[Fedora-directory-users] Getting ready to upgrade from fds 1.0.1 to 1.0.2
Richard Megginson
rmeggins at redhat.com
Wed Mar 15 14:42:13 UTC 2006
Bliss, Aaron wrote:
>Is there any easy way that I can verify that the schemas have been
>updated properly? Thanks.
>
>
Yes. See if your slapd-instance/config/schema/00core.ldif file has
definitions for these attributes:
passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $
passwordMinLowers $ passwordMinSpecials $ passwordMin8bit $
passwordMaxRepeats $ passwordMinCategories $ passwordMinTokenLength
>Aaron
>
>-----Original Message-----
>From: Bliss, Aaron
>Sent: Tuesday, March 14, 2006 1:34 PM
>To: 'General discussion list for the Fedora Directory server project.'
>Subject: RE: [Fedora-directory-users] Getting ready to upgrade from fds
>1.0.1 to 1.0.2
>
>I believe this is what your looking for, here is an example when I
>intentionally attempt to break the password rules:
>[13/Mar/2006:22:19:42 -0500] conn=1073 op=10 RESULT err=19 tag=103
>nentries=0 et ime=0
>[13/Mar/2006:22:19:42 -0500] conn=1073 op=10 MOD
>dn="uid=awbtest,ou=users,dc=pre ferredcare,dc=org", invalid password
>syntax
>
>Here is the error that occurred during the upgrade (I wouldn't worry too
>much about the entries below that reference fds1 instead of al-lnx-s11,
>I manually typed that after pasting the error log, as I wasn't
>comfortable displaying the real server name, but it doesn't really
>matter now, the real server name is al-lnx-s11)
>
>[13/Mar/2006:21:15:56 -0500] conn=0 op=3 RESULT err=0 tag=101 nentries=1
>etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=4 BIND dn="uid=admin,
>ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128
>version=3
>[13/Mar/2006:21:15:56 -0500] conn=0 op=5 SRCH
>base="cn=al-lnx-s11.preferredcare.
>org, ou=preferredcare.org, o=NetscapeRoot" scope=2
>filter="(&(objectClass=nsAppl
>ication)(nsNickName=slapd)(nsInstalledLocation=/opt/fedora-ds))"
>attrs="* aci pa sswordExpirationTime passwordExpWarned
>passwordRetryCount retryCountResetTime ac countUnlockTime
>passwordHistory passwordAllowChangeTime nsUniqueId nsLookThrough Limit
>nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=4 RESULT err=0 tag=97 nentries=0
>etime=0
>dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=5 RESULT err=0 tag=101 nentries=1
>etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=6 SRCH base="cn=Fedora Directory
>Server, cn=Server Group, cn=al-lnx-s11.preferredcare.org,
>ou=preferredcare.org, o=Netsca peRoot" scope=0 filter="(objectClass=*)"
>attrs="* aci passwordExpirationTime pas swordExpWarned
>passwordRetryCount retryCountResetTime accountUnlockTime password
>History passwordAllowChangeTime nsUniqueId nsLookThroughLimit
>nsSizeLimit nsTime Limit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=6 RESULT err=0 tag=101 nentries=1
>etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=7 MOD dn="cn=Fedora Directory
>Server, cn= Server Group, cn=al-lnx-s11.preferredcare.org,
>ou=preferredcare.org, o=NetscapeR oot"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=7 RESULT err=0 tag=103 nentries=0
>etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=8 SRCH base="cn=Fedora Directory
>Server, cn=Server Group, cn=al-lnx-s11.preferredcare.org,
>ou=preferredcare.org, o=Netsca peRoot" scope=1
>filter="(objectClass=nsDirectoryServer)" attrs="* aci passwordEx
>pirationTime passwordExpWarned passwordRetryCount retryCountResetTime
>accountUnl ockTime passwordHistory passwordAllowChangeTime nsUniqueId
>nsLookThroughLimit ns SizeLimit nsTimeLimit nsIdleTimeout nsRole
>nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=8 RESULT err=0 tag=101 nentries=1
>etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=9 SRCH base="cn=slapd-al-lnx-s11,
>cn=Fedo ra Directory Server, cn=Server Group,
>cn=al-lnx-s11.preferredcare.org, ou=prefer redcare.org, o=NetscapeRoot"
>scope=0 filter="(objectClass=*)" attrs="* aci passw ordExpirationTime
>passwordExpWarned passwordRetryCount retryCountResetTime accou
>ntUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId
>nsLookThroughLim it nsSizeLimit nsTimeLimit nsIdleTimeout nsRole
>nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=9 RESULT err=0 tag=101 nentries=1
>etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=10 SRCH
>base="cn=slapd-al-lnx-s11,cn=Fedo ra Directory Server,cn=Server
>Group,cn=al-lnx-s11.preferredcare.org,ou=preferred
>care.org,o=NetscapeRoot" scope=0 filter="(objectClass=*)" attrs="* aci
>passwordE xpirationTime passwordExpWarned passwordRetryCount
>retryCountResetTime accountUn lockTime passwordHistory
>passwordAllowChangeTime nsUniqueId nsLookThroughLimit n sSizeLimit
>nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=10 RESULT err=0 tag=101
>nentries=1 etime= 0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=11 RESULT err=19 tag=103
>nentries=0 etime =0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=11 MOD
>dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
>Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcar
>e.org,o=NetscapeRoot", invalid password syntax
>
>
>-----Original Message-----
>From: fedora-directory-users-bounces at redhat.com
>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard
>Megginson
>Sent: Tuesday, March 14, 2006 10:06 AM
>To: General discussion list for the Fedora Directory server project.
