you running? 32bit or 64bit? Which >>>> java are you using? >>>> >>>> >>>>> >>>>> >>>>> Exception in thread "main" java.lang.UnsatisfiedLinkError: >>>>> /opt/fedora-ds/lib/libjss3.so: >>>>> >>>>> >>>> /opt/fedora-ds/lib/libjss3.so: cannot >>>> >>>> >>>>> open shared object file: No such file or directory >>>>> >>>>> at java.lang.ClassLoader$NativeLibrary.load(Native Method) >>>>> at >>>>> >> java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) >> >>>>> at >>>>> >> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) >> >>>>> at java.lang.Runtime.loadLibrary0(Runtime.java:788) >>>>> at java.lang.System.loadLibrary(System.java:834) >>>>> at >>>>> >>>>> >>>>> >> org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1 >> >>>> >>>> >>>>> 330) >>>>> >>>>> at >>>>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) >>>>> at >>>>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) >>>>> at >>>>> >>>>> >>>>> >> com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown >> >>>> >>>> >>>>> Source) >>>>> at >>>>> >>>>> >>>>> >> com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocke >> >>>> >>>> >>>>> tFactory(Unknown >>>>> Source) >>>>> at >>>>> >>>>> >>>>> >> com.netscape.management.client.console.Console.LDAPinitialization(Unkn >> >>>> >>>> >>>>> own >>>>> Source) >>>>> at >>>>> >>>>> >>>>> >> com.netscape.management.client.console.Console.(Unknown Source) >> >>>> >>>> >>>>> at >>>>> >>>>> >>>> com.netscape.management.client.console.Console.main(Unknown >>>> >>>> >>>>> Source) >>>>> >>>>> >>>>> >>>>> Diana Shepard >>>>> >>>>> Date: Mon, 28 Aug 2006 15:59:40 -0600 >>>>> From: Richard Megginson >>>>> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >>>>> only >>>>> To: "General discussion list for the Fedora Directory >>>>> >>>>> >>>> server project." >>>> >>>> >>>>> >>>>> Message-ID: <44F3674C.1090202 at redhat.com> >>>>> Content-Type: text/plain; charset="iso-8859-1" >>>>> >>>>> Diana Shepard wrote: >>>>> >>>>> >>>>>> Is there a way to unistall and reinstall the admin-serv only? >>>>>> >>>>>> >>>>>> >>>>> Maybe, it depends. >>>>> >>>>> >>>>>> Mine seems to have gotten corrupted >>>>>> somehow. >>>>>> >>>>>> >>>>>> >>>>> What seems to be the problem? >>>>> >>>>> >>>>>> Diana Shepard >>>>>> University of Colorado >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >> ---------------------------------------------------------------------- >> >>>> >>>> >>>>> -- >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From seriv at omniti.com Wed Aug 30 18:10:04 2006 From: seriv at omniti.com (Sergey Ivanov) Date: Wed, 30 Aug 2006 14:10:04 -0400 Subject: [Fedora-directory-users] how to bind fedora-ds to one of IPs? Message-ID: <44F5D47C.40705@omniti.com> Hi, I'd like to restrict ns-slapd to listen to LAN. It is installed at the computer having 2 interfaces, pointing to WAN and LAN. Are there some way to bind ns-slapd to listen for one of these 2 IPs, not to 0.0.0.0? -- WBR, Sergey From nkinder at redhat.com Wed Aug 30 18:30:54 2006 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 30 Aug 2006 11:30:54 -0700 Subject: [Fedora-directory-users] how to bind fedora-ds to one of IPs? In-Reply-To: <44F5D47C.40705@omniti.com> References: <44F5D47C.40705@omniti.com> Message-ID: <44F5D95E.60108@redhat.com> Sergey Ivanov wrote: > Hi, > I'd like to restrict ns-slapd to listen to LAN. It is installed at the > computer having 2 interfaces, pointing to WAN and LAN. Are there some > way to bind ns-slapd to listen for one of these 2 IPs, not to 0.0.0.0? > > You can use the nsslapd-listenhost configuration parameter to set a specific address that you want the server to listen on. Details about this configuration parameter are located in the docs at http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf. -NGK -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From jrichardson at x-iss.com Wed Aug 30 18:43:36 2006 From: jrichardson at x-iss.com (James Richardson) Date: Wed, 30 Aug 2006 13:43:36 -0500 Subject: [Fedora-directory-users] Howto on Basic Setup Message-ID: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> Hi All, There seems to be a lot of install/design documentation regarding FDS, however I've not been able to find a quick "howto" on setting a FDS up for a small company. For example, say a shop with 25-50 linux machines and 150 or so user accounts. For example, what all attributes should I be applying to my user objects? Is it necessary to subclass the schema or is there something already that fits my needs out there? Ninty-Five percent of the job of this FDS will be authentication user accounts to linux machines (other 5% could be authenticating web access or something like that). Thanks, James T. Richardson, Jr. jrichardson at x-iss.com eXcellence in IS Solutions, Inc. Office: 713-862-9200 x226 NOTICE: This message may contain privileged or otherwise confidential information. If you are not the intended recipient, please immediately advise the sender by reply email and delete the message and any attachments without using, copying or disclosing the contents. -------------- next part -------------- An HTML attachment was scrubbed... URL: From seriv at omniti.com Wed Aug 30 18:49:07 2006 From: seriv at omniti.com (Sergey Ivanov) Date: Wed, 30 Aug 2006 14:49:07 -0400 Subject: [Fedora-directory-users] how to bind fedora-ds to one of IPs? In-Reply-To: <44F5D95E.60108@redhat.com> References: <44F5D47C.40705@omniti.com> <44F5D95E.60108@redhat.com> Message-ID: <44F5DDA3.9030204@omniti.com> Nathan Kinder wrote: > Sergey Ivanov wrote: >> Hi, >> I'd like to restrict ns-slapd to listen to LAN. It is installed at the >> computer having 2 interfaces, pointing to WAN and LAN. Are there some >> way to bind ns-slapd to listen for one of these 2 IPs, not to 0.0.0.0? >> >> > You can use the nsslapd-listenhost configuration parameter to set a > specific address that you want the server to listen on. Details about > this configuration parameter are located in the docs at > http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf. Thank you very much, your answer was very quick and helpful. -- Sergey. From Diana.Shepard at cusys.edu Wed Aug 30 19:01:05 2006 From: Diana.Shepard at cusys.edu (Diana Shepard) Date: Wed, 30 Aug 2006 13:01:05 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <44F4CD85.6020601@redhat.com> Message-ID: <7315857F21D51B449CC55ADE3A5683180156ECAF@ex2k3.ad.cusys.edu> So back to my original question, is there a way to uninstall and reinstall the admin-serv only? Diana Shepard > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Richard Megginson > Sent: Tuesday, August 29, 2006 5:28 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > > Diana Shepard wrote: > > Not sure how to tell if it is "a 64-bit java executable", > but a clone > > of the box (a multi-master replicated environment) has no problems > > with the admin-server. > > > Weird. To find out if it is a 64-bit native executable, do > ls -l `which java` and keep following the symlinks (if any) > until you find one that is not a symlink, then do file > /path/to/that/java - note that if it points to > /etc/alternatives/java, do /usr/sbin/alternatives --display > java to find out which java executable it's using. If file > tells you its a bourne script, you'll have to look in the > bourne script file to find out where the real java executable > is. For example, on my FC5 32bit system, I have the IBM JDK > installed: > # file /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin > /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin: ELF > 32-bit LSB executable, Intel 80386, version 1 (SYSV), for > GNU/Linux 2.2.5, dynamically linked (uses shared libs), for > GNU/Linux 2.2.5, not stripped > > > Diana Shepard > > > > > >> -----Original Message----- > >> From: fedora-directory-users-bounces at redhat.com > >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of > >> Richard Megginson > >> Sent: Monday, August 28, 2006 8:37 PM > >> To: General discussion list for the Fedora Directory > server project. > >> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > >> > >> Diana Shepard wrote: > >> > >>> I'm runnins 64-bit RedHat Linux AS, version 4, 64-bit). java > >>> 1.4.2_04. > >>> > >>> > >> Is it a 64-bit java executable? I think a 32-bit java might have > >> problems loading 64-bit shared libs such as are included with the > >> 64-bit Fedora DS. > >> > >>> Diana Shepard > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: fedora-directory-users-bounces at redhat.com > >>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of > >>>> Richard Megginson > >>>> Sent: Monday, August 28, 2006 4:44 PM > >>>> To: General discussion list for the Fedora Directory > >>>> > >> server project. > >> > >>>> Subject: Re: [Fedora-directory-users] install/uninstall > admin-serv > >>>> > >>>> Diana Shepard wrote: > >>>> > >>>> > >>>>> The problem is that whenever I try to start the > Directory Server > >>>>> Console via command line "startconsole", I get the > >>>>> > >> following error > >> > >>>>> (libjss3.so is in /opt/fedora-ds/lib, and readable): > >>>>> > >>>>> > >>>>> > >>>> What OS and version are you running? 