From g.digiambelardini at fabaris.it Thu Feb 1 07:24:59 2007 From: g.digiambelardini at fabaris.it (Di Giambelardini Gabriele) Date: Thu, 1 Feb 2007 08:24:59 +0100 (CET) Subject: [Fedora-directory-users] set dite end time to fedora-ds In-Reply-To: References: Message-ID: <46412.192.168.1.1.1170314699.squirrel@webmail2.fabaris.it> Thanks, i found this solution, but the other problem was i set the "passwordExpirationTime" manually when i imported users,and not go well, beacause if the password expiration is set from the console the fedora-ds mind itself to set the right value... excuse for my english but i'm italian > This is happening because you enabled the option "User must change > password after reset". In the Directory Server Console go to Configuration > Tab, select Data, go to "Passwords" Tab and then uncheck this option. > > >> Hi to all, i have a problem with passwordExpirationTime. >> the problem is: >> my fedora-ds is set to " password expires after 180 days. >> and every user have "passwordExpirationTime: 20070807102527Z" >> but when i try to import this messagge appear "The error sent by the >> server was 'Object class violation. single-valued attribute >> "passwordExpirationTime" has multiple values". >> so if i delete the attribute "passwordExpirationTime" from the user, >> import work fine, but the date for the expiration password is set >> automatically by fedora-ds to "19001023000000Z ( or simil )". >> How i shoud set the ntp or the right date from fedora-ds 1.0.4 ??? >> thanks to all >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > Di Giambelardini Gabriele System/Network Administrator __________________________________________ FABARIS s.r.l. Cel. +39 3488504467 Tel. +39 0765 22181 - Fax +39 0765 410100 Via G. Mameli, 90 02047 Poggio Mirteto (RI) Filiale: Viale dell'Universit?, 25 00185 Roma (RM) www.fabaris.it __________________________________________ From capareci at uol.com.br Thu Feb 1 18:01:32 2007 From: capareci at uol.com.br (Renato Ribeiro da Silva) Date: Thu, 1 Feb 2007 16:01:32 -0200 Subject: [Fedora-directory-users] Message in error log Message-ID: The following message is frequently appearing in my slapd error log. [01/Feb/2007:15:36:52 -0200] acl__TestRights - cache overflown Any idea? Thanks in advance, Renato. From rmeggins at redhat.com Thu Feb 1 18:14:34 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Feb 2007 11:14:34 -0700 Subject: [Fedora-directory-users] Message in error log In-Reply-To: References: Message-ID: <45C22E0A.7040605@redhat.com> Renato Ribeiro da Silva wrote: > The following message is frequently appearing in my slapd error log. > [01/Feb/2007:15:36:52 -0200] acl__TestRights - cache overflown > Any idea? > Try turning on the ACI summary log level http://directory.fedora.redhat.com/wiki/FAQ#Troubleshooting How many ACIs do you have in your server? > Thanks in advance, > Renato. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From azheng at monterey.k12.ca.us Thu Feb 1 23:24:56 2007 From: azheng at monterey.k12.ca.us (Alex Zheng) Date: Thu, 1 Feb 2007 15:24:56 -0800 Subject: [Fedora-directory-users] fedora-ds-1.0.4 rpm for RHEL3 X86_64 Message-ID: <004801c74658$2f1b67a0$ee010a0a@ITSAZDellLat> Anybody know where to find rpm for fedora-ds-1.0.4 - RHEL3 X86_64? Thanks. Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From oscar.valdez at duraflex.com.sv Fri Feb 2 01:23:09 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Thu, 01 Feb 2007 19:23:09 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> Message-ID: <1170379389.2332.24.camel@wzowski.duraflex.com.sv> El jue, 25-01-2007 a las 09:45 -0600, Oscar A. Valdez escribi?: > I'm running fedora-ds-1.0.4 on FC5. The server starts normally > with /opt/fedora-ds/slapd-pendragon/start-slapd, and serves ldap queries > normally. > > However, when I start-admin or restart-admin, and then startconsole > (with the J2RE properly in my $PATH), I can log into the console, but > it's "Servers and Applications" tab is empty. The admin-serv logs don't > record anything out of the ordinary. > > I'll appreciate help in getting my console back to work. How can I get the console to bind properly to the DS? Is there some way to reconfigure it? -- Oscar A. Valdez From nhosoi at redhat.com Fri Feb 2 02:04:41 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Thu, 01 Feb 2007 18:04:41 -0800 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <1170379389.2332.24.camel@wzowski.duraflex.com.sv> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> Message-ID: <45C29C39.8070705@redhat.com> Oscar A. Valdez wrote: >El jue, 25-01-2007 a las 09:45 -0600, Oscar A. Valdez escribi?: > > >>I'm running fedora-ds-1.0.4 on FC5. The server starts normally >>with /opt/fedora-ds/slapd-pendragon/start-slapd, and serves ldap queries >>normally. >> >>However, when I start-admin or restart-admin, and then startconsole >>(with the J2RE properly in my $PATH), I can log into the console, but >>it's "Servers and Applications" tab is empty. The admin-serv logs don't >>record anything out of the ordinary. >> >>I'll appreciate help in getting my console back to work. >> >> > >How can I get the console to bind properly to the DS? Is there some way >to reconfigure it? > > Was it working before? Could you tell us what's been changed since then? Two things I'd like you to try.... When you log into the console, what user do you use? E.g. "admin" or "cn=Directory Manager"? If you use "admin", could you try the Directory Manager? (or vice versa) Does it change the symptom? If you startconsole with "-D 9", it dumps console logs. Do you see any interesting messages in it? Thanks, --noriko -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From jonathanschreiter at yahoo.com Fri Feb 2 03:48:57 2007 From: jonathanschreiter at yahoo.com (Jonathan Schreiter) Date: Thu, 1 Feb 2007 19:48:57 -0800 (PST) Subject: [Fedora-directory-users] FDS / PAM Integration Questions Message-ID: <280962.34841.qm@web34406.mail.mud.yahoo.com> > >Or, just use >nsSaslMapBaseDNTemplate: ou=People,dc=myexample,dc=com >nsSaslMapFilterTemplate: (uid=\1) Hi Richard, I found the root cause of my problems, and they are as follows (in case anyone else happens to be searching these archives). I was using a keytab file that was readable only by root, while I was running the server as the default install user of nobody. As soon as I opened read access to that user, all kerberos / gssapi / sasl mechanisms worked. Also, the confusion I had earlier of if I should enter in the detail via the console was due to the fact I hadn't refreshed all after making the addition to the config - sasl -mapping - mymap entry with the nssaslmapping. After I refreshed, this mapping appeared under the SASL Mapping in the configuration tab. I realize this probably isn't the most secure way of doing this, so I'll probably change the default user that the server runs as. I have a few more questions regarding GSSAPI with FDS. 1) Because I have GSSAPI / SASL enabled, does this automatically enable encryption via GSSAPI? It mentioned that it will do this in the documentation, but I was unable to find the details of this. 2) I've setup a second FDS to be act as a consumer (single master replication). I've followed the administator's documentation and set a simple cn=replication manager, cn=config on both servers to act as the bind for replication (via replication agreement). I've tested this and everything is working great (directory entries, GSSAPI, etc). I would imagine that when the replication binds, the password is sent in clear text. Is this true? If I create a new user in the cn=config and create a new sasl mapping (uid=\1,cn=config) can I simply create a kerberos principal with the same name and use GSSAPI for the bind? The same question as #1 above is will this session be encrypted via GSSAPI as well? Any help would be greatly appreciated. Thanks! Jonathan From rmeggins at redhat.com Fri Feb 2 04:00:53 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 01 Feb 2007 21:00:53 -0700 Subject: [Fedora-directory-users] FDS / PAM Integration Questions In-Reply-To: <280962.34841.qm@web34406.mail.mud.yahoo.com> References: <280962.34841.qm@web34406.mail.mud.yahoo.com> Message-ID: <45C2B775.9090303@redhat.com> Jonathan Schreiter wrote: >> >> Or, just use >> nsSaslMapBaseDNTemplate: ou=People,dc=myexample,dc=com >> nsSaslMapFilterTemplate: (uid=\1) >> > > Hi Richard, > I found the root cause of my problems, and they are as follows (in case anyone else happens to be searching these archives). I was using a keytab file that was readable only by root, while I was running the server as the default install user of nobody. As soon as I opened read access to that user, all kerberos / gssapi / sasl mechanisms worked. Also, the confusion I had earlier of if I should enter in the detail via the console was due to the fact I hadn't refreshed all after making the addition to the config - sasl -mapping - mymap entry with the nssaslmapping. After I refreshed, this mapping appeared under the SASL Mapping in the configuration tab. I realize this probably isn't the most secure way of doing this, so I'll probably change the default user that the server runs as. > > I have a few more questions regarding GSSAPI with FDS. > > 1) Because I have GSSAPI / SASL enabled, does this automatically enable encryption via GSSAPI? It mentioned that it will do this in the documentation, but I was unable to find the details of this. > Yes. You can verify this by using tcpdump or ethereal/wireshark to sniff the traffic. > 2) I've setup a second FDS to be act as a consumer (single master replication). I've followed the administator's documentation and set a simple cn=replication manager, cn=config on both servers to act as the bind for replication (via replication agreement). I've tested this and everything is working great (directory entries, GSSAPI, etc). I would imagine that when the replication binds, the password is sent in clear text. Is this true? If I create a new user in the cn=config and create a new sasl mapping (uid=\1,cn=config) can I simply create a kerberos principal with the same name and use GSSAPI for the bind? The same question as #1 above is will this session be encrypted via GSSAPI as well? > Server to server GSSAPI does not currently work. If you don't want to send unencrypted clear text passwords over the wire, your best bet is to set up SSL between the servers. > Any help would be greatly appreciated. Thanks! > Jonathan > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From oscar.valdez at duraflex.com.sv Fri Feb 2 14:49:47 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Fri, 02 Feb 2007 08:49:47 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <45C29C39.8070705@redhat.com> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> Message-ID: <1170427788.2337.13.camel@wzowski.duraflex.com.sv> El jue, 01-02-2007 a las 18:04 -0800, Noriko Hosoi escribi?: > >El jue, 25-01-2007 a las 09:45 -0600, Oscar A. Valdez escribi?: > >>I'm running fedora-ds-1.0.4 on FC5. The server starts normally > >>with /opt/fedora-ds/slapd-pendragon/start-slapd, and serves ldap queries > >>normally. > >> > >>However, when I start-admin or restart-admin, and then startconsole > >>(with the J2RE properly in my $PATH), I can log into the console, but > >>it's "Servers and Applications" tab is empty. The admin-serv logs don't > >>record anything out of the ordinary. > >> > >>I'll appreciate help in getting my console back to work. > > > >How can I get the console to bind properly to the DS? Is there some way > >to reconfigure it? > > > Was it working before? Could you tell us what's been changed since > then? Two things I'd like you to try.... When you log into the > console, what user do you use? E.g. "admin" or "cn=Directory Manager"? > If you use "admin", could you try the Directory Manager? (or vice > versa) Does it change the symptom? If you startconsole with "-D 9", it > dumps console logs. Do you see any interesting messages in it? It did work, initially. Today, I ran startconsole -D 9 and logged in as admin, and after a bunch of informative messages from the Java VM, I got the following: ResourceSet: NOT found loader1270312:com.netscape.management.client.console.versioninfo Fedora-Management-Console/1.0.3 B2006.312.1457 RemoteImage: NOT found loader1270312:com/netscape/management/nmclf/icons/Error.gif Warning: Cannot convert string "-b&h-lucida-medium-r-normal-sans-*-140-*-*-p-*-iso8859-1" to type FontStruct RemoteImage: Create RemoteImage cache for loader1270312 RemoteImage: NOT found loader1270312:com/netscape/management/nmclf/icons/Inform.gif RemoteImage: NOT found loader1270312:com/netscape/management/nmclf/icons/Warn.gif RemoteImage: NOT found loader1270312:com/netscape/management/nmclf/icons/Question.gif ResourceSet: NOT found loader1270312:com.netscape.management.client.components.components RemoteImage: NOT found loader1270312:com/netscape/management/client/images/logo16.gif RemoteImage: NOT found loader1270312:com/netscape/management/client/console/images/login.gif ResourceSet: NOT found loader1270312:com.netscape.management.client.util.default ResourceSet: found loader1270312:com.netscape.management.client.util.default ... CommManager> New CommRecord (http://pendragon.duraflex.com.sv:1500/admin-serv/authenticate) http://pendragon.duraflex.com.sv:1500/[0:0] open> Ready http://pendragon.duraflex.com.sv:1500/[0:0] accept> http://pendragon.duraflex.com.sv:1500/admin-serv/authenticate http://pendragon.duraflex.com.sv:1500/[0:0] send> GET \ http://pendragon.duraflex.com.sv:1500/[0:0] send> /admin-serv/authenticate \ http://pendragon.duraflex.com.sv:1500/[0:0] send> HTTP/1.0 http://pendragon.duraflex.com.sv:1500/[0:0] send> Host: pendragon.duraflex.com.sv:1500 http://pendragon.duraflex.com.sv:1500/[0:0] send> Connection: Keep-Alive http://pendragon.duraflex.com.sv:1500/[0:0] send> User-Agent: Fedora-Management-Console/1.0 http://pendragon.duraflex.com.sv:1500/[0:0] send> Accept-Language: en http://pendragon.duraflex.com.sv:1500/[0:0] send> Authorization: Basic \ http://pendragon.duraflex.com.sv:1500/[0:0] send> YWRtaW46cGF3b3BhZG8= \ http://pendragon.duraflex.com.sv:1500/[0:0] send> http://pendragon.duraflex.com.sv:1500/[0:0] send> http://pendragon.duraflex.com.sv:1500/[0:0] recv> HTTP/1.1 200 OK http://pendragon.duraflex.com.sv:1500/[0:0] recv> Date: Fri, 02 Feb 2007 08:29:48 GMT http://pendragon.duraflex.com.sv:1500/[0:0] recv> Server: Apache/2.2 HttpChannel.invoke: admin version = 2.2 http://pendragon.duraflex.com.sv:1500/[0:0] recv> Admin-Server: Fedora-Administrator/1.0.3 HttpChannel.invoke: admin version = 1.0.3 http://pendragon.duraflex.com.sv:1500/[0:0] recv> Content-Length: 393 http://pendragon.duraflex.com.sv:1500/[0:0] recv> Connection: close http://pendragon.duraflex.com.sv:1500/[0:0] recv> Content-Type: text/html http://pendragon.duraflex.com.sv:1500/[0:0] recv> http://pendragon.duraflex.com.sv:1500/[0:0] recv> Reading 393 bytes... http://pendragon.duraflex.com.sv:1500/[0:0] recv> 393 bytes read Console.replyHandler: adminVersion = 1.0.3 Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot Console: Cannot open cn=group, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot ResourceSet: NOT found loader1270312:com.netscape.management.client.topology.topology ResourceSet: found loader1270312:com.netscape.management.client.topology.topology RemoteImage: found loader1270312:com/netscape/management/client/images/logo16.gif RemoteImage: NOT found loader1270312:com/netscape/management/client/images/ConsoleBanner.gif RemoteImage: NOT found loader1270312:com/netscape/management/client/images/warn16.gif ResourceSet: NOT found loader1270312:com.netscape.management.client.default UIPermissions: TopologyEditing yes Cannot open: cn=topologyplugin,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot ResourceSet: found loader1270312:com.netscape.management.client.topology.topology ResourceSet: found loader1270312:com.netscape.management.client.default ResourceSet: found loader1270312:com.netscape.management.client.topology.topology ResourceSet: found loader1270312:com.netscape.management.client.topology.topology UIPermissions: CustomViewEditing yes ResourceSet: found loader1270312:com.netscape.management.client.default ResourceSet: found loader1270312:com.netscape.management.client.default UIPermissions: UGTabVisibility yes UIPermissions: UGEditing yes ResourceSet: found loader1270312:com.netscape.management.client.topology.topology TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for performance tuning Cannot load custom views, error code= 32 pub defaultView=null user defaultView=null RemoteImage: NOT found loader1270312:com/netscape/management/client/images/notsecure.gif http://pendragon.duraflex.com.sv:1500/[0:0] close> Closed ResourceSet: found loader1270312:com.netscape.management.client.util.default ResourceSet: found loader1270312:com.netscape.management.client.util.default --- Logging in as cn=Directory Manager also produces an empty console, and the log is very similar, except for lines like the following: Cannot find: ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Creating: ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot 131a134,145 Cannot find: ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Creating: ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Cannot find: ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Creating: ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Cannot find: cn=General,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Creating: cn=General,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Cannot find: cn=Fonts,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Creating: cn=Fonts,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Cannot find: cn=ResourcePage,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Creating: cn=ResourcePage,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Cannot find: cn=CustomViews,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot Creating: cn=CustomViews,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot -- Oscar A. Valdez From nhosoi at redhat.com Fri Feb 2 17:21:42 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Fri, 02 Feb 2007 09:21:42 -0800 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <1170427788.2337.13.camel@wzowski.duraflex.com.sv> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> Message-ID: <45C37326.1070801@redhat.com> Thanks for the log. These error messages look odd... Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot Console: Cannot open cn=group, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot What do you get if you run ldapsearch against your Directory Server as follows? ldapsearch -h -p -D "cn=Directory Manager" -w -b "o=NetscapeRoot" "(cn=*)" Oscar A. Valdez wrote: > El jue, 01-02-2007 a las 18:04 -0800, Noriko Hosoi escribi?: > >>> El jue, 25-01-2007 a las 09:45 -0600, Oscar A. Valdez escribi?: >>> >>>> I'm running fedora-ds-1.0.4 on FC5. The server starts normally >>>> with /opt/fedora-ds/slapd-pendragon/start-slapd, and serves ldap queries >>>> normally. >>>> >>>> However, when I start-admin or restart-admin, and then startconsole >>>> (with the J2RE properly in my $PATH), I can log into the console, but >>>> it's "Servers and Applications" tab is empty. The admin-serv logs don't >>>> record anything out of the ordinary. >>>> >>>> I'll appreciate help in getting my console back to work. >>>> >>> How can I get the console to bind properly to the DS? Is there some way >>> to reconfigure it? >>> >>> >> Was it working before? Could you tell us what's been changed since >> then? Two things I'd like you to try.... When you log into the >> console, what user do you use? E.g. "admin" or "cn=Directory Manager"? >> If you use "admin", could you try the Directory Manager? (or vice >> versa) Does it change the symptom? If you startconsole with "-D 9", it >> dumps console logs. Do you see any interesting messages in it? >> > > It did work, initially. > > Today, I ran startconsole -D 9 and logged in as admin, and after a bunch > of informative messages from the Java VM, I got the following: > > ResourceSet: NOT found > loader1270312:com.netscape.management.client.console.versioninfo > Fedora-Management-Console/1.0.3 B2006.312.1457 > RemoteImage: NOT found > loader1270312:com/netscape/management/nmclf/icons/Error.gif > Warning: Cannot convert string > "-b&h-lucida-medium-r-normal-sans-*-140-*-*-p-*-iso8859-1" to type > FontStruct > RemoteImage: Create RemoteImage cache for loader1270312 > RemoteImage: NOT found > loader1270312:com/netscape/management/nmclf/icons/Inform.gif > RemoteImage: NOT found > loader1270312:com/netscape/management/nmclf/icons/Warn.gif > RemoteImage: NOT found > loader1270312:com/netscape/management/nmclf/icons/Question.gif > ResourceSet: NOT found > loader1270312:com.netscape.management.client.components.components > RemoteImage: NOT found > loader1270312:com/netscape/management/client/images/logo16.gif > RemoteImage: NOT found > loader1270312:com/netscape/management/client/console/images/login.gif > ResourceSet: NOT found > loader1270312:com.netscape.management.client.util.default > ResourceSet: found > loader1270312:com.netscape.management.client.util.default > ... > CommManager> New CommRecord > (http://pendragon.duraflex.com.sv:1500/admin-serv/authenticate) > http://pendragon.duraflex.com.sv:1500/[0:0] open> Ready > http://pendragon.duraflex.com.sv:1500/[0:0] accept> > http://pendragon.duraflex.com.sv:1500/admin-serv/authenticate > http://pendragon.duraflex.com.sv:1500/[0:0] send> GET \ > http://pendragon.duraflex.com.sv:1500/[0:0] > send> /admin-serv/authenticate \ > http://pendragon.duraflex.com.sv:1500/[0:0] send> HTTP/1.0 > http://pendragon.duraflex.com.sv:1500/[0:0] send> Host: > pendragon.duraflex.com.sv:1500 > http://pendragon.duraflex.com.sv:1500/[0:0] send> Connection: Keep-Alive > http://pendragon.duraflex.com.sv:1500/[0:0] send> User-Agent: > Fedora-Management-Console/1.0 > http://pendragon.duraflex.com.sv:1500/[0:0] send> Accept-Language: en > http://pendragon.duraflex.com.sv:1500/[0:0] send> Authorization: Basic > \ > http://pendragon.duraflex.com.sv:1500/[0:0] send> YWRtaW46cGF3b3BhZG8= \ > http://pendragon.duraflex.com.sv:1500/[0:0] send> > http://pendragon.duraflex.com.sv:1500/[0:0] send> > http://pendragon.duraflex.com.sv:1500/[0:0] recv> HTTP/1.1 200 OK > http://pendragon.duraflex.com.sv:1500/[0:0] recv> Date: Fri, 02 Feb 2007 > 08:29:48 GMT > http://pendragon.duraflex.com.sv:1500/[0:0] recv> Server: Apache/2.2 > HttpChannel.invoke: admin version = 2.2 > http://pendragon.duraflex.com.sv:1500/[0:0] recv> Admin-Server: > Fedora-Administrator/1.0.3 > HttpChannel.invoke: admin version = 1.0.3 > http://pendragon.duraflex.com.sv:1500/[0:0] recv> Content-Length: 393 > http://pendragon.duraflex.com.sv:1500/[0:0] recv> Connection: close > http://pendragon.duraflex.com.sv:1500/[0:0] recv> Content-Type: > text/html > http://pendragon.duraflex.com.sv:1500/[0:0] recv> > http://pendragon.duraflex.com.sv:1500/[0:0] recv> Reading 393 bytes... > http://pendragon.duraflex.com.sv:1500/[0:0] recv> 393 bytes read > Console.replyHandler: adminVersion = 1.0.3 > Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, > ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > Console: Cannot open cn=group, cn=DefaultObjectClassesContainer,ou=1.0, > ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.0, > ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, > ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > ResourceSet: NOT found > loader1270312:com.netscape.management.client.topology.topology > ResourceSet: found > loader1270312:com.netscape.management.client.topology.topology > RemoteImage: found > loader1270312:com/netscape/management/client/images/logo16.gif > RemoteImage: NOT found > loader1270312:com/netscape/management/client/images/ConsoleBanner.gif > RemoteImage: NOT found > loader1270312:com/netscape/management/client/images/warn16.gif > ResourceSet: NOT found > loader1270312:com.netscape.management.client.default > UIPermissions: TopologyEditing yes > Cannot open: cn=topologyplugin,ou=1.0, ou=admin, ou=Global Preferences, > ou=duraflex.com.sv, o=NetscapeRoot > ResourceSet: found > loader1270312:com.netscape.management.client.topology.topology > ResourceSet: found loader1270312:com.netscape.management.client.default > ResourceSet: found > loader1270312:com.netscape.management.client.topology.topology > ResourceSet: found > loader1270312:com.netscape.management.client.topology.topology > UIPermissions: CustomViewEditing yes > ResourceSet: found loader1270312:com.netscape.management.client.default > ResourceSet: found loader1270312:com.netscape.management.client.default > UIPermissions: UGTabVisibility yes > UIPermissions: UGEditing yes > ResourceSet: found > loader1270312:com.netscape.management.client.topology.topology > TRACE ConsoleInfo.clone: tracking cloning of ConsoleInfo for performance > tuning > Cannot load custom views, error code= 32 > ou=duraflex.com.sv, o=NetscapeRoot> > pub defaultView=null > user defaultView=null > RemoteImage: NOT found > loader1270312:com/netscape/management/client/images/notsecure.gif > http://pendragon.duraflex.com.sv:1500/[0:0] close> Closed > ResourceSet: found > loader1270312:com.netscape.management.client.util.default > ResourceSet: found > loader1270312:com.netscape.management.client.util.default > --- > > Logging in as cn=Directory Manager also produces an empty console, and > the log is very similar, except for lines like the following: > > Cannot find: ou="cn=Directory Manager",ou=UserPreferences, > ou=duraflex.com.sv, o=NetscapeRoot > Creating: ou="cn=Directory Manager",ou=UserPreferences, > ou=duraflex.com.sv, o=NetscapeRoot > 131a134,145 > Cannot find: ou=Console,ou="cn=Directory Manager",ou=UserPreferences, > ou=duraflex.com.sv, o=NetscapeRoot > Creating: ou=Console,ou="cn=Directory Manager",ou=UserPreferences, > ou=duraflex.com.sv, o=NetscapeRoot > Cannot find: ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > Creating: ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > Cannot find: cn=General,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > Creating: cn=General,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > Cannot find: cn=Fonts,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > Creating: cn=Fonts,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > Cannot find: cn=ResourcePage,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > Creating: cn=ResourcePage,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > Cannot find: cn=CustomViews,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > Creating: cn=CustomViews,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From oscar.valdez at duraflex.com.sv Fri Feb 2 18:11:37 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Fri, 02 Feb 2007 12:11:37 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <45C37326.1070801@redhat.com> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> Message-ID: <1170439898.2337.25.camel@wzowski.duraflex.com.sv> El vie, 02-02-2007 a las 09:21 -0800, Noriko Hosoi escribi?: > Thanks for the log. These error messages look odd... > > Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, > ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > Console: Cannot open cn=group, cn=DefaultObjectClassesContainer,ou=1.0, > ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.0, > ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, > ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > > What do you get if you run ldapsearch against your Directory Server as > follows? > ldapsearch -h -p -D "cn=Directory Manager" -w > -b "o=NetscapeRoot" "(cn=*)" Thanks for your reply. I appreciate your time going over this extensive output: version: 1 dn: cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=Netsc apeRoot objectClass: top objectClass: groupofuniquenames cn: Configuration Administrators uniqueMember: uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRo ot dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson cn: Configuration Administrator sn: Administrator givenName: Configuration uid: admin userPassword: {SSHA}09smbU6EY93lDzCV3HBXJrC6Yu5gN9A4EJNsyw== dn: cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsHost objectClass: groupOfUniqueNames cn: pendragon serverHostName: pendragon nsOsVersion: Linux 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004 nsHardwarePlatform: i686 uniqueMember: cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot dn: cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: nsAdminGroup objectClass: groupOfUniqueNames objectClass: nsDirectoryInfo objectClass: top nsAdminGroupName: Server Group nsConfigRoot: /opt/fedora-ds nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=duraflex, o=Ne tscapeRoot nsAdminSIEDN: cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Ser ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot cn: Server Group uniqueMember: cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=du raflex, o=NetscapeRoot uniqueMember: cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot dn: cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o= NetscapeRoot objectClass: nsApplication objectClass: groupOfUniqueNames objectClass: top cn: Fedora Directory Server nsProductName: Fedora Directory Server nsProductVersion: 1.0.1 nsNickName: slapd nsBuildNumber: 2005.342.165 nsVendor: Fedora Project nsInstalledLocation: /opt/fedora-ds installationTimeStamp: 20051229214439Z nsExpirationDate: 0 nsBuildSecurity: domestic uniqueMember: cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot nsServerMigrationClassname: com.netscape.admin.dirserv.task.MigrateCreate at ds10 .jar at cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Gro up, cn=pendragon, ou=duraflex, o=NetscapeRoot nsServerCreationClassname: com.netscape.admin.dirserv.task.MigrateCreate at ds10. jar at cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Grou p, cn=pendragon, ou=duraflex, o=NetscapeRoot dn: cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendra gon, ou=duraflex, o=NetscapeRoot objectClass: netscapeServer objectClass: nsDirectoryServer objectClass: nsResourceRef objectClass: nsConfig objectClass: groupOfUniqueNames objectClass: top nsServerSecurity: off nsServerID: slapd-pendragon nsBindDN: cn=Directory Manager nsBaseDN: dc=duraflex,dc=com,dc=sv serverRoot: /opt/fedora-ds nsServerPort: 389 nsSecureServerPort: 636 serverProductName: Directory Server (pendragon) serverVersionNumber: 1.0.1 installationTimeStamp: 20051229214439Z nsSuiteSpotUser: nobody serverHostName: pendragon cn: slapd-pendragon uniqueMember: cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot uniqueMember: cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Ser ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot userPassword: {SSHA}/citfGYEsjF16K8efQHEYlE1NHuivmLQOroyRw== dn: cn=configuration,cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: nsResourceRef objectClass: nsAdminObject objectClass: nsDirectoryInfo objectClass: top cn: configuration nsClassname: com.netscape.admin.dirserv.DSAdmin at ds10.jar@cn=admin-serv-pendrag on, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraf lex, o=NetscapeRoot nsJarfilename: ds10.jar nsDirectoryInfoRef: cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot dn: cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef cn: Tasks dn: cn=Operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory Server, cn =Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstaskgroup nsTaskLabel: Operation Tasks Group cn: Operation dn: cn=task summary, cn=Operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Dir ectory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsConfig description: start stop restart Backup Restore KeyCert Authenticate CompleteIm port CompleteExport cn: task summary dn: cn=start, cn=Operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.task.Start at ds10.jar@cn=admin-serv-pend ragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=du raflex, o=NetscapeRoot nsExecRef: start cn: start dn: cn=stop, cn=Operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory S erver, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.task.Stop at ds10.jar@cn=admin-serv-pendr agon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=dur aflex, o=NetscapeRoot nsExecRef: shutdown cn: stop dn: cn=restart, cn=Operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Director y Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.task.Restart at ds10.jar@cn=admin-serv-pe ndragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou= duraflex, o=NetscapeRoot nsExecRef: restart cn: restart dn: cn=Backup, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.task.Backup at ds10.jar@cn=admin-serv-pen dragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=d uraflex, o=NetscapeRoot nsExecRef: ds_db2bak cn: Backup dn: cn=Restore, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Director y Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.task.Restore at ds10.jar@cn=admin-serv-pe ndragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou= duraflex, o=NetscapeRoot nsExecRef: ds_bak2db cn: Restore dn: cn=KeyCert, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Director y Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.task.KeyCert at ds10.jar@cn=admin-serv-pe ndragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou= duraflex, o=NetscapeRoot cn: KeyCert dn: cn=Authenticate, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Dir ectory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.task.Authenticate at ds10.jar@cn=admin-se rv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon , ou=duraflex, o=NetscapeRoot cn: Authenticate dn: cn=CompleteImport, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora D irectory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.task.CompleteImport at ds10.jar@cn=admin- serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendrag on, ou=duraflex, o=NetscapeRoot cn: CompleteImport dn: cn=CompleteExport, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora D irectory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.task.CompleteExport at ds10.jar@cn=admin- serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendrag on, ou=duraflex, o=NetscapeRoot cn: CompleteExport dn: cn=Export, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: ds_db2ldif cn: Export dn: cn=Import, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: ds_ldif2db cn: Import dn: cn=ViewLog, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Director y Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: ds_viewlog.pl cn: ViewLog dn: cn=ListBackups, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Dire ctory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: ds_listdb cn: ListBackups dn: cn=Remove, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: ds_remove cn: Remove dn: cn=CreateVLVIndex, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora D irectory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: vlvindex cn: CreateVLVIndex dn: cn=AddIndex, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directo ry Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: addindex cn: AddIndex dn: cn=SNMPCtrl, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directo ry Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: ds_snmpctrl cn: SNMPCtrl dn: cn=Tasks, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=du raflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef cn: Tasks dn: cn=Operation, cn=Tasks, cn=Fedora Directory Server, cn=Server Group, cn=pe ndragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstaskgroup nsTaskLabel: Operation Tasks Group cn: Operation dn: cn=Migrate, cn=Operation, cn=Tasks, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: migrateInstance cn: Migrate dn: cn=Create, cn=Operation, cn=Tasks, cn=Fedora Directory Server, cn=Server G roup, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: ds_create cn: Create dn: cn=GetConfigInfo, cn=Operation, cn=Tasks, cn=Fedora Directory Server, cn=S erver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: getConfigInfo cn: GetConfigInfo dn: cn=MigrateLocalDB, cn=Operation, cn=Tasks, cn=Fedora Directory Server, cn= Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: migrateLocalDB cn: MigrateLocalDB dn: cn=ResourceEditorExtension, ou=1.0, ou=Admin, ou=Global Preferences, ou=du raflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: extensibleObject cn: ResourceEditorExtension nsmerge: ADD_IF_EMPTY dn: cn=nsroledefinition, cn=ResourceEditorExtension, ou=1.0, ou=Admin, ou=Glob al Preferences, ou=duraflex, o=NetscapeRoot cn: nsroledefinition objectClass: top objectClass: extensibleObject objectClass: nsResourceRef objectClass: nsAdminResourceEditorExtension objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.roledit.ResEditorRoleInfo at ds10.jar nsClassname: com.netscape.admin.dirserv.roledit.ResEditorRoleMembers at ds10.jar nsClassname: com.netscape.admin.dirserv.roledit.ResEditorRoleAccountPage at ds10. jar nsmerge: {nsclassname}MULTI_MERGE dn: cn=cossuperdefinition, cn=ResourceEditorExtension, ou=1.0, ou=Admin, ou=Gl obal Preferences, ou=duraflex, o=NetscapeRoot cn: cossuperdefinition objectClass: top objectClass: extensibleObject objectClass: nsResourceRef objectClass: nsAdminResourceEditorExtension objectClass: nsAdminObject nsClassname: com.netscape.admin.dirserv.cosedit.ResEditorCosInfo at ds10.jar nsClassname: com.netscape.admin.dirserv.cosedit.ResEditorCosAttributes at ds10.ja r nsClassname: com.netscape.admin.dirserv.cosedit.ResEditorCosTemplate at ds10.jar nsmerge: {nsclassname}MULTI_MERGE dn: cn=UserDirectory, ou=Global Preferences, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsDirectoryInfo cn: UserDirectory nsDirectoryURL: ldap://pendragon:389/dc=duraflex,dc=com,dc=sv nsDirectoryFailoverList: dn: cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=durafle x, o=NetscapeRoot objectClass: top objectClass: nsApplication objectClass: groupOfUniqueNames cn: Fedora Administration Server nsVendor: Fedora Project nsProductName: Fedora Administration Server nsNickName: admin nsProductVersion: 1.0 nsBuildNumber: 2005.342.1550 nsInstalledLocation: /opt/fedora-ds installationTimeStamp: 20051229214440Z nsBuildSecurity: domestic nsServerMigrationClassname: com.netscape.management.admserv.AdminServerProduct @admserv10.jar uniqueMember: cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Ser ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot dn: cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: netscapeServer objectClass: nsAdminServer objectClass: nsResourceRef objectClass: groupOfUniqueNames cn: admin-serv-pendragon nsServerID: admin-serv serverRoot: /opt/fedora-ds serverProductName: Administration Server serverHostName: pendragon uniqueMember: cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Ser ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot installationTimeStamp: 20051229214440Z userPassword: {SSHA}JgUB+zkuRsmiHXAaXl52/aSplGjVldIHy9ydwg== dn: cn=configuration, cn=admin-serv-pendragon, cn=Fedora Administration Server , cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: nsConfig objectClass: nsAdminConfig objectClass: nsAdminObject objectClass: nsDirectoryInfo objectClass: top cn: Configuration nsServerPort: 36917 nsSuiteSpotUser: root nsServerAddress: nsAdminEnableEnduser: on nsAdminEnableDSGW: on nsDirectoryInfoRef: cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot nsAdminUsers: admin-serv/config/admpw nsErrorLog: admin-serv/logs/error nsPidLog: admin-serv/logs/pid nsAccessLog: admin-serv/logs/access nsAdminCacheLifetime: 600 nsAdminAccessHosts: * nsAdminAccessAddresses: *.*.*.* nsAdminOneACLDir: adminacl nsDefaultAcceptLanguage: en nsClassname: com.netscape.management.admserv.AdminServer at admserv10.jar@cn=admi n-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendr agon, ou=duraflex, o=NetscapeRoot dn: cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Ser ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef cn: Tasks dn: cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstaskgroup nsTaskLabel: Operation Tasks Group cn: Operation dn: cn=Stop, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Admini stration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/stopadm.html nsExecRef: stopsrv nsClassname: com.netscape.management.admserv.task.Stop at admserv10.jar@cn=admin- serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendrag on, ou=duraflex, o=NetscapeRoot cn: Stop dn: cn=Restart, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Adm inistration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRo ot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/restartadm.html nsExecRef: restartsrv nsClassname: com.netscape.management.admserv.task.Restart at admserv10.jar@cn=adm in-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pend ragon, ou=duraflex, o=NetscapeRoot cn: Restart dn: cn=Authenticate, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedor a Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Netsc apeRoot objectClass: top objectClass: nstask nsHelpRef: admin/userauth.html nsExecRef: userauth cn: Authenticate dn: cn=ListOldServers, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fed ora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Net scapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: listOldSrvs cn: ListOldServers dn: cn=StartConfigDS, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedo ra Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Nets capeRoot objectClass: top objectClass: nstask nsExecRef: start_config_ds cn: StartConfigDS dn: cn=MigrateConfig, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedo ra Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Nets capeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: migrateConfig cn: MigrateConfig dn: cn=MergeConfig, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Netsca peRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: mergeConfig cn: MergeConfig dn: cn=StatusPing, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Netscap eRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: statusping nsLogSuppress: true cn: StatusPing dn: cn=Configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administrat ion Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstaskgroup nsTaskLabel: Configuration Tasks Group cn: Configuration dn: cn=ServerSetup, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fe dora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Ne tscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: config nsClassname: com.netscape.management.admserv.task.ServerSetup at admserv10.jar@cn =admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn= pendragon, ou=duraflex, o=NetscapeRoot cn: ServerSetup dn: cn=DirectorySetup, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn =Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o =NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: dsconfig cn: DirectorySetup dn: cn=UGDirectorySetup, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: ugdsconfig cn: UGDirectorySetup dn: cn=AccessSetup, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fe dora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Ne tscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: admpw cn: AccessSetup dn: cn=Logging, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Netsca peRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/logging.html nsExecRef: config nsClassname: com.netscape.management.admserv.task.Logging at admserv10.jar@cn=adm in-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pend ragon, ou=duraflex, o=NetscapeRoot cn: Logging dn: cn=SecurityOp, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fed ora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Net scapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsExecRef: security cn: SecurityOp dn: cn=CertSetup, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fedo ra Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Nets capeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/certrequest.html nsClassname: com.netscape.management.admserv.task.CertSetup at admserv10.jar@cn=a dmin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pe ndragon, ou=duraflex, o=NetscapeRoot cn: CertSetup dn: cn=SSLActivate, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fe dora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Ne tscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/ssl_activate.html nsExecRef: sec-activate cn: SSLActivate dn: cn=ReadLog, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Netsca peRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/logging.html nsExecRef: ReadLog cn: ReadLog dn: cn=HTMLAdmin, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fedo ra Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Nets capeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/htmladmin.html nsExecRef: htmladmin cn: HTMLAdmin dn: cn=StatPingServ, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=F edora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=N etscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/statpingserv.html nsExecRef: statpingserv cn: StatPingServ dn: cn=ViewData, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fedor a Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Netsc apeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/viewdata.html nsExecRef: viewdata cn: ViewData dn: cn=ViewLog, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=Netsca peRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/viewlog.html nsExecRef: viewlog cn: ViewLog dn: cn=MonReplication, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, cn =Fedora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, o =NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/monreplication.html nsExecRef: monreplication cn: MonReplication dn: cn=repl-monitor-cgi.pl, cn=configuration, cn=Tasks, cn=admin-serv-pendrago n, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, ou=durafl ex, o=NetscapeRoot objectClass: top objectClass: nstask objectClass: nsAdminObject nsHelpRef: admin/monreplication.html nsExecRef: repl-monitor-cgi.pl cn: repl-monitor-cgi.pl dn: cn=Commands, cn=admin-serv-pendragon, cn=Fedora Administration Server, cn= Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef cn: Commands dn: cn=sync-task-sie-data, cn=Commands, cn=admin-serv-pendragon, cn=Fedora Adm inistration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRo ot objectClass: top objectClass: nstask nsHelpRef: admin/sync-task-sie-data.html nsExecRef: runtime cn: sync-task-sie-data dn: cn=change-sie-password, cn=Commands, cn=admin-serv-pendragon, cn=Fedora Ad ministration Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeR oot objectClass: top objectClass: nstask nsExecRef: runtime cn: change-sie-password dn: cn=Common, ou=Global Preferences, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: nsGlobalParameters objectClass: extensibleObject cn: common nsUniqueAttribute: uid nsUserIDFormat: firstletter_lastname nsUserRDNComponent: uid nsGroupRDNComponent: cn nsmerge: {nsuniqueattribute}ADD_IF_EMPTY nsmerge: {nsuseridformat}ADD_IF_EMPTY nsmerge: {nsuserrdncomponent}ADD_IF_EMPTY nsmerge: {nsgrouprdncomponent}ADD_IF_EMPTY dn: cn=Client, ou=Admin, ou=Global Preferences, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: nsAdminGlobalParameters objectClass: extensibleObject cn: Client nsAdminEndUserHTMLIndex: [--Category:general,General][--Option:edit.cgi?userpi nfo,Personal Information][--Option:edit.cgi?userpasswd,Password] nsNickName: admin,,Fedora Administration Server nsNickName: https,netshare,Fedora Enterprise Server nsNickName: httpd,httpd,Fedora FastTrack Server nsNickName: msg,msg,Fedora Messaging Server nsNickName: news,news,Fedora Collabra Server nsNickName: proxy,proxy,Fedora Proxy Server nsNickName: lmspd,lmspd,Fedora Media Server nsNickName: slapd,slapd,Fedora Directory Server nsNickName: cert,cert,Fedora Certificate Server nsNickName: compass,compass,Fedora Compass Server nsNickName: catalog,catalog,Fedora Catalog Server nsNickName: calendar,calendar,Fedora Calendar Server nsmerge: {nsadminenduserhtmlindex}MULTI_MERGE nsmerge: {nsnickname}MULTI_MERGE dn: cn=PublicViews, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, o=Ne tscapeRoot objectClass: top objectClass: nsAdminConsoleUser cn: PublicViews dn: cn=CustomView, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, o=Net scapeRoot objectClass: top objectClass: nsResourceRef cn: CustomView dn: cn=inetorgPerson, cn=ResourceEditorExtension, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, o=NetscapeRoot cn: inetorgPerson objectClass: nsResourceRef objectClass: nsAdminResourceEditorExtension objectClass: top objectClass: extensibleObject objectClass: nsAdminObject nsClassname: com.netscape.management.client.ug.ResEditorUserPage nsClassname: com.netscape.management.client.ug.ResEditorAccountPage nsClassname: com.netscape.management.client.ug.LanguagePage nsClassname: com.netscape.management.client.ug.ResEditorNTUser nsClassname: com.netscape.management.client.ug.ResEditorPosixUser nsmerge: {nsclassname}MULTI_MERGE dn: cn=organizationalPerson, cn=ResourceEditorExtension, ou=1.0, ou=Admin, ou= Global Preferences, ou=duraflex, o=NetscapeRoot cn: organizationalPerson objectClass: nsResourceRef objectClass: nsAdminResourceEditorExtension objectClass: top objectClass: extensibleObject objectClass: nsAdminObject nsClassname: com.netscape.management.client.ug.ResEditorUserPage nsClassname: com.netscape.management.client.ug.ResEditorAccountPage nsClassname: com.netscape.management.client.ug.LanguagePage nsmerge: {nsclassname}MULTI_MERGE dn: cn=groupofuniquenames, cn=ResourceEditorExtension, ou=1.0, ou=Admin, ou=Gl obal Preferences, ou=duraflex, o=NetscapeRoot cn: groupofuniquenames objectClass: nsResourceRef objectClass: nsAdminResourceEditorExtension objectClass: top objectClass: extensibleObject objectClass: nsAdminObject nsClassname: com.netscape.management.client.ug.ResEditorGroupInfo nsClassname: com.netscape.management.client.ug.ResEditorGroupMembers nsClassname: com.netscape.management.client.ug.ResEditorAccountPage nsClassname: com.netscape.management.client.ug.LanguagePage nsmerge: {nsclassname}MULTI_MERGE dn: cn=organizationalunit, cn=ResourceEditorExtension, ou=1.0, ou=Admin, ou=Gl obal Preferences, ou=duraflex, o=NetscapeRoot cn: organizationalunit objectClass: nsResourceRef objectClass: nsAdminResourceEditorExtension objectClass: top objectClass: extensibleObject objectClass: nsAdminObject nsClassname: com.netscape.management.client.ug.OUPage nsClassname: com.netscape.management.client.ug.LanguagePage nsmerge: {nsclassname}MULTI_MERGE dn: cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef cn: DefaultObjectClassesContainer dn: cn=user, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global Pre ferences, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: nsdefaultObjectClasses cn: user nsDefaultObjectClass: top nsDefaultObjectClass: person nsDefaultObjectClass: organizationalPerson nsDefaultObjectClass: inetorgperson dn: cn=group, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global Pr eferences, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: nsdefaultObjectClasses cn: group nsDefaultObjectClass: top nsDefaultObjectClass: groupofuniquenames dn: cn=ou, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global Prefe rences, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: nsdefaultObjectClasses cn: ou nsDefaultObjectClass: top nsDefaultObjectClass: organizationalunit dn: cn=topologyplugin, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, o =NetscapeRoot objectClass: top objectClass: nsResourceRef objectClass: extensibleObject cn: topologyplugin nsmerge: ADD_IF_EMPTY dn: cn=defaultplugin, cn=topologyplugin, ou=1.0, ou=Admin, ou=Global Preferenc es, ou=duraflex, o=NetscapeRoot objectClass: top objectClass: nstopologyplugin objectClass: extensibleObject objectClass: nsAdminObject cn: defaultplugin nsClassname: com.netscape.management.client.topology.DefaultTopologyPlugin nsmerge: {nsclassname}MULTI_MERGE dn: cn=UI,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex, o=NetscapeRoot cn: UI objectClass: top objectClass: nsAdminConsoleUser dn: cn=General,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=Topology Management, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, o=NetscapeRoot cn: General objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojVHVlIFNlcCAxOSAxNjozNTo0NiBDU1QgMjAwNgpXaWR0aD03NTAKU2hvd1 N0YXR1c0Jhcj10cnVlClNob3dCYW5uZXJCYXI9dHJ1ZQpZPTE0NwpIZWlnaHQ9NTMwClg9MTMxCg == dn: cn=Fonts,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=TopologyMa nagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, o=NetscapeRoot cn: Fonts objectClass: top objectClass: nsAdminConsoleUser dn: cn=ResourcePage,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=Top ologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, o=Netscape Root cn: ResourcePage objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojVHVlIFNlcCAxOSAxNjozNTo0MSBDU1QgMjAwNgpTaG93VHJlZT10cnVlCg == dn: cn=CustomViews,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=Topo logyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, o=NetscapeR oot cn: CustomViews objectClass: top objectClass: nsAdminConsoleUser dn: cn=DS_MISCELLANEOUS,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou =TopologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, o=Nets capeRoot cn: DS_MISCELLANEOUS objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojTW9uIEp1biAxOSAxNzo1MDowNiBDU1QgMjAwNgpMQVlPVVRfUFJFRkVSRU 5DRVM9Tk9ERV9MRUFGX0xBWU9VVAo= dn: cn=TaskTab,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=Topology Management, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, o=NetscapeRoot cn: TaskTab objectClass: top objectClass: nsAdminConsoleUser dn: cn=SearchResultTable,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, o u=TopologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, o=Net scapeRoot cn: SearchResultTable objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojVGh1IERlYyAyOSAxNTo1OTowNyBDU1QgMjAwNQpBdHRyaWJ1dGUzPXRlbG VwaG9uZW51bWJlcgpDb2x1bW5Db3VudD00CkF0dHJpYnV0ZTI9bWFpbApBdHRyaWJ1dGUxPXVpZA pBdHRyaWJ1dGUwPWNuCkxhYmVsMz1QaG9uZQpMYWJlbDI9RS1NYWlsCkxhYmVsMT1Vc2VyIElECk xhYmVsMD1OYW1lCg== dn: cn=Confirmation,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=Top ologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, o=Netscape Root cn: Confirmation objectClass: top objectClass: nsAdminConsoleUser dn: cn=UserDirectory, ou=Global Preferences, ou=duraflex.com.sv, o=netscaperoo t objectClass: top objectClass: nsDirectoryInfo cn: UserDirectory nsDirectoryURL: ldap://:/ nsDirectoryFailoverList: dn: cn=General,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=Topology Management, o=NetscapeRoot",ou=UserPreferences, ou=duraflex.com.sv, o=Netsca peRoot cn: General objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojRnJpIEZlYiAwMiAwMjoyOTo1MiBDU1QgMjAwNwpXaWR0aD03NTAKU2hvd1 N0YXR1c0Jhcj10cnVlClNob3dCYW5uZXJCYXI9dHJ1ZQpZPTExOQpYPTEzNwpIZWlnaHQ9NTMwCg == dn: cn=Fonts,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=TopologyMa nagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex.com.sv, o=Netscape Root cn: Fonts objectClass: top objectClass: nsAdminConsoleUser dn: cn=ResourcePage,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=Top ologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex.com.sv, o=N etscapeRoot cn: ResourcePage objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojRnJpIEZlYiAwMiAwMjoyOTo1MiBDU1QgMjAwNwpTaG93VHJlZT10cnVlCg == dn: cn=CustomViews,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, ou=Topo logyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex.com.sv, o=Ne tscapeRoot cn: CustomViews objectClass: top objectClass: nsAdminConsoleUser dn: cn=PublicViews,ou=1.0,ou=admin,ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot cn: PublicViews objectClass: top objectClass: nsAdminConsoleUser dn: cn=UI,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=Netsc apeRoot cn: UI objectClass: top objectClass: nsAdminConsoleUser dn: cn=SearchResultTable,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, o u=TopologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex.com.sv , o=NetscapeRoot cn: SearchResultTable objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojV2VkIEphbiAyNCAxMTozOToyNCBDU1QgMjAwNwpBdHRyaWJ1dGUzPXRlbG VwaG9uZW51bWJlcgpDb2x1bW5Db3VudD00CkF0dHJpYnV0ZTI9bWFpbApBdHRyaWJ1dGUxPXVpZA pBdHRyaWJ1dGUwPWNuCkxhYmVsMz1QaG9uZQpMYWJlbDI9RS1NYWlsCkxhYmVsMT1Vc2VyIElECk xhYmVsMD1OYW1lCg== dn: cn=General,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, ou=duraflex.com.sv, o=NetscapeRoot cn: General objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojRnJpIEZlYiAwMiAwMjo0MToyNiBDU1QgMjAwNwpXaWR0aD03NTAKU2hvd1 N0YXR1c0Jhcj10cnVlClNob3dCYW5uZXJCYXI9dHJ1ZQpZPTExOQpIZWlnaHQ9NTMwClg9MTM3Cg == dn: cn=Fonts,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferences, o u=duraflex.com.sv, o=NetscapeRoot cn: Fonts objectClass: top objectClass: nsAdminConsoleUser dn: cn=ResourcePage,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPrefere nces, ou=duraflex.com.sv, o=NetscapeRoot cn: ResourcePage objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojRnJpIEZlYiAwMiAwMjo0MToyNiBDU1QgMjAwNwpTaG93VHJlZT10cnVlCg == dn: cn=CustomViews,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPreferen ces, ou=duraflex.com.sv, o=NetscapeRoot cn: CustomViews objectClass: top objectClass: nsAdminConsoleUser dn: cn=SearchResultTable,ou=1.0,ou=Console,ou="cn=Directory Manager",ou=UserPr eferences, ou=duraflex.com.sv, o=NetscapeRoot cn: SearchResultTable objectClass: top objectClass: nsAdminConsoleUser nsPreference:: IwojRnJpIEZlYiAwMiAwMjo0MToyNiBDU1QgMjAwNwpBdHRyaWJ1dGUzPXRlbG VwaG9uZW51bWJlcgpDb2x1bW5Db3VudD00CkF0dHJpYnV0ZTI9bWFpbApBdHRyaWJ1dGUxPXVpZA pBdHRyaWJ1dGUwPWNuCkxhYmVsMz1QaG9uZQpMYWJlbDI9RS1NYWlsCkxhYmVsMT1Vc2VyIElECk xhYmVsMD1OYW1lCg== -- Oscar A. Valdez Industrias Duraflex, S.A. de C.V. From nhosoi at redhat.com Fri Feb 2 20:00:50 