[Fedora-directory-users] FDS and AD
Sergio Diaz
sergio.diaze at gmail.com
Fri Oct 13 16:10:57 UTC 2006
On 10/13/06, Richard Megginson <rmeggins at redhat.com> wrote:
>
> Sergio Diaz wrote:
> > Hi all,
> >
> > I successfully connect the AD Back End DB to FDS like Brian Smith, i
> > disable the nsProxiedAuthorization (comment by Richard Meggison) in
> > Plugins->Chaining Database->AD (is the name of my Sub Suffix), but i
> > cant Browse the Directory "Critical Extension unavailable".
> I don't understand. You can't "Browse" the directory, but you can
> search Users and Groups?
Yes. Look the ScreenShots -> SearchAD.png and BrowseCritical.png
In the Console i can Search Users from AD or FDS.
In the Directory Sever in TAB Directory i cant Browse the Settings of my
Domain (Critical Extension Unavailable)
Map Attributes No.
OK
> >
> > Its possible to Link the Database of the AD only for Read ?
> You might be able to set the Chaining Database to be readonly in its
> settings.
In wich part i can do this ?
Regards,
Sergio
> I like to write a Howto for this settings.
> >
> > Regards,
> > Sergio
> >
> >
> >
> >
> >
> >
> > On 10/2/06, *Richard Megginson* <rmeggins at redhat.com
> > <mailto:rmeggins at redhat.com>> wrote:
> >
> > It may be that AD doesn't support proxied auth, in which case you
> > should
> > tell chaining to disable it. See
> >
> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180
> > <
> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180
> >
> > for more information - the pertinent attribute is
> > nsProxiedAuthorization
> >
> > Brian Smith wrote:
> > > All,
> > > Here's what I've now done to enable the AD Back end DB for a sub
> > tree:
> > > 1. Click configuration and select the "dc=domain,dc=com" tree.
> > > 2. Right click "dc=domain,dc=com" tree and select new sub suffix
> > > 3. In New Suffix box, typed "ou=subsuffix1" and unchecked create
> > > associated database automatically and click OK.
> > > 4. Open "dc=domain,dc=com" and right click
> > > "ou=subsuffix1,dc=domain,dc=com, and select "new database link.
> > > 5. Here, I put Database link name "subsuffix1", put the bind
> > dn and
> > > password of a domain user account in my AD, and put the domain
> > > controller ip in the remote server box and clicked save. (I can
> > > connect to my AD with the DN I provided here)
> > > 6. Check enable this suffix under
> > ou=subsuffix1,dc=worldpub,dc=corp
> > >
> > > now subsuffix1 database appears under
> > ou=subsuffix1,dc=domain,dc=com.
> > > If I now go to the directory tab, and select the directory entry,
> i
> > > get critical extension unavailable and if i use an ldap browser
> > i get
> > > list failed on the main tree. Did i miss a step? If I disable
> the
> > > ou=subsuffix1,dc=domain,dc=com suffix i can browse the tree no
> > > problem. Thanks!
> > > Brian Smith
> > >
> > >
> > >
> > > Sergio Diaz wrote:
> > >>
> > >> FDS, OpenLDAP and AD
> > >>
> > >> One Directory FDS.....i want this directions to...
> > >> Chaining Backend...
> > >>
> > >> Regards,
> > >> Sergio
> > >>
> > >> On Mon, 2006-10-02 at 14:12 -0400, Brian Smith wrote:
> > >>> Hello all, I've been working on getting chaining working with
> > an active
> > >>> directory back end for a week now. Has anyone successfully
> > done this or
> > >>> have directions on setting this up?
> > >>>
> > >>> Brian Smith
> > >>>
> > >>> Howard Chu wrote:
> > >>> >
> > >>> >> Date: Mon, 02 Oct 2006 10:01:55 -0600
> > >>> >> From: Richard Megginson <rmeggins at redhat.com
> > <mailto:rmeggins at redhat.com> <mailto:rmeggins at redhat.com
> > <mailto:rmeggins at redhat.com>>>
> > >>> >
> > >>> >> Sergio Diaz wrote:
> > >>> >>> Hi Richard;
> > >>> >>>
> > >>> >>> Openldap:
> > >>> >>>
> > >>> >>> The *meta* backend to *slapd(8)
> > >>> >>> <
> >
> http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
> > <
> http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
> >
> > <
> >
> http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
> > <
> http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
> >>>*
> > >>> >>> performs basic LDAP proxying with respect
> > >>> >>> to a set of remote LDAP
> > servers, called "targets". The
> > >>> >>> information
> > >>> >>> contained in these servers can be presented as
> > belonging
> > >>> >>> to a single
> > >>> >>> Directory Information Tree (DIT).
> > >>> >>>
> > >>> >>> Its possible with FDS ??
> > >>> >>>
> > >>> >> FDS has a chaining backend which allows you to use another
> LDAP
> > >>> >> server to store the data.
> > >>> >
> > >>> > It sounds like the FDS chaining backend is similar to OpenLDAP
> > >>> > back-ldap and/or the chaining overlay. In OpenLDAP back-ldap
> > forwards
> > >>> > a request to one other server (at a time; multiple servers
> > can be
> > >>> > configured but the others will only be used if the first
> > server cannot
> > >>> > be contacted). The back-meta backend is a superset of
> > back-ldap, it
> > >>> > can fanout single requests to multiple servers in parallel and
> > >>> > aggregate the results. (There's also attribute mapping and DN
> > >>> > rewriting, but those capabilities are no longer unique to
> > back-meta,
> > >>> > having been moved into the rewrite overlay.) With these
> > modules you
> > >>> > can stitch together a variety of heterogeneous directories
> > into a
> > >>> > coherent virtual directory.
> > >>> >
> > >>> >>> Regards!!
> > >>> >>> Sergio
> > >>> >>>
> > >>> >>>
> > >>> >>> On Mon, 2006-10-02 at 07:25 -0600, Richard Megginson wrote:
> > >>> >>>> Sergio Diaz wrote:
> > >>> >>>>> Hi People,
> > >>> >>>>>
> > >>> >>>>> Its Possible Sync only in One Way ?
> > >>> >>>>> Users Windows AD -> FDS.
> > >>> >>>> No, not really.
> > >>> >>>>> Or the other scenario its like OpenLDAP have a Meta
> > Backend (2
> > >>> >>>>> LDAPs, 1 AD), its possible with FDS ?
> > >>> >>>> It's possible. What does the meta backend do?
> > >>> >>>>>
> > >>> >>>>> Regards,
> > >>> >>>>> Sergio
> > >>> >
> > >>> >
> > >>>
> > >>> --
> > >>> Fedora-directory-users mailing list
> > >>> Fedora-directory-users at redhat.com
> > <mailto:Fedora-directory-users at redhat.com>
> > <mailto:Fedora-directory-users at redhat.com
> > <mailto:Fedora-directory-users at redhat.com>>
> > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >>>
> > >
> >
> ------------------------------------------------------------------------
> >
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users at redhat.com
> > <mailto:Fedora-directory-users at redhat.com>
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > <mailto:Fedora-directory-users at redhat.com>
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061013/ea4eb333/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SearchAD.png
Type: image/png
Size: 90003 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061013/ea4eb333/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BrowseCritical.png
Type: image/png
Size: 146245 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061013/ea4eb333/attachment-0001.png>
More information about the Fedora-directory-users
mailing list