32bit or 64bit? > Which java > >>>> are you using? > >>>> > >>>> > >>>>> > >>>>> > >>>>> Exception in thread "main" java.lang.UnsatisfiedLinkError: > >>>>> /opt/fedora-ds/lib/libjss3.so: > >>>>> > >>>>> > >>>> /opt/fedora-ds/lib/libjss3.so: cannot > >>>> > >>>> > >>>>> open shared object file: No such file or directory > >>>>> > >>>>> at > java.lang.ClassLoader$NativeLibrary.load(Native Method) > >>>>> at > >>>>> > >> java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) > >> > >>>>> at > >>>>> > >> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) > >> > >>>>> at java.lang.Runtime.loadLibrary0(Runtime.java:788) > >>>>> at java.lang.System.loadLibrary(System.java:834) > >>>>> at > >>>>> > >>>>> > >>>>> > >> > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java: > >> 1 > >> > >>>> > >>>> > >>>>> 330) > >>>>> > >>>>> at > >>>>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) > >>>>> at > >>>>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) > >>>>> at > >>>>> > >>>>> > >>>>> > >> > com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknow > >> n > >> > >>>> > >>>> > >>>>> Source) > >>>>> at > >>>>> > >>>>> > >>>>> > >> > com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSock > >> e > >> > >>>> > >>>> > >>>>> tFactory(Unknown > >>>>> Source) > >>>>> at > >>>>> > >>>>> > >>>>> > >> > com.netscape.management.client.console.Console.LDAPinitialization(Unk > >> n > >> > >>>> > >>>> > >>>>> own > >>>>> Source) > >>>>> at > >>>>> > >>>>> > >>>>> > >> > com.netscape.management.client.console.Console.(Unknown Source) > >> > >>>> > >>>> > >>>>> at > >>>>> > >>>>> > >>>> com.netscape.management.client.console.Console.main(Unknown > >>>> > >>>> > >>>>> Source) > >>>>> > >>>>> > >>>>> > >>>>> Diana Shepard > >>>>> > >>>>> Date: Mon, 28 Aug 2006 15:59:40 -0600 > >>>>> From: Richard Megginson > >>>>> Subject: Re: [Fedora-directory-users] install/uninstall > admin-serv > >>>>> only > >>>>> To: "General discussion list for the Fedora Directory > >>>>> > >>>>> > >>>> server project." > >>>> > >>>> > >>>>> > >>>>> Message-ID: <44F3674C.1090202 at redhat.com> > >>>>> Content-Type: text/plain; charset="iso-8859-1" > >>>>> > >>>>> Diana Shepard wrote: > >>>>> > >>>>> > >>>>>> Is there a way to unistall and reinstall the admin-serv only? > >>>>>> > >>>>>> > >>>>>> > >>>>> Maybe, it depends. > >>>>> > >>>>> > >>>>>> Mine seems to have gotten corrupted > >>>>>> somehow. > >>>>>> > >>>>>> > >>>>>> > >>>>> What seems to be the problem? > >>>>> > >>>>> > >>>>>> Diana Shepard > >>>>>> University of Colorado > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >> > --------------------------------------------------------------------- > >> - > >> > >>>> > >>>> > >>>>> -- > >>>>> > >>>>> -- > >>>>> Fedora-directory-users mailing list > >>>>> Fedora-directory-users at redhat.com > >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>> > >>>>> > >>>>> > >>> -- > >>> Fedora-directory-users mailing list > >>> Fedora-directory-users at redhat.com > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >>> > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > From mj at sci.fi Wed Aug 30 19:23:48 2006 From: mj at sci.fi (Mike Jackson) Date: Wed, 30 Aug 2006 22:23:48 +0300 Subject: [Fedora-directory-users] Howto on Basic Setup In-Reply-To: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> References: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> Message-ID: <44F5E5C4.1050500@sci.fi> James Richardson wrote: > Hi All, > > There seems to be a lot of install/design documentation regarding FDS, > however I've not been able to find a quick "howto" on setting a FDS up > for a small company. For example, say a shop with 25-50 linux machines > and 150 or so user accounts. > > For example, what all attributes should I be applying to my user > objects? Is it necessary to subclass the schema or is there something > already that fits my needs out there? Ninty-Five percent of the job of > this FDS will be authentication user accounts to linux machines (other > 5% could be authenticating web access or something like that). Hi, FDS includes the posixAccount, posixGroup, and inetOrgPerson object classes. You don't really need more than this to do simple user authentication for linux and apache, as well as basic personnel info management. I suggest creating user objects with the following classes: top person inetOrgPerson account posixAccount BR, -- mike From rmeggins at redhat.com Wed Aug 30 19:35:43 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 30 Aug 2006 13:35:43 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <7315857F21D51B449CC55ADE3A5683180156ECAF@ex2k3.ad.cusys.edu> References: <7315857F21D51B449CC55ADE3A5683180156ECAF@ex2k3.ad.cusys.edu> Message-ID: <44F5E88F.1030708@redhat.com> Diana Shepard wrote: > So back to my original question, is there a > way to uninstall and reinstall the admin-serv only? > Not exactly. I suppose you could use rpm2cpio fedora-ds.......rpm | cpio -i to extract all of the files under /opt/fedora-ds/bin/admin? > Diana Shepard > > > >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf >> Of Richard Megginson >> Sent: Tuesday, August 29, 2006 5:28 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >> >> Diana Shepard wrote: >> >>> Not sure how to tell if it is "a 64-bit java executable", >>> >> but a clone >> >>> of the box (a multi-master replicated environment) has no problems >>> with the admin-server. >>> >>> >> Weird. To find out if it is a 64-bit native executable, do >> ls -l `which java` and keep following the symlinks (if any) >> until you find one that is not a symlink, then do file >> /path/to/that/java - note that if it points to >> /etc/alternatives/java, do /usr/sbin/alternatives --display >> java to find out which java executable it's using. If file >> tells you its a bourne script, you'll have to look in the >> bourne script file to find out where the real java executable >> is. For example, on my FC5 32bit system, I have the IBM JDK >> installed: >> # file /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin >> /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin: ELF >> 32-bit LSB executable, Intel 80386, version 1 (SYSV), for >> GNU/Linux 2.2.5, dynamically linked (uses shared libs), for >> GNU/Linux 2.2.5, not stripped >> >> >>> Diana Shepard >>> >>> >>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces at redhat.com >>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>>> Richard Megginson >>>> Sent: Monday, August 28, 2006 8:37 PM >>>> To: General discussion list for the Fedora Directory >>>> >> server project. >> >>>> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >>>> >>>> Diana Shepard wrote: >>>> >>>> >>>>> I'm runnins 64-bit RedHat Linux AS, version 4, 64-bit). java >>>>> 1.4.2_04. >>>>> >>>>> >>>>> >>>> Is it a 64-bit java executable? I think a 32-bit java might have >>>> problems loading 64-bit shared libs such as are included with the >>>> 64-bit Fedora DS. >>>> >>>> >>>>> Diana Shepard >>>>> >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: fedora-directory-users-bounces at redhat.com >>>>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>>>>> Richard Megginson >>>>>> Sent: Monday, August 28, 2006 4:44 PM >>>>>> To: General discussion list for the Fedora Directory >>>>>> >>>>>> >>>> server project. >>>> >>>> >>>>>> Subject: Re: [Fedora-directory-users] install/uninstall >>>>>> >> admin-serv >> >>>>>> Diana Shepard wrote: >>>>>> >>>>>> >>>>>> >>>>>>> The problem is that whenever I try to start the >>>>>>> >> Directory Server >> >>>>>>> Console via command line "startconsole", I get the >>>>>>> >>>>>>> >>>> following error >>>> >>>> >>>>>>> (libjss3.so is in /opt/fedora-ds/lib, and readable): >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> What OS and version are you running? 32bit or 64bit? >>>>>> >> Which java >> >>>>>> are you using? >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> Exception in thread "main" java.lang.UnsatisfiedLinkError: >>>>>>> /opt/fedora-ds/lib/libjss3.so: >>>>>>> >>>>>>> >>>>>>> >>>>>> /opt/fedora-ds/lib/libjss3.so: cannot >>>>>> >>>>>> >>>>>> >>>>>>> open shared object file: No such file or directory >>>>>>> >>>>>>> at >>>>>>> >> java.lang.ClassLoader$NativeLibrary.load(Native Method) >> >>>>>>> at >>>>>>> >>>>>>> >>>> java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) >>>> >>>> >>>>>>> at >>>>>>> >>>>>>> >>>> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) >>>> >>>> >>>>>>> at java.lang.Runtime.loadLibrary0(Runtime.java:788) >>>>>>> at java.lang.System.loadLibrary(System.java:834) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>> >> org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java: >> >>>> 1 >>>> >>>> >>>>>> >>>>>> >>>>>> >>>>>>> 330) >>>>>>> >>>>>>> at >>>>>>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) >>>>>>> at >>>>>>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>> >> com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknow >> >>>> n >>>> >>>> >>>>>> >>>>>> >>>>>> >>>>>>> Source) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>> >> com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSock >> >>>> e >>>> >>>> >>>>>> >>>>>> >>>>>> >>>>>>> tFactory(Unknown >>>>>>> Source) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>> >> com.netscape.management.client.console.Console.LDAPinitialization(Unk >> >>>> n >>>> >>>> >>>>>> >>>>>> >>>>>> >>>>>>> own >>>>>>> Source) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>> >> com.netscape.management.client.console.Console.(Unknown Source) >> >>>> >>>> >>>>>> >>>>>> >>>>>> >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>> com.netscape.management.client.console.Console.main(Unknown >>>>>> >>>>>> >>>>>> >>>>>>> Source) >>>>>>> >>>>>>> >>>>>>> >>>>>>> Diana Shepard >>>>>>> >>>>>>> Date: Mon, 28 Aug 2006 15:59:40 -0600 >>>>>>> From: Richard Megginson >>>>>>> Subject: Re: [Fedora-directory-users] install/uninstall >>>>>>> >> admin-serv >> >>>>>>> only >>>>>>> To: "General discussion list for the Fedora Directory >>>>>>> >>>>>>> >>>>>>> >>>>>> server project." >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> Message-ID: <44F3674C.1090202 at redhat.com> >>>>>>> Content-Type: text/plain; charset="iso-8859-1" >>>>>>> >>>>>>> Diana Shepard wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Is there a way to unistall and reinstall the admin-serv only? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Maybe, it depends. >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Mine seems to have gotten corrupted >>>>>>>> somehow. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> What seems to be the problem? >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Diana Shepard >>>>>>>> University of Colorado >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >> --------------------------------------------------------------------- >> >>>> - >>>> >>>> >>>>>> >>>>>> >>>>>> >>>>>>> -- >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From rcritten at redhat.com Wed Aug 30 20:47:48 2006 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 30 Aug 2006 16:47:48 -0400 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <7315857F21D51B449CC55ADE3A5683180156ECAF@ex2k3.ad.cusys.edu> References: <7315857F21D51B449CC55ADE3A5683180156ECAF@ex2k3.ad.cusys.edu> Message-ID: <44F5F974.9060501@redhat.com> Your problem seems to be with the console client, not with the admin server. For some reason libjss3.so can't be loaded. This could be an architecute problem which is why Rich asked what you are running. You might try things like: # find /opt/fedora-ds -name libjss3.so (should be /opt/fedora-ds/lib/libjss3.so) # file /path/to/libjss3.so # ldd /path/to/libjss3.so Now the ldd may return some "not found". Many libraries are included locally in /opt/fedora-ds. rob Diana Shepard wrote: > So back to my original question, is there a > way to uninstall and reinstall the admin-serv only? > > Diana Shepard > > >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf >> Of Richard Megginson >> Sent: Tuesday, August 29, 2006 5:28 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >> >> Diana Shepard wrote: >>> Not sure how to tell if it is "a 64-bit java executable", >> but a clone >>> of the box (a multi-master replicated environment) has no problems >>> with the admin-server. >>> >> Weird. To find out if it is a 64-bit native executable, do >> ls -l `which java` and keep following the symlinks (if any) >> until you find one that is not a symlink, then do file >> /path/to/that/java - note that if it points to >> /etc/alternatives/java, do /usr/sbin/alternatives --display >> java to find out which java executable it's using. If file >> tells you its a bourne script, you'll have to look in the >> bourne script file to find out where the real java executable >> is. For example, on my FC5 32bit system, I have the IBM JDK >> installed: >> # file /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin >> /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin: ELF >> 32-bit LSB executable, Intel 80386, version 1 (SYSV), for >> GNU/Linux 2.2.5, dynamically linked (uses shared libs), for >> GNU/Linux 2.2.5, not stripped >> >>> Diana Shepard >>> >>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces at redhat.com >>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>>> Richard Megginson >>>> Sent: Monday, August 28, 2006 8:37 PM >>>> To: General discussion list for the Fedora Directory >> server project. >>>> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >>>> >>>> Diana Shepard wrote: >>>> >>>>> I'm runnins 64-bit RedHat Linux AS, version 4, 64-bit). java >>>>> 1.4.2_04. >>>>> >>>>> >>>> Is it a 64-bit java executable? I think a 32-bit java might have >>>> problems loading 64-bit shared libs such as are included with the >>>> 64-bit Fedora DS. >>>> >>>>> Diana Shepard >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: fedora-directory-users-bounces at redhat.com >>>>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>>>>> Richard Megginson >>>>>> Sent: Monday, August 28, 2006 4:44 PM >>>>>> To: General discussion list for the Fedora Directory >>>>>> >>>> server project. >>>> >>>>>> Subject: Re: [Fedora-directory-users] install/uninstall >> admin-serv >>>>>> Diana Shepard wrote: >>>>>> >>>>>> >>>>>>> The problem is that whenever I try to start the >> Directory Server >>>>>>> Console via command line "startconsole", I get the >>>>>>> >>>> following error >>>> >>>>>>> (libjss3.so is in /opt/fedora-ds/lib, and readable): >>>>>>> >>>>>>> >>>>>>> >>>>>> What OS and version are you running? 32bit or 64bit? >> Which java >>>>>> are you using? >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> Exception in thread "main" java.lang.UnsatisfiedLinkError: >>>>>>> /opt/fedora-ds/lib/libjss3.so: >>>>>>> >>>>>>> >>>>>> /opt/fedora-ds/lib/libjss3.so: cannot >>>>>> >>>>>> >>>>>>> open shared object file: No such file or directory >>>>>>> >>>>>>> at >> java.lang.ClassLoader$NativeLibrary.load(Native Method) >>>>>>> at >>>>>>> >>>> java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) >>>> >>>>>>> at >>>>>>> >>>> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) >>>> >>>>>>> at java.lang.Runtime.loadLibrary0(Runtime.java:788) >>>>>>> at java.lang.System.loadLibrary(System.java:834) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >> org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java: >>>> 1 >>>> >>>>>> >>>>>> >>>>>>> 330) >>>>>>> >>>>>>> at >>>>>>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) >>>>>>> at >>>>>>> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >> com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknow >>>> n >>>> >>>>>> >>>>>> >>>>>>> Source) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >> com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSock >>>> e >>>> >>>>>> >>>>>> >>>>>>> tFactory(Unknown >>>>>>> Source) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >> com.netscape.management.client.console.Console.LDAPinitialization(Unk >>>> n >>>> >>>>>> >>>>>> >>>>>>> own >>>>>>> Source) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >> com.netscape.management.client.console.Console.(Unknown Source) >>>> >>>>>> >>>>>> >>>>>>> at >>>>>>> >>>>>>> >>>>>> com.netscape.management.client.console.Console.main(Unknown >>>>>> >>>>>> >>>>>>> Source) >>>>>>> >>>>>>> >>>>>>> >>>>>>> Diana Shepard >>>>>>> >>>>>>> Date: Mon, 28 Aug 2006 15:59:40 -0600 >>>>>>> From: Richard Megginson >>>>>>> Subject: Re: [Fedora-directory-users] install/uninstall >> admin-serv >>>>>>> only >>>>>>> To: "General discussion list for the Fedora Directory >>>>>>> >>>>>>> >>>>>> server project." >>>>>> >>>>>> >>>>>>> >>>>>>> Message-ID: <44F3674C.1090202 at redhat.com> >>>>>>> Content-Type: text/plain; charset="iso-8859-1" >>>>>>> >>>>>>> Diana Shepard wrote: >>>>>>> >>>>>>> >>>>>>>> Is there a way to unistall and reinstall the admin-serv only? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Maybe, it depends. >>>>>>> >>>>>>> >>>>>>>> Mine seems to have gotten corrupted >>>>>>>> somehow. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> What seems to be the problem? >>>>>>> >>>>>>> >>>>>>>> Diana Shepard >>>>>>>> University of Colorado >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >> --------------------------------------------------------------------- >>>> - >>>> >>>>>> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From jrussler at helix.nih.gov Wed Aug 30 21:04:19 2006 From: jrussler at helix.nih.gov (Jason Russler) Date: Wed, 30 Aug 2006 17:04:19 -0400 Subject: [Fedora-directory-users] Howto on Basic Setup In-Reply-To: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> References: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> Message-ID: <44F5FD53.8090903@helix.nih.gov> Hi James, The packaged directory console includes a section for Unix (and WinNT) attributes for users that will apply everything you need in terms of object classes. Between that and the PAM howto (and possibly the SSL howto) on the FDS website, you should have everything you need to get this going. Cheers, -Jason James Richardson wrote: > Hi All, > > There seems to be a lot of install/design documentation regarding FDS, > however I've not been able to find a quick "howto" on setting a FDS up > for a small company. For example, say a shop with 25-50 linux machines > and 150 or so user accounts. > > For example, what all attributes should I be applying to my user > objects? Is it necessary to subclass the schema or is there something > already that fits my needs out there? Ninty-Five percent of the job of > this FDS will be authentication user accounts to linux machines (other > 5% could be authenticating web access or something like that). > > > > Thanks, > > James T. Richardson, Jr. > jrichardson at x-iss.com > eXcellence in IS Solutions, Inc. > Office: 713-862-9200 x226 > > > NOTICE: > This message may contain privileged or otherwise confidential information. If you are not the intended recipient, please immediately advise the sender by reply email and delete the message and any attachments without using, copying or disclosing the contents. > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From Diana.Shepard at cusys.edu Wed Aug 30 21:31:12 2006 From: Diana.Shepard at cusys.edu (Diana Shepard) Date: Wed, 30 Aug 2006 15:31:12 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <44F5F974.9060501@redhat.com> Message-ID: <7315857F21D51B449CC55ADE3A5683180156ED08@ex2k3.ad.cusys.edu> Thank you for your response. The file does exist in the /opt/fedora-ds/lib directory, and is readable, even though the error says: "/opt/fedora-ds/lib/libjss3.so: cannot open shared object file: No such file or directory" Why can't it find it! I tried setting an LD_LIBRARY_PATH; no help. Also, ldd shows: # ldd /opt/fedora-ds/lib/libjss3.so libnss3.so => /opt/fedora-ds/bin/admin/lib/libnss3.so (0x0000002a95682000) libsmime3.so => /opt/fedora-ds/bin/admin/lib/libsmime3.so (0x0000002a95808000) libssl3.so => /opt/fedora-ds/bin/admin/lib/libssl3.so (0x0000002a95933000) libplc4.so => /opt/fedora-ds/bin/admin/lib/libplc4.so (0x0000002a95a60000) libplds4.so => /opt/fedora-ds/bin/admin/lib/libplds4.so (0x0000002a95b65000) libnspr4.so => /opt/fedora-ds/bin/admin/lib/libnspr4.so (0x0000002a95c68000) libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a95dae000) libsoftokn3.so => /opt/fedora-ds/bin/admin/lib/libsoftokn3.so (0x0000002a95fe2000) libpthread.so.0 => /lib64/tls/libpthread.so.0 (0x0000002a9613a000) libdl.so.2 => /lib64/libdl.so.2 (0x0000002a96250000) /lib64/ld-linux-x86-64.so.2 (0x000000552aaaa000) Diana Shepard > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Rob Crittenden > Sent: Wednesday, August 30, 2006 2:48 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > > Your problem seems to be with the console client, not with > the admin server. For some reason libjss3.so can't be loaded. > This could be an architecute problem which is why Rich asked > what you are running. > > You might try things like: > > # find /opt/fedora-ds -name libjss3.so (should be > /opt/fedora-ds/lib/libjss3.so) > # file /path/to/libjss3.so > # ldd /path/to/libjss3.so > > Now the ldd may return some "not found". Many libraries are > included locally in /opt/fedora-ds. > > rob > > Diana Shepard wrote: > > So back to my original question, is there a way to uninstall and > > reinstall the admin-serv only? > > > > Diana Shepard > > > > > >> -----Original Message----- > >> From: fedora-directory-users-bounces at redhat.com > >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of > >> Richard Megginson > >> Sent: Tuesday, August 29, 2006 5:28 PM > >> To: General discussion list for the Fedora Directory > server project. > >> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv > >> > >> Diana Shepard wrote: > >>> Not sure how to tell if it is "a 64-bit java executable", > >> but a clone > >>> of the box (a multi-master replicated environment) has no > problems > >>> with the admin-server. > >>> > >> Weird. To find out if it is a 64-bit native executable, do ls -l > >> `which java` and keep following the symlinks (if any) > until you find > >> one that is not a symlink, then do file /path/to/that/java - note > >> that if it points to /etc/alternatives/java, do > >> /usr/sbin/alternatives --display java to find out which java > >> executable it's using. If file tells you its a bourne > script, you'll > >> have to look in the bourne script file to find out where the real > >> java executable is. For example, on my FC5 32bit system, > I have the > >> IBM JDK > >> installed: > >> # file /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin > >> /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin: ELF > 32-bit LSB > >> executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, > >> dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not > >> stripped > >> > >>> Diana Shepard > >>> > >>> > >>>> -----Original Message----- > >>>> From: fedora-directory-users-bounces at redhat.com > >>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of > >>>> Richard Megginson > >>>> Sent: Monday, August 28, 2006 8:37 PM > >>>> To: General discussion list for the Fedora Directory > >> server project. > >>>> Subject: Re: [Fedora-directory-users] install/uninstall > admin-serv > >>>> > >>>> Diana Shepard wrote: > >>>> > >>>>> I'm runnins 64-bit RedHat Linux AS, version 4, 64-bit). java > >>>>> 1.4.2_04. > >>>>> > >>>>> > >>>> Is it a 64-bit java executable? I think a 32-bit java > might have > >>>> problems loading 64-bit shared libs such as are included > with the > >>>> 64-bit Fedora DS. > >>>> > >>>>> Diana Shepard > >>>>> > >>>>> > >>>>> > >>>>>> -----Original Message----- > >>>>>> From: fedora-directory-users-bounces at redhat.com > >>>>>> [mailto:fedora-directory-users-bounces at redhat.com] On > Behalf Of > >>>>>> Richard Megginson > >>>>>> Sent: Monday, August 28, 2006 4:44 PM > >>>>>> To: General discussion list for the Fedora Directory > >>>>>> > >>>> server project. > >>>> > >>>>>> Subject: Re: [Fedora-directory-users] install/uninstall > >> admin-serv > >>>>>> Diana Shepard wrote: > >>>>>> > >>>>>> > >>>>>>> The problem is that whenever I try to start the > >> Directory Server > >>>>>>> Console via command line "startconsole", I get the > >>>>>>> > >>>> following error > >>>> > >>>>>>> (libjss3.so is in /opt/fedora-ds/lib, and readable): > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> What OS and version are you running? 32bit or 64bit? > >> Which java > >>>>>> are you using? > >>>>>> > >>>>>> > >>>>>>> > >>>>>>> > >>>>>>> Exception in thread "main" java.lang.UnsatisfiedLinkError: > >>>>>>> /opt/fedora-ds/lib/libjss3.so: > >>>>>>> > >>>>>>> > >>>>>> /opt/fedora-ds/lib/libjss3.so: cannot > >>>>>> > >>>>>> > >>>>>>> open shared object file: No such file or directory > >>>>>>> > >>>>>>> at > >> java.lang.ClassLoader$NativeLibrary.load(Native Method) > >>>>>>> at > >>>>>>> > >>>> java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) > >>>> > >>>>>>> at > >>>>>>> > >>>> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) > >>>> > >>>>>>> at java.lang.Runtime.loadLibrary0(Runtime.java:788) > >>>>>>> at java.lang.System.loadLibrary(System.java:834) > >>>>>>> at > >>>>>>> > >>>>>>> > >>>>>>> > >> > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java: > >>>> 1 > >>>> > >>>>>> > >>>>>> > >>>>>>> 330) > >>>>>>> > >>>>>>> at > >>>>>>> > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) > >>>>>>> at > >>>>>>> > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) > >>>>>>> at > >>>>>>> > >>>>>>> > >>>>>>> > >> > com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknow > >>>> n > >>>> > >>>>>> > >>>>>> > >>>>>>> Source) > >>>>>>> at > >>>>>>> > >>>>>>> > >>>>>>> > >> > com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSock > >>>> e > >>>> > >>>>>> > >>>>>> > >>>>>>> tFactory(Unknown > >>>>>>> Source) > >>>>>>> at > >>>>>>> > >>>>>>> > >>>>>>> > >> > com.netscape.management.client.console.Console.LDAPinitialization(Unk > >>>> n > >>>> > >>>>>> > >>>>>> > >>>>>>> own > >>>>>>> Source) > >>>>>>> at > >>>>>>> > >>>>>>> > >>>>>>> > >> > com.netscape.management.client.console.Console.(Unknown Source) > >>>> > >>>>>> > >>>>>> > >>>>>>> at > >>>>>>> > >>>>>>> > >>>>>> com.netscape.management.client.console.Console.main(Unknown > >>>>>> > >>>>>> > >>>>>>> Source) > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> Diana Shepard > >>>>>>> > >>>>>>> Date: Mon, 28 Aug 2006 15:59:40 -0600 > >>>>>>> From: Richard Megginson > >>>>>>> Subject: Re: [Fedora-directory-users] install/uninstall > >> admin-serv > >>>>>>> only > >>>>>>> To: "General discussion list for the Fedora Directory > >>>>>>> > >>>>>>> > >>>>>> server project." > >>>>>> > >>>>>> > >>>>>>> > >>>>>>> Message-ID: <44F3674C.1090202 at redhat.com> > >>>>>>> Content-Type: text/plain; charset="iso-8859-1" > >>>>>>> > >>>>>>> Diana Shepard wrote: > >>>>>>> > >>>>>>> > >>>>>>>> Is there a way to unistall and reinstall the admin-serv only? > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> Maybe, it depends. > >>>>>>> > >>>>>>> > >>>>>>>> Mine seems to have gotten corrupted > >>>>>>>> somehow. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> What seems to be the problem? > >>>>>>> > >>>>>>> > >>>>>>>> Diana Shepard > >>>>>>>> University of Colorado > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >> > --------------------------------------------------------------------- > >>>> - > >>>> > >>>>>> > From lesmikesell at gmail.com Wed Aug 30 22:35:55 2006 From: lesmikesell at gmail.com (Les Mikesell) Date: Wed, 30 Aug 2006 17:35:55 -0500 Subject: [Fedora-directory-users] Howto on Basic Setup In-Reply-To: <44F5E5C4.1050500@sci.fi> References: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> <44F5E5C4.1050500@sci.fi> Message-ID: <1156977356.14778.2.camel@moola.futuresource.com> On Wed, 2006-08-30 at 22:23 +0300, Mike Jackson wrote: > > There seems to be a lot of install/design documentation regarding FDS, > > however I've not been able to find a quick "howto" on setting a FDS up > > for a small company. For example, say a shop with 25-50 linux machines > > and 150 or so user accounts. > Hi, > FDS includes the posixAccount, posixGroup, and inetOrgPerson object > classes. You don't really need more than this to do simple user > authentication for linux and apache, as well as basic personnel info > management. And if you want to also use it as a back end for samba windows domain authentication with the same users/passwords? -- Les Mikesell lesmikesell at gmail.com From craigwhite at azapple.com Wed Aug 30 22:45:56 2006 From: craigwhite at azapple.com (Craig White) Date: Wed, 30 Aug 2006 15:45:56 -0700 Subject: [Fedora-directory-users] Howto on Basic Setup In-Reply-To: <1156977356.14778.2.camel@moola.futuresource.com> References: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> <44F5E5C4.1050500@sci.fi> <1156977356.14778.2.camel@moola.futuresource.com> Message-ID: <1156977956.19318.6.camel@lin-workstation.azapple.com> On Wed, 2006-08-30 at 17:35 -0500, Les Mikesell wrote: > On Wed, 2006-08-30 at 22:23 +0300, Mike Jackson wrote: > > > > There seems to be a lot of install/design documentation regarding FDS, > > > however I've not been able to find a quick "howto" on setting a FDS up > > > for a small company. For example, say a shop with 25-50 linux machines > > > and 150 or so user accounts. > > > Hi, > > FDS includes the posixAccount, posixGroup, and inetOrgPerson object > > classes. You don't really need more than this to do simple user > > authentication for linux and apache, as well as basic personnel info > > management. > > And if you want to also use it as a back end for samba windows domain > authentication with the same users/passwords? ----- that's a horse of another color First you would have to import the samba schema appropriate for the version of samba you are using. Then you would have to realize that the samba schema has objectclasses/attributes that have nothing to do with posixAccount/posixGroup/inetOrgPerson attributes (well, I do use posixGroup but that is with sambaGroupMapping attributes. Then you would want to use a client