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Fri, 02 Feb 2007 12:00:50 -0800 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <1170439898.2337.25.camel@wzowski.duraflex.com.sv> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> Message-ID: <45C39872.3050607@redhat.com> There's a mismatch between the RDNs in the Configuration LDAP server and which Console/Admin Server is looking for (the second last rdn ou=duraflex vs. ou=duraflex.com.sv). dn: cn=user, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, o=NetscapeRoot Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot Did you have any chance to change the domain name? If so, do you remember what operation was it? I wonder what do you see if you run this command line in your /admin-serv/config. $ egrep -i o=netscaperoot * | egrep -vi topologymanagement Thanks, --noriko Oscar A. Valdez wrote: > El vie, 02-02-2007 a las 09:21 -0800, Noriko Hosoi escribi?: > >> Thanks for the log. These error messages look odd... >> >> Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, >> ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot >> Console: Cannot open cn=group, cn=DefaultObjectClassesContainer,ou=1.0, >> ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot >> Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.0, >> ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot >> Console: Cannot open cn=ResourceEditorExtension,ou=1.0, ou=admin, >> ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot >> >> What do you get if you run ldapsearch against your Directory Server as >> follows? >> ldapsearch -h -p -D "cn=Directory Manager" -w >> -b "o=NetscapeRoot" "(cn=*)" >> > > Thanks for your reply. I appreciate your time going over this extensive > output: > > version: 1 > dn: cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, > o=Netsc > apeRoot > objectClass: top > objectClass: groupofuniquenames > cn: Configuration Administrators > uniqueMember: uid=admin,ou=Administrators, ou=TopologyManagement, > o=NetscapeRo > ot > > dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot > objectClass: top > objectClass: person > objectClass: organizationalperson > objectClass: inetorgperson > cn: Configuration Administrator > sn: Administrator > givenName: Configuration > uid: admin > userPassword: {SSHA}09smbU6EY93lDzCV3HBXJrC6Yu5gN9A4EJNsyw== > > dn: cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsHost > objectClass: groupOfUniqueNames > cn: pendragon > serverHostName: pendragon > nsOsVersion: Linux 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004 > nsHardwarePlatform: i686 > uniqueMember: cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > > dn: cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: nsAdminGroup > objectClass: groupOfUniqueNames > objectClass: nsDirectoryInfo > objectClass: top > nsAdminGroupName: Server Group > nsConfigRoot: /opt/fedora-ds > nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, > ou=duraflex, o=Ne > tscapeRoot > nsAdminSIEDN: cn=admin-serv-pendragon, cn=Fedora Administration Server, > cn=Ser > ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > cn: Server Group > uniqueMember: cn=Fedora Directory Server, cn=Server Group, cn=pendragon, > ou=du > raflex, o=NetscapeRoot > uniqueMember: cn=Fedora Administration Server, cn=Server Group, > cn=pendragon, > ou=duraflex, o=NetscapeRoot > > dn: cn=Fedora Directory Server, cn=Server Group, cn=pendragon, > ou=duraflex, o= > NetscapeRoot > objectClass: nsApplication > objectClass: groupOfUniqueNames > objectClass: top > cn: Fedora Directory Server > nsProductName: Fedora Directory Server > nsProductVersion: 1.0.1/g > nsNickName: slapd > nsBuildNumber: 2005.342.165 > nsVendor: Fedora Project > nsInstalledLocation: /opt/fedora-ds > installationTimeStamp: 20051229214439Z > nsExpirationDate: 0 > nsBuildSecurity: domestic > uniqueMember: cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server > Group, > cn=pendragon, ou=duraflex, o=NetscapeRoot > nsServerMigrationClassname: > com.netscape.admin.dirserv.task.MigrateCreate at ds10 > .jar at cn=admin-serv-pendragon, cn=Fedora Administration Server, > cn=Server Gro > up, cn=pendragon, ou=duraflex, o=NetscapeRoot > nsServerCreationClassname: > com.netscape.admin.dirserv.task.MigrateCreate at ds10. > jar at cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server > Grou > p, cn=pendragon, ou=duraflex, o=NetscapeRoot > > dn: cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server Group, > cn=pendra > gon, ou=duraflex, o=NetscapeRoot > objectClass: netscapeServer > objectClass: nsDirectoryServer > objectClass: nsResourceRef > objectClass: nsConfig > objectClass: groupOfUniqueNames > objectClass: top > nsServerSecurity: off > nsServerID: slapd-pendragon > nsBindDN: cn=Directory Manager > nsBaseDN: dc=duraflex,dc=com,dc=sv > serverRoot: /opt/fedora-ds > nsServerPort: 389 > nsSecureServerPort: 636 > serverProductName: Directory Server (pendragon) > serverVersionNumber: 1.0.1 > installationTimeStamp: 20051229214439Z > nsSuiteSpotUser: nobody > serverHostName: pendragon > cn: slapd-pendragon > uniqueMember: cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server > Group, > cn=pendragon, ou=duraflex, o=NetscapeRoot > uniqueMember: cn=admin-serv-pendragon, cn=Fedora Administration Server, > cn=Ser > ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > userPassword: {SSHA}/citfGYEsjF16K8efQHEYlE1NHuivmLQOroyRw== > > dn: cn=configuration,cn=slapd-pendragon, cn=Fedora Directory Server, > cn=Server > Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: nsResourceRef > objectClass: nsAdminObject > objectClass: nsDirectoryInfo > objectClass: top > cn: configuration > nsClassname: > com.netscape.admin.dirserv.DSAdmin at ds10.jar@cn=admin-serv-pendrag > on, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, > ou=duraf > lex, o=NetscapeRoot > nsJarfilename: ds10.jar > nsDirectoryInfoRef: cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRoot > > dn: cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory Server, cn=Server > Group, > cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > cn: Tasks > > dn: cn=Operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora Directory > Server, cn > =Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstaskgroup > nsTaskLabel: Operation Tasks Group > cn: Operation > > dn: cn=task summary, cn=Operation, cn=Tasks, cn=slapd-pendragon, > cn=Fedora Dir > ectory Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRoot > objectClass: top > objectClass: nsConfig > description: start stop restart Backup Restore KeyCert Authenticate > CompleteIm > port CompleteExport > cn: task summary > > dn: cn=start, cn=Operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Directory > Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.task.Start at ds10.jar@cn=admin-serv-pend > ragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, > ou=du > raflex, o=NetscapeRoot > nsExecRef: start > cn: start > > dn: cn=stop, cn=Operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Directory S > erver, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.task.Stop at ds10.jar@cn=admin-serv-pendr > agon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, > ou=dur > aflex, o=NetscapeRoot > nsExecRef: shutdown > cn: stop > > dn: cn=restart, cn=Operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Director > y Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.task.Restart at ds10.jar@cn=admin-serv-pe > ndragon, cn=Fedora Administration Server, cn=Server Group, > cn=pendragon, ou= > duraflex, o=NetscapeRoot > nsExecRef: restart > cn: restart > > dn: cn=Backup, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Directory > Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.task.Backup at ds10.jar@cn=admin-serv-pen > dragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, > ou=d > uraflex, o=NetscapeRoot > nsExecRef: ds_db2bak > cn: Backup > > dn: cn=Restore, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Director > y Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.task.Restore at ds10.jar@cn=admin-serv-pe > ndragon, cn=Fedora Administration Server, cn=Server Group, > cn=pendragon, ou= > duraflex, o=NetscapeRoot > nsExecRef: ds_bak2db > cn: Restore > > dn: cn=KeyCert, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Director > y Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.task.KeyCert at ds10.jar@cn=admin-serv-pe > ndragon, cn=Fedora Administration Server, cn=Server Group, > cn=pendragon, ou= > duraflex, o=NetscapeRoot > cn: KeyCert > > dn: cn=Authenticate, cn=operation, cn=Tasks, cn=slapd-pendragon, > cn=Fedora Dir > ectory Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.task.Authenticate at ds10.jar@cn=admin-se > rv-pendragon, cn=Fedora Administration Server, cn=Server Group, > cn=pendragon > , ou=duraflex, o=NetscapeRoot > cn: Authenticate > > dn: cn=CompleteImport, cn=operation, cn=Tasks, cn=slapd-pendragon, > cn=Fedora D > irectory Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.task.CompleteImport at ds10.jar@cn=admin- > serv-pendragon, cn=Fedora Administration Server, cn=Server Group, > cn=pendrag > on, ou=duraflex, o=NetscapeRoot > cn: CompleteImport > > dn: cn=CompleteExport, cn=operation, cn=Tasks, cn=slapd-pendragon, > cn=Fedora D > irectory Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.task.CompleteExport at ds10.jar@cn=admin- > serv-pendragon, cn=Fedora Administration Server, cn=Server Group, > cn=pendrag > on, ou=duraflex, o=NetscapeRoot > cn: CompleteExport > > dn: cn=Export, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Directory > Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: ds_db2ldif > cn: Export > > dn: cn=Import, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Directory > Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: ds_ldif2db > cn: Import > > dn: cn=ViewLog, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Director > y Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: ds_viewlog.pl > cn: ViewLog > > dn: cn=ListBackups, cn=operation, cn=Tasks, cn=slapd-pendragon, > cn=Fedora Dire > ctory Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: ds_listdb > cn: ListBackups > > dn: cn=Remove, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Directory > Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: ds_remove > cn: Remove > > dn: cn=CreateVLVIndex, cn=operation, cn=Tasks, cn=slapd-pendragon, > cn=Fedora D > irectory Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: vlvindex > cn: CreateVLVIndex > > dn: cn=AddIndex, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Directo > ry Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: addindex > cn: AddIndex > > dn: cn=SNMPCtrl, cn=operation, cn=Tasks, cn=slapd-pendragon, cn=Fedora > Directo > ry Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: ds_snmpctrl > cn: SNMPCtrl > > dn: cn=Tasks, cn=Fedora Directory Server, cn=Server Group, cn=pendragon, > ou=du > raflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > cn: Tasks > > dn: cn=Operation, cn=Tasks, cn=Fedora Directory Server, cn=Server Group, > cn=pe > ndragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstaskgroup > nsTaskLabel: Operation Tasks Group > cn: Operation > > dn: cn=Migrate, cn=Operation, cn=Tasks, cn=Fedora Directory Server, > cn=Server > Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: migrateInstance > cn: Migrate > > dn: cn=Create, cn=Operation, cn=Tasks, cn=Fedora Directory Server, > cn=Server G > roup, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: ds_create > cn: Create > > dn: cn=GetConfigInfo, cn=Operation, cn=Tasks, cn=Fedora Directory > Server, cn=S > erver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: getConfigInfo > cn: GetConfigInfo > > dn: cn=MigrateLocalDB, cn=Operation, cn=Tasks, cn=Fedora Directory > Server, cn= > Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: migrateLocalDB > cn: MigrateLocalDB > > dn: cn=ResourceEditorExtension, ou=1.0, ou=Admin, ou=Global Preferences, > ou=du > raflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: extensibleObject > cn: ResourceEditorExtension > nsmerge: ADD_IF_EMPTY > > dn: cn=nsroledefinition, cn=ResourceEditorExtension, ou=1.0, ou=Admin, > ou=Glob > al Preferences, ou=duraflex, o=NetscapeRoot > cn: nsroledefinition > objectClass: top > objectClass: extensibleObject > objectClass: nsResourceRef > objectClass: nsAdminResourceEditorExtension > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.roledit.ResEditorRoleInfo at ds10.jar > nsClassname: > com.netscape.admin.dirserv.roledit.ResEditorRoleMembers at ds10.jar > nsClassname: > com.netscape.admin.dirserv.roledit.ResEditorRoleAccountPage at ds10. > jar > nsmerge: {nsclassname}MULTI_MERGE > > dn: cn=cossuperdefinition, cn=ResourceEditorExtension, ou=1.0, ou=Admin, > ou=Gl > obal Preferences, ou=duraflex, o=NetscapeRoot > cn: cossuperdefinition > objectClass: top > objectClass: extensibleObject > objectClass: nsResourceRef > objectClass: nsAdminResourceEditorExtension > objectClass: nsAdminObject > nsClassname: > com.netscape.admin.dirserv.cosedit.ResEditorCosInfo at ds10.jar > nsClassname: > com.netscape.admin.dirserv.cosedit.ResEditorCosAttributes at ds10.ja > r > nsClassname: > com.netscape.admin.dirserv.cosedit.ResEditorCosTemplate at ds10.jar > nsmerge: {nsclassname}MULTI_MERGE > > dn: cn=UserDirectory, ou=Global Preferences, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsDirectoryInfo > cn: UserDirectory > nsDirectoryURL: ldap://pendragon:389/dc=duraflex,dc=com,dc=sv > nsDirectoryFailoverList: > > dn: cn=Fedora Administration Server, cn=Server Group, cn=pendragon, > ou=durafle > x, o=NetscapeRoot > objectClass: top > objectClass: nsApplication > objectClass: groupOfUniqueNames > cn: Fedora Administration Server > nsVendor: Fedora Project > nsProductName: Fedora Administration Server > nsNickName: admin > nsProductVersion: 1.0 > nsBuildNumber: 2005.342.1550 > nsInstalledLocation: /opt/fedora-ds > installationTimeStamp: 20051229214440Z > nsBuildSecurity: domestic > nsServerMigrationClassname: > com.netscape.management.admserv.AdminServerProduct > @admserv10.jar > uniqueMember: cn=admin-serv-pendragon, cn=Fedora Administration Server, > cn=Ser > ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > > dn: cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server > Group, > cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: netscapeServer > objectClass: nsAdminServer > objectClass: nsResourceRef > objectClass: groupOfUniqueNames > cn: admin-serv-pendragon > nsServerID: admin-serv > serverRoot: /opt/fedora-ds > serverProductName: Administration Server > serverHostName: pendragon > uniqueMember: cn=admin-serv-pendragon, cn=Fedora Administration Server, > cn=Ser > ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > installationTimeStamp: 20051229214440Z > userPassword: {SSHA}JgUB+zkuRsmiHXAaXl52/aSplGjVldIHy9ydwg== > > dn: cn=configuration, cn=admin-serv-pendragon, cn=Fedora Administration > Server > , cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: nsConfig > objectClass: nsAdminConfig > objectClass: nsAdminObject > objectClass: nsDirectoryInfo > objectClass: top > cn: Configuration > nsServerPort: 36917 > nsSuiteSpotUser: root > nsServerAddress: > nsAdminEnableEnduser: on > nsAdminEnableDSGW: on > nsDirectoryInfoRef: cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRoot > nsAdminUsers: admin-serv/config/admpw > nsErrorLog: admin-serv/logs/error > nsPidLog: admin-serv/logs/pid > nsAccessLog: admin-serv/logs/access > nsAdminCacheLifetime: 600 > nsAdminAccessHosts: * > nsAdminAccessAddresses: *.*.*.* > nsAdminOneACLDir: adminacl > nsDefaultAcceptLanguage: en > nsClassname: > com.netscape.management.admserv.AdminServer at admserv10.jar@cn=admi > n-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, > cn=pendr > agon, ou=duraflex, o=NetscapeRoot > > dn: cn=Tasks, cn=admin-serv-pendragon, cn=Fedora Administration Server, > cn=Ser > ver Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > cn: Tasks > > dn: cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora > Administration > Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstaskgroup > nsTaskLabel: Operation Tasks Group > cn: Operation > > dn: cn=Stop, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora > Admini > stration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/stopadm.html > nsExecRef: stopsrv > nsClassname: > com.netscape.management.admserv.task.Stop at admserv10.jar@cn=admin- > serv-pendragon, cn=Fedora Administration Server, cn=Server Group, > cn=pendrag > on, ou=duraflex, o=NetscapeRoot > cn: Stop > > dn: cn=Restart, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedora Adm > inistration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRo > ot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/restartadm.html > nsExecRef: restartsrv > nsClassname: > com.netscape.management.admserv.task.Restart at admserv10.jar@cn=adm > in-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, > cn=pend > ragon, ou=duraflex, o=NetscapeRoot > cn: Restart > > dn: cn=Authenticate, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedor > a Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Netsc > apeRoot > objectClass: top > objectClass: nstask > nsHelpRef: admin/userauth.html > nsExecRef: userauth > cn: Authenticate > > dn: cn=ListOldServers, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, > cn=Fed > ora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Net > scapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: listOldSrvs > cn: ListOldServers > > dn: cn=StartConfigDS, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedo > ra Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Nets > capeRoot > objectClass: top > objectClass: nstask > nsExecRef: start_config_ds > cn: StartConfigDS > > dn: cn=MigrateConfig, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedo > ra Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Nets > capeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: migrateConfig > cn: MigrateConfig > > dn: cn=MergeConfig, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedora > Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Netsca > peRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: mergeConfig > cn: MergeConfig > > dn: cn=StatusPing, cn=Operation, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedora > Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Netscap > eRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: statusping > nsLogSuppress: true > cn: StatusPing > > dn: cn=Configuration, cn=Tasks, cn=admin-serv-pendragon, cn=Fedora > Administrat > ion Server, cn=Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstaskgroup > nsTaskLabel: Configuration Tasks Group > cn: Configuration > > dn: cn=ServerSetup, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fe > dora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Ne > tscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: config > nsClassname: > com.netscape.management.admserv.task.ServerSetup at admserv10.jar@cn > =admin-serv-pendragon, cn=Fedora Administration Server, cn=Server > Group, cn= > pendragon, ou=duraflex, o=NetscapeRoot > cn: ServerSetup > > dn: cn=DirectorySetup, cn=configuration, cn=Tasks, > cn=admin-serv-pendragon, cn > =Fedora Administration Server, cn=Server Group, cn=pendragon, > ou=duraflex, o > =NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: dsconfig > cn: DirectorySetup > > dn: cn=UGDirectorySetup, cn=configuration, cn=Tasks, > cn=admin-serv-pendragon, > cn=Fedora Administration Server, cn=Server Group, cn=pendragon, > ou=duraflex, > o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: ugdsconfig > cn: UGDirectorySetup > > dn: cn=AccessSetup, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fe > dora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Ne > tscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: admpw > cn: AccessSetup > > dn: cn=Logging, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedora > Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Netsca > peRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/logging.html > nsExecRef: config > nsClassname: > com.netscape.management.admserv.task.Logging at admserv10.jar@cn=adm > in-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, > cn=pend > ragon, ou=duraflex, o=NetscapeRoot > cn: Logging > > dn: cn=SecurityOp, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fed > ora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Net > scapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsExecRef: security > cn: SecurityOp > > dn: cn=CertSetup, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedo > ra Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Nets > capeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/certrequest.html > nsClassname: > com.netscape.management.admserv.task.CertSetup at admserv10.jar@cn=a > dmin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, > cn=pe > ndragon, ou=duraflex, o=NetscapeRoot > cn: CertSetup > > dn: cn=SSLActivate, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fe > dora Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Ne > tscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/ssl_activate.html > nsExecRef: sec-activate > cn: SSLActivate > > dn: cn=ReadLog, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedora > Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Netsca > peRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/logging.html > nsExecRef: ReadLog > cn: ReadLog > > dn: cn=HTMLAdmin, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedo > ra Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Nets > capeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/htmladmin.html > nsExecRef: htmladmin > cn: HTMLAdmin > > dn: cn=StatPingServ, cn=configuration, cn=Tasks, > cn=admin-serv-pendragon, cn=F > edora Administration Server, cn=Server Group, cn=pendragon, > ou=duraflex, o=N > etscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/statpingserv.html > nsExecRef: statpingserv > cn: StatPingServ > > dn: cn=ViewData, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedor > a Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Netsc > apeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/viewdata.html > nsExecRef: viewdata > cn: ViewData > > dn: cn=ViewLog, cn=configuration, cn=Tasks, cn=admin-serv-pendragon, > cn=Fedora > Administration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=Netsca > peRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/viewlog.html > nsExecRef: viewlog > cn: ViewLog > > dn: cn=MonReplication, cn=configuration, cn=Tasks, > cn=admin-serv-pendragon, cn > =Fedora Administration Server, cn=Server Group, cn=pendragon, > ou=duraflex, o > =NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/monreplication.html > nsExecRef: monreplication > cn: MonReplication > > dn: cn=repl-monitor-cgi.pl, cn=configuration, cn=Tasks, > cn=admin-serv-pendrago > n, cn=Fedora Administration Server, cn=Server Group, cn=pendragon, > ou=durafl > ex, o=NetscapeRoot > objectClass: top > objectClass: nstask > objectClass: nsAdminObject > nsHelpRef: admin/monreplication.html > nsExecRef: repl-monitor-cgi.pl > cn: repl-monitor-cgi.pl > > dn: cn=Commands, cn=admin-serv-pendragon, cn=Fedora Administration > Server, cn= > Server Group, cn=pendragon, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > cn: Commands > > dn: cn=sync-task-sie-data, cn=Commands, cn=admin-serv-pendragon, > cn=Fedora Adm > inistration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeRo > ot > objectClass: top > objectClass: nstask > nsHelpRef: admin/sync-task-sie-data.html > nsExecRef: runtime > cn: sync-task-sie-data > > dn: cn=change-sie-password, cn=Commands, cn=admin-serv-pendragon, > cn=Fedora Ad > ministration Server, cn=Server Group, cn=pendragon, ou=duraflex, > o=NetscapeR > oot > objectClass: top > objectClass: nstask > nsExecRef: runtime > cn: change-sie-password > > dn: cn=Common, ou=Global Preferences, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: nsGlobalParameters > objectClass: extensibleObject > cn: common > nsUniqueAttribute: uid > nsUserIDFormat: firstletter_lastname > nsUserRDNComponent: uid > nsGroupRDNComponent: cn > nsmerge: {nsuniqueattribute}ADD_IF_EMPTY > nsmerge: {nsuseridformat}ADD_IF_EMPTY > nsmerge: {nsuserrdncomponent}ADD_IF_EMPTY > nsmerge: {nsgrouprdncomponent}ADD_IF_EMPTY > > dn: cn=Client, ou=Admin, ou=Global Preferences, ou=duraflex, > o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: nsAdminGlobalParameters > objectClass: extensibleObject > cn: Client > nsAdminEndUserHTMLIndex: > [--Category:general,General][--Option:edit.cgi?userpi > nfo,Personal Information][--Option:edit.cgi?userpasswd,Password] > nsNickName: admin,,Fedora Administration Server > nsNickName: https,netshare,Fedora Enterprise Server > nsNickName: httpd,httpd,Fedora FastTrack Server > nsNickName: msg,msg,Fedora Messaging Server > nsNickName: news,news,Fedora Collabra Server > nsNickName: proxy,proxy,Fedora Proxy Server > nsNickName: lmspd,lmspd,Fedora Media Server > nsNickName: slapd,slapd,Fedora Directory Server > nsNickName: cert,cert,Fedora Certificate Server > nsNickName: compass,compass,Fedora Compass Server > nsNickName: catalog,catalog,Fedora Catalog Server > nsNickName: calendar,calendar,Fedora Calendar Server > nsmerge: {nsadminenduserhtmlindex}MULTI_MERGE > nsmerge: {nsnickname}MULTI_MERGE > > dn: cn=PublicViews, ou=1.0, ou=Admin, ou=Global Preferences, > ou=duraflex, o=Ne > tscapeRoot > objectClass: top > objectClass: nsAdminConsoleUser > cn: PublicViews > > dn: cn=CustomView, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, > o=Net > scapeRoot > objectClass: top > objectClass: nsResourceRef > cn: CustomView > > dn: cn=inetorgPerson, cn=ResourceEditorExtension, ou=1.0, ou=Admin, > ou=Global > Preferences, ou=duraflex, o=NetscapeRoot > cn: inetorgPerson > objectClass: nsResourceRef > objectClass: nsAdminResourceEditorExtension > objectClass: top > objectClass: extensibleObject > objectClass: nsAdminObject > nsClassname: com.netscape.management.client.ug.ResEditorUserPage > nsClassname: com.netscape.management.client.ug.ResEditorAccountPage > nsClassname: com.netscape.management.client.ug.LanguagePage > nsClassname: com.netscape.management.client.ug.ResEditorNTUser > nsClassname: com.netscape.management.client.ug.ResEditorPosixUser > nsmerge: {nsclassname}MULTI_MERGE > > dn: cn=organizationalPerson, cn=ResourceEditorExtension, ou=1.0, > ou=Admin, ou= > Global Preferences, ou=duraflex, o=NetscapeRoot > cn: organizationalPerson > objectClass: nsResourceRef > objectClass: nsAdminResourceEditorExtension > objectClass: top > objectClass: extensibleObject > objectClass: nsAdminObject > nsClassname: com.netscape.management.client.ug.ResEditorUserPage > nsClassname: com.netscape.management.client.ug.ResEditorAccountPage > nsClassname: com.netscape.management.client.ug.LanguagePage > nsmerge: {nsclassname}MULTI_MERGE > > dn: cn=groupofuniquenames, cn=ResourceEditorExtension, ou=1.0, ou=Admin, > ou=Gl > obal Preferences, ou=duraflex, o=NetscapeRoot > cn: groupofuniquenames > objectClass: nsResourceRef > objectClass: nsAdminResourceEditorExtension > objectClass: top > objectClass: extensibleObject > objectClass: nsAdminObject > nsClassname: com.netscape.management.client.ug.ResEditorGroupInfo > nsClassname: com.netscape.management.client.ug.ResEditorGroupMembers > nsClassname: com.netscape.management.client.ug.ResEditorAccountPage > nsClassname: com.netscape.management.client.ug.LanguagePage > nsmerge: {nsclassname}MULTI_MERGE > > dn: cn=organizationalunit, cn=ResourceEditorExtension, ou=1.0, ou=Admin, > ou=Gl > obal Preferences, ou=duraflex, o=NetscapeRoot > cn: organizationalunit > objectClass: nsResourceRef > objectClass: nsAdminResourceEditorExtension > objectClass: top > objectClass: extensibleObject > objectClass: nsAdminObject > nsClassname: com.netscape.management.client.ug.OUPage > nsClassname: com.netscape.management.client.ug.LanguagePage > nsmerge: {nsclassname}MULTI_MERGE > > dn: cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global > Preferences, > ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > cn: DefaultObjectClassesContainer > > dn: cn=user, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, > ou=Global Pre > ferences, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: nsdefaultObjectClasses > cn: user > nsDefaultObjectClass: top > nsDefaultObjectClass: person > nsDefaultObjectClass: organizationalPerson > nsDefaultObjectClass: inetorgperson > > dn: cn=group, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, > ou=Global Pr > eferences, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: nsdefaultObjectClasses > cn: group > nsDefaultObjectClass: top > nsDefaultObjectClass: groupofuniquenames > > dn: cn=ou, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global > Prefe > rences, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: nsdefaultObjectClasses > cn: ou > nsDefaultObjectClass: top > nsDefaultObjectClass: organizationalunit > > dn: cn=topologyplugin, ou=1.0, ou=Admin, ou=Global Preferences, > ou=duraflex, o > =NetscapeRoot > objectClass: top > objectClass: nsResourceRef > objectClass: extensibleObject > cn: topologyplugin > nsmerge: ADD_IF_EMPTY > > dn: cn=defaultplugin, cn=topologyplugin, ou=1.0, ou=Admin, ou=Global > Preferenc > es, ou=duraflex, o=NetscapeRoot > objectClass: top > objectClass: nstopologyplugin > objectClass: extensibleObject > objectClass: nsAdminObject > cn: defaultplugin > nsClassname: > com.netscape.management.client.topology.DefaultTopologyPlugin > nsmerge: {nsclassname}MULTI_MERGE > > dn: cn=UI,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex, > o=NetscapeRoot > cn: UI > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=General,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=Topology > Management, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, > o=NetscapeRoot > cn: General > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojVHVlIFNlcCAxOSAxNjozNTo0NiBDU1QgMjAwNgpXaWR0aD03NTAKU2hvd1 > > N0YXR1c0Jhcj10cnVlClNob3dCYW5uZXJCYXI9dHJ1ZQpZPTE0NwpIZWlnaHQ9NTMwClg9MTMxCg > == > > dn: cn=Fonts,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=TopologyMa > nagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, > o=NetscapeRoot > cn: Fonts > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=ResourcePage,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=Top > ologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, > o=Netscape > Root > cn: ResourcePage > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojVHVlIFNlcCAxOSAxNjozNTo0MSBDU1QgMjAwNgpTaG93VHJlZT10cnVlCg > == > > dn: cn=CustomViews,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=Topo > logyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, > o=NetscapeR > oot > cn: CustomViews > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=DS_MISCELLANEOUS,ou=1.0,ou=Console,ou="uid=admin, > ou=Administrators, ou > =TopologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, > o=Nets > capeRoot > cn: DS_MISCELLANEOUS > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojTW9uIEp1biAxOSAxNzo1MDowNiBDU1QgMjAwNgpMQVlPVVRfUFJFRkVSRU > 5DRVM9Tk9ERV9MRUFGX0xBWU9VVAo= > > dn: cn=TaskTab,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=Topology > Management, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, > o=NetscapeRoot > cn: TaskTab > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=SearchResultTable,ou=1.0,ou=Console,ou="uid=admin, > ou=Administrators, o > u=TopologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, > o=Net > scapeRoot > cn: SearchResultTable > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojVGh1IERlYyAyOSAxNTo1OTowNyBDU1QgMjAwNQpBdHRyaWJ1dGUzPXRlbG > > VwaG9uZW51bWJlcgpDb2x1bW5Db3VudD00CkF0dHJpYnV0ZTI9bWFpbApBdHRyaWJ1dGUxPXVpZA > > pBdHRyaWJ1dGUwPWNuCkxhYmVsMz1QaG9uZQpMYWJlbDI9RS1NYWlsCkxhYmVsMT1Vc2VyIElECk > xhYmVsMD1OYW1lCg== > > dn: cn=Confirmation,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=Top > ologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex, > o=Netscape > Root > cn: Confirmation > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=UserDirectory, ou=Global Preferences, ou=duraflex.com.sv, > o=netscaperoo > t > objectClass: top > objectClass: nsDirectoryInfo > cn: UserDirectory > nsDirectoryURL: ldap://:/ > nsDirectoryFailoverList: > > dn: cn=General,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=Topology > Management, o=NetscapeRoot",ou=UserPreferences, ou=duraflex.com.sv, > o=Netsca > peRoot > cn: General > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojRnJpIEZlYiAwMiAwMjoyOTo1MiBDU1QgMjAwNwpXaWR0aD03NTAKU2hvd1 > > N0YXR1c0Jhcj10cnVlClNob3dCYW5uZXJCYXI9dHJ1ZQpZPTExOQpYPTEzNwpIZWlnaHQ9NTMwCg > == > > dn: cn=Fonts,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=TopologyMa > nagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex.com.sv, > o=Netscape > Root > cn: Fonts > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=ResourcePage,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=Top > ologyManagement, o=NetscapeRoot",ou=UserPreferences, > ou=duraflex.com.sv, o=N > etscapeRoot > cn: ResourcePage > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojRnJpIEZlYiAwMiAwMjoyOTo1MiBDU1QgMjAwNwpTaG93VHJlZT10cnVlCg > == > > dn: cn=CustomViews,ou=1.0,ou=Console,ou="uid=admin, ou=Administrators, > ou=Topo > logyManagement, o=NetscapeRoot",ou=UserPreferences, ou=duraflex.com.sv, > o=Ne > tscapeRoot > cn: CustomViews > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=PublicViews,ou=1.0,ou=admin,ou=Global Preferences, > ou=duraflex.com.sv, > o=NetscapeRoot > cn: PublicViews > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=UI,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, > o=Netsc > apeRoot > cn: UI > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=SearchResultTable,ou=1.0,ou=Console,ou="uid=admin, > ou=Administrators, o > u=TopologyManagement, o=NetscapeRoot",ou=UserPreferences, > ou=duraflex.com.sv > , o=NetscapeRoot > cn: SearchResultTable > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojV2VkIEphbiAyNCAxMTozOToyNCBDU1QgMjAwNwpBdHRyaWJ1dGUzPXRlbG > > VwaG9uZW51bWJlcgpDb2x1bW5Db3VudD00CkF0dHJpYnV0ZTI9bWFpbApBdHRyaWJ1dGUxPXVpZA > > pBdHRyaWJ1dGUwPWNuCkxhYmVsMz1QaG9uZQpMYWJlbDI9RS1NYWlsCkxhYmVsMT1Vc2VyIElECk > xhYmVsMD1OYW1lCg== > > dn: cn=General,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, > ou=duraflex.com.sv, o=NetscapeRoot > cn: General > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojRnJpIEZlYiAwMiAwMjo0MToyNiBDU1QgMjAwNwpXaWR0aD03NTAKU2hvd1 > > N0YXR1c0Jhcj10cnVlClNob3dCYW5uZXJCYXI9dHJ1ZQpZPTExOQpIZWlnaHQ9NTMwClg9MTM3Cg > == > > dn: cn=Fonts,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferences, o > u=duraflex.com.sv, o=NetscapeRoot > cn: Fonts > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=ResourcePage,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPrefere > nces, ou=duraflex.com.sv, o=NetscapeRoot > cn: ResourcePage > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojRnJpIEZlYiAwMiAwMjo0MToyNiBDU1QgMjAwNwpTaG93VHJlZT10cnVlCg > == > > dn: cn=CustomViews,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPreferen > ces, ou=duraflex.com.sv, o=NetscapeRoot > cn: CustomViews > objectClass: top > objectClass: nsAdminConsoleUser > > dn: cn=SearchResultTable,ou=1.0,ou=Console,ou="cn=Directory > Manager",ou=UserPr > eferences, ou=duraflex.com.sv, o=NetscapeRoot > cn: SearchResultTable > objectClass: top > objectClass: nsAdminConsoleUser > nsPreference:: > IwojRnJpIEZlYiAwMiAwMjo0MToyNiBDU1QgMjAwNwpBdHRyaWJ1dGUzPXRlbG > > VwaG9uZW51bWJlcgpDb2x1bW5Db3VudD00CkF0dHJpYnV0ZTI9bWFpbApBdHRyaWJ1dGUxPXVpZA > > pBdHRyaWJ1dGUwPWNuCkxhYmVsMz1QaG9uZQpMYWJlbDI9RS1NYWlsCkxhYmVsMT1Vc2VyIElECk > xhYmVsMD1OYW1lCg== > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From oscar.valdez at duraflex.com.sv Fri Feb 2 20:12:04 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Fri, 02 Feb 2007 14:12:04 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <45C39872.3050607@redhat.com> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> Message-ID: <1170447125.2337.28.camel@wzowski.duraflex.com.sv> El vie, 02-02-2007 a las 12:00 -0800, Noriko Hosoi escribi?: > There's a mismatch between the RDNs in the Configuration LDAP server and > which Console/Admin Server is looking for (the second last rdn > ou=duraflex vs. ou=duraflex.com.sv). > > dn: cn=user, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, o=NetscapeRoot > > Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > > Did you have any chance to change the domain name? If so, do you > remember what operation was it? I wouldn't do it, and I don't recall accidentally doing it. > > I wonder what do you see if you run this command line in your > /admin-serv/config. > $ egrep -i o=netscaperoot * | egrep -vi topologymanagement Here's the output: adm.conf:sie: cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot adm.conf:isie: cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot local.conf:uniqueMember: cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot local.conf:configuration.nsDirectoryInfoRef: cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot local.conf:configuration.nsClassname: com.netscape.management.admserv.AdminServer at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot local.conf:Tasks.Operation.Stop.nsClassname: com.netscape.management.admserv.task.Stop at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot local.conf:Tasks.Operation.Restart.nsClassname: com.netscape.management.admserv.task.Restart at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot local.conf:Tasks.configuration.ServerSetup.nsClassname: com.netscape.management.admserv.task.ServerSetup at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot local.conf:Tasks.configuration.Logging.nsClassname: com.netscape.management.admserv.task.Logging at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot local.conf:Tasks.configuration.CertSetup.nsClassname: com.netscape.management.admserv.task.CertSetup at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot Thanks for your help. -- Oscar A. Valdez From oscar.valdez at duraflex.com.sv Fri Feb 2 20:22:16 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Fri, 02 Feb 2007 14:22:16 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <45C39872.3050607@redhat.com> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> Message-ID: <1170447737.2337.32.camel@wzowski.duraflex.com.sv> El vie, 02-02-2007 a las 12:00 -0800, Noriko Hosoi escribi?: > There's a mismatch between the RDNs in the Configuration LDAP server and > which Console/Admin Server is looking for (the second last rdn > ou=duraflex vs. ou=duraflex.com.sv). > > dn: cn=user, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, o=NetscapeRoot > > Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot > > Did you have any chance to change the domain name? If so, do you > remember what operation was it? I suspect this may have happened when I imported a backed up database from a crashed DS into the new server. The backup might have contained a different RDN than the fresh install. How can I make sure, and if so, how should I fix it? -- Oscar A. Valdez From nhosoi at redhat.com Fri Feb 2 20:36:22 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Fri, 02 Feb 2007 12:36:22 -0800 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <1170447125.2337.28.camel@wzowski.duraflex.com.sv> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> <1170447125.2337.28.camel@wzowski.duraflex.com.sv> Message-ID: <45C3A0C6.5000800@redhat.com> Thanks for the output. It looks the Admin Server is thinking the rdn is "ou=duraflex.com.sv" and the Directory Server "ou=duraflex". It may work if you change one side to match the other, but it could cause some other mismatches. The safest way to recover should be dump your contents into an LDIF file (you may need to store schema files somewhere in the safe place if you added or modified.) Install a fresh FDS and import the LDIF file onto the FDS... > I suspect this may have happened when I imported a backed up database > from a crashed DS into the new server. The backup might have contained a > different RDN than the fresh install. > > How can I make sure, and if so, how should I fix it? That'd explain the current status... "A backed up database" is made by db2bak or db2ldif? If it is from db2bak, it contains the entire database including the config data (o=netscaperoot tree). The data is not supposed to restore onto the other DS instance (unless everything is identical). Again, the safest way is to run db2ldif against the backend which contains your entries (e.g., userRoot) to create an LDIF file. Install a new server, then import the LDIF file by ldif2db. --noriko Oscar A. Valdez wrote: > El vie, 02-02-2007 a las 12:00 -0800, Noriko Hosoi escribi?: > >> There's a mismatch between the RDNs in the Configuration LDAP server and >> which Console/Admin Server is looking for (the second last rdn >> ou=duraflex vs. ou=duraflex.com.sv). >> >> dn: cn=user, cn=defaultObjectClassesContainer, ou=1.0, ou=Admin, ou=Global Preferences, ou=duraflex, o=NetscapeRoot >> >> Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.0, ou=admin, ou=Global Preferences, ou=duraflex.com.sv, o=NetscapeRoot >> >> Did you have any chance to change the domain name? If so, do you >> remember what operation was it? >> > > I wouldn't do it, and I don't recall accidentally doing it. > > >> I wonder what do you see if you run this command line in your >> /admin-serv/config. >> $ egrep -i o=netscaperoot * | egrep -vi topologymanagement >> > > Here's the output: > > adm.conf:sie: cn=admin-serv-pendragon, cn=Fedora Administration > Server, cn=Server Group, cn=pendragon.duraflex.com.sv, > ou=duraflex.com.sv, o=NetscapeRoot > adm.conf:isie: cn=Fedora Administration Server, cn=Server Group, > cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot > local.conf:uniqueMember: cn=admin-serv-pendragon, cn=Fedora > Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, > ou=duraflex.com.sv, o=NetscapeRoot > local.conf:configuration.nsDirectoryInfoRef: cn=Server Group, > cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot > local.conf:configuration.nsClassname: > com.netscape.management.admserv.AdminServer at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot > local.conf:Tasks.Operation.Stop.nsClassname: > com.netscape.management.admserv.task.Stop at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot > local.conf:Tasks.Operation.Restart.nsClassname: > com.netscape.management.admserv.task.Restart at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot > local.conf:Tasks.configuration.ServerSetup.nsClassname: > com.netscape.management.admserv.task.ServerSetup at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot > local.conf:Tasks.configuration.Logging.nsClassname: > com.netscape.management.admserv.task.Logging at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot > local.conf:Tasks.configuration.CertSetup.nsClassname: > com.netscape.management.admserv.task.CertSetup at fedora-admserv-1.0.jar@cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex.com.sv, o=NetscapeRoot > > > Thanks for your help. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From oscar.valdez at duraflex.com.sv Fri Feb 2 21:15:00 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Fri, 02 Feb 2007 15:15:00 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <45C3A0C6.5000800@redhat.com> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> <1170447125.2337.28.camel@wzowski.duraflex.com.sv> <45C3A0C6.5000800@redhat.com> Message-ID: <1170450901.8875.2.camel@wzowski.duraflex.com.sv> El vie, 02-02-2007 a las 12:36 -0800, Noriko Hosoi escribi?: > Thanks for the output. It looks the Admin Server is thinking the rdn is > "ou=duraflex.com.sv" and the Directory Server "ou=duraflex". It may > work if you change one side to match the other, but it could cause some > other mismatches. The safest way to recover should be dump your > contents into an LDIF file (you may need to store schema files somewhere > in the safe place if you added or modified.) Install a fresh FDS and > import the LDIF file onto the FDS... I'm willing to try changing the Admin Server over to "ou=duraflex". How can I do that? > > I suspect this may have happened when I imported a backed up database > > from a crashed DS into the new server. The backup might have contained a > > different RDN than the fresh install. > > > > How can I make sure, and if so, how should I fix it? > That'd explain the current status... "A backed up database" is made by > db2bak or db2ldif? If it is from db2bak, it contains the entire > database including the config data (o=netscaperoot tree). The data is > not supposed to restore onto the other DS instance (unless everything is > identical). Again, the safest way is to run db2ldif against the backend > which contains your entries (e.g., userRoot) to create an LDIF file. > Install a new server, then import the LDIF file by ldif2db. The backup was created and restored with db2bak. Would this imply that the backup contained the Admin Server's ou=duraflex.com.sv" and that it was imported into a Directory Server with "ou=duraflex"? Again, as I said, I'm willing to try changing the Admin Server over to "ou=duraflex". I'll appreciate your pointers on how to do it. -- Oscar A. Valdez From nhosoi at redhat.com Fri Feb 2 21:27:15 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Fri, 02 Feb 2007 13:27:15 -0800 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <1170450901.8875.2.camel@wzowski.duraflex.com.sv> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> <1170447125.2337.28.camel@wzowski.duraflex.com.sv> <45C3A0C6.5000800@redhat.com> <1170450901.8875.2.camel@wzowski.duraflex.com.sv> Message-ID: <45C3ACB3.4070308@redhat.com> Oscar A. Valdez wrote: >El vie, 02-02-2007 a las 12:36 -0800, Noriko Hosoi escribi?: > > >>Thanks for the output. It looks the Admin Server is thinking the rdn is >>"ou=duraflex.com.sv" and the Directory Server "ou=duraflex". It may >>work if you change one side to match the other, but it could cause some >>other mismatches. The safest way to recover should be dump your >>contents into an LDIF file (you may need to store schema files somewhere >>in the safe place if you added or modified.) Install a fresh FDS and >>import the LDIF file onto the FDS... >> >> > >I'm willing to try changing the Admin Server over to "ou=duraflex". How >can I do that? > > > >>>I suspect this may have happened when I imported a backed up database >>>from a crashed DS into the new server. The backup might have contained a >>>different RDN than the fresh install. >>> >>>How can I make sure, and if so, how should I fix it? >>> >>> >>That'd explain the current status... "A backed up database" is made by >>db2bak or db2ldif? If it is from db2bak, it contains the entire >>database including the config data (o=netscaperoot tree). The data is >>not supposed to restore onto the other DS instance (unless everything is >>identical). Again, the safest way is to run db2ldif against the backend >>which contains your entries (e.g., userRoot) to create an LDIF file. >>Install a new server, then import the LDIF file by ldif2db. >> >> > >The backup was created and restored with db2bak. Would this imply that >the backup contained the Admin Server's ou=duraflex.com.sv" and that it >was imported into a Directory Server with "ou=duraflex"? > > That's most likely what happened to your server... >Again, as I said, I'm willing to try changing the Admin Server over to >"ou=duraflex". I'll appreciate your pointers on how to do it. > > Well, I'd try the following, but since we haven't tested it, we don't know how it ends up... 1. shutdown the admin server and console 2. go to your /admin-serv/config 3. replace "ou=duraflex.com.sv" with "ou=duraflex" in all the files in the directory 4. restart the admin server, then console 5. login on the console Hope it goes fine... --noriko -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From oscar.valdez at duraflex.com.sv Fri Feb 2 23:14:56 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Fri, 02 Feb 2007 17:14:56 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <45C3ACB3.4070308@redhat.com> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> <1170447125.2337.28.camel@wzowski.duraflex.com.sv> <45C3A0C6.5000800@redhat.com> <1170450901.8875.2.camel@wzowski.duraflex.com.sv> <45C3ACB3.4070308@redhat.com> Message-ID: <1170458098.8875.12.camel@wzowski.duraflex.com.sv> El vie, 02-02-2007 a las 13:27 -0800, Noriko Hosoi escribi?: > >The backup was created and restored with db2bak. Would this imply that > >the backup contained the Admin Server's ou=duraflex.com.sv" and that it > >was imported into a Directory Server with "ou=duraflex"? > > > > > That's most likely what happened to your server... > > >Again, as I said, I'm willing to try changing the Admin Server over to > >"ou=duraflex". I'll appreciate your pointers on how to do it. > > > > > Well, I'd try the following, but since we haven't tested it, we don't > know how it ends up... > 1. shutdown the admin server and console > 2. go to your /admin-serv/config > 3. replace "ou=duraflex.com.sv" with "ou=duraflex" in all the files in > the directory > 4. restart the admin server, then console > 5. login on the console It worked, partially. I can login, I get two ou's in the console's default view: "duraflex.com.sv" and "duraflex". The first one is empty (and I suppose I can erase it eventually), the second one can be expanded to show the server "pendragon", which in turn can be expanded to show an "Administration Server" and a "Directory Server". However, when I click the first, it tries but fails to download and install server component admserv10.jar, and when I click the second, it tries but fails to install server component ds10.jar. Almost there... I'll appreciate your tips on this one. -- Oscar A. Valdez From oscar.valdez at duraflex.com.sv Fri Feb 2 23:25:51 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Fri, 02 Feb 2007 17:25:51 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <1170458098.8875.12.camel@wzowski.duraflex.com.sv> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> <1170447125.2337.28.camel@wzowski.duraflex.com.sv> <45C3A0C6.5000800@redhat.com> <1170450901.8875.2.camel@wzowski.duraflex.com.sv> <45C3ACB3.4070308@redhat.com> <1170458098.8875.12.camel@wzowski.duraflex.com.sv> Message-ID: <1170458752.8875.18.camel@wzowski.duraflex.com.sv> El vie, 02-02-2007 a las 17:14 -0600, Oscar A. Valdez escribi?: > El vie, 02-02-2007 a las 13:27 -0800, Noriko Hosoi escribi?: > > 1. shutdown the admin server and console > > 2. go to your /admin-serv/config > > 3. replace "ou=duraflex.com.sv" with "ou=duraflex" in all the files in > > the directory > > 4. restart the admin server, then console > > 5. login on the console > > It worked, partially. I can login, I get two ou's in the console's > default view: "duraflex.com.sv" and "duraflex". The first one is empty > (and I suppose I can erase it eventually), the second one can be > expanded to show the server "pendragon", which in turn can be expanded > to show an "Administration Server" and a "Directory Server". However, > when I click the first, it tries but fails to download and install > server component admserv10.jar, and when I click the second, it tries > but fails to install server component ds10.jar. One more thing: the admin-serv error log has lines like this: [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex, o=NetscapeRoot] for LDAPConnection [pendragon.duraflex.com.sv:389] -- Oscar A. Valdez From jonathanschreiter at yahoo.com Sun Feb 4 15:05:45 2007 From: jonathanschreiter at yahoo.com (Jonathan Schreiter) Date: Sun, 4 Feb 2007 07:05:45 -0800 (PST) Subject: [Fedora-directory-users] FDS / PAM Integration Questions Message-ID: <842432.92743.qm@web34412.mail.mud.yahoo.com> > 2) I've setup a second FDS to be act as a consumer (single master replication). I've followed the administator's documentation and set a simple cn=replication manager, cn=config on both servers to act as the bind for replication (via replication agreement). I've tested this and everything is working great (directory entries, GSSAPI, etc). I would imagine that when the replication binds, the password is sent in clear text. Is this true? If I create a new user in the cn=config and create a new sasl mapping (uid=\1,cn=config) can I simply create a kerberos principal with the same name and use GSSAPI for the bind? The same question as #1 above is will this session be encrypted via GSSAPI as well? > Server to server GSSAPI does not currently work. If you don't want to send unencrypted clear text passwords over the wire, your best bet is to set up SSL between the servers. Hi Richard, I've created a CA using openssl and installed the cacert on both FDS servers. I've then requested certificates from both servers, created certificates using the CA, and installed. I then enabled SSL on both servers and reset them. I deleted my old replication and created a new one that's identical except I've checked "Using encrypted SSL connection". I'm still using a Simple Authentication with uid=RManager,cn=config and password. The replication works great. Is this password now sent encrypted (even though I'm not using SSL client authentication)? I'd like to keep this as simple as possible and didn't want to deal with client certificates at this point because I'm using GSSAPI. Thanks again for all your help. Regards, Jonathan From ankur_agwal at yahoo.com Mon Feb 5 12:40:43 2007 From: ankur_agwal at yahoo.com (Ankur Agarwal) Date: Mon, 5 Feb 2007 04:40:43 -0800 (PST) Subject: [Fedora-directory-users] Too many fds open Message-ID: <20070205124043.36588.qmail@web54115.mail.yahoo.com> Hi, We ran a performance run on our application. With 20 users hitting the application we got this error in logs. 1) What operations in LDAP cause fds to open and exceed the limit specified? 2) If i use connection pool in my application to connect to LDAP will that get rid of the problem? Thanks, Ankur =========================== [02/Feb/2007:15:04:44 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:15:12:29 +051800] - Listening for new connections again [02/Feb/2007:15:12:29 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:15:12:29 +051800] - Listening for new connections again [02/Feb/2007:15:41:37 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:15:41:38 +051800] - Listening for new connections again [02/Feb/2007:15:41:38 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:15:41:38 +051800] - Listening for new connections again [02/Feb/2007:15:41:38 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:15:47:25 +051800] - Listening for new connections again [02/Feb/2007:16:25:28 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:16:44:12 +051800] - Listening for new connections again [02/Feb/2007:16:44:12 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:16:44:14 +051800] - Listening for new connections again [02/Feb/2007:16:44:14 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:16:44:14 +051800] - Listening for new connections again [02/Feb/2007:16:44:14 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:16:52:00 +051800] - Listening for new connections again [02/Feb/2007:16:52:00 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:16:52:00 +051800] - Listening for new connections again [02/Feb/2007:16:52:00 +051800] - Not listening for new connections - too many fds open [02/Feb/2007:16:54:10 +051800] - slapd shutting down - signaling operation threads ============================ --------------------------------- Don't pick lemons. See all the new 2007 cars at Yahoo! Autos. -------------- next part -------------- An HTML attachment was scrubbed... URL: From oscar.valdez at duraflex.com.sv Mon Feb 5 15:43:04 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Mon, 05 Feb 2007 09:43:04 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <45C3ACB3.4070308@redhat.com> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> <1170447125.2337.28.camel@wzowski.duraflex.com.sv> <45C3A0C6.5000800@redhat.com> <1170450901.8875.2.camel@wzowski.duraflex.com.sv> <45C3ACB3.4070308@redhat.com> Message-ID: <1170690186.2335.12.camel@wzowski.duraflex.com.sv> El vie, 02-02-2007 a las 13:27 -0800, Noriko Hosoi escribi?: > Oscar A. Valdez wrote: > >The backup was created and restored with db2bak. Would this imply that > >the backup contained the Admin Server's ou=duraflex.com.sv" and that it > >was imported into a Directory Server with "ou=duraflex"? > > > > > That's most likely what happened to your server... > > >Again, as I said, I'm willing to try changing the Admin Server over to > >"ou=duraflex". I'll appreciate your pointers on how to do it. > > > > > Well, I'd try the following, but since we haven't tested it, we don't > know how it ends up... > 1. shutdown the admin server and console > 2. go to your /admin-serv/config > 3. replace "ou=duraflex.com.sv" with "ou=duraflex" in all the files in > the directory > 4. restart the admin server, then console > 5. login on the console > > Hope it goes fine... I think it went in the right direction. After logging in, I got two ou's in the console's default view: "duraflex.com.sv" and "duraflex". I deleted the first one. The second one can be expanded to show the server "pendragon", which in turn can be expanded to show an "Administration Server" and a "Directory Server". However, when I click the first, it tries but fails to download and install server component admserv10.jar, and when I click the second, it tries but fails to install server component ds10.jar. In addition, the admin-serv error log has lines like this: [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server Group, cn=pendragon.duraflex.com.sv, ou=duraflex, o=NetscapeRoot] for LDAPConnection [pendragon.duraflex.com.sv:389] -- Oscar A. Valdez From patrick.morris at hp.com Mon Feb 5 15:50:37 2007 From: patrick.morris at hp.com (Morris, Patrick) Date: Mon, 5 Feb 2007 10:50:37 -0500 Subject: [Fedora-directory-users] Too many fds open In-Reply-To: <20070205124043.36588.qmail@web54115.mail.yahoo.com> References: <20070205124043.36588.qmail@web54115.mail.yahoo.com> Message-ID: > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Ankur Agarwal > Sent: Monday, February 05, 2007 4:41 AM > To: fedora-directory-users at redhat.com > Subject: [Fedora-directory-users] Too many fds open > > Hi, > > We ran a performance run on our application. With 20 users > hitting the application we got this error in logs. > > 1) What operations in LDAP cause fds to open and exceed the > limit specified? > 2) If i use connection pool in my application to connect to > LDAP will that get rid of the problem? 