>Subject: Re: [Fedora-directory-users] Getting ready to upgrade from fds
>1.0.1 to 1.0.2
>
>Bliss, Aaron wrote:
>
>
>
>>I've been able to reproduce; after setting the new password policy
>>(require 1 digit, 1 special, etc) and then I attempt to use a password
>>that isn't compliant, this error is logged and the users new password
>>is not accepted.
>>[13/Mar/2006:22:19:42 -0500] conn=1073 op=10 RESULT err=19 tag=103
>>nentries=0 etime=0
>>
>>
>>
>>
>Can you find out what this operation is? It's either an ADD or MOD -
>just search before that line for "conn=1073 op=10". I'd like to know
>what the DN is.
>
>
>
>>So, it looks like everything is working like it is suppose to....it's
>>still interesting that I received that error during the upgrade....
>>
>>Aaron
>>
>>-----Original Message-----
>>From: fedora-directory-users-bounces at redhat.com
>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss,
>>Aaron
>>Sent: Monday, March 13, 2006 10:04 PM
>>To: General discussion list for the Fedora Directory server project.
>>Subject: RE: [Fedora-directory-users] Getting ready to upgrade from fds
>>1.0.1 to 1.0.2
>>
>>It only seems to be in the access log 1 time; looks like it only
>>happened during the upgrade
>>[13/Mar/2006:21:15:56 -0500] conn=0 op=11 RESULT err=19 tag=103
>>nentries=0 etime=0 Is there an easy way to verify that the new password
>>
>>
>
>
>
>>schema is being used?
>>
>>Thanks.
>>Aaron
>>
>>-----Original Message-----
>>From: fedora-directory-users-bounces at redhat.com
>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard
>>
>>
>
>
>
>>Megginson
>>Sent: Monday, March 13, 2006 9:54 PM
>>To: General discussion list for the Fedora Directory server project.
>>Cc: Bliss, Aaron
>>Subject: Re: [Fedora-directory-users] Getting ready to upgrade from fds
>>1.0.1 to 1.0.2
>>
>>Bliss, Aaron wrote:
>>
>>
>>
>>
>>
>>>Well, I upgraded the fds rpm; after a reboot all looks okay, however I
>>>
>>>
>
>
>
>>>noticed this information in the setup logfile; is this indicative that
>>>something failed to update properly? Perhaps the new schema files?
>>>How can I verify that the new schema files are in use? Thanks very
>>>much.
>>>
>>>Start Slapd Starting Slapd server reconfiguration.
>>>Fatal Slapd ERROR: Could not update Directory Server Instance URL
>>>ldap://fds1.preferredcare.org:389/o=NetscapeRoot user id admin DN
>>>cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
>>>Group,cn=fds1.preferredcare.org,ou=preferredcare.org,o=NetscapeRoot
>>>(19:Constraint violation)
>>>Configuring Administration Server...
>>>InstallInfo: Apache Directory "ApacheDir" is missing.
>>>
>>>The proper fds version is disaplyed in the display console, and the
>>>new
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>password enforcement options seem to be available.
>>>
>>>
>>>
>>>
>>>
>>>
>>Check your directory server access log - look for err=19 - constraint
>>violation - to see which operation it's complaining about.
>>
>>
>>
>>
>>
>>>Aaron
>>>-----Original Message-----
>>>From: Bliss, Aaron
>>>Sent: Monday, March 13, 2006 2:08 PM
>>>To: 'General discussion list for the Fedora Directory server project.'
>>>Subject: RE: [Fedora-directory-users] Getting ready to upgrade from
>>>fds
>>>1.0.1 to 1.0.2
>>>
>>>Ah, thanks again.
>>>
>>>Aaron
>>>
>>>-----Original Message-----
>>>From: fedora-directory-users-bounces at redhat.com
>>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
>>>Richard
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>Megginson
>>>Sent: Monday, March 13, 2006 2:08 PM
>>>To: General discussion list for the Fedora Directory server project.