that allows a single password entry and encodes it for the userPassword (posixAccount/shadowAccount) attribute and for the sambaNTPassword and optionally the sambaLMPassword. Clients for this purpose are listed here... http://wiki.samba.org/index.php/Samba_%26_LDAP or of course, you can write your own code to accomplish this Craig From rmeggins at redhat.com Wed Aug 30 23:44:03 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 30 Aug 2006 17:44:03 -0600 Subject: [Fedora-directory-users] install/uninstall admin-serv In-Reply-To: <7315857F21D51B449CC55ADE3A5683180156ED08@ex2k3.ad.cusys.edu> References: <7315857F21D51B449CC55ADE3A5683180156ED08@ex2k3.ad.cusys.edu> Message-ID: <44F622C3.6050006@redhat.com> Diana Shepard wrote: > Thank you for your response. The file does exist in > the /opt/fedora-ds/lib directory, and is readable, even > though the error says: > > "/opt/fedora-ds/lib/libjss3.so: cannot > open shared object file: No such file or directory" > > Why can't it find it! I tried setting an LD_LIBRARY_PATH; > no help. > I believe there are some java or ld.so flags and/or environment variables that can provide greater detail about dynamic library loading. Does anyone know off the top of her/his head? Also, try writing a small test program that just loads in a JSS class to see what that does. > Also, ldd shows: > > # ldd /opt/fedora-ds/lib/libjss3.so > libnss3.so => /opt/fedora-ds/bin/admin/lib/libnss3.so > (0x0000002a95682000) > libsmime3.so => /opt/fedora-ds/bin/admin/lib/libsmime3.so > (0x0000002a95808000) > libssl3.so => /opt/fedora-ds/bin/admin/lib/libssl3.so > (0x0000002a95933000) > libplc4.so => /opt/fedora-ds/bin/admin/lib/libplc4.so > (0x0000002a95a60000) > libplds4.so => /opt/fedora-ds/bin/admin/lib/libplds4.so > (0x0000002a95b65000) > libnspr4.so => /opt/fedora-ds/bin/admin/lib/libnspr4.so > (0x0000002a95c68000) > libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a95dae000) > libsoftokn3.so => /opt/fedora-ds/bin/admin/lib/libsoftokn3.so > (0x0000002a95fe2000) > libpthread.so.0 => /lib64/tls/libpthread.so.0 > (0x0000002a9613a000) > libdl.so.2 => /lib64/libdl.so.2 (0x0000002a96250000) > /lib64/ld-linux-x86-64.so.2 (0x000000552aaaa000) > > Diana Shepard > > > > >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf >> Of Rob Crittenden >> Sent: Wednesday, August 30, 2006 2:48 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >> >> Your problem seems to be with the console client, not with >> the admin server. For some reason libjss3.so can't be loaded. >> This could be an architecute problem which is why Rich asked >> what you are running. >> >> You might try things like: >> >> # find /opt/fedora-ds -name libjss3.so (should be >> /opt/fedora-ds/lib/libjss3.so) >> # file /path/to/libjss3.so >> # ldd /path/to/libjss3.so >> >> Now the ldd may return some "not found". Many libraries are >> included locally in /opt/fedora-ds. >> >> rob >> >> Diana Shepard wrote: >> >>> So back to my original question, is there a way to uninstall and >>> reinstall the admin-serv only? >>> >>> Diana Shepard >>> >>> >>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces at redhat.com >>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>>> Richard Megginson >>>> Sent: Tuesday, August 29, 2006 5:28 PM >>>> To: General discussion list for the Fedora Directory >>>> >> server project. >> >>>> Subject: Re: [Fedora-directory-users] install/uninstall admin-serv >>>> >>>> Diana Shepard wrote: >>>> >>>>> Not sure how to tell if it is "a 64-bit java executable", >>>>> >>>> but a clone >>>> >>>>> of the box (a multi-master replicated environment) has no >>>>> >> problems >> >>>>> with the admin-server. >>>>> >>>>> >>>> Weird. To find out if it is a 64-bit native executable, do ls -l >>>> `which java` and keep following the symlinks (if any) >>>> >> until you find >> >>>> one that is not a symlink, then do file /path/to/that/java - note >>>> that if it points to /etc/alternatives/java, do >>>> /usr/sbin/alternatives --display java to find out which java >>>> executable it's using. If file tells you its a bourne >>>> >> script, you'll >> >>>> have to look in the bourne script file to find out where the real >>>> java executable is. For example, on my FC5 32bit system, >>>> >> I have the >> >>>> IBM JDK >>>> installed: >>>> # file /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin >>>> /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin: ELF >>>> >> 32-bit LSB >> >>>> executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, >>>> dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not >>>> stripped >>>> >>>> >>>>> Diana Shepard >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: fedora-directory-users-bounces at redhat.com >>>>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>>>>> Richard Megginson >>>>>> Sent: Monday, August 28, 2006 8:37 PM >>>>>> To: General discussion list for the Fedora Directory >>>>>> >>>> server project. >>>> >>>>>> Subject: Re: [Fedora-directory-users] install/uninstall >>>>>> >> admin-serv >> >>>>>> Diana Shepard wrote: >>>>>> >>>>>> >>>>>>> I'm runnins 64-bit RedHat Linux AS, version 4, 64-bit). java >>>>>>> 1.4.2_04. >>>>>>> >>>>>>> >>>>>>> >>>>>> Is it a 64-bit java executable? I think a 32-bit java >>>>>> >> might have >> >>>>>> problems loading 64-bit shared libs such as are included >>>>>> >> with the >> >>>>>> 64-bit Fedora DS. >>>>>> >>>>>> >>>>>>> Diana Shepard >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: fedora-directory-users-bounces at redhat.com >>>>>>>> [mailto:fedora-directory-users-bounces at redhat.com] On >>>>>>>> >> Behalf Of >> >>>>>>>> Richard Megginson >>>>>>>> Sent: Monday, August 28, 2006 4:44 PM >>>>>>>> To: General discussion list for the Fedora Directory >>>>>>>> >>>>>>>> >>>>>> server project. >>>>>> >>>>>> >>>>>>>> Subject: Re: [Fedora-directory-users] install/uninstall >>>>>>>> >>>> admin-serv >>>> >>>>>>>> Diana Shepard wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> The problem is that whenever I try to start the >>>>>>>>> >>>> Directory Server >>>> >>>>>>>>> Console via command line "startconsole", I get the >>>>>>>>> >>>>>>>>> >>>>>> following error >>>>>> >>>>>> >>>>>>>>> (libjss3.so is in /opt/fedora-ds/lib, and readable): >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> What OS and version are you running? 32bit or 64bit? >>>>>>>> >>>> Which java >>>> >>>>>>>> are you using? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Exception in thread "main" java.lang.UnsatisfiedLinkError: >>>>>>>>> /opt/fedora-ds/lib/libjss3.so: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> /opt/fedora-ds/lib/libjss3.so: cannot >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> open shared object file: No such file or directory >>>>>>>>> >>>>>>>>> at >>>>>>>>> >>>> java.lang.ClassLoader$NativeLibrary.load(Native Method) >>>> >>>>>>>>> at >>>>>>>>> >>>>>>>>> >>>>>> java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560) >>>>>> >>>>>> >>>>>>>>> at >>>>>>>>> >>>>>>>>> >>>>>> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485) >>>>>> >>>>>> >>>>>>>>> at java.lang.Runtime.loadLibrary0(Runtime.java:788) >>>>>>>>> at java.lang.System.loadLibrary(System.java:834) >>>>>>>>> at >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >> org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java: >> >>>>>> 1 >>>>>> >>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> 330) >>>>>>>>> >>>>>>>>> at >>>>>>>>> >>>>>>>>> >> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) >> >>>>>>>>> at >>>>>>>>> >>>>>>>>> >> org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) >> >>>>>>>>> at >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >> com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknow >> >>>>>> n >>>>>> >>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Source) >>>>>>>>> at >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >> com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSock >> >>>>>> e >>>>>> >>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> tFactory(Unknown >>>>>>>>> Source) >>>>>>>>> at >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >> com.netscape.management.client.console.Console.LDAPinitialization(Unk >> >>>>>> n >>>>>> >>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> own >>>>>>>>> Source) >>>>>>>>> at >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >> com.netscape.management.client.console.Console.(Unknown Source) >> >>>>>> >>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> at >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> com.netscape.management.client.console.Console.main(Unknown >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Source) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Diana Shepard >>>>>>>>> >>>>>>>>> Date: Mon, 28 Aug 2006 15:59:40 -0600 >>>>>>>>> From: Richard Megginson >>>>>>>>> Subject: Re: [Fedora-directory-users] install/uninstall >>>>>>>>> >>>> admin-serv >>>> >>>>>>>>> only >>>>>>>>> To: "General discussion list for the Fedora Directory >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> server project." >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> Message-ID: <44F3674C.1090202 at redhat.com> >>>>>>>>> Content-Type: text/plain; charset="iso-8859-1" >>>>>>>>> >>>>>>>>> Diana Shepard wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Is there a way to unistall and reinstall the admin-serv only? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> Maybe, it depends. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Mine seems to have gotten corrupted >>>>>>>>>> somehow. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> What seems to be the problem? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Diana Shepard >>>>>>>>>> University of Colorado >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >> --------------------------------------------------------------------- >> >>>>>> - >>>>>> >>>>>> >>>>>>>> >>>>>>>> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From tdiehl at rogueind.com Thu Aug 31 02:22:02 2006 From: tdiehl at rogueind.com (Tom Diehl) Date: Wed, 30 Aug 2006 22:22:02 -0400 (EDT) Subject: [Fedora-directory-users] Re: Howto on Basic Setup In-Reply-To: <1156977956.19318.6.camel@lin-workstation.azapple.com> References: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> <44F5E5C4.1050500@sci.fi> <1156977356.14778.2.camel@moola.futuresource.com> <1156977956.19318.6.camel@lin-workstation.azapple.com> Message-ID: On Wed, 30 Aug 2006, Craig White wrote: > On Wed, 2006-08-30 at 17:35 -0500, Les Mikesell wrote: >> On Wed, 2006-08-30 at 22:23 +0300, Mike Jackson wrote: >> >>>> There seems to be a lot of install/design documentation regarding FDS, >>>> however I've not been able to find a quick "howto" on setting a FDS up >>>> for a small company. For example, say a shop with 25-50 linux machines >>>> and 150 or so user accounts. >> >>> Hi, >>> FDS includes the posixAccount, posixGroup, and inetOrgPerson object >>> classes. You don't really need more than this to do simple user >>> authentication for linux and apache, as well as basic personnel info >>> management. >> >> And if you want to also use it as a back end for samba windows domain >> authentication with the same users/passwords? > ----- > that's a horse of another color > > First you would have to import the samba schema appropriate for the > version of samba you are using. > > Then you would have to realize that the samba schema has > objectclasses/attributes that have nothing to do with > posixAccount/posixGroup/inetOrgPerson attributes (well, I do use > posixGroup but that is with sambaGroupMapping attributes. > > Then you would want to use a client that allows a single password entry > and encodes it for the userPassword (posixAccount/shadowAccount) > attribute and for the sambaNTPassword and optionally the > sambaLMPassword. Clients for this purpose are listed here... > > http://wiki.samba.org/index.php/Samba_%26_LDAP > > or of course, you can write your own code to accomplish this Is it really all that different from using an ldap backend as described in the Samba HowTo?? Is there any reason the idealx scripts and the standard samba schema will not work? Just want to be sure I am not missing something, migrating to FDS is on my list of things to do. -- Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com From craigwhite at azapple.com Thu Aug 31 02:38:32 2006 From: craigwhite at azapple.com (Craig White) Date: Wed, 30 Aug 2006 19:38:32 -0700 Subject: [Fedora-directory-users] Re: Howto on Basic Setup In-Reply-To: References: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> <44F5E5C4.1050500@sci.fi> <1156977356.14778.2.camel@moola.futuresource.com> <1156977956.19318.6.camel@lin-workstation.azapple.com> Message-ID: <1156991912.19318.26.camel@lin-workstation.azapple.com> On Wed, 2006-08-30 at 22:22 -0400, Tom Diehl wrote: > On Wed, 30 Aug 2006, Craig White wrote: > > > On Wed, 2006-08-30 at 17:35 -0500, Les Mikesell wrote: > >> On Wed, 2006-08-30 at 22:23 +0300, Mike Jackson wrote: > >> > >>>> There seems to be a lot of install/design documentation regarding FDS, > >>>> however I've not been able to find a quick "howto" on setting a FDS up > >>>> for a small company. For example, say a shop with 25-50 linux machines > >>>> and 150 or so user accounts. > >> > >>> Hi, > >>> FDS includes the posixAccount, posixGroup, and inetOrgPerson object > >>> classes. You don't really need more than this to do simple user > >>> authentication for linux and apache, as well as basic personnel info > >>> management. > >> > >> And if you want to also use it as a back end for samba windows domain > >> authentication with the same users/passwords? > > ----- > > that's a horse of another color > > > > First you would have to import the samba schema appropriate for the > > version of samba you are using. > > > > Then you would have to realize that the samba schema has > > objectclasses/attributes that have nothing to do with > > posixAccount/posixGroup/inetOrgPerson attributes (well, I do use > > posixGroup but that is with sambaGroupMapping attributes. > > > > Then you would want to use a client that allows a single password entry > > and encodes it for the userPassword (posixAccount/shadowAccount) > > attribute and for the sambaNTPassword and optionally the > > sambaLMPassword. Clients for this purpose are listed here... > > > > http://wiki.samba.org/index.php/Samba_%26_LDAP > > > > or of course, you can write your own code to accomplish this > > Is it really all that different from using an ldap backend as described in the > Samba HowTo?? ---- nope - very little difference between integration on OpenLDAP or FDS - make sure that you visit the samba wiki page on FDS wiki as it tells you how to import openldap schemas and such. ---- > > Is there any reason the idealx scripts and the standard samba schema will not > work? ---- Idealx scripts work fine (I barely use them though). There is no such thing as a standard samba schema - it has been getting continually tweaked at various stages in samba releases. Use the schema appropriate for your samba release which I presume seeing your entries on nahant/taroon lists will be supplied with your samba installation...which would be 3.0.9.xx (taroon) 3.0.10.xx (nahant) unless you replace it with kde-redhat samba like I do... # rpm -q --whatprovides /usr/share/doc/samba-3.0.23b/LDAP/samba.schema samba-3.0.23b-0.1.el4.kde each release is slightly different - there is no 'standard samba schema' ----- > > Just want to be sure I am not missing something, migrating to FDS is on my list > of things to do. ---- go for it - keep openldap installed - do your migration - turn off openldap and then start fds - should be a direct replacement when you get it going. just a little stupid thing that may be of help to you is a little shell script that I wrote to take the slapcat output from openldap and delete the attributes that will poison it so you can't import it into FDS... # cat ol2fds-filter.sh #!/bin/sh # # input=dump.ldif output=import-me.ldif filt1=creatorsName filt2=createTimestamp filt3=modifiersName filt4=modifyTimestamp filt5=structuralObjectClass filt6=entryUUID filt7=entryCSN /bin/grep -v $filt1 $input | \ /bin/grep -v $filt2 | \ /bin/grep -v $filt3 | \ /bin/grep -v $filt4 | \ /bin/grep -v $filt5 | \ /bin/grep -v $filt6 | \ /bin/grep -v $filt7 > $output Craig From tdiehl at rogueind.com Thu Aug 31 03:16:22 2006 From: tdiehl at rogueind.com (Tom Diehl) Date: Wed, 30 Aug 2006 23:16:22 -0400 (EDT) Subject: [Fedora-directory-users] Re: Howto on Basic Setup In-Reply-To: <1156991912.19318.26.camel@lin-workstation.azapple.com> References: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> <44F5E5C4.1050500@sci.fi> <1156977356.14778.2.camel@moola.futuresource.com> <1156977956.19318.6.camel@lin-workstation.azapple.com> <1156991912.19318.26.camel@lin-workstation.azapple.com> Message-ID: On Wed, 30 Aug 2006, Craig White wrote: > On Wed, 2006-08-30 at 22:22 -0400, Tom Diehl wrote: >> On Wed, 30 Aug 2006, Craig White wrote: >> >>> On Wed, 2006-08-30 at 17:35 -0500, Les Mikesell wrote: >>>> On Wed, 2006-08-30 at 22:23 +0300, Mike Jackson wrote: >>>> >>>>>> There seems to be a lot of install/design documentation regarding FDS, >>>>>> however I've not been able to find a quick "howto" on setting a FDS up >>>>>> for a small company. For example, say a shop with 25-50 linux machines >>>>>> and 150 or so user accounts. >>>> >>>>> Hi, >>>>> FDS includes the posixAccount, posixGroup, and inetOrgPerson object >>>>> classes. You don't really need more than this to do simple user >>>>> authentication for linux and apache, as well as basic personnel info >>>>> management. >>>> >>>> And if you want to also use it as a back end for samba windows domain >>>> authentication with the same users/passwords? >>> ----- >>> that's a horse of another color >>> >>> First you would have to import the samba schema appropriate for the >>> version of samba you are using. >>> >>> Then you would have to realize that the samba schema has >>> objectclasses/attributes that have nothing to do with >>> posixAccount/posixGroup/inetOrgPerson attributes (well, I do use >>> posixGroup but that is with sambaGroupMapping attributes. >>> >>> Then you would want to use a client that allows a single password entry >>> and encodes it for the userPassword (posixAccount/shadowAccount) >>> attribute and for the sambaNTPassword and optionally the >>> sambaLMPassword. Clients for this purpose are listed here... >>> >>> http://wiki.samba.org/index.php/Samba_%26_LDAP >>> >>> or of course, you can write your own code to accomplish this >> >> Is it really all that different from using an ldap backend as described in the >> Samba HowTo?? > ---- > nope - very little difference between integration on OpenLDAP or FDS - > make sure that you visit the samba wiki page on FDS wiki as it tells you > how to import openldap schemas and such. > ---- >> >> Is there any reason the idealx scripts and the standard samba schema will not >> work? > ---- > Idealx scripts work fine (I barely use them though). > > There is no such thing as a standard samba schema - it has been getting > continually tweaked at various stages in samba releases. Use the schema > appropriate for your samba release which I presume seeing your entries > on nahant/taroon lists will be supplied with your samba > installation...which would be 3.0.9.xx (taroon) 3.0.10.xx (nahant) > unless you replace it with kde-redhat samba like I do... Indeed, I mis-spoke. I am aware of the issue. I normally upgrade the EL machines to whatever the latest version of samba is. There are simply too many features missing from the versions supplied with RHEL. Hopefully EL5 will have something near current. I was not aware of the kde-redhat samba. I will have to look at it. > # rpm -q --whatprovides /usr/share/doc/samba-3.0.23b/LDAP/samba.schema > samba-3.0.23b-0.1.el4.kde > > each release is slightly different - there is no 'standard samba schema' > ----- >> >> Just want to be sure I am not missing something, migrating to FDS is on my list >> of things to do. > ---- > go for it - keep openldap installed - do your migration - turn off > openldap and then start fds - should be a direct replacement when you > get it going. > > just a little stupid thing that may be of help to you is a little shell > script that I wrote to take the slapcat output from openldap and delete > the attributes that will poison it so you can't import it into FDS... > > # cat ol2fds-filter.sh > #!/bin/sh > # > # > input=dump.ldif > output=import-me.ldif > filt1=creatorsName > filt2=createTimestamp > filt3=modifiersName > filt4=modifyTimestamp > filt5=structuralObjectClass > filt6=entryUUID > filt7=entryCSN > > /bin/grep -v $filt1 $input | \ > /bin/grep -v $filt2 | \ > /bin/grep -v $filt3 | \ > /bin/grep -v $filt4 | \ > /bin/grep -v $filt5 | \ > /bin/grep -v $filt6 | \ > /bin/grep -v $filt7 > $output OK, so we strip out the above attributes at import time but does FDS then recreate them? My memory is telling me they are part of the required attributes in the schema but I could be wrong. Thanks for the help. Regards, -- Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com From dan.hawker at astrium.eads.net Thu Aug 31 08:40:31 2006 From: dan.hawker at astrium.eads.net (HAWKER, Dan) Date: Thu, 31 Aug 2006 09:40:31 +0100 Subject: [Fedora-directory-users] Howto on Basic Setup Message-ID: <7F6B06837A5DBD49AC6E1650EFF54906BFBC6C@auk52177.ukr.astrium.corp> > Then you would want to use a client that allows a single > password entry and encodes it for the userPassword > (posixAccount/shadowAccount) attribute and for the > sambaNTPassword and optionally the sambaLMPassword. Clients > for this purpose are listed here... > I'm using LDAPAdmin (http://ldapadmin.sourceforge.net) to accomplish this part of the equation. It's a Win32 app that connects fine and can add objects using a GUI and default mechanism (easy addition/deletion/modification) and can set Samba/Posix passwords at the same time. With new releases you can create XML based templates that integrate fully into the interface. This enables you to add extra attributes you may need in addition to LDAPAdmins default set when adding/modifying an object (a user for instance). The one pain at the moment is that it doesn't use groupofuniquenames/uniqueMember for groups (uses posixGroup/uid) so I have to add that bit manually (has a manual edit function too) if required rather than doing it automagically using the GUI. However the developer is very quick and on the ball, so after explaining this to him, hes adding that functionality in the next release. Dan -- Dan Hawker Linux System Administrator EADS Astrium -- This email is for the intended addressee only. If you have received it in error then you must not use, retain, disseminate or otherwise deal with it. Please notify the sender by return email. The views of the author may not necessarily constitute the views of Astrium Limited. Nothing in this email shall bind Astrium Limited in any contract or obligation. Astrium Limited, Registered in England and Wales No. 2449259 Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England From m.karrer at actimation.com Thu Aug 31 15:37:17 2006 From: m.karrer at actimation.com (Michael Karrer) Date: Thu, 31 Aug 2006 17:37:17 +0200 Subject: [Fedora-directory-users] CoS Problem - any way to limit (filter) the Target entrys Message-ID: <44F7022D.5020609@actimation.com> Hello List, is there a way to limit (filter) the target entries of a CoS? (We are planing to integrate a Adress Book with companies and Sub companies but the Cos should only be active for one level and not down to the bottom) Thanks for any Help! From craigwhite at azapple.com Thu Aug 31 15:37:19 2006 From: craigwhite at azapple.com (Craig White) Date: Thu, 31 Aug 2006 08:37:19 -0700 Subject: [Fedora-directory-users] Re: Howto on Basic Setup In-Reply-To: References: <98E55D6E1B3CFD43BDA59EEB56DD7D7232D1@sbs01.xiss.private> <44F5E5C4.1050500@sci.fi> <1156977356.14778.2.camel@moola.futuresource.com> <1156977956.19318.6.camel@lin-workstation.azapple.com> <1156991912.19318.26.camel@lin-workstation.azapple.com> Message-ID: <1157038639.19318.30.camel@lin-workstation.azapple.com> On Wed, 2006-08-30 at 23:16 -0400, Tom Diehl wrote: > On Wed, 30 Aug 2006, Craig White wrote: > > just a little stupid thing that may be of help to you is a little shell > > script that I wrote to take the slapcat output from openldap and delete > > the attributes that will poison it so you can't import it into FDS... > > > > # cat ol2fds-filter.sh > > #!/bin/sh > > # > > # > > input=dump.ldif > > output=import-me.ldif > > filt1=creatorsName > > filt2=createTimestamp > > filt3=modifiersName > > filt4=modifyTimestamp > > filt5=structuralObjectClass > > filt6=entryUUID > > filt7=entryCSN > > > > /bin/grep -v $filt1 $input | \ > > /bin/grep -v $filt2 | \ > > /bin/grep -v $filt3 | \ > > /bin/grep -v $filt4 | \ > > /bin/grep -v $filt5 | \ > > /bin/grep -v $filt6 | \ > > /bin/grep -v $filt7 > $output > > OK, so we strip out the above attributes at import time but does FDS then > recreate them? My memory is telling me they are part of the required attributes > in the schema but I could be wrong. ---- Both OpenLDAP and FDS will add the operational attributes necessary and I should point out that you can sort of get around this by not using slapcat but rather an ldapsearch captured into an ldif file which you can then import (which won't include the operational attributes listed above). Craig From craigwhite at azapple.com Thu Aug 31 15:38:22 2006 From: craigwhite at azapple.com (Craig White) Date: Thu, 31 Aug 2006 08:38:22 -0700 Subject: [Fedora-directory-users] Howto on Basic Setup In-Reply-To: <7F6B06837A5DBD49AC6E1650EFF54906BFBC6C@auk52177.ukr.astrium.corp> References: <7F6B06837A5DBD49AC6E1650EFF54906BFBC6C@auk52177.ukr.astrium.corp> Message-ID: <1157038702.19318.32.camel@lin-workstation.azapple.com> On Thu, 2006-08-31 at 09:40 +0100, HAWKER, Dan wrote: > > > Then you would want to use a client that allows a single > > password entry and encodes it for the userPassword > > (posixAccount/shadowAccount) attribute and for the > > sambaNTPassword and optionally the sambaLMPassword. Clients > > for this purpose are listed here... > > > > I'm using LDAPAdmin (http://ldapadmin.sourceforge.net) to accomplish this > part of the equation. It's a Win32 app that connects fine and can add > objects using a GUI and default mechanism (easy > addition/deletion/modification) and can set Samba/Posix passwords at the > same time. With new releases you can create XML based templates that > integrate fully into the interface. This enables you to add extra attributes > you may need in addition to LDAPAdmins default set when adding/modifying an > object (a user for instance). ---- ldapadmin was listed on the wiki page that I linked. Craig From rmeggins at redhat.com Thu Aug 31 16:44:57 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 31 Aug 2006 10:44:57 -0600 Subject: [Fedora-directory-users] CoS Problem - any way to limit (filter) the Target entrys In-Reply-To: <44F7022D.5020609@actimation.com> References: <44F7022D.5020609@actimation.com> Message-ID: <44F71209.1090600@redhat.com> Michael Karrer wrote: > Hello List, > > is there a way to limit (filter) the target entries of a CoS? > > (We are planing to integrate a Adress Book with companies and Sub > companies but the Cos should only be active for one level and not down > to the bottom) I suppose you could create a Filtered Role, where the search filter matches only those entries you want to match. Then, create a CoS where the cosSpecifier is the DN of your Filtered Role definition. > > > Thanks for any Help! > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Thu Aug 31 16:56:20 2006 From: prowley at redhat.com (Pete Rowley) Date: Thu, 31 Aug 2006 09:56:20 -0700 Subject: [Fedora-directory-users] CoS Problem - any way to limit (filter) the Target entrys In-Reply-To: <44F7022D.5020609@actimation.com> References: <44F7022D.5020609@actimation.com> Message-ID: <44F714B4.8080609@redhat.com> Michael Karrer wrote: > Hello List, > > is there a way to limit (filter) the target entries of a CoS? > For classic cos, apart from its natural filtering for cos class and schema checking (you know cos checks schema before supplying attributes right?), you could make the cos depend on roles by using the nsrole attribute to determine class - this is called role based attributes. Then you can determine the cos by any method available to roles, including ldap filters. > (We are planing to integrate a Adress Book with companies and Sub > companies but the Cos should only be active for one level and not down > to the bottom) > There is currently no innate ability to limit the depth of scope for either cos or roles. However, here's a trick you could employ to limit roles to one level which when combined with role based attributes should get you what you need. Determine the filter you require for your dynamic role, request the entryid attribute from the parent of the target entries, then modify the filter like so: (&(parentid=)()) Note that this is not infallible, entryids are unique only within the backend instance so if there happens to be another entry in another backend that has children and the same entryid, then those children would be effected too. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From debert at crenlo.com Thu Aug 31 16:56:25 2006 From: debert at crenlo.com (Dustin Ebert) Date: Thu, 31 Aug 2006 11:56:25 -0500 Subject: [Fedora-directory-users] windows sync SSL issues Message-ID: I have been struggling with windows sync for a while now. I am running FDS 1.0 on Centos 4.3. I have read Howto:SSL and when doing an "ldapsearch -x -ZZ" and "netstat -an | grep 636" all look okay. Once this was complete on the FDS side, I setup the windows 2003 standard server via the instructions listed previously on the list. www.archivesat.com/Fedora_Directory_server_developer_discussion./thread92993 4.htm Most of this was a bit confusing to me because I am somewhat new to LDAP and SSL cert setup. When I attempt to sync, I get the error: The consumer initialization has unsuccessfully completed. The error received by the replica is: '49 -LDAP error: Invalid credentials'. simple authentication I used bind as: cn=administrator I must be missing some step. Any idea or methods to troubleshoot this? Is there a more complete "FDS with PassSync Howto" out there? Thanks From rmeggins at redhat.com Thu Aug 31 18:12:38 2006 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 31 Aug 2006 12:12:38 -0600 Subject: [Fedora-directory-users] windows sync SSL issues In-Reply-To: References: Message-ID: <44F72696.8030608@redhat.com> Dustin Ebert wrote: > I have been struggling with windows sync for a while now. I am > running FDS 1.0 on Centos 4.3. I have read Howto:SSL and when > doing an "ldapsearch -x -ZZ" and "netstat -an | grep 636" all > look okay. > > Once this was complete on the FDS side, I setup the windows > 2003 standard server via the instructions listed previously > on the list. > > www.archivesat.com/Fedora_Directory_server_developer_discussion./thread92993 > 4.htm > > Most of this was a bit confusing to me because I am somewhat > new to LDAP and SSL cert setup. When I attempt to sync, I get > the error: > > The consumer initialization has unsuccessfully completed. > The error received by the replica is: '49 -LDAP error: Invalid credentials'. > > simple authentication > I used bind as: cn=administrator > Is that the full DN? It's usually something like cn=administrator,cn=users,dc=domain,dc=tld > I must be missing some step. Any idea or methods to > troubleshoot this? > > Is there a more complete "FDS with PassSync Howto" out there? > > Thanks > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Thu Aug 31 18:15:29 2006 From: prowley at redhat.com (Pete Rowley) Date: Thu, 31 Aug 2006 11:15:29 -0700 Subject: [Fedora-directory-users] CoS Problem - any way to limit (filter) the Target entrys In-Reply-To: <44F714B4.8080609@redhat.com> References: <44F7022D.5020609@actimation.com> <44F714B4.8080609@redhat.com> Message-ID: <44F72741.5050405@redhat.com> Pete Rowley wrote: > > Note that this is not infallible, entryids are unique only within the > backend instance so if there happens to be another entry in another > backend that has children and the same entryid, then those children > would be effected too. I should have said "if there happens to be another entry in another backend /that is a descendent of the parent and/" -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From sbarnard at govolution.com Thu Aug 31 18:33:48 2006 From: sbarnard at govolution.com (Sam Barnard) Date: Thu, 31 Aug 2006 14:33:48 -0400 Subject: [Fedora-directory-users] Time Skew Error Message-ID: <07664A0F5A117444952626897EDA77235E6C69@hardrock.govolution.com> I have done everything I can to find documentation on where this error comes from and how to fix it, however I cannot find anything. The information I have found is that the time of the two servers has to be more than 24 hours off in order for this to happen. However my time is well within the suggested limits. [31/Aug/2006:13:43:06 -0400] NSMMReplicationPlugin - agmt="cn=To_SLP-CT02" (SLP-CT02:389): Unable to acquire replica: Excessive clock skew between the supplier and the consumer. Replication is aborting. [31/Aug/2006:13:43:06 -0400] NSMMReplicationPlugin - agmt="cn=To_SLP-CT02" (SLP-CT02:389): Incremental update failed and requires administrator action Fedora-Directory/1.0.2 B2006.060.1925 SLP-CT01.velocitypayment.com:389 (/opt/fedora-ds/slapd-SLP-CT01) [root at SLP-CT01 logs]# ntpdate -q time.nist.gov server 192.43.244.18, stratum 1, offset 0.245936, delay 0.07451 31 Aug 14:23:09 ntpdate[8092]: adjust time server 192.43.244.18 offset 0.245936 sec [root at SLP-CT02 root]# ntpdate -q time.nist.gov server 192.43.244.18, stratum 1, offset 0.372832, delay 0.07402 31 Aug 14:23:37 ntpdate[8734]: adjust time server 192.43.244.18 offset 0.372832 sec These two servers are setup in a multimaster configuration, contantly replicating to each other. Up until a week ago the servers had been replicating without interruption for about at least a two month (I started here a month ago) and now they do not seem to want to replicate any more. I am new to LDAP in general, so if you need more information please let me know what. Thanks in advance. Sam Barnard Systems Administrator Govolution LLC (703) 894-5000 x 5703 sbarnard at govolution.com This electronic mail message and any attachments contain information intended for the exclusive use of the party to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pkime at Shopzilla.com Thu Aug 31 22:58:42 2006 From: pkime at Shopzilla.com (Philip Kime) Date: Thu, 31 Aug 2006 15:58:42 -0700 Subject: [Fedora-directory-users] LD_LIBRARY_PATH question Message-ID: <9C0091F428E697439E7A773FFD0834270260D3@szexchange.Shopzilla.inc> I've just build an LDAP dev server, the same as my prod servers. However, I can't start the console via HTTPS under X (no problems under windows). I have the same libraries etc. on my dev box (copied from PROD, where it works, in fact). I get the "libnss3.s0 not found". This library is certainly in /opt/fedora-ds/shared/lib, where LD_LIBRARY_PATH points to in startconsole. I found out why it works on PROD but not on DEV - this is because /usr/lib/libnss3.s0 exists on PROD but not on DEV. HOWEVER - why is it looking in /usr/lib when LD_LIBRARY_PATH is set to look in /opt/fedora-ds/shared/lib? Here is the output on PROD, where it works: [root at hqldap01 ~]# echo $LD_LIBRARY_PATH /opt/fedora-ds/shared/lib [root at hqldap01 ~]# ldd /opt/fedora-ds/lib/libjss3.so linux-gate.so.1 => (0xffffe000) libnss3.so => /usr/lib/libnss3.so (0xf7f48000) libsmime3.so => /usr/lib/libsmime3.so (0xf7f28000) libssl3.so => /usr/lib/libssl3.so (0xf7f08000) libplc4.so => /usr/lib/libplc4.so (0xf7f04000) libplds4.so => /usr/lib/libplds4.so (0xf7f01000) libnspr4.so => /usr/lib/libnspr4.so (0xf7ed0000) libjvm.so => not found libjava.so => not found libc.so.6 => /lib/tls/libc.so.6 (0xf7da5000) libsoftokn3.so => /usr/lib/libsoftokn3.so (0xf7d3f000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0xf7d2d000) libdl.so.2 => /lib/libdl.so.2 (0xf7d28000) /lib/ld-linux.so.2 (0x56555000) This upsets me as I assumed that it was using the nice new libnss3 etc. libs from the fedora tree. LD_LIBRARY_PATH seems to be doing nothing at all. I can't see any SUID/SGID things in there which would disable LD_LIBRARY_PATH? On DEV, it doesn't work because: [root at ldapdev001 ~]# echo $LD_LIBRARY_PATH /opt/fedora-ds/shared/lib [root at ldapdev001 ~]# ldd /opt/fedora-ds/lib/libjss3.so linux-gate.so.1 => (0xffffe000) libnss3.so => not found libsmime3.so => not found libssl3.so => not found libplc4.so => not found libplds4.so => not found libnspr4.so => not found libjvm.so => not found libjava.so => not found libc.so.6 => /lib/tls/libc.so.6 (0xf7e4a000) /lib/ld-linux.so.2 (0x56555000) Now I'm worried that by PROD servers are using older libraries by finding them in /usr/lib ... PK -- Philip Kime NOPS Systems Architect 310 401 0407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From notinhnotien7 at hotmail.com Thu Aug 31 23:38:15 2006 From: notinhnotien7 at hotmail.com (notinh notien) Date: Fri, 01 Sep 2006 06:38:15 +0700 Subject: [Fedora-directory-users] FDS + pGina vs FDS + SAMBA Message-ID: Hi, I am a newbie with FDS and LDAP and I would like to ask for some suggestions. My LAN consists of Windows XP workstations and laptops, File server (capable of UNIX NIS), Linux servers, Open Exchange server (LDAP). Currently, each user use their assigned PCs. There are computers in the lab and some laptops in conference rooms and they have shared accounts to use them. There are no need for roaming profiles. My users store their files locally on their PCs and file server. I would like to unify their accounts so that they only need at most 2 accounts + 2 passwords (1 for Open Exchange and 1 for their assigned PCs + file server + Linux Shell accounts), for the computers in the lab and conference rooms only people with access will have access to special accounts. With my environment, I want Windows (PCs + laptops) to authenticate directly to FDS and not through SAMBA with the help of pGina. I can set up Linux server to authenticate directly to FDS. However, I am wondering about my file server because this file server is commercial product and it is only capable of doing UNIX NIS or Windows AD. I do not want any Windows server in my LAN, so ... Will I be able to integrate this file server to the FDS server? In my environment, SAMBA would only be used for print server and it could be on the same box with FDS. Do you see any problems here? Should I also connect SAMBA to FDS for printer access? I do not care much about other fancy things of PDC, however, I am afraid that I might not see all the benefits of having FDS + SAMBA = PDC setup. Could someone tell me what you think of my environments? Should I go with or without PDC? What is best suited for my environments? Thank you for any suggestions. NN. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/