20 is a very small number of users, and this looks like a server/environment misconfiguration. Chances are your maximum file handles are set far too low (which probably caused a warning at install time). http://directory.fedora.redhat.com/wiki/Performance_Tuning#Linux From rmeggins at redhat.com Mon Feb 5 16:48:21 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 05 Feb 2007 09:48:21 -0700 Subject: [Fedora-directory-users] FDS / PAM Integration Questions In-Reply-To: <842432.92743.qm@web34412.mail.mud.yahoo.com> References: <842432.92743.qm@web34412.mail.mud.yahoo.com> Message-ID: <45C75FD5.8060301@redhat.com> Jonathan Schreiter wrote: >> 2) I've setup a second FDS to be act as a consumer (single master replication). I've followed the administator's documentation and set a simple cn=replication manager, cn=config on both servers to act as the bind for replication (via replication agreement). I've tested this and everything is working great (directory entries, GSSAPI, etc). I would imagine that when the replication binds, the password is sent in clear text. Is this true? If I create a new user in the cn=config and create a new sasl mapping (uid=\1,cn=config) can I simply create a kerberos principal with the same name and use GSSAPI for the bind? The same question as #1 above is will this session be encrypted via GSSAPI as well? >> >> > Server to server GSSAPI does not currently work. If you don't want to > send unencrypted clear text passwords over the wire, your best bet is to > set up SSL between the servers. > > > Hi Richard, > I've created a CA using openssl and installed the cacert on both FDS servers. I've then requested certificates from both servers, created certificates using the CA, and installed. I then enabled SSL on both servers and reset them. I deleted my old replication and created a new one that's identical except I've checked "Using encrypted SSL connection". I'm still using a Simple Authentication with uid=RManager,cn=config and password. The replication works great. > > Is this password now sent encrypted (even though I'm not using SSL client authentication)? Yes. Client auth is if you want, in addition to SSL traffic encryption, to get rid of passwords and use your certificate for authentication. > I'd like to keep this as simple as possible and didn't want to deal with client certificates at this point because I'm using GSSAPI. > > Thanks again for all your help. > > Regards, > Jonathan > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Mon Feb 5 18:33:24 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Mon, 05 Feb 2007 10:33:24 -0800 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <1170690186.2335.12.camel@wzowski.duraflex.com.sv> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> <1170447125.2337.28.camel@wzowski.duraflex.com.sv> <45C3A0C6.5000800@redhat.com> <1170450901.8875.2.camel@wzowski.duraflex.com.sv> <45C3ACB3.4070308@redhat.com> <1170690186.2335.12.camel@wzowski.duraflex.com.sv> Message-ID: <45C77874.7050000@redhat.com> Oscar A. Valdez wrote: > El vie, 02-02-2007 a las 13:27 -0800, Noriko Hosoi escribi?: > >> Oscar A. Valdez wrote: >> >>> The backup was created and restored with db2bak. Would this imply that >>> the backup contained the Admin Server's ou=duraflex.com.sv" and that it >>> was imported into a Directory Server with "ou=duraflex"? >>> >>> >>> >> That's most likely what happened to your server... >> >> >>> Again, as I said, I'm willing to try changing the Admin Server over to >>> "ou=duraflex". I'll appreciate your pointers on how to do it. >>> >>> >>> >> Well, I'd try the following, but since we haven't tested it, we don't >> know how it ends up... >> 1. shutdown the admin server and console >> 2. go to your /admin-serv/config >> 3. replace "ou=duraflex.com.sv" with "ou=duraflex" in all the files in >> the directory >> 4. restart the admin server, then console >> 5. login on the console >> >> Hope it goes fine... >> > > I think it went in the right direction. After logging in, I got two > ou's in the console's default view: "duraflex.com.sv" and "duraflex". I > deleted the first one. The second one can be expanded to show the server > "pendragon", which in turn can be expanded to show an "Administration > Server" and a "Directory Server". However, when I click the first, it > tries but fails to download and install server component admserv10.jar, > and when I click the second, it tries but fails to install server > component ds10.jar. > > In addition, the admin-serv error log has lines like this: > > [crit] populate_tasks_from_server(): Unable to search > [cn=admin-serv-pendragon, cn=Fedora Administration Server, cn=Server > Group, cn=pendragon.duraflex.com.sv, ou=duraflex, o=NetscapeRoot] for > LDAPConnection [pendragon.duraflex.com.sv:389] > > Hmm, that does not sound right... How about resuming the admin-serv/config files and changing the Directory Server side? 1. shutdown the admin server and console 2. go to your /admin-serv/config 3. replace back to "ou=duraflex.com.sv" in all the files in the directory 4. go to your config directory server instance dir: /slapd- 5. export DIT under o=netscaperoot: $ db2ldif -n NetscapeRoot ldiffile: /slapd-/ldif/.ldif [...] - export NetscapeRoot: Processed 103 entries (100%). 6. edit the .ldif file: replace "ou=duraflex" with "ou=duraflex.com.sv" The word may be split across two lines. Please be careful if you substitute the word automatically. 7. stop the directory server: stop-slapd 8. import the .ldif file: ldif2db -n NetscapeRoot -i /slapd-/ldif/.ldif 9. restart the directory server: start-slapd 10. restart the admin server, then console 11. login on the console If this does not work, you'd better re-install the server and import your data to the new server. 1. on the current directory server, export the data into ldif files. go to your /slapd-; run "db2ldif -n " for each backend (e.g., userRoot) EXCEPT NetscapeRoot 2. install new FDS 3. go to the /slapd- 4. stop the directory server 5. import the ldif files from the current directory server repeat "ldif2db -n -i /slapd-/.ldif" for each .ldif file exported in (1). 6. start the directory server Thanks, --noriko -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From ankur_agwal at yahoo.com Tue Feb 6 08:08:03 2007 From: ankur_agwal at yahoo.com (Ankur Agarwal) Date: Tue, 6 Feb 2007 00:08:03 -0800 (PST) Subject: [Fedora-directory-users] How to ensure case sensitive authorisation? Message-ID: <904311.49252.qm@web54105.mail.yahoo.com> Hi, In our LDAP I have a userID = "aagarwal" existing. My application authenticates successfully when i provide username as "aagarwal" or even as "Aagarwal". Is there a way to ensure case-sensitive authentcation? In documentation i see some plugins : Case Exact String Syntax Plug-in and Case Ignore String Syntax Plug-in Any idea if these are to be used to enforce case sensitive authentication? If yes then how to configure these? regards, Ankur --------------------------------- The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Feb 6 15:14:16 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 06 Feb 2007 08:14:16 -0700 Subject: [Fedora-directory-users] How to ensure case sensitive authorisation? In-Reply-To: <904311.49252.qm@web54105.mail.yahoo.com> References: <904311.49252.qm@web54105.mail.yahoo.com> Message-ID: <45C89B48.3000704@redhat.com> Ankur Agarwal wrote: > Hi, > > In our LDAP I have a userID = "aagarwal" existing. My application > authenticates successfully when i provide username as "aagarwal" or > even as "*A*agarwal". Is there a way to ensure case-sensitive > authentcation? > > In documentation i see some plugins : > > Case Exact String Syntax Plug-in and > Case Ignore String Syntax Plug-in > > Any idea if these are to be used to enforce case sensitive > authentication? If yes then how to configure these? I would strongly discourage you from using the plugins to do this. The problem is that the attribute "uid" is not case sensitive. You could hack the server to make this case sensitive, but the better option is to use another attribute. Either find one or create your own e.g. uidcs or something like that. If you just really, really, really must have the LDAP standard "uid" attribute be case sensitive, and I have not been able to discourage you enough from doing this, then you can hack the schema file 00core.ldif and change the syntax to use the case sensitive string syntax. > > regards, > Ankur > > > > ------------------------------------------------------------------------ > The fish are biting. > Get more visitors > > on your site using Yahoo! Search Marketing. > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From oscar.valdez at duraflex.com.sv Tue Feb 6 20:36:27 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Tue, 06 Feb 2007 14:36:27 -0600 Subject: [Fedora-directory-users] Admin console's default view is empty In-Reply-To: <45C77874.7050000@redhat.com> References: <1169739910.2326.20.camel@wzowski.duraflex.com.sv> <1170379389.2332.24.camel@wzowski.duraflex.com.sv> <45C29C39.8070705@redhat.com> <1170427788.2337.13.camel@wzowski.duraflex.com.sv> <45C37326.1070801@redhat.com> <1170439898.2337.25.camel@wzowski.duraflex.com.sv> <45C39872.3050607@redhat.com> <1170447125.2337.28.camel@wzowski.duraflex.com.sv> <45C3A0C6.5000800@redhat.com> <1170450901.8875.2.camel@wzowski.duraflex.com.sv> <45C3ACB3.4070308@redhat.com> <1170690186.2335.12.camel@wzowski.duraflex.com.sv> <45C77874.7050000@redhat.com> Message-ID: <1170794188.21964.18.camel@wzowski.duraflex.com.sv> El lun, 05-02-2007 a las 10:33 -0800, Noriko Hosoi escribi?: > Hmm, that does not sound right... How about resuming the > admin-serv/config files and changing the Directory Server side? > > 1. shutdown the admin server and console > 2. go to your /admin-serv/config > 3. replace back to "ou=duraflex.com.sv" in all the files in the directory > 4. go to your config directory server instance dir: /slapd- > 5. export DIT under o=netscaperoot: > $ db2ldif -n NetscapeRoot > ldiffile: /slapd-/ldif/.ldif > [...] - export NetscapeRoot: Processed 103 entries (100%). > 6. edit the .ldif file: replace "ou=duraflex" with "ou=duraflex.com.sv" > The word may be split across two lines. Please be careful if you substitute the word automatically. > 7. stop the directory server: stop-slapd > 8. import the .ldif file: ldif2db -n NetscapeRoot -i /slapd-/ldif/.ldif > 9. restart the directory server: start-slapd > 10. restart the admin server, then console > 11. login on the console > > If this does not work, you'd better re-install the server and import your data to the new server. > 1. on the current directory server, export the data into ldif files. > go to your /slapd-; run "db2ldif -n " for each backend (e.g., userRoot) EXCEPT NetscapeRoot > 2. install new FDS > 3. go to the /slapd- > 4. stop the directory server > 5. import the ldif files from the current directory server > repeat "ldif2db -n -i /slapd-/.ldif" for each .ldif file exported in (1). > 6. start the directory server Rather than experimenting, I went ahead with Plan "B": I backed up the userRoot instance to ldif, uninstalled the old directory server, reinstalled it (on the same machine), stopped it, imported the ldif backup, and restarted the server. It all took less than 30 minutes, and worked perfectly. I am very grateful for your guidance on this issue. -- Oscar A. Valdez From mikael.kermorgant at gmail.com Wed Feb 7 08:22:13 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Wed, 7 Feb 2007 09:22:13 +0100 Subject: [Fedora-directory-users] error when restarting FDS Message-ID: <9711147e0702070022n5d279b04y216364e6c3ce03cd@mail.gmail.com> Hello, This night, FDS (1.0.2) refused to start after backup. I found this in the logs : [06/Feb/2007:22:04:39 +0100] - slapd stopped. Fedora-Directory/1.0.2 B2006.060.1951 host:389 (/opt/fedora-ds/slapd-supann) [06/Feb/2007:22:04:51 +0100] dse - The entry cn=config in file /opt/fedora-ds/slapd-supann/config/dse.ldif is invalid, error code 53 (DSA is unwilling to perform) - nsslapd-maxdescriptors: invalid value "65536", maximum file descriptors must range from 1 to 1024 (the current process limit) [06/Feb/2007:22:04:51 +0100] dse - Could not load config file [dse.ldif] [06/Feb/2007:22:04:51 +0100] dse - Please edit the file to correct the reported problems and then restart the server. Fedora-Directory/1.0.2 B2006.060.1951 host:636 (/opt/fedora-ds/slapd-supann) [07/Feb/2007:08:50:20 +0100] - Fedora-Directory/1.0.2 B2006.060.1951 starting up Indeed, I checked my system and found : [root at host logs]# cat /proc/sys/fs/file-max 65536 Which seems correct if I follow this page : http://directory.fedora.redhat.com/wiki/Performance_Tuning#Linux However, fds started without any problem some time later. Any Idea about what I should do about this pb ? Thanks in advance, -- Mikael Kermorgant From nkinder at redhat.com Wed Feb 7 16:54:03 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 07 Feb 2007 08:54:03 -0800 Subject: [Fedora-directory-users] error when restarting FDS In-Reply-To: <9711147e0702070022n5d279b04y216364e6c3ce03cd@mail.gmail.com> References: <9711147e0702070022n5d279b04y216364e6c3ce03cd@mail.gmail.com> Message-ID: <45CA042B.3030904@redhat.com> Mikael Kermorgant wrote: > Hello, > > This night, FDS (1.0.2) refused to start after backup. I found this in > the logs : > > [06/Feb/2007:22:04:39 +0100] - slapd stopped. > Fedora-Directory/1.0.2 B2006.060.1951 > host:389 (/opt/fedora-ds/slapd-supann) > > [06/Feb/2007:22:04:51 +0100] dse - The entry cn=config in file > /opt/fedora-ds/slapd-supann/config/dse.ldif is invalid, error code 53 > (DSA is unwilling to perform) - nsslapd-maxdescriptors: invalid value > "65536", maximum file descriptors must range from 1 to 1024 (the > current process limit) > [06/Feb/2007:22:04:51 +0100] dse - Could not load config file [dse.ldif] > [06/Feb/2007:22:04:51 +0100] dse - Please edit the file to correct the > reported problems and then restart the server. > Fedora-Directory/1.0.2 B2006.060.1951 > host:636 (/opt/fedora-ds/slapd-supann) > > [07/Feb/2007:08:50:20 +0100] - Fedora-Directory/1.0.2 B2006.060.1951 > starting up > > Indeed, I checked my system and found : > > [root at host logs]# cat /proc/sys/fs/file-max > 65536 Try checking the limit by running "ulimit -n". -NGK > > Which seems correct if I follow this page : > http://directory.fedora.redhat.com/wiki/Performance_Tuning#Linux > > However, fds started without any problem some time later. > > Any Idea about what I should do about this pb ? > Thanks in advance, > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From patrick.morris at hp.com Wed Feb 7 16:44:36 2007 From: patrick.morris at hp.com (Morris, Patrick) Date: Wed, 7 Feb 2007 11:44:36 -0500 Subject: [Fedora-directory-users] error when restarting FDS In-Reply-To: <9711147e0702070022n5d279b04y216364e6c3ce03cd@mail.gmail.com> References: <9711147e0702070022n5d279b04y216364e6c3ce03cd@mail.gmail.com> Message-ID: > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Mikael Kermorgant > Sent: Wednesday, February 07, 2007 12:22 AM > To: General discussion list for the Fedora Directory server project. > Subject: [Fedora-directory-users] error when restarting FDS > > Hello, > > This night, FDS (1.0.2) refused to start after backup. I > found this in the logs : > > [06/Feb/2007:22:04:39 +0100] - slapd stopped. > Fedora-Directory/1.0.2 B2006.060.1951 > host:389 (/opt/fedora-ds/slapd-supann) > > [06/Feb/2007:22:04:51 +0100] dse - The entry cn=config in > file /opt/fedora-ds/slapd-supann/config/dse.ldif is invalid, > error code 53 (DSA is unwilling to perform) - > nsslapd-maxdescriptors: invalid value "65536", maximum file > descriptors must range from 1 to 1024 (the current process limit) > [06/Feb/2007:22:04:51 +0100] dse - Could not load config file > [dse.ldif] > [06/Feb/2007:22:04:51 +0100] dse - Please edit the file to > correct the reported problems and then restart the server. > Fedora-Directory/1.0.2 B2006.060.1951 > host:636 (/opt/fedora-ds/slapd-supann) How are you settigng your file descriptor limits, and how does the backup run? Chances are that when the server is restarted after the backup, they are not set correctly. I'm going to take a wild guess that it runs out of cron with an environment that's not set with the right number. From lists at scott-ackerman.com Thu Feb 8 15:31:50 2007 From: lists at scott-ackerman.com (lists at scott-ackerman.com) Date: Thu, 08 Feb 2007 10:31:50 -0500 Subject: [Fedora-directory-users] Forgive the misunderstandings of a "newb" Message-ID: <10091967.1489671170948710249.JavaMail.servlet@perfora> I thought I was smart until I dove into LDAP. I am the sole part-time IT Manager for a charter school (240 students, 20 staff, 60 computers) and am migrating away from a Windows server environment to Linux. The only services that are being provided by a Windows server now are AD, file and print sharing services. Since we are turning about 15 of our student computers into Linux stations, I decided on a "simpler" method of managing authentication, login etc. and chose Fedora Directory Server (after having beat my head against the wall with strictly OpenLDAP for a month). I have successfully set up FDS and entered all students and staff. I have decided not to sync against our AD server because we are changing the student login method, the old format was locker number for user name and then a password. I have decided to use the first.last name for user name and then a password. I am trying to set up posix authentication and Samba and am having difficulties with both, technical on the former and understanding on the latter. First posix, I have followed the how to on the FDS Wiki, but there seems to be some steps missing. I have gotten an authenticated student logon, but only after having created an account on the local machine with the same UID. I made sure that the password was different in FDS than when I created the user on the local machine and I am able to login to using either password which would indicate to me that I am successfully authenticating to FDS. However I don't particularly care to have to add 240 students on all 15 computers to make this work, not to mention all of the "home" directories that will be mounted from the NFS server. So the questions is, what steps am I missing here? Samba. As I understand it, Windows will only authenticate against an NT or "NT like (aka. Samba)" server, which means as far as I can tell that either I have Samba sync against FDS or I use pGina on the Windows side to authenticate directly against LDAP or scrap LDAP all together and just use an NIS server (don't think this is a good idea, but it is a possiblity). Of course trying to assess the pros and cons of either has been somewhat difficult at best. Also the FDS Samba how-to doesn't cover computer management which Samba is going to have to deal with as well. Before someone replies with a "RTFM", I have read the Install Guide as well as the Red Hat Directory Server documentation and I am currently half-way through the book "Understanding and Deploying LDAP Directory Services", so I have a reasonable understanding of how to get into trouble. Of course none of these provide in-depth (nor should they) information as to how to integrate with other services. I have spent a month reading, tinkering etc., and I am not asking anyone else to do my work for me, but I have seem to hit a wall and need a couple of "breadcrumbs" to get me back on the trail. Thank you for your patience and understanding. -- Scott Ackerman 1212 Baker Street Fort Collins, Colorado 80524 970-231-9035 www.scott-ackerman.com "Every improvement in the standard of work men do is followed swiftly and inevitably by an improvement in the men who do it" - William Morris From nkinder at redhat.com Thu Feb 8 16:43:21 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 08 Feb 2007 08:43:21 -0800 Subject: [Fedora-directory-users] Forgive the misunderstandings of a "newb" In-Reply-To: <10091967.1489671170948710249.JavaMail.servlet@perfora> References: <10091967.1489671170948710249.JavaMail.servlet@perfora> Message-ID: <45CB5329.4090508@redhat.com> lists at scott-ackerman.com wrote: > I thought I was smart until I dove into LDAP. I am the sole part-time IT > Manager for a charter school (240 students, 20 staff, 60 computers) and > am migrating away from a Windows server environment to Linux. The only > services that are being provided by a Windows server now are AD, file > and print sharing services. Since we are turning about 15 of our student > computers into Linux stations, I decided on a "simpler" method of > managing authentication, login etc. and chose Fedora Directory Server > (after having beat my head against the wall with strictly OpenLDAP for a > month). I have successfully set up FDS and entered all students and > staff. I have decided not to sync against our AD server because we are > changing the student login method, the old format was locker number for > user name and then a password. I have decided to use the first.last name > for user name and then a password. > > I am trying to set up posix authentication and Samba and am having > difficulties with both, technical on the former and understanding on the > latter. First posix, I have followed the how to on the FDS Wiki, but > there seems to be some steps missing. I have gotten an authenticated > student logon, but only after having created an account on the local > machine with the same UID. I made sure that the password was different > in FDS than when I created the user on the local machine and I am able > to login to using either password which would indicate to me that I am > successfully authenticating to FDS. However I don't particularly care to > have to add 240 students on all 15 computers to make this work, not to > mention all of the "home" directories that will be mounted from the NFS > server. So the questions is, what steps am I missing here? > It sounds like you need to configure nss_ldap. Assuming you have nss_ldap installed on your client systems, you should be able to add "ldap" as a service for looking up users and groups in your /etc/nsswitch.conf file. -NGK > Samba. As I understand it, Windows will only authenticate against an NT > or "NT like (aka. Samba)" server, which means as far as I can tell that > either I have Samba sync against FDS or I use pGina on the Windows side > to authenticate directly against LDAP or scrap LDAP all together and > just use an NIS server (don't think this is a good idea, but it is a > possiblity). Of course trying to assess the pros and cons of either has > been somewhat difficult at best. Also the FDS Samba how-to doesn't cover > computer management which Samba is going to have to deal with as well. > > Before someone replies with a "RTFM", I have read the Install Guide as > well as the Red Hat Directory Server documentation and I am currently > half-way through the book "Understanding and Deploying LDAP Directory > Services", so I have a reasonable understanding of how to get into > trouble. Of course none of these provide in-depth (nor should they) > information as to how to integrate with other services. I have spent a > month reading, tinkering etc., and I am not asking anyone else to do my > work for me, but I have seem to hit a wall and need a couple of > "breadcrumbs" to get me back on the trail. Thank you for your patience > and understanding. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From mikael.kermorgant at gmail.com Thu Feb 8 21:39:40 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Thu, 8 Feb 2007 22:39:40 +0100 Subject: [Fedora-directory-users] error when restarting FDS In-Reply-To: References: <9711147e0702070022n5d279b04y216364e6c3ce03cd@mail.gmail.com> Message-ID: <9711147e0702081339v4ad28ab0na76435649242a2fe@mail.gmail.com> 2007/2/7, Morris, Patrick : > > From: fedora-directory-users-bounces at redhat.com > > > > This night, FDS (1.0.2) refused to start after backup. I > > found this in the logs : > > > > [06/Feb/2007:22:04:39 +0100] - slapd stopped. > > Fedora-Directory/1.0.2 B2006.060.1951 > > host:389 (/opt/fedora-ds/slapd-supann) > > > > [06/Feb/2007:22:04:51 +0100] dse - The entry cn=config in > > file /opt/fedora-ds/slapd-supann/config/dse.ldif is invalid, > > error code 53 (DSA is unwilling to perform) - > > nsslapd-maxdescriptors: invalid value "65536", maximum file > > descriptors must range from 1 to 1024 (the current process limit) > > [06/Feb/2007:22:04:51 +0100] dse - Could not load config file > > [dse.ldif] > > How are you settigng your file descriptor limits, and how does the > backup run? Chances are that when the server is restarted after the > backup, they are not set correctly. I'm going to take a wild guess that > it runs out of cron with an environment that's not set with the right > number. Thanks for your answers, To reply the first mail, "ulimit -n" returns 1024. I run my backup with a script called by bacula (which runs with root privileges). Here's the content of the script : #!/bin/sh echo "stopping fedora directory server" /etc/init.d/fds stop echo "rsyncing" /usr/bin/rsync -a --delete /opt/fedora-ds /opt/fedora-ds.rsync sleep 10 echo "starting fedora directory server" /etc/init.d/fds start Do you know what command I should add to this script to set up the environment correctly ? Thanks in advance, -- Mikael Kermorgant From yinyang at eburg.com Thu Feb 8 22:32:00 2007 From: yinyang at eburg.com (Gordon Messmer) Date: Thu, 08 Feb 2007 14:32:00 -0800 Subject: [Fedora-directory-users] error when restarting FDS In-Reply-To: <9711147e0702081339v4ad28ab0na76435649242a2fe@mail.gmail.com> References: <9711147e0702070022n5d279b04y216364e6c3ce03cd@mail.gmail.com> <9711147e0702081339v4ad28ab0na76435649242a2fe@mail.gmail.com> Message-ID: <45CBA4E0.3010100@eburg.com> Mikael Kermorgant wrote: > echo "starting fedora directory server" > /etc/init.d/fds start > > Do you know what command I should add to this script to set up the > environment correctly ? Modify /etc/init.d/fds, and add "ulimit -n 65536" there. From hyc at symas.com Fri Feb 9 10:18:32 2007 From: hyc at symas.com (Howard Chu) Date: Fri, 09 Feb 2007 02:18:32 -0800 Subject: [Fedora-directory-users] Re: Announce: Net-LDAPapi version 2.00 released In-Reply-To: <617E31A4C92DFB95C3CF84BB@SW-90-717-287-3.stanford.edu> References: <617E31A4C92DFB95C3CF84BB@SW-90-717-287-3.stanford.edu> Message-ID: <45CC4A78.2060207@symas.com> Quanah Gibson-Mount wrote: > A new release of Net::LDAPapi module is now available for Perl via CPAN. > This release includes compilation against OpenLDAP libraries from > version 2.1 forward. It now supports LDAPv3, including SASL binds. Great, glad to see this finally making it back out to the world. > Support for the Netscape (now Mozilla) C SDK has been kept, but not > tested. I welcome feedback on the usability with the Mozilla C SDK. > > Many thanks to Howard Chu and Symas Corporation for the work done to > realize LDAPv3 support with Net::LDAPapi. > > Net::LDAPapi can be obtained from: > > > > > For those who have never used Net::LDAPapi, it uses the C interface for > its LDAP operations. This means that it is much faster than the pure > perl Net::LDAP module from the perl-ldap package. However, it also > relies on having the C libraries it was linked against available. We've observed a 100:1 speed difference between Net::LDAPapi and Net::LDAP. Usually people writing perl scripts don't seem to take performance or efficiency into account, because they're just coding up a "quickie tool." But it then evolves into something else, and eventually gets deployed into production. We've seen this happen over and over with perl-based web login scripts, where gradually the web server gets bogged down under its authentication load. Switching from Net::LDAP to Net::LDAPapi has helped a number of our customers get their systems back up on their feet. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/ From fedoradsmk at gutski.de Thu Feb 8 19:23:40 2007 From: fedoradsmk at gutski.de (Marko Karg) Date: Thu, 08 Feb 2007 20:23:40 +0100 Subject: [Fedora-directory-users] admin console stays empty Message-ID: <45CB78BC.2060502@gutski.de> Hi all, I've freshly installed ds 1.0.4-1, got rid of hopefully all java issues, and am now confronted with a empty admin console. A connection to localhost: via browser works well, slapd is running, but the window after the login prompt stays empty. Can please someone advise where I have to search for the error? Thank you in advance! Marko From quanah at stanford.edu Fri Feb 9 09:24:52 2007 From: quanah at stanford.edu (Quanah Gibson-Mount) Date: Fri, 09 Feb 2007 01:24:52 -0800 Subject: [Fedora-directory-users] Announce: Net-LDAPapi version 2.00 released Message-ID: <617E31A4C92DFB95C3CF84BB@SW-90-717-287-3.stanford.edu> A new release of Net::LDAPapi module is now available for Perl via CPAN. This release includes compilation against OpenLDAP libraries from version 2.1 forward. It now supports LDAPv3, including SASL binds. Support for the Netscape (now Mozilla) C SDK has been kept, but not tested. I welcome feedback on the usability with the Mozilla C SDK. Many thanks to Howard Chu and Symas Corporation for the work done to realize LDAPv3 support with Net::LDAPapi. Net::LDAPapi can be obtained from: For those who have never used Net::LDAPapi, it uses the C interface for its LDAP operations. This means that it is much faster than the pure perl Net::LDAP module from the perl-ldap package. However, it also relies on having the C libraries it was linked against available. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html From lists at scott-ackerman.com Fri Feb 9 14:51:17 2007 From: lists at scott-ackerman.com (Scott Ackerman) Date: Fri, 09 Feb 2007 07:51:17 -0700 Subject: [Fedora-directory-users] Forgive the misunderstandings of a "newb" In-Reply-To: <45CB5329.4090508@redhat.com> References: <10091967.1489671170948710249.JavaMail.servlet@perfora> <45CB5329.4090508@redhat.com> Message-ID: <45CC8A65.9070003@scott-ackerman.com> Thanks Nathan, but where did I miss that in the how-to? Nathan Kinder wrote: > lists at scott-ackerman.com wrote: >> I thought I was smart until I dove into LDAP. I am the sole part-time IT >> Manager for a charter school (240 students, 20 staff, 60 computers) and >> am migrating away from a Windows server environment to Linux. The only >> services that are being provided by a Windows server now are AD, file >> and print sharing services. Since we are turning about 15 of our student >> computers into Linux stations, I decided on a "simpler" method of >> managing authentication, login etc. and chose Fedora Directory Server >> (after having beat my head against the wall with strictly OpenLDAP for a >> month). I have successfully set up FDS and entered all students and >> staff. I have decided not to sync against our AD server because we are >> changing the student login method, the old format was locker number for >> user name and then a password. I have decided to use the first.last name >> for user name and then a password. >> >> I am trying to set up posix authentication and Samba and am having >> difficulties with both, technical on the former and understanding on the >> latter. First posix, I have followed the how to on the FDS Wiki, but >> there seems to be some steps missing. I have gotten an authenticated >> student logon, but only after having created an account on the local >> machine with the same UID. I made sure that the password was different >> in FDS than when I created the user on the local machine and I am able >> to login to using either password which would indicate to me that I am >> successfully authenticating to FDS. However I don't particularly care to >> have to add 240 students on all 15 computers to make this work, not to >> mention all of the "home" directories that will be mounted from the NFS >> server. So the questions is, what steps am I missing here? >> > It sounds like you need to configure nss_ldap. Assuming you have > nss_ldap installed on your client systems, you should be able to add > "ldap" as a service for looking up users and groups in your > /etc/nsswitch.conf file. > > -NGK >> Samba. As I understand it, Windows will only authenticate against an NT >> or "NT like (aka. Samba)" server, which means as far as I can tell that >> either I have Samba sync against FDS or I use pGina on the Windows side >> to authenticate directly against LDAP or scrap LDAP all together and >> just use an NIS server (don't think this is a good idea, but it is a >> possiblity). Of course trying to assess the pros and cons of either has >> been somewhat difficult at best. Also the FDS Samba how-to doesn't cover >> computer management which Samba is going to have to deal with as well. >> >> Before someone replies with a "RTFM", I have read the Install Guide as >> well as the Red Hat Directory Server documentation and I am currently >> half-way through the book "Understanding and Deploying LDAP Directory >> Services", so I have a reasonable understanding of how to get into >> trouble. Of course none of these provide in-depth (nor should they) >> information as to how to integrate with other services. I have spent a >> month reading, tinkering etc., and I am not asking anyone else to do my >> work for me, but I have seem to hit a wall and need a couple of >> "breadcrumbs" to get me back on the trail. Thank you for your patience >> and understanding. >> >> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Scott Ackerman 1212 Baker Street Fort Collins, Colorado 80524 970-231-9035 www.scott-ackerman.com "Every improvement in the standard of work men do is followed swiftly and inevitably by an improvement in the men who do it" - William Morris From jsummers at bachman.cs.ou.edu Fri Feb 9 16:09:26 2007 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Fri, 09 Feb 2007 10:09:26 -0600 Subject: [Fedora-directory-users] Password Expiration Loop Message-ID: <45CC9CB6.6070907@cs.ou.edu> Hello List, I am still troubled with the issue of a users password expiring, they get the messages to change, successfully change password. Then the next time that they login, the password loop begins again. I searched the archives and didn't really find a solution, but could have sworn that I had seen it solved some time back. The setup I am working with is RHEL4 servers and FDS fedora-ds-1.0.2-1.RHEL4. The clients are mix of fedora versions and RHEL4 machines. Everything works great(authentication, netgroups, autofs, etc...) other than this one issue. Here are the relevant entries(I think!) from ldap.conf on a client(rhel4): ssl start_tls ssl on tls_checkpeer no tls_reqcert never tls_cacertfile /usr/share/ssl/certs/ca-bundle.crt tls_cacertdir /usr/share/ssl/certs pam_password crypt pam_lookup_policy yes The pam.d/system-auth is: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so account required /lib/security/$ISA/pam_permit.so password required /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so and the log entry when using ssh to login with shows: sshd(pam_unix)[4227]: session opened for user but if I fumble the password it shows: passwd[4222]: pam_ldap: error trying to bind as user .... So, like I was several months ago, still stumped on what I have overlooked. Any ideas or suggestions on what I have overlooked? Can I find some log entries in the ldap server that may point to what I have mis-configured or not configured? Many Thanks -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From kylet at panix.com Fri Feb 9 16:20:36 2007 From: kylet at panix.com (Kyle Tucker) Date: Fri, 9 Feb 2007 11:20:36 -0500 (EST) Subject: [Fedora-directory-users] Password Expiration Loop In-Reply-To: <45CC9CB6.6070907@cs.ou.edu> Message-ID: <200702091620.l19GKaL20066@panix3.panix.com> > > I am still troubled with the issue of a users password expiring, they get the > messages to change, successfully change password. Then the next time that > they login, the password loop begins again. If you are using shadowAccount objectclass for passwords (versus password policies), I had this same issue until I enable self-write access to the shadowLastChange attribute. In Directory tab, select root domain Right click and Select Set Access Permissions Select "Enable self-write for common attributes" and click on Edit Select "Self" and click on Edit Manually button. After "userPassword", insert "|| shadowLastChange " and click on OK and again on OK on the parent window. -- - Kyle --------------------------------------------- kylet at panix.com http://www.panix.com/~kylet --------------------------------------------- From nkinder at redhat.com Fri Feb 9 16:26:20 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Fri, 09 Feb 2007 08:26:20 -0800 Subject: [Fedora-directory-users] Forgive the misunderstandings of a "newb" In-Reply-To: <45CC8A65.9070003@scott-ackerman.com> References: <10091967.1489671170948710249.JavaMail.servlet@perfora> <45CB5329.4090508@redhat.com> <45CC8A65.9070003@scott-ackerman.com> Message-ID: <45CCA0AC.2080306@redhat.com> Scott Ackerman wrote: > Thanks Nathan, but where did I miss that in the how-to? > It appears to be missing from the how-to (some of the how-to's do make reference to nss_ldap being required though). > Nathan Kinder wrote: > >> lists at scott-ackerman.com wrote: >> >>> I thought I was smart until I dove into LDAP. I am the sole part-time IT >>> Manager for a charter school (240 students, 20 staff, 60 computers) and >>> am migrating away from a Windows server environment to Linux. The only >>> services that are being provided by a Windows server now are AD, file >>> and print sharing services. Since we are turning about 15 of our student >>> computers into Linux stations, I decided on a "simpler" method of >>> managing authentication, login etc. and chose Fedora Directory Server >>> (after having beat my head against the wall with strictly OpenLDAP for a >>> month). I have successfully set up FDS and entered all students and >>> staff. I have decided not to sync against our AD server because we are >>> changing the student login method, the old format was locker number for >>> user name and then a password. I have decided to use the first.last name >>> for user name and then a password. >>> >>> I am trying to set up posix authentication and Samba and am having >>> difficulties with both, technical on the former and understanding on the >>> latter. First posix, I have followed the how to on the FDS Wiki, but >>> there seems to be some steps missing. I have gotten an authenticated >>> student logon, but only after having created an account on the local >>> machine with the same UID. I made sure that the password was different >>> in FDS than when I created the user on the local machine and I am able >>> to login to using either password which would indicate to me that I am >>> successfully authenticating to FDS. However I don't particularly care to >>> have to add 240 students on all 15 computers to make this work, not to >>> mention all of the "home" directories that will be mounted from the NFS >>> server. So the questions is, what steps am I missing here? >>> >>> >> It sounds like you need to configure nss_ldap. Assuming you have >> nss_ldap installed on your client systems, you should be able to add >> "ldap" as a service for looking up users and groups in your >> /etc/nsswitch.conf file. >> >> -NGK >> >>> Samba. As I understand it, Windows will only authenticate against an NT >>> or "NT like (aka. Samba)" server, which means as far as I can tell that >>> either I have Samba sync against FDS or I use pGina on the Windows side >>> to authenticate directly against LDAP or scrap LDAP all together and >>> just use an NIS server (don't think this is a good idea, but it is a >>> possiblity). Of course trying to assess the pros and cons of either has >>> been somewhat difficult at best. Also the FDS Samba how-to doesn't cover >>> computer management which Samba is going to have to deal with as well. >>> >>> Before someone replies with a "RTFM", I have read the Install Guide as >>> well as the Red Hat Directory Server documentation and I am currently >>> half-way through the book "Understanding and Deploying LDAP Directory >>> Services", so I have a reasonable understanding of how to get into >>> trouble. Of course none of these provide in-depth (nor should they) >>> information as to how to integrate with other services. I have spent a >>> month reading, tinkering etc., and I am not asking anyone else to do my >>> work for me, but I have seem to hit a wall and need a couple of >>> "breadcrumbs" to get me back on the trail. Thank you for your patience >>> and understanding. >>> >>> >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From keir.whitlock at jobsite.co.uk Fri Feb 9 17:07:25 2007 From: keir.whitlock at jobsite.co.uk (Keir Whitlock) Date: Fri, 9 Feb 2007 17:07:25 -0000 Subject: [Fedora-directory-users] Forgive the misunderstandings of a "newb" Message-ID: <15F2FAFE738243408B3CB75E78F70AE5012478B4@sesct49n1j.jobsite.co.uk> System-config-authentication should have picked this up on newer versions of redhat and fedora _________________________________________ Keir Whitlock Unix Systems Administrator Unix Operations Team T: +44 (0)870 7748500 F: +44 (0)870 7748501 E: keir.whitlock at jobsite.co.uk W: www.jobsite.co.uk Legally privileged/Confidential Information may be contained in this message. If you are not the addressee(s) legally indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message, and notify us immediately. If you or your employer does not consent to Internet e-mail messages of this kind, please advise us immediately. Opinions, conclusions and other information expressed in this message are not given or endorsed by my firm or employer unless otherwise indicated by an authorised representative independent of this message. Please note that despite using the latest virus software, neither my employer nor I accept any responsibility for viruses and it is your responsibility to scan attachments (if any). -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Nathan Kinder Sent: 09 February 2007 16:26 To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Forgive the misunderstandings of a "newb" Scott Ackerman wrote: > Thanks Nathan, but where did I miss that in the how-to? > It appears to be missing from the how-to (some of the how-to's do make reference to nss_ldap being required though). > Nathan Kinder wrote: > >> lists at scott-ackerman.com wrote: >> >>> I thought I was smart until I dove into LDAP. I am the sole part-time IT >>> Manager for a charter school (240 students, 20 staff, 60 computers) and >>> am migrating away from a Windows server environment to Linux. The only >>> services that are being provided by a Windows server now are AD, file >>> and print sharing services. Since we are turning about 15 of our student >>> computers into Linux stations, I decided on a "simpler" method of >>> managing authentication, login etc. and chose Fedora Directory Server >>> (after having beat my head against the wall with strictly OpenLDAP for a >>> month). I have successfully set up FDS and entered all students and >>> staff. I have decided not to sync against our AD server because we are >>> changing the student login method, the old format was locker number for >>> user name and then a password. I have decided to use the first.last name >>> for user name and then a password. >>> >>> I am trying to set up posix authentication and Samba and am having >>> difficulties with both, technical on the former and understanding on the >>> latter. First posix, I have followed the how to on the FDS Wiki, but >>> there seems to be some steps missing. I have gotten an authenticated >>> student logon, but only after having created an account on the local >>> machine with the same UID. I made sure that the password was different >>> in FDS than when I created the user on the local machine and I am able >>> to login to using either password which would indicate to me that I am >>> successfully authenticating to FDS. However I don't particularly care to >>> have to add 240 students on all 15 computers to make this work, not to >>> mention all of the "home" directories that will be mounted from the NFS >>> server. So the questions is, what steps am I missing here? >>> >>> >> It sounds like you need to configure nss_ldap. Assuming you have >> nss_ldap installed on your client systems, you should be able to add >> "ldap" as a service for looking up users and groups in your >> /etc/nsswitch.conf file. >> >> -NGK >> >>> Samba. As I understand it, Windows will only authenticate against an NT >>> or "NT like (aka. Samba)" server, which means as far as I can tell that >>> either I have Samba sync against FDS or I use pGina on the Windows side >>> to authenticate directly against LDAP or scrap LDAP all together and >>> just use an NIS server (don't think this is a good idea, but it is a >>> possiblity). Of course trying to assess the pros and cons of either has >>> been somewhat difficult at best. Also the FDS Samba how-to doesn't cover >>> computer management which Samba is going to have to deal with as well. >>> >>> Before someone replies with a "RTFM", I have read the Install Guide as >>> well as the Red Hat Directory Server documentation and I am currently >>> half-way through the book "Understanding and Deploying LDAP Directory >>> Services", so I have a reasonable understanding of how to get into >>> trouble. Of course none of these provide in-depth (nor should they) >>> information as to how to integrate with other services. I have spent a >>> month reading, tinkering etc., and I am not asking anyone else to do my >>> work for me, but I have seem to hit a wall and need a couple of >>> "breadcrumbs" to get me back on the trail. Thank you for your patience >>> and understanding. >>> >>> >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > From lists at scott-ackerman.com Fri Feb 9 17:37:03 2007 From: lists at scott-ackerman.com (Scott Ackerman) Date: Fri, 09 Feb 2007 10:37:03 -0700 Subject: [Fedora-directory-users] Forgive the misunderstandings of a "newb" In-Reply-To: <15F2FAFE738243408B3CB75E78F70AE5012478B4@sesct49n1j.jobsite.co.uk> References: <15F2FAFE738243408B3CB75E78F70AE5012478B4@sesct49n1j.jobsite.co.uk> Message-ID: <45CCB13F.9090501@scott-ackerman.com> I am running Fedora Core 5 and have (as far as I can understand) all required modules, etc. installed, I have checked the ldap.conf file and it is pointing to our LDAP server, I have checked the nsswitch.conf file and it appears to be configured correctly. But after having deleted the user from the local machine, I now cannot login because of authentication failure. System-config-authenticatin in pam.d contains this: #%PAM-1.0 auth include config-util account include config-util session include config-util So, back to the drawing board and more searching on the web. It seems as if most of these how-to's are geared toward people what have a working understanding of how all of this integrates into LDAP. An assumption that I wouldn't necessarily make, especially in light of the fact that if you come from a Windoze server environment, AD is used which doesn't have all of these configuration issues (you just get a whole new set of issues). Keir Whitlock wrote: > System-config-authentication should have picked this up on newer > versions of redhat and fedora > > > > > > _________________________________________ > Keir Whitlock > Unix Systems Administrator > Unix Operations Team > > > T: +44 (0)870 7748500 > F: +44 (0)870 7748501 > E: keir.whitlock at jobsite.co.uk > W: www.jobsite.co.uk > > > Legally privileged/Confidential Information may be contained in this > message. If you are not the addressee(s) legally indicated in this > message (or responsible for delivery of the message to such person), you > may not copy or deliver this message to anyone. In such case, you should > destroy this message, and notify us immediately. If you or your employer > does not consent to Internet e-mail messages of this kind, please advise > us immediately. Opinions, conclusions and other information expressed in > this message are not given or endorsed by my firm or employer unless > otherwise indicated by an authorised representative independent of this > message. Please note that despite using the latest virus software, > neither my employer nor I accept any responsibility for viruses and it > is your responsibility to scan attachments (if any). > > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Nathan > Kinder > Sent: 09 February 2007 16:26 > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Forgive the misunderstandings of a > "newb" > > Scott Ackerman wrote: > >> Thanks Nathan, but where did I miss that in the how-to? >> >> > It appears to be missing from the how-to (some of the how-to's do make > reference to nss_ldap being required though). > >> Nathan Kinder wrote: >> >> >>> lists at scott-ackerman.com wrote: >>> >>> >>>> I thought I was smart until I dove into LDAP. I am the sole >>>> > part-time IT > >>>> Manager for a charter school (240 students, 20 staff, 60 computers) >>>> > and > >>>> am migrating away from a Windows server environment to Linux. The >>>> > only > >>>> services that are being provided by a Windows server now are AD, >>>> > file > >>>> and print sharing services. Since we are turning about 15 of our >>>> > student > >>>> computers into Linux stations, I decided on a "simpler" method of >>>> managing authentication, login etc. and chose Fedora Directory >>>> > Server > >>>> (after having beat my head against the wall with strictly OpenLDAP >>>> > for a > >>>> month). I have successfully set up FDS and entered all students and >>>> staff. I have decided not to sync against our AD server because we >>>> > are > >>>> changing the student login method, the old format was locker number >>>> > for > >>>> user name and then a password. I have decided to use the first.last >>>> > name > >>>> for user name and then a password. >>>> >>>> I am trying to set up posix authentication and Samba and am having >>>> difficulties with both, technical on the former and understanding on >>>> > the > >>>> latter. First posix, I have followed the how to on the FDS Wiki, but >>>> there seems to be some steps missing. I have gotten an authenticated >>>> student logon, but only after having created an account on the local >>>> machine with the same UID. I made sure that the password was >>>> > different > >>>> in FDS than when I created the user on the local machine and I am >>>> > able > >>>> to login to using either password which would indicate to me that I >>>> > am > >>>> successfully authenticating to FDS. However I don't particularly >>>> > care to > >>>> have to add 240 students on all 15 computers to make this work, not >>>> > to > >>>> mention all of the "home" directories that will be mounted from the >>>> > NFS > >>>> server. So the questions is, what steps am I missing here? >>>> >>>> >>>> >>> It sounds like you need to configure nss_ldap. Assuming you have >>> nss_ldap installed on your client systems, you should be able to add >>> "ldap" as a service for looking up users and groups in your >>> /etc/nsswitch.conf file. >>> >>> -NGK >>> >>> >>>> Samba. As I understand it, Windows will only authenticate against an >>>> > NT > >>>> or "NT like (aka. Samba)" server, which means as far as I can tell >>>> > that > >>>> either I have Samba sync against FDS or I use pGina on the Windows >>>> > side > >>>> to authenticate directly against LDAP or scrap LDAP all together and >>>> just use an NIS server (don't think this is a good idea, but it is a >>>> possiblity). Of course trying to assess the pros and cons of either >>>> > has > >>>> been somewhat difficult at best. Also the FDS Samba how-to doesn't >>>> > cover > >>>> computer management which Samba is going to have to deal with as >>>> > well. > >>>> Before someone replies with a "RTFM", I have read the Install Guide >>>> > as > >>>> well as the Red Hat Directory Server documentation and I am >>>> > currently > >>>> half-way through the book "Understanding and Deploying LDAP >>>> > Directory > >>>> Services", so I have a reasonable understanding of how to get into >>>> trouble. Of course none of these provide in-depth (nor should they) >>>> information as to how to integrate with other services. I have spent >>>> > a > >>>> month reading, tinkering etc., and I am not asking anyone else to do >>>> > my > >>>> work for me, but I have seem to hit a wall and need a couple of >>>> "breadcrumbs" to get me back on the trail. Thank you for your >>>> > patience > >>>> and understanding. >>>> >>>> >>>> >>>> > ------------------------------------------------------------------------ > >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Scott B. Ackerman 1212 Baker Street Fort Collins, Colorado 80524 970-231-9035 scott at scott-ackerman.com "Every improvement in the standard of work men do is followed swiftly and inevitably by an improvement in the men who do it" - William Morris From jsummers at bachman.cs.ou.edu Fri Feb 9 19:37:06 2007 From: jsummers at bachman.cs.ou.edu (Jim Summers) Date: Fri, 09 Feb 2007 13:37:06 -0600 Subject: [Fedora-directory-users] Password Expiration Loop In-Reply-To: <200702091620.l19GKaL20066@panix3.panix.com> References: <200702091620.l19GKaL20066@panix3.panix.com> Message-ID: <45CCCD62.3090807@cs.ou.edu> Kyle Tucker wrote: >> I am still troubled with the issue of a users password expiring, they get the >> messages to change, successfully change password. Then the next time that >> they login, the password loop begins again. > > If you are using shadowAccount objectclass for passwords (versus password > policies), I had this same issue until I enable self-write access to the > shadowLastChange attribute. > > In Directory tab, select root domain > > Right click and Select Set Access Permissions Select "Enable self-write for common attributes" and click on Edit Select "Self" and click on Edit Manually button. > > After "userPassword", insert "|| shadowLastChange " and click on OK and > again on OK on the parent window. That did the trick! Many Thanks! > -- Jim Summers School of Computer Science-University of Oklahoma ------------------------------------------------- From davea at support.kcm.org Fri Feb 9 23:08:02 2007 From: davea at support.kcm.org (Dave Augustus) Date: Fri, 09 Feb 2007 17:08:02 -0600 Subject: [Fedora-directory-users] Can't start admin server after update from 1.0.2 to 1.0.4 Message-ID: <1171062482.17491.2.camel@kcm40202.kcmhq.org> host_ip_init(): PSET failure: Could not retrieve access hosts attribute (pset error = ) shows up in the /opt/fedora-ds/admin-serv/logs/error file. Turning up debugging gives me: [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2221): [5957] Cache expiration set to 600 seconds [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2334): Added StartConfigDs task entry [cn=startconfigds,cn=operation,cn=tasks,cn=admin-serv-ldap,cn=fedora administration server,cn=server group,cn=ldap.hq.org,ou=hq.org,o=netscaperoot:start_config_ds:] for user [LocalSuper] [Fri Feb 09 15:37:57 2007] [crit] host_ip_init(): PSET failure: Could not retrieve access hosts attribute (pset error = ) Configuration Failed Any suggestions? The DS runs fine. Dave From rmeggins at redhat.com Fri Feb 9 23:24:21 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 09 Feb 2007 16:24:21 -0700 Subject: [Fedora-directory-users] Can't start admin server after update from 1.0.2 to 1.0.4 In-Reply-To: <1171062482.17491.2.camel@kcm40202.kcmhq.org> References: <1171062482.17491.2.camel@kcm40202.kcmhq.org> Message-ID: <45CD02A5.6090309@redhat.com> Dave Augustus wrote: > host_ip_init(): PSET failure: Could not retrieve access hosts attribute > (pset error = ) > > shows up in the /opt/fedora-ds/admin-serv/logs/error file. > > Turning up debugging gives me: > > [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2221): [5957] Cache > expiration set to 600 seconds > [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2334): Added > StartConfigDs task entry > [cn=startconfigds,cn=operation,cn=tasks,cn=admin-serv-ldap,cn=fedora > administration server,cn=server > group,cn=ldap.hq.org,ou=hq.org,o=netscaperoot:start_config_ds:] for user > [LocalSuper] > [Fri Feb 09 15:37:57 2007] [crit] host_ip_init(): PSET failure: Could > not retrieve access hosts attribute (pset error = ) > Configuration Failed > > Any suggestions? > ls -al /opt/fedora-ds/admin-serv/config > The DS runs fine. > > Dave > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From davea at support.kcm.org Fri Feb 9 23:31:02 2007 From: davea at support.kcm.org (Dave Augustus) Date: Fri, 09 Feb 2007 17:31:02 -0600 Subject: [Fedora-directory-users] Can't start admin server after update from 1.0.2 to 1.0.4 In-Reply-To: <45CD02A5.6090309@redhat.com> References: <1171062482.17491.2.camel@kcm40202.kcmhq.org> <45CD02A5.6090309@redhat.com> Message-ID: <1171063862.17491.4.camel@kcm40202.kcmhq.org> drwxr-xr-x 2 ldap ldap 4096 Feb 9 15:06 . drwxr-xr-x 6 root root 4096 Nov 7 22:30 .. -rw------- 1 ldap ldap 358 Oct 18 15:45 adm.conf -rw------- 1 ldap ldap 39 Oct 18 15:45 admpw -rw------- 1 root root 4588 Feb 9 14:35 admserv.conf -rw------- 1 root root 4588 Feb 9 14:35 admserv.conf.orig -rw------- 1 root root 1324 Feb 9 14:35 admserv.conf.rej -rw------- 1 ldap ldap 3726 Oct 18 15:45 console.conf -rw------- 1 root root 26699 Feb 9 15:06 httpd.conf -rw------- 1 root root 26698 Feb 9 14:35 httpd.conf.orig -rw------- 1 root root 2048 Feb 9 14:35 httpd.conf.rej -rw-r--r-- 1 root root 0 Feb 9 14:56 Ldap1 -rw-r--r-- 1 ldap ldap 19048 Feb 9 14:33 local.conf -r-------- 1 ldap ldap 4604 Nov 21 18:15 nss.conf On Fri, 2007-02-09 at 16:24 -0700, Richard Megginson wrote: > Dave Augustus wrote: > > host_ip_init(): PSET failure: Could not retrieve access hosts attribute > > (pset error = ) > > > > shows up in the /opt/fedora-ds/admin-serv/logs/error file. > > > > Turning up debugging gives me: > > > > [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2221): [5957] Cache > > expiration set to 600 seconds > > [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2334): Added > > StartConfigDs task entry > > [cn=startconfigds,cn=operation,cn=tasks,cn=admin-serv-ldap,cn=fedora > > administration server,cn=server > > group,cn=ldap.hq.org,ou=hq.org,o=netscaperoot:start_config_ds:] for user > > [LocalSuper] > > [Fri Feb 09 15:37:57 2007] [crit] host_ip_init(): PSET failure: Could > > not retrieve access hosts attribute (pset error = ) > > Configuration Failed > > > > Any suggestions? > > > ls -al /opt/fedora-ds/admin-serv/config > > The DS runs fine. > > > > Dave > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From rmeggins at redhat.com Fri Feb 9 23:39:19 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 09 Feb 2007 16:39:19 -0700 Subject: [Fedora-directory-users] Can't start admin server after update from 1.0.2 to 1.0.4 In-Reply-To: <1171063862.17491.4.camel@kcm40202.kcmhq.org> References: <1171062482.17491.2.camel@kcm40202.kcmhq.org> <45CD02A5.6090309@redhat.com> <1171063862.17491.4.camel@kcm40202.kcmhq.org> Message-ID: <45CD0627.5090907@redhat.com> Dave Augustus wrote: >> Dave Augustus wrote: >> >>> host_ip_init(): PSET failure: Could not retrieve access hosts attribute >>> (pset error = ) >>> >>> shows up in the /opt/fedora-ds/admin-serv/logs/error file. >>> >>> Turning up debugging gives me: >>> >>> [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2221): [5957] Cache >>> expiration set to 600 seconds >>> [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2334): Added >>> StartConfigDs task entry >>> [cn=startconfigds,cn=operation,cn=tasks,cn=admin-serv-ldap,cn=fedora >>> administration server,cn=server >>> group,cn=ldap.hq.org,ou=hq.org,o=netscaperoot:start_config_ds:] for user >>> [LocalSuper] >>> [Fri Feb 09 15:37:57 2007] [crit] host_ip_init(): PSET failure: Could >>> not retrieve access hosts attribute (pset error = ) >>> Configuration Failed >>> >>> Any suggestions? >>> Was the directory server up and running before you started the admin server? grep -i nsAdminAccessHosts /opt/fedora-ds/admin-serv/config/local.conf If it is missing, you should add it using the instructions here - http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt Not sure why the upgrade would have removed it though. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From mikael.kermorgant at gmail.com Sun Feb 11 09:20:33 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Sun, 11 Feb 2007 10:20:33 +0100 Subject: [Fedora-directory-users] error when restarting FDS In-Reply-To: <45CBA4E0.3010100@eburg.com> References: <9711147e0702070022n5d279b04y216364e6c3ce03cd@mail.gmail.com> <9711147e0702081339v4ad28ab0na76435649242a2fe@mail.gmail.com> <45CBA4E0.3010100@eburg.com> Message-ID: <9711147e0702110120qa0ee42dl39afccccbd060959@mail.gmail.com> 2007/2/8, Gordon Messmer : > > echo "starting fedora directory server" > > /etc/init.d/fds start > > Do you know what command I should add to this script to set up the > > environment correctly ? > > Modify /etc/init.d/fds, and add "ulimit -n 65536" there. Thanks a lot, it works ! Regards, -- Mikael Kermorgant From rinconsystems at yahoo.com Sun Feb 11 18:51:08 2007 From: rinconsystems at yahoo.com (Scott Roberts) Date: Sun, 11 Feb 2007 10:51:08 -0800 (PST) Subject: [Fedora-directory-users] rhel/fedora clock drift? Message-ID: <20070211185108.77884.qmail@web34113.mail.mud.yahoo.com> In rhel 4 and fc5 and fc6 the clock interrupt in the kernel is 1000mhz. AFAIK this is too high and causes the clock to drift and lose sync. This is even more of a problem for virtual servers like vmware or zen. Anyone experience this issue and have any workarounds other than recompiling the kernel. Seems like a drastic measure just to get an OS to keep accurate time. I have looked for around for solutions and thought maybe my fellow ldap admins might know something. ____________________________________________________________________________________ TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. http://tv.yahoo.com/ From patrick.morris at hp.com Sun Feb 11 20:06:30 2007 From: patrick.morris at hp.com (Morris, Patrick) Date: Sun, 11 Feb 2007 15:06:30 -0500 Subject: [Fedora-directory-users] rhel/fedora clock drift? In-Reply-To: <20070211185108.77884.qmail@web34113.mail.mud.yahoo.com> References: <20070211185108.77884.qmail@web34113.mail.mud.yahoo.com> Message-ID: > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Scott Roberts > Sent: Sunday, February 11, 2007 10:51 AM > To: fedora-directory-users at redhat.com > Subject: [Fedora-directory-users] rhel/fedora clock drift? > > In rhel 4 and fc5 and fc6 the clock interrupt in the kernel > is 1000mhz. AFAIK this is too high and causes the clock to > drift and lose sync. This is even more of a problem for > virtual servers like vmware or zen. > Anyone experience this issue and have any workarounds other > than recompiling the kernel. Seems like a drastic measure > just to get an OS to keep accurate time. I have looked for > around for solutions and thought maybe my fellow ldap admins > might know something. NTP? From cwg-dated-1171495263.8b9506 at Trinsics.Com Fri Feb 9 23:21:02 2007 From: cwg-dated-1171495263.8b9506 at Trinsics.Com (Chris Garrigues) Date: Fri, 09 Feb 2007 17:21:02 -0600 Subject: [Fedora-directory-users] Re: Announce: Net-LDAPapi version 2.00 released In-Reply-To: Message from Quanah Gibson-Mount of "Fri, 09 Feb 2007 01:24:52 PST." <617E31A4C92DFB95C3CF84BB@SW-90-717-287-3.stanford.edu> References: <617E31A4C92DFB95C3CF84BB@SW-90-717-287-3.stanford.edu> Message-ID: <1171063262.22950.TMDA@io.trinsics.com> > From: Quanah Gibson-Mount > Date: Fri, 09 Feb 2007 01:24:52 -0800 > > A new release of Net::LDAPapi module is now available for Perl via CPAN. > This release includes compilation against OpenLDAP libraries from version > 2.1 forward. It now supports LDAPv3, including SASL binds. I hate to sound critical, but... Who's responsible for the "object oriented" interface? It bugs me when a package claims to have an OO interface, yet there's no use of OO concepts in the interface. It took me a while to convince myself that the values returned by first_entry and next_entry aren't actually objects on which I would then use the get_values method. I'd rather just use the non-OO interface since it wouldn't mislead me into expecting OO behavior. I assume that still works even though it's no longer documented. Do I just stick "ldap_" on the front of all the method names? Chris -- Chris Garrigues Trinsic Solutions President 710-B West 14th Street Austin, TX 78701-1755 512-322-0180 http://www.trinsics.com Would you rather proactively pay for uptime or reactively pay for downtime? Trinsic Solutions Your Proactive IT Management Partner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: not available URL: From quanah at stanford.edu Fri Feb 9 23:30:41 2007 From: quanah at stanford.edu (Quanah Gibson-Mount) Date: Fri, 09 Feb 2007 15:30:41 -0800 Subject: [Fedora-directory-users] Re: Announce: Net-LDAPapi version 2.00 released In-Reply-To: <1171063262.22950.TMDA@io.trinsics.com> References: <617E31A4C92DFB95C3CF84BB@SW-90-717-287-3.stanford.edu> <1171063262.22950.TMDA@io.trinsics.com> Message-ID: <83D3EAE681DB6DC0650D89A9@deus-ex.stanford.edu> --On Friday, February 09, 2007 5:21 PM -0600 Chris Garrigues wrote: >> From: Quanah Gibson-Mount >> Date: Fri, 09 Feb 2007 01:24:52 -0800 >> >> A new release of Net::LDAPapi module is now available for Perl via CPAN. >> This release includes compilation against OpenLDAP libraries from >> version 2.1 forward. It now supports LDAPv3, including SASL binds. > > I hate to sound critical, but... > > Who's responsible for the "object oriented" interface? It bugs me when a > package claims to have an OO interface, yet there's no use of OO concepts > in the interface. It took me a while to convince myself that the values > returned by first_entry and next_entry aren't actually objects on which > I would then use the get_values method. The interface has not been particularly or heavily modified since it was last touched in 1998. The initial 2.00 release is to get a version out that actually works with the modern LDAP api's available, which the old version flat out didn't do. As time allows, I will be going through the code and updating it to conform to current practices and procedures. > I'd rather just use the non-OO interface since it wouldn't mislead me > into expecting OO behavior. I assume that still works even though it's > no longer documented. Do I just stick "ldap_" on the front of all the > method names? I personally haven't used it, but I'd assume so, given the following comment in the Changes file: - Added Perl-OO methods for virtually all API calls. The C style API calls still work, and will work in all future versions. Note that I haven't added named arguments yet, so argument order matters. This should be in the next version. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html From sleepyjoeyu at gmail.com Mon Feb 12 17:47:35 2007 From: sleepyjoeyu at gmail.com (Yu Joe) Date: Tue, 13 Feb 2007 01:47:35 +0800 Subject: [Fedora-directory-users] sasl encryption not supported over ssl error Message-ID: Dear all I tried to make my FDS work with sasl(digest-md5)+SSL. I can get correct result by "ldapsearch -Y digest-md5 -U sasl1 ..." or "ldapsearch -x -D 'cn=Directory Manager' -W -H ldaps://rhds.example.com...". But I got the error message such as "*sasl encryption not supported over ssl"*, when I execute command like "ldapsearch -Y digest-md5 -U sasl1 -H ldaps://rhds.example.com ...". Some of my friends tell me this works on openldap. So I suggest it must be also working on FDS. Is that right? If so, what's the probably reason causes this error? Or it just really don't support? Please helps, thanks a lot. -- Joe Yu A humble RHCE comes from Taiwan -------------- next part -------------- An HTML attachment was scrubbed... URL: From david_list at boreham.org Mon Feb 12 18:17:10 2007 From: david_list at boreham.org (David Boreham) Date: Mon, 12 Feb 2007 11:17:10 -0700 Subject: [Fedora-directory-users] sasl encryption not supported over ssl error In-Reply-To: References: Message-ID: <45D0AF26.5060709@boreham.org> Yu Joe wrote: > Dear all > > I tried to make my FDS work with sasl(digest-md5)+SSL. I can get > correct result by "ldapsearch -Y digest-md5 -U sasl1 ..." or > "ldapsearch -x -D 'cn=Directory Manager' -W -H > ldaps://rhds.example.com...". > But I got the error message such as "*sasl encryption not supported > over ssl"*, when I execute command like "ldapsearch -Y digest-md5 -U > sasl1 -H ldaps://rhds.example.com ...". Some of my friends tell me > this works on openldap. So I suggest it must be also working on FDS. > Is that right? If so, what's the probably reason causes this error? Or > it just really don't support? Please helps, thanks a lot. No, it really doesn't work. But why are you wanting both SSL and SASL privacy ? For the curious, the way the SSL I/O is layered in the server is not compatible with the implementation of SASL encryption (they're both trying to layer at the same place in the I/O stack). With sufficient motivation I suspect that SASL over SSL could be done, but the question is why would anyone want to do that.. Perhaps all you need to do is to turn off SASL payload encryption. SASL authentication with an SSL connection should work ok. From davea at support.kcm.org Mon Feb 12 19:33:50 2007 From: davea at support.kcm.org (Dave Augustus) Date: Mon, 12 Feb 2007 13:33:50 -0600 Subject: [Fedora-directory-users] Can't start admin server after update from 1.0.2 to 1.0.4 In-Reply-To: <45CD0627.5090907@redhat.com> References: <1171062482.17491.2.camel@kcm40202.kcmhq.org> <45CD02A5.6090309@redhat.com> <1171063862.17491.4.camel@kcm40202.kcmhq.org> <45CD0627.5090907@redhat.com> Message-ID: <1171308831.8867.2.camel@kcm40202.kcmhq.org> Thanks! That did it. On Fri, 2007-02-09 at 16:39 -0700, Richard Megginson wrote: > Dave Augustus wrote: > >> Dave Augustus wrote: > >> > >>> host_ip_init(): PSET failure: Could not retrieve access hosts attribute > >>> (pset error = ) > >>> > >>> shows up in the /opt/fedora-ds/admin-serv/logs/error file. > >>> > >>> Turning up debugging gives me: > >>> > >>> [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2221): [5957] Cache > >>> expiration set to 600 seconds > >>> [Fri Feb 09 15:37:57 2007] [debug] mod_admserv.c(2334): Added > >>> StartConfigDs task entry > >>> [cn=startconfigds,cn=operation,cn=tasks,cn=admin-serv-ldap,cn=fedora > >>> administration server,cn=server > >>> group,cn=ldap.hq.org,ou=hq.org,o=netscaperoot:start_config_ds:] for user > >>> [LocalSuper] > >>> [Fri Feb 09 15:37:57 2007] [crit] host_ip_init(): PSET failure: Could > >>> not retrieve access hosts attribute (pset error = ) > >>> Configuration Failed > >>> > >>> Any suggestions? > >>> > Was the directory server up and running before you started the admin server? > grep -i nsAdminAccessHosts /opt/fedora-ds/admin-serv/config/local.conf > > If it is missing, you should add it using the instructions here - > http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt > > Not sure why the upgrade would have removed it though. > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From sb098 at byuh.edu Tue Feb 13 00:28:50 2007 From: sb098 at byuh.edu (Scott Belnap) Date: Mon, 12 Feb 2007 14:28:50 -1000 Subject: [Fedora-directory-users] rhel/fedora clock drift? In-Reply-To: <20070211185108.77884.qmail@web34113.mail.mud.yahoo.com> References: <20070211185108.77884.qmail@web34113.mail.mud.yahoo.com> Message-ID: <1171326530.7705.2.camel@zhou> You can pass clock=pit to the kernel on boot up or use NTP. On Sun, 2007-02-11 at 10:51 -0800, Scott Roberts wrote: > In rhel 4 and fc5 and fc6 the clock interrupt in the > kernel is 1000mhz. AFAIK this is too high and causes > the clock to drift and lose sync. This is even more of > a problem for virtual servers like vmware or zen. > Anyone experience this issue and have any workarounds > other than recompiling the kernel. Seems like a > drastic measure just to get an OS to keep accurate > time. I have looked for around for solutions and > thought maybe my fellow ldap admins might know something. > > > > ____________________________________________________________________________________ > TV dinner still cooling? > Check out "Tonight's Picks" on Yahoo! TV. > http://tv.yahoo.com/ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From jim.bartus at gmail.com Tue Feb 13 05:36:27 2007 From: jim.bartus at gmail.com (jim bartus) Date: Tue, 13 Feb 2007 00:36:27 -0500 Subject: [Fedora-directory-users] FDS and phpLDAPadmin In-Reply-To: References: <20070125194407.GH11333@pmorris.usa.hp.com> Message-ID: I just ran into the same problem using 'ldapsearch' yesterday. Out of curiosity, whats the reasoning behind FDS not supplying a default root? Is it common practice to set it somewhere once you've setup your tree, or is it deliberately omitted for some compatibility or security reason? -jim On 1/25/07, Heath Henderson wrote: > > Thanks, I had tried this last night, but will give it another go today. > > At least I know I was in the right place. > > > -- > Heath Henderson > heath at a5.com > -- > > > > > From: Patrick Morris > > Reply-To: "General discussion list for the Fedora Directory server > project." > > > > Date: Thu, 25 Jan 2007 11:44:07 -0800 > > To: "General discussion list for the Fedora Directory server project." > > > > Subject: Re: [Fedora-directory-users] FDS and phpLDAPadmin > > > > On Thu, 25 Jan 2007, Heath Henderson wrote: > > > >> I am new to LDAP and more specifically FDS. I had an OpenLDAP server > setup > >> a year or so ago which I used an older version of phpldapadmin > with. It > >> seemed to work without too much trouble, but I can't seem to get either > FDS > >> or OpenLDAP working with phpldapamdin. > >> > >> I found some information in the list archives as well as other places, > but > >> my problem seems to be still existing. > >> > >> The error I get from phpLDAPadmin > >> > >> Could not determine the root of your LDAP tree. > >> It appears that the LDAP server has been configured to not reveal its > root. > >> Please specify it in config.php > >> > >> > >> I would really like to use FDS and have it running what I consider very > >> well. I am not able to get this plugged into it and I really don't know > >> enough yet on where to look to configure either FDS to reveal its root > or > >> phpldapadmin to know what the rootDSE is set to? > > > > In your phpLDAPadmin config, you need to set this: > > > > /* Array of base DNs of your LDAP server. Leave this blank to have > > * phpLDAPadmin > > auto-detect it for you. */ > > // $ldapservers->SetValue($i,'server','base',array('')); > > > > It should be an array of the DNs you want to appear there. > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick.morris at hp.com Tue Feb 13 06:13:39 2007 From: patrick.morris at hp.com (Morris, Patrick) Date: Tue, 13 Feb 2007 01:13:39 -0500 Subject: [Fedora-directory-users] FDS and phpLDAPadmin In-Reply-To: References: <20070125194407.GH11333@pmorris.usa.hp.com> Message-ID: > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of jim bartus > Sent: Monday, February 12, 2007 9:36 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] FDS and phpLDAPadmin > > I just ran into the same problem using 'ldapsearch' > yesterday. Out of curiosity, whats the reasoning behind FDS > not supplying a default root? Is it common practice to set > it somewhere once you've setup your tree, or is it > deliberately omitted for some compatibility or security reason? I think, primarily, its because a typical installation of FDS (and for a long time before it, Netscape DS) has multiple roots. From koniczynek at uaznia.net Tue Feb 13 14:10:52 2007 From: koniczynek at uaznia.net (=?ISO-8859-2?Q?Micha=B3_Dro=BCdziewicz?=) Date: Tue, 13 Feb 2007 15:10:52 +0100 Subject: [Fedora-directory-users] ACL Message-ID: <45D1C6EC.3070609@uaznia.net> Hi, I want to convert my LDAP database form OpenLDAP to FDS and this is done without problem. The problem is with ACL transfer - is there an easy way to convert OpenLDAP ACLs to the one that FDS supports. I can't find it, so please guide me ;) Thanks! -- xmpp/email: koniczynek at uaznia.net xmpp/email: koniczynek at gmail.com From joshua at itsecureadmin.com Tue Feb 13 14:51:00 2007 From: joshua at itsecureadmin.com (Josh Miller) Date: Tue, 13 Feb 2007 06:51:00 -0800 Subject: [Fedora-directory-users] rhel/fedora clock drift? In-Reply-To: <45D1CB71.1060209@itsecureadmin.com> References: <20070211185108.77884.qmail@web34113.mail.mud.yahoo.com> <1171326530.7705.2.camel@zhou> <45D1CB71.1060209@itsecureadmin.com> Message-ID: <45D1D054.9090902@itsecureadmin.com> If you are using VMware virtual servers, the recommendation is to use the following two corrective measures: 1. Append clock=pit to your kernel boot line in grub.conf 2. In the vmx file for your virtual server, add the following line, or modify it if it already exists as false: tools.syncTime = "TRUE" You can also configure this value through the VC console and you must restart the virtual machine after making these changes for it to take effect. Then make sure you have the VMware tools installed, configured, and running. ref: http://www.vmware.com/pdf/vmware_timekeeping.pdf Thanks, Josh Miller, RHCE > Scott Belnap wrote: >> You can pass clock=pit to the kernel on boot up or use NTP. >> >> >> >> On Sun, 2007-02-11 at 10:51 -0800, Scott Roberts wrote: >>> In rhel 4 and fc5 and fc6 the clock interrupt in the >>> kernel is 1000mhz. AFAIK this is too high and causes >>> the clock to drift and lose sync. This is even more of >>> a problem for virtual servers like vmware or zen. >>> Anyone experience this issue and have any workarounds >>> other than recompiling the kernel. Seems like a >>> drastic measure just to get an OS to keep accurate >>> time. I have looked for around for solutions and >>> thought maybe my fellow ldap admins might know something. >>> >>> >>> >>> ____________________________________________________________________________________ >>> >>> TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. >>> http://tv.yahoo.com/ >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > From rmeggins at redhat.com Tue Feb 13 14:55:56 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 13 Feb 2007 07:55:56 -0700 Subject: [Fedora-directory-users] FDS and phpLDAPadmin In-Reply-To: References: <20070125194407.GH11333@pmorris.usa.hp.com> Message-ID: <45D1D17C.7050007@redhat.com> jim bartus wrote: > I just ran into the same problem using 'ldapsearch' yesterday. Out of > curiosity, whats the reasoning behind FDS not supplying a default root? I'm not sure what this means. What is a default root and how can FDS supply it? I think one of the problems is that phpldapadmin depends on being able to do the following query: ldapsearch -s base -b "" "(objectclass=*)" "*" "+" The "+" is a special openldap-only (but now an rfc I think) extension which tells the server to return all operational attributes. The list of suffixes (i.e. "roots") is an operational attribute - namingContexts - in the rootdse. If you could find the section in phpldapadmin where it queries the rootdse, and you add this attribute to the search operation attribute list, that may solve the problem. Another problem could be with anonymous access control - see here - http://directory.fedora.redhat.com/wiki/Howto:phpLdapAdmin > Is it common practice to set it somewhere once you've setup your tree, > or is it deliberately omitted for some compatibility or security reason? > > -jim > > On 1/25/07, *Heath Henderson* > wrote: > > Thanks, I had tried this last night, but will give it another go > today. > > At least I know I was in the right place. > > > -- > Heath Henderson > heath at a5.com > -- > > > > > From: Patrick Morris > > > Reply-To: "General discussion list for the Fedora Directory > server project." > > < fedora-directory-users at redhat.com > > > > Date: Thu, 25 Jan 2007 11:44:07 -0800 > > To: "General discussion list for the Fedora Directory server > project." > > < fedora-directory-users at redhat.com > > > > Subject: Re: [Fedora-directory-users] FDS and phpLDAPadmin > > > > On Thu, 25 Jan 2007, Heath Henderson wrote: > > > >> I am new to LDAP and more specifically FDS. I had an OpenLDAP > server setup > >> a year or so ago which I used an older version of phpldapadmin > with. It > >> seemed to work without too much trouble, but I can't seem to > get either FDS > >> or OpenLDAP working with phpldapamdin. > >> > >> I found some information in the list archives as well as other > places, but > >> my problem seems to be still existing. > >> > >> The error I get from phpLDAPadmin > >> > >> Could not determine the root of your LDAP tree. > >> It appears that the LDAP server has been configured to not > reveal its root. > >> Please specify it in config.php > >> > >> > >> I would really like to use FDS and have it running what I > consider very > >> well. I am not able to get this plugged into it and I really > don't know > >> enough yet on where to look to configure either FDS to reveal > its root or > >> phpldapadmin to know what the rootDSE is set to? > > > > In your phpLDAPadmin config, you need to set this: > > > > /* Array of base DNs of your LDAP server. Leave this blank to have > > * phpLDAPadmin > > auto-detect it for you. */ > > // $ldapservers->SetValue($i,'server','base',array('')); > > > > It should be an array of the DNs you want to appear there. > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From hyc at symas.com Tue Feb 13 17:44:16 2007 From: hyc at symas.com (Howard Chu) Date: Tue, 13 Feb 2007 09:44:16 -0800 Subject: [Fedora-directory-users] sasl encryption not supported over ssl error In-Reply-To: <20070213170005.875017332B@hormel.redhat.com> References: <20070213170005.875017332B@hormel.redhat.com> Message-ID: <45D1F8F0.6030301@symas.com> > Date: Mon, 12 Feb 2007 11:17:10 -0700 > From: David Boreham >>Yu Joe wrote: >> > Dear all >> > >> > I tried to make my FDS work with sasl(digest-md5)+SSL. I can get >> > correct result by "ldapsearch -Y digest-md5 -U sasl1 ..." or >> > "ldapsearch -x -D 'cn=Directory Manager' -W -H >> > ldaps://rhds.example.com...". >> > But I got the error message such as "*sasl encryption not supported >> > over ssl"*, when I execute command like "ldapsearch -Y digest-md5 -U >> > sasl1 -H ldaps://rhds.example.com ...". Some of my friends tell me >> > this works on openldap. So I suggest it must be also working on FDS. >> > Is that right? If so, what's the probably reason causes this error? Or >> > it just really don't support? Please helps, thanks a lot. > > No, it really doesn't work. But why are you wanting both SSL and SASL > privacy ? Always an interesting question but yes, for the record, it works fine in OpenLDAP. > For the curious, the way the SSL I/O is layered in the server is not > compatible with > the implementation of SASL encryption (they're both trying to layer at > the same place > in the I/O stack). With sufficient motivation I suspect that SASL over > SSL could be done, > but the question is why would anyone want to do that.. The OpenLDAP implementation allows an arbitrary number of encoders/parsers to be layered on the I/O stack. http://www.openldap.org/devel/cvsweb.cgi/doc/man/man3/lber-sockbuf.3 As Pete Rowley would say, it's always better to have the choice available to you. You never know what future requirements may come along, after all, and some people may decide that triple-DES or AES by itself isn't strong enough (paranoid enough?). > Perhaps all you need to do is to turn off SASL payload encryption. SASL > authentication > with an SSL connection should work ok. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/ From edlinuxguru at gmail.com Tue Feb 13 18:31:32 2007 From: edlinuxguru at gmail.com (Eddie C) Date: Tue, 13 Feb 2007 13:31:32 -0500 Subject: [Fedora-directory-users] FDS backup_now script Message-ID: This is small backup script I wrote. Often times before minor changes I run a quick backup to be on the safe side. It assumes an ldap instance is the same as your hostname. bob.test.test.com instance name=bob #!/bin/sh # Edward Guy Capriolo # 2007 February 13 # Used to initiate a databackup of LDAP #Start user edit auth_dn="change_this" auth_ps="change_this" #End user edit USER_ID=`id -u` host_n=`hostname -s` # Standard format 2007_02_11_02_02_01 folder_name=`date +%Y_%m_%d_%H_%M_%S` if [ "$USER_ID" = "0" ]; then true else echo "Script must be run as root (0)" exit 1 fi /opt/fedora-ds/slapd-${host_n}/db2bak.pl -D "${auth_dn}" -w "${auth_ps}" -a /opt/fedora-ds/slapd-${host_n}/bak/${folder_name} echo "Backup Initiated: Run tail -f /opt/fedora-ds/slapd-${host_n}/logs/errors to monitor the backup status." exit 0 Hope this is useful. Edward Capriolo -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshua at itsecureadmin.com Tue Feb 13 14:30:09 2007 From: joshua at itsecureadmin.com (Josh Miller) Date: Tue, 13 Feb 2007 06:30:09 -0800 Subject: [Fedora-directory-users] rhel/fedora clock drift? In-Reply-To: <1171326530.7705.2.camel@zhou> References: <20070211185108.77884.qmail@web34113.mail.mud.yahoo.com> <1171326530.7705.2.camel@zhou> Message-ID: <45D1CB71.1060209@itsecureadmin.com> If you are using VMware virtual servers, the recommendation is to use the following two corrective measures: 1. Append clock=pit to your kernel boot line in grub.conf 2. In the vmx file for your virtual server, add the following line, or modify it if it already exists as false: tools.syncTime = "TRUE" You can also configure this value through the VC console and you must restart the virtual machine after making these changes for it to take effect. Then make sure you have the VMware tools installed, configured, and running. ref: http://www.vmware.com/pdf/vmware_timekeeping.pdf Thanks, Josh Miller, RHCE Scott Belnap wrote: > You can pass clock=pit to the kernel on boot up or use NTP. > > > > On Sun, 2007-02-11 at 10:51 -0800, Scott Roberts wrote: >> In rhel 4 and fc5 and fc6 the clock interrupt in the >> kernel is 1000mhz. AFAIK this is too high and causes >> the clock to drift and lose sync. This is even more of >> a problem for virtual servers like vmware or zen. >> Anyone experience this issue and have any workarounds >> other than recompiling the kernel. Seems like a >> drastic measure just to get an OS to keep accurate >> time. I have looked for around for solutions and >> thought maybe my fellow ldap admins might know something. >> >> >> >> ____________________________________________________________________________________ >> TV dinner still cooling? >> Check out "Tonight's Picks" on Yahoo! TV. >> http://tv.yahoo.com/ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From ABliss at preferredcare.org Tue Feb 13 21:25:48 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Tue, 13 Feb 2007 16:25:48 -0500 Subject: [Fedora-directory-users] Detecting password changes in fds Message-ID: Hi everyone, I thought that others may find this useful; we have migrated away from local accounts to fds, but needed a way to detect password changes to user objects in fds; there are 2 scripts involved with this; the first will generate a list of uids and their password expiration times ; the second script (a perl script) will use epoch time to determine if a given users password expiration time is 90 days from today; the scripts assume that there is an fds password policy set that will force user object passwords to expire 90 days after being set. I'm sure that others will be able to make these scripts more efficient, but they do get the job done....Enjoy. Aaron #!/bin/bash #this script is designed to detect user for password changes #located in the ldap directory #this script assumes your password policy is set so that user object's #will have a passwordExpiration time of 90 days after settting their passwords #generate a list of dn's ldapsearch -b ou=Users,dc=preferredcare,dc=org -x -ZZ uid | grep '^uid' | awk ' {print $2}' | sort > /tmp/listdns #lets process our logs exec < /tmp/listdns while read line do pswar=`ldapsearch -x -ZZ "(uid=$line)" passwordexpirationtime | grep passwordexpirationtime | grep -v '#' | awk '{print $2}' | cut -c 1-8` #setup some vars for the check pwmonth=`echo $pswar | cut -c 5-6` pwday=`echo $pswar | cut -c 7-8` pwyear=`echo $pswar | cut -c 1-4` pwuser=`echo $line | awk '{ print $1}'` if [ -e /tmp/$pwuser.out ] ; then rm -f /tmp/$pwuser.out fi #perl script expects input year month day /myepoch.pl $pwyear $pwmonth $pwday $pwuser # echo $line | awk '{ print $1}' #this is going to get our expiration dates for us #check to see if the temp file was created if [ -e /tmp/$pwuser.out ] ; then echo "$pwuser password was chagned" fi Done #! /usr/bin/perl use strict; use warnings; use Time::Local; #epoch secs for 2 weeks equal 1209600 #setup vars that were passed in year, month, day in that order my $varpass0 = $ARGV[0]; my $varpass1 = $ARGV[1]; my $varpass2 = $ARGV[2]; my $varpass3 = $ARGV[3]; #timelocal doesn't work for dates past the year 2038 if ($varpass0 >= 2038) { exit 0; } #get todays date and format it properly #beaware localtime is going to format year-1900 and month-1 my ($mday,$mmonth,$myear) = (localtime(time)) [3,4,5]; my $epdate = timelocal (0,0,0,$mday,$mmonth,$myear); #get epoch date for when password will expire #we have to format what was passed to us to make it usable by timelocal my $varpass00 = $varpass0 - 1900; my $varpass11 = $varpass1 - 1; my $passexp = timelocal (0,0,0,$varpass2,$varpass11,$varpass00); #subtract password expiration from today and see what we get my $passans = ($passexp - $epdate) / 86400; #lets see where we stand #and send a warning to the end users if necessary my $passans1 = int($passans); #set this to be 1 less than your password expiration policy if ($passans > 89) { open(NEW, "> /tmp/$varpass3.out"); print NEW "$passans1\n"; close NEW; } Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. -------------- next part -------------- An HTML attachment was scrubbed... URL: From capareci at uol.com.br Wed Feb 14 12:55:31 2007 From: capareci at uol.com.br (Renato Ribeiro da Silva) Date: Wed, 14 Feb 2007 10:55:31 -0200 Subject: [Fedora-directory-users] Message in error log Message-ID: I tried turn on the aci summary log level but the Directory got so slow and stopped responding. However I checked the number of ACIs and there was a lot of acis in the container "ou=UserPreferences,ou=corp,o=NetscapeRoot". I deleted all entries inside this container and that problem was solved. Thank you, Renato > Renato Ribeiro da Silva wrote: > > The following message is frequently appearing in my slapd error log. > > [01/Feb/2007:15:36:52 -0200] acl__TestRights - cache overflown > > Any idea? > > > Try turning on the ACI summary log level > http://directory.fedora.redhat.com/wiki/FAQ#Troubleshooting > How many ACIs do you have in your server? > > Thanks in advance, > > Renato. > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > From capareci at uol.com.br Wed Feb 14 14:21:45 2007 From: capareci at uol.com.br (Renato Ribeiro da Silva) Date: Wed, 14 Feb 2007 12:21:45 -0200 Subject: [Fedora-directory-users] Stress tool to FDS Message-ID: Is there any stress tool to FDS? I need to simulate a large number of binds and searches in Directory. Thanks in advance, Renato. From nhosoi at redhat.com Wed Feb 14 18:07:14 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Wed, 14 Feb 2007 10:07:14 -0800 Subject: [Fedora-directory-users] Stress tool to FDS In-Reply-To: References: Message-ID: <45D34FD2.7030905@redhat.com> Renato Ribeiro da Silva wrote: > Is there any stress tool to FDS? I need to simulate a large number of binds and searches in Directory. > > Thanks in advance, > Renato. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > Please take a look at /opt/fedora-ds/shared/bin/{rsearch, ldclt} if they meet your requirements. ===================================================== Usage: rsearch -D binddn -w bindpw -s suffix -f filter [options] -\? -- print Usage (this message) -H -- print Usage (this message) -h host -- ldap server host (default: localhost) -p port -- ldap server port (default: 389) -S scope -- search SCOPE [0,1,or 2] (default: 2) -b -- bind before every operation -u -- don't unbind -- just close the connection -L -- set linger -- connection discarded when closed -N -- No operation -- just bind (ignore mdc) -v -- verbose -y -- nodelay -q -- quiet -l -- logging -m -- operaton: modify non-indexed attr (description). -B required -M -- operaton: modify indexed attr (telephonenumber). -B required -d -- operaton: delete. -B required -c -- operaton: compare. -B required -i file -- name file; used for the search filter -B file -- [DN and] UID file (use '-B \?' to see the format) -A attrs -- list of attributes for search request -a file -- list of attributes for search request in a file -- (use '-a \?' to see the format ; -a & -A are mutually exclusive) -n number -- (reserved for future use) -j number -- sample interval, in seconds (default: 10) -t number -- threads (default: 1) -T number -- Time limit, in seconds; cmd stops when exceeds -V -- show running average -C num -- take num samples, then stop -R num -- drop connection & reconnect every num searches -x -- Use -B file for binding; ignored if -B is not given ===================================================== usage: ldclt [-qQvV] [-E ] [-b ] [-h ] [-p ] [-t ] [-D ] [-w ] [-e ] [-a ] [-n ] [-i ] [-N ] [-I ] [-T ] [-r -R ] [-f ] [-s ] [-S ] [-P] [-W ] [-Z ] This tool is a ldap client targetted to validate the reliability of the product under test under hard use. The valid options are: -a Asynchronous mode, with max pending operations. -b Give the base DN to use. Default "o=sun,c=us". -D Bind DN. See -w -E Max errors allowed. Default 1000. -e Execution parameters: add : ldap_add() entries. append : append entries to the genldif file. ascii : ascii 7-bits strings. attreplace=name:mask : replace attribute of existing entry. attrlist=name:name:name : specify list of attribs to retrieve attrsonly=0|1 : ldap_search() parameter. Set 0 to read values. bindeach : ldap_bind() for each operation. bindonly : only bind/unbind, no other operation is performed. close : will close() the fd, rather than ldap_unbind(). cltcertname=name : name of the SSL client certificate commoncounter : all threads share the same counter. counteach : count each operation not only successful ones. delete : ldap_delete() entries. dontsleeponserverdown : will loop very fast if server down. emailPerson : objectclass=emailPerson (-e add only). esearch : exact search. genldif=filename : generates a ldif file imagesdir=path : specify where are the images. incr : incremental values. inetOrgPerson : objectclass=inetOrgPerson (-e add only). keydbfile=file : filename of the key database keydbpin=password : password for accessing the key database noglobalstats : don't print periodical global statistics noloop : does not loop the incremental numbers. object=filename : build object from input file person : objectclass=person (-e add only). random : random filters, etc... randomattrlist=name:name:name : random select attrib in the list randombase : random base DN. randombaselow=value : low value for random generator. randombasehigh=value : high value for random generator. randombinddn : random bind DN. randombinddnfromfile=fine : retrieve bind DN & passwd from file randombinddnlow=value : low value for random generator. randombinddnhigh=value : high value for random generator. rdn=attrname:value : alternate for -f. referral=on|off|rebind : change referral behaviour. scalab01 : activates scalab01 scenario. scalab01_cnxduration : maximum connection duration. scalab01_maxcnxnb : modem pool size. scalab01_wait : sleep() between 2 attempts to connect. smoothshutdown : main thread waits till the worker threads exit. string : create random strings rather than random numbers. v2 : ldap v2. withnewparent : rename with newparent specified as argument. -f Filter for searches. -h Host to connect. Default "localhost". -i Number of times inactivity allowed. Default 3 (30 seconds) -I Ignore errors (cf. -E). Default none. -n Number of threads. Default 10. -N Number of samples (10 seconds each). Default infinite. -p Server port. Default 389. -P Master port (to check replication). Default 16000. -q Quiet mode. See option -I. -Q Super quiet mode. -r Range's low value. -R Range's high value. -s Scope. May be base, subtree or one. Default subtree. -S Slave to check. -t LDAP operations timeout. Default 30 seconds. -T Total number of operations per thread. Default infinite. -v Verbose. -V Very verbose. -w Bind passwd. See -D. -W Wait between two operations. Default 0 seconds. -Z certfile. Turn on SSL and use certfile as the certificate DB -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From pkime at Shopzilla.com Thu Feb 15 04:48:40 2007 From: pkime at Shopzilla.com (Philip Kime) Date: Wed, 14 Feb 2007 20:48:40 -0800 Subject: [Fedora-directory-users] Suddenly, all our LDAP servers segfaulted today? Message-ID: <9C0091F428E697439E7A773FFD083427A929BD@szexchange.Shopzilla.inc> FDS 1.0.2 and suddenly today three out of four servers segfaulted (at different times) with this identical dump message: Feb 14 19:40:17 hqldap01 kernel: ns-slapd[2432]: segfault at 0000000000000008 rip 0000000000411b6f rsp 00000000404520c8 error 4 syslog also had a lot of this: Feb 13 03:15:26 hqldap02 ns-slapd: sql_select option missing Feb 13 03:15:26 hqldap02 ns-slapd: auxpropfunc error no mechanism available Feb 14 02:00:01 hqldap02 ns-slapd: sql_select option missing Feb 14 02:00:01 hqldap02 ns-slapd: auxpropfunc error no mechanism available Feb 14 02:00:04 hqldap02 ns-slapd: sql_select option missing Feb 14 02:00:04 hqldap02 ns-slapd: auxpropfunc error no mechanism available Feb 14 03:15:25 hqldap02 ns-slapd: sql_select option missing Feb 14 03:15:25 hqldap02 ns-slapd: auxpropfunc error no mechanism available This is really strange - any ideas? -- Philip Kime NOPS Systems Architect 310 401 0407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Feb 15 15:25:50 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 15 Feb 2007 08:25:50 -0700 Subject: [Fedora-directory-users] Suddenly, all our LDAP servers segfaulted today? In-Reply-To: <9C0091F428E697439E7A773FFD083427A929BD@szexchange.Shopzilla.inc> References: <9C0091F428E697439E7A773FFD083427A929BD@szexchange.Shopzilla.inc> Message-ID: <45D47B7E.6020007@redhat.com> Philip Kime wrote: > FDS 1.0.2 and suddenly today three out of four servers segfaulted (at > different times) with this identical dump message: > > Feb 14 19:40:17 hqldap01 kernel: ns-slapd[2432]: segfault at > 0000000000000008 rip 0000000000411b6f rsp 00000000404520c8 error 4 > syslog also had a lot of this: > > Feb 13 03:15:26 hqldap02 ns-slapd: sql_select option missing > Feb 13 03:15:26 hqldap02 ns-slapd: auxpropfunc error no mechanism > available > Feb 14 02:00:01 hqldap02 ns-slapd: sql_select option missing > Feb 14 02:00:01 hqldap02 ns-slapd: auxpropfunc error no mechanism > available > Feb 14 02:00:04 hqldap02 ns-slapd: sql_select option missing > Feb 14 02:00:04 hqldap02 ns-slapd: auxpropfunc error no mechanism > available > Feb 14 03:15:25 hqldap02 ns-slapd: sql_select option missing > Feb 14 03:15:25 hqldap02 ns-slapd: auxpropfunc error no mechanism > available > This is really strange - any ideas? What OS? By the size of the numbers above, I'm assuming 64-bit? What has changed? Did you recently update something related to sasl, gssapi, or kerberos? Did you install or uninstall mysql or some other relational database client/server product? Something must have changed. > > -- > Philip Kime > NOPS Systems Architect > 310 401 0407 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From james.schultz at gwl.com Thu Feb 15 15:16:36 2007 From: james.schultz at gwl.com (Jim Schultz) Date: Thu, 15 Feb 2007 08:16:36 -0700 Subject: [Fedora-directory-users] Re: Announce: Net-LDAPapi version 2.00 released In-Reply-To: <617E31A4C92DFB95C3CF84BB@SW-90-717-287-3.stanford.edu> References: <617E31A4C92DFB95C3CF84BB@SW-90-717-287-3.stanford.edu> Message-ID: <20070215151636.GA22135@is-triton.gwl.com> Quanah, I would love to be able to try this new perl module in our OpenLdap environment. Unfortunately, it does not have a StartTLS method. Our server requires 'security tls=128' for connections. Are there any plans to add such a method to the package? We currently use the perlldap module which does have this capability and it works well for us (albeit a little slow). A faster C SDK module would be much appreciated here. Thanks, Jim Schultz On Fri, Feb 09, 2007 at 01:24:52AM -0800, Quanah Gibson-Mount wrote: > A new release of Net::LDAPapi module is now available for Perl via CPAN. > This release includes compilation against OpenLDAP libraries from version > 2.1 forward. It now supports LDAPv3, including SASL binds. > > Support for the Netscape (now Mozilla) C SDK has been kept, but not tested. > I welcome feedback on the usability with the Mozilla C SDK. > > Many thanks to Howard Chu and Symas Corporation for the work done to > realize LDAPv3 support with Net::LDAPapi. > > Net::LDAPapi can be obtained from: > > > > > For those who have never used Net::LDAPapi, it uses the C interface for its > LDAP operations. This means that it is much faster than the pure perl > Net::LDAP module from the perl-ldap package. However, it also relies on > having the C libraries it was linked against available. > > --Quanah > > -- > Quanah Gibson-Mount > Principal Software Developer > ITS/Shared Application Services > Stanford University > GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html -- Jim Schultz ITS UNIX Systems Architecture Great-West Life & Annuity Insurance Co. 303-737-1818 email james.schultz at gwl.com From nkinder at redhat.com Thu Feb 15 16:56:46 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 15 Feb 2007 08:56:46 -0800 Subject: [Fedora-directory-users] Suddenly, all our LDAP servers segfaulted today? In-Reply-To: <9C0091F428E697439E7A773FFD083427A929BD@szexchange.Shopzilla.inc> References: <9C0091F428E697439E7A773FFD083427A929BD@szexchange.Shopzilla.inc> Message-ID: <45D490CE.90209@redhat.com> Philip Kime wrote: > FDS 1.0.2 and suddenly today three out of four servers segfaulted (at > different times) with this identical dump message: > > Feb 14 19:40:17 hqldap01 kernel: ns-slapd[2432]: segfault at > 0000000000000008 rip 0000000000411b6f rsp 00000000404520c8 error 4 > syslog also had a lot of this: > > Feb 13 03:15:26 hqldap02 ns-slapd: sql_select option missing > Feb 13 03:15:26 hqldap02 ns-slapd: auxpropfunc error no mechanism > available > Feb 14 02:00:01 hqldap02 ns-slapd: sql_select option missing > Feb 14 02:00:01 hqldap02 ns-slapd: auxpropfunc error no mechanism > available > Feb 14 02:00:04 hqldap02 ns-slapd: sql_select option missing > Feb 14 02:00:04 hqldap02 ns-slapd: auxpropfunc error no mechanism > available > Feb 14 03:15:25 hqldap02 ns-slapd: sql_select option missing > Feb 14 03:15:25 hqldap02 ns-slapd: auxpropfunc error no mechanism > available > This is really strange - any ideas? > Those messages are from cyrus-sasl. Did you make any changes around saslauthd recently? Perhaps you started running that daemon on your servers? > -- > Philip Kime > NOPS Systems Architect > 310 401 0407 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From pkime at Shopzilla.com Thu Feb 15 18:22:46 2007 From: pkime at Shopzilla.com (Philip Kime) Date: Thu, 15 Feb 2007 10:22:46 -0800 Subject: [Fedora-directory-users] Re: Suddenly, all our LDAP servers segfaulted today? Message-ID: <9C0091F428E697439E7A773FFD083427A929C4@szexchange.Shopzilla.inc> > What OS? By the size of the numbers above, I'm assuming 64-bit? What has changed? > Did you recently update something related to sasl, gssapi, or kerberos? Did you > install or uninstall mysql or some other relational database client/server product? 64-bit RHEL4 (CentOS). I'm trying to track down what changes might have been made. All servers run over SSL but as far as I know, no sasl, kerberos or gssapi. None have mysql with SASL (or mysql at all). I'm asking all our ops people if they installed anything ... From capareci at uol.com.br Fri Feb 16 12:46:56 2007 From: capareci at uol.com.br (Renato Ribeiro da Silva) Date: Fri, 16 Feb 2007 10:46:56 -0200 Subject: [Fedora-directory-users] Stress tool to FDS Message-ID: Thank you, Is's a good tool. I found another one too called Apache JMeter. Best regards, Renato. > Renato Ribeiro da Silva wrote: > > Is there any stress tool to FDS? I need to simulate a large number of binds and searches in Directory. > > > > Thanks in advance, > > Renato. > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > Please take a look at /opt/fedora-ds/shared/bin/{rsearch, ldclt} if they > meet your requirements. > ===================================================== > Usage: rsearch -D binddn -w bindpw -s suffix -f filter [options] > -\? -- print Usage (this message) > -H -- print Usage (this message) > -h host -- ldap server host (default: localhost) > -p port -- ldap server port (default: 389) > -S scope -- search SCOPE [0,1,or 2] (default: 2) > -b -- bind before every operation > -u -- don't unbind -- just close the connection > -L -- set linger -- connection discarded when closed > -N -- No operation -- just bind (ignore mdc) > -v -- verbose > -y -- nodelay > -q -- quiet > -l -- logging > -m -- operaton: modify non-indexed attr (description). -B required > -M -- operaton: modify indexed attr (telephonenumber). -B required > -d -- operaton: delete. -B required > -c -- operaton: compare. -B required > -i file -- name file; used for the search filter > -B file -- [DN and] UID file (use '-B \?' to see the format) > -A attrs -- list of attributes for search request > -a file -- list of attributes for search request in a file > -- (use '-a \?' to see the format ; -a & -A are mutually > exclusive) > -n number -- (reserved for future use) > -j number -- sample interval, in seconds (default: 10) > -t number -- threads (default: 1) > -T number -- Time limit, in seconds; cmd stops when exceeds > -V -- show running average > -C num -- take num samples, then stop > -R num -- drop connection & reconnect every num searches > -x -- Use -B file for binding; ignored if -B is not given > ===================================================== > usage: ldclt [-qQvV] [-E ] > [-b ] [-h ] [-p ] [-t ] > [-D ] [-w ] > [-e ] [-a ] > [-n ] [-i ] [-N ] > [-I ] [-T ] > [-r -R ] > [-f ] [-s ] > [-S ] [-P] > [-W ] [-Z ] > > This tool is a ldap client targetted to validate the reliability of > the product under test under hard use. > > The valid options are: > -a Asynchronous mode, with max pending operations. > -b Give the base DN to use. Default "o=sun,c=us". > -D Bind DN. See -w > -E Max errors allowed. Default 1000. > -e Execution parameters: > add : ldap_add() entries. > append : append entries to the genldif file. > ascii : ascii 7-bits strings. > attreplace=name:mask : replace attribute of existing > entry. > attrlist=name:name:name : specify list of attribs to > retrieve > attrsonly=0|1 : ldap_search() parameter. Set 0 to read > values. > bindeach : ldap_bind() for each operation. > bindonly : only bind/unbind, no other operation is > performed. > close : will close() the fd, rather than > ldap_unbind(). > cltcertname=name : name of the SSL client certificate > commoncounter : all threads share the same counter. > counteach : count each operation not only successful ones. > delete : ldap_delete() entries. > dontsleeponserverdown : will loop very fast if server down. > emailPerson : objectclass=emailPerson (-e add > only). > esearch : exact search. > genldif=filename : generates a ldif file > imagesdir=path : specify where are the images. > incr : incremental values. > inetOrgPerson : objectclass=inetOrgPerson (-e > add only). > keydbfile=file : filename of the key database > keydbpin=password : password for accessing the key > database > noglobalstats : don't print periodical global > statistics > noloop : does not loop the incremental > numbers. > object=filename : build object from input file > person : objectclass=person (-e add only). > random : random filters, etc... > randomattrlist=name:name:name : random select attrib in > the list > randombase : random base DN. > randombaselow=value : low value for random generator. > randombasehigh=value : high value for random generator. > randombinddn : random bind DN. > randombinddnfromfile=fine : retrieve bind DN & passwd > from file > randombinddnlow=value : low value for random generator. > randombinddnhigh=value : high value for random generator. > rdn=attrname:value : alternate for -f. > referral=on|off|rebind : change referral behaviour. > scalab01 : activates scalab01 scenario. > scalab01_cnxduration : maximum connection duration. > scalab01_maxcnxnb : modem pool size. > scalab01_wait : sleep() between 2 attempts to > connect. > smoothshutdown : main thread waits till the > worker threads exit. > string : create random strings rather than random > numbers. > v2 : ldap v2. > withnewparent : rename with newparent specified as argument. > -f Filter for searches. > -h Host to connect. Default "localhost". > -i Number of times inactivity allowed. Default 3 (30 seconds) > -I Ignore errors (cf. -E). Default none. > -n Number of threads. Default 10. > -N Number of samples (10 seconds each). Default infinite. > -p Server port. Default 389. > -P Master port (to check replication). Default 16000. > -q Quiet mode. See option -I. > -Q Super quiet mode. > -r Range's low value. > -R Range's high value. > -s Scope. May be base, subtree or one. Default subtree. > -S Slave to check. > -t LDAP operations timeout. Default 30 seconds. > -T Total number of operations per thread. Default infinite. > -v Verbose. > -V Very verbose. > -w Bind passwd. See -D. > -W Wait between two operations. Default 0 seconds. > -Z certfile. Turn on SSL and use certfile as the certificate DB > > From throck at duke.edu Fri Feb 16 17:05:25 2007 From: throck at duke.edu (Tom Throckmorton) Date: Fri, 16 Feb 2007 12:05:25 -0500 Subject: [Fedora-directory-users] Stress tool to FDS In-Reply-To: References: Message-ID: <45D5E455.3020708@duke.edu> On 02/16/2007 07:46 AM, Renato Ribeiro da Silva wrote: > Thank you, > Is's a good tool. I found another one too called Apache JMeter. Renato, If you're comfortable with the complexity of JMeter, you might also have a look at slamd (http://slamd.com), which already includes unit tests for LDAP. In fact, it was originally designed for LDAP stress-testing, so it might do a more thorough job than JMeter. The big advantage slamd has over ldclt/rsearch (which are quite handy, and shouldn't be overlooked), is that it can be used for distributed load testing. Enjoy, -tt -- Tom Throckmorton OIT - CSI Duke University From rmeggins at redhat.com Fri Feb 16 19:09:31 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 16 Feb 2007 12:09:31 -0700 Subject: [Fedora-directory-users] Do not yum install fedora-ds or yum upgrade! Message-ID: <45D6016B.8090409@redhat.com> There is a problem with the new fedora-ds in Fedora Extras. It conflicts with the old fedora-ds 1.0.x installation. If you do a 'yum install fedora-ds' or a 'yum update' on a system that has fedora-ds 1.0.x installed, the installation will remove the old binaries. You may be saying "So what? Isn't that what you want?" No, sadly. The fedora-ds 1.1.0a1 in Fedora Extras is the core only - when you upgrade, you remove all of the other files for admin server, console, etc. The good news is that none of the configuration or data is affected and you can easily recover by following these steps: * Find the fedora-ds 1.0.4 RPM you installed from originally, or download from http://directory.fedora.redhat.com/wiki/Download * rpm -Uvh --oldpackage fedora-ds-1.0.4-1......rpm We are working on a solution for this. We will hopefully figure out a way to install both 1.0.4 and 1.1 at the same time, but we may have to make the 1.1 Conflicts: fedora-ds < 1.1 or something like that. In the meantime, fedora-ds is being pulled from the Fedora Extras yum repos so that this doesn't happen again. I apologize for any inconvenience. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rdronov at gmail.com Fri Feb 16 19:55:28 2007 From: rdronov at gmail.com (Roman Dronov) Date: Fri, 16 Feb 2007 22:55:28 +0300 Subject: [Fedora-directory-users] Do not yum install fedora-ds or yum upgrade! In-Reply-To: <45D6016B.8090409@redhat.com> References: <45D6016B.8090409@redhat.com> Message-ID: <2873d6f70702161155qfee5d15k7184c4665710dcd4@mail.gmail.com> Richard, good day! Where can i find roadmap and planing features for the next FDS release? Thanks. With the greatest regard, Roman Dronov. 2007/2/16, Richard Megginson : > > There is a problem with the new fedora-ds in Fedora Extras. It > conflicts with the old fedora-ds 1.0.x installation. If you do a 'yum > install fedora-ds' or a 'yum update' on a system that has fedora-ds > 1.0.x installed, the installation will remove the old binaries. You may > be saying "So what? Isn't that what you want?" No, sadly. The > fedora-ds 1.1.0a1 in Fedora Extras is the core only - when you upgrade, > you remove all of the other files for admin server, console, etc. The > good news is that none of the configuration or data is affected and you > can easily recover by following these steps: > > * Find the fedora-ds 1.0.4 RPM you installed from originally, or > download from http://directory.fedora.redhat.com/wiki/Download > * rpm -Uvh --oldpackage fedora-ds-1.0.4-1......rpm > > We are working on a solution for this. We will hopefully figure out a > way to install both 1.0.4 and 1.1 at the same time, but we may have to > make the 1.1 Conflicts: fedora-ds < 1.1 or something like that. In the > meantime, fedora-ds is being pulled from the Fedora Extras yum repos so > that this doesn't happen again. > > I apologize for any inconvenience. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Feb 16 19:56:51 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 16 Feb 2007 12:56:51 -0700 Subject: [Fedora-directory-users] Do not yum install fedora-ds or yum upgrade! In-Reply-To: <2873d6f70702161155qfee5d15k7184c4665710dcd4@mail.gmail.com> References: <45D6016B.8090409@redhat.com> <2873d6f70702161155qfee5d15k7184c4665710dcd4@mail.gmail.com> Message-ID: <45D60C83.2030501@redhat.com> Roman Dronov wrote: > Richard, good day! > Where can i find roadmap and planing features for the next FDS release? http://directory.fedora.redhat.com/wiki/Documentation#Proposed_New_Features > > Thanks. > > With the greatest regard, > Roman Dronov. > > 2007/2/16, Richard Megginson < rmeggins at redhat.com > >: > > There is a problem with the new fedora-ds in Fedora Extras. It > conflicts with the old fedora-ds 1.0.x installation. If you do a 'yum > install fedora-ds' or a 'yum update' on a system that has fedora-ds > 1.0.x installed, the installation will remove the old > binaries. You may > be saying "So what? Isn't that what you want?" No, sadly. The > fedora-ds 1.1.0a1 in Fedora Extras is the core only - when you > upgrade, > you remove all of the other files for admin server, console, > etc. The > good news is that none of the configuration or data is affected > and you > can easily recover by following these steps: > > * Find the fedora-ds 1.0.4 RPM you installed from originally, or > download from http://directory.fedora.redhat.com/wiki/Download > * rpm -Uvh --oldpackage fedora-ds-1.0.4-1......rpm > > We are working on a solution for this. We will hopefully figure > out a > way to install both 1.0.4 and 1.1 at the same time, but we may have to > make the 1.1 Conflicts: fedora-ds < 1.1 or something like > that. In the > meantime, fedora-ds is being pulled from the Fedora Extras yum > repos so > that this doesn't happen again. > > I apologize