>>>Subject: Re: [Fedora-directory-users] Getting ready to upgrade from
>>>fds
>>>1.0.1 to 1.0.2
>>>
>>>Bliss, Aaron wrote:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>>Thanks; just so I understand, I have to run the setup script even
>>>>though my databases have already been configured? I did not have to
>>>>do
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>>this on my test box in order to upgrade. Thanks.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>Setup will copy in the new schema files required to use the new
>>>password syntax checking, so if you skip that, you'll have to copy
>>>them
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>in manually. Setup will also make sure the console reports the
>>>correct
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>version of directory server.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>>Aaron
>>>>
>>>>-----Original Message-----
>>>>From: fedora-directory-users-bounces at redhat.com
>>>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
>>>>Richard
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>>Megginson
>>>>Sent: Monday, March 13, 2006 1:59 PM
>>>>To: General discussion list for the Fedora Directory server project.
>>>>Subject: Re: [Fedora-directory-users] Getting ready to upgrade from
>>>>fds
>>>>1.0.1 to 1.0.2
>>>>
>>>>Bliss, Aaron wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>I'm planning on upgrading both my supplier and consumer fds servers
>>>>>tonight; do I need to worry about their server certificates? I'll
>>>>>just
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>be running rpm -Uvh fedora....Thanks very much.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>Upgrade shouldn't touch any ssl information.
>>>>
>>>>After doing the rpm -U, do cd /opt/fedora-ds ; ./setup/setup and
>>>>follow
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>>the prompts.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>Aaron
>>>>>
>>>>>www.preferredcare.org
>>>>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J.
>>>>>
>>>>>
>D.
>
>
>>>>>
>>>>>
>>>>>
>>>>>
>>
>>
>>
>>
>>>>>Power and Associates
>>>>>
>>>>>Confidentiality Notice:
>>>>>The information contained in this electronic message is intended for
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>the exclusive use of the individual or entity named above and may
>>>>contain privileged or confidential information. If the reader of
>>>>this
>>>>
>>>>
>>>>
>>>>
>>
>>
>>
>>
>>>>message is not the intended recipient or the employee or agent
>>>>responsible to deliver it to the intended recipient, you are hereby
>>>>notified that dissemination, distribution or copying of this
>>>>information is prohibited. If you have received this communication
>>>>in
>>>>
>>>>
>>>>
>>>>
>>
>>
>>
>>
>>>>error, please notify the sender immediately by telephone and destroy
>>>>the copies you received.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>--
>>>>>Fedora-directory-users mailing list
>>>>>Fedora-directory-users at redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>www.preferredcare.org
>>>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>>>>
>>>>
>
>
>
>>>>Power and Associates
>>>>
>>>>Confidentiality Notice:
>>>>The information contained in this electronic message is intended for
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>the exclusive use of the individual or entity named above and may
>>>contain privileged or confidential information. If the reader of this
>>>
>>>
>
>
>
>>>message is not the intended recipient or the employee or agent
>>>responsible to deliver it to the intended recipient, you are hereby
>>>notified that dissemination, distribution or copying of this
>>>information is prohibited. If you have received this communication in
>>>
>>>
>
>
>
>>>error, please notify the sender immediately by telephone and destroy
>>>the copies you received.
>>>
>>>
>>>
>>>
>>>
>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>www.preferredcare.org
>>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>>>Power and Associates
>>>
>>>Confidentiality Notice:
>>>The information contained in this electronic message is intended for
>>>
>>>
>>>
>>>
>>the exclusive use of the individual or entity named above and may
>>contain privileged or confidential information. If the reader of this
>>message is not the intended recipient or the employee or agent
>>responsible to deliver it to the intended recipient, you are hereby
>>notified that dissemination, distribution or copying of this
>>information is prohibited. If you have received this communication in
>>error, please notify the sender immediately by telephone and destroy
>>the copies you received.
>>
>>
>>
>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>>
>>>
>>>
>>www.preferredcare.org
>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>>Power and Associates
>>
>>Confidentiality Notice:
>>The information contained in this electronic message is intended for
>>the exclusive use of the individual or entity named above and may
>>contain privileged or confidential information. If the reader of this
>>message is not the intended recipient or the employee or agent
>>responsible to deliver it to the intended recipient, you are hereby
>>notified that dissemination, distribution or copying of this
>>information is prohibited. If you have received this communication in
>>error, please notify the sender immediately by telephone and destroy
>>the copies you received.
>>
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>
>>
>
>
>www.preferredcare.org
>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
>
>Confidentiality Notice:
>The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060315/d7c56969/attachment.bin>
More information about the Fedora-directory-users
mailing list