[Fedora-directory-users] FDS and AD

Richard Megginson rmeggins at redhat.com
Mon Oct 2 20:02:51 UTC 2006 

It may be that AD doesn't support proxied auth, in which case you should 
tell chaining to disable it.  See 
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180 
for more information - the pertinent attribute is nsProxiedAuthorization

Brian Smith wrote:
> All,
> Here's what I've now done to enable the AD Back end DB for a sub tree:
> 1.   Click configuration and select the "dc=domain,dc=com" tree.
> 2.   Right click "dc=domain,dc=com" tree and select new sub suffix
> 3.   In New Suffix box, typed "ou=subsuffix1" and unchecked create 
> associated database automatically and click OK.
> 4.   Open "dc=domain,dc=com" and right click 
> "ou=subsuffix1,dc=domain,dc=com, and select "new database link.
> 5.   Here, I put Database link name "subsuffix1", put the bind dn and 
> password of a domain user account in my AD, and put the domain 
> controller ip in the remote server box and clicked save. (I can 
> connect to my AD with the DN I provided here)
> 6.   Check enable this suffix under ou=subsuffix1,dc=worldpub,dc=corp
>
> now subsuffix1 database appears under ou=subsuffix1,dc=domain,dc=com.  
> If I now go to the directory tab, and select the directory entry, i 
> get critical extension unavailable and if i use an ldap browser i get 
> list failed on the main tree.  Did i miss a step?  If I disable the 
> ou=subsuffix1,dc=domain,dc=com suffix i can browse the tree no 
> problem.  Thanks!
> Brian Smith
>
>
>
> Sergio Diaz wrote:
>>
>> FDS, OpenLDAP and AD
>>
>> One Directory FDS.....i want this directions to...
>> Chaining Backend...
>>
>> Regards,
>> Sergio
>>
>> On Mon, 2006-10-02 at 14:12 -0400, Brian Smith wrote:
>>> Hello all, I've been working on getting chaining working with an active
>>> directory back end for a week now.  Has anyone successfully done this or
>>> have directions on setting this up?
>>>
>>>  Brian Smith
>>>
>>> Howard Chu wrote:
>>> >
>>> >> Date: Mon, 02 Oct 2006 10:01:55 -0600
>>> >> From: Richard Megginson <rmeggins at redhat.com <mailto:rmeggins at redhat.com>>
>>> >
>>> >> Sergio Diaz wrote:
>>> >>> Hi Richard;
>>> >>>
>>> >>> Openldap:
>>> >>>
>>> >>>   The  *meta* backend to *slapd(8)
>>> >>> <http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8 <http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8>>*
>>> >>> performs basic LDAP proxying with respect
>>> >>>        to a set of remote LDAP servers,  called  "targets".   The 
>>> >>> information
>>> >>>        contained  in  these  servers can be presented as belonging
>>> >>> to a single
>>> >>>        Directory Information Tree (DIT).
>>> >>>
>>> >>> Its possible with FDS ??
>>> >>>   
>>> >> FDS has a chaining backend which allows you to use another LDAP
>>> >> server to store the data.
>>> >
>>> > It sounds like the FDS chaining backend is similar to OpenLDAP
>>> > back-ldap and/or the chaining overlay. In OpenLDAP back-ldap forwards
>>> > a request to one other server (at a time; multiple servers can be
>>> > configured but the others will only be used if the first server cannot
>>> > be contacted). The back-meta backend is a superset of back-ldap, it
>>> > can fanout single requests to multiple servers in parallel and
>>> > aggregate the results. (There's also attribute mapping and DN
>>> > rewriting, but those capabilities are no longer unique to back-meta,
>>> > having been moved into the rewrite overlay.) With these modules you
>>> > can stitch together a variety of heterogeneous directories into a
>>> > coherent virtual directory.
>>> >
>>> >>> Regards!!
>>> >>> Sergio
>>> >>>
>>> >>>  
>>> >>> On Mon, 2006-10-02 at 07:25 -0600, Richard Megginson wrote:
>>> >>>> Sergio Diaz wrote:
>>> >>>>> Hi People,
>>> >>>>>
>>> >>>>> Its Possible Sync only in One Way ?
>>> >>>>> Users Windows AD -> FDS.
>>> >>>> No, not really.
>>> >>>>> Or the other scenario its like OpenLDAP have a Meta Backend (2
>>> >>>>> LDAPs, 1 AD), its possible with FDS ?
>>> >>>> It's possible. What does the meta backend do?
>>> >>>>>
>>> >>>>> Regards,
>>> >>>>> Sergio
>>> >
>>> >
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com <mailto:Fedora-directory-users at redhat.com>
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>     
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061002/83c95381/attachment.bin>

More information about the Fedora-directory-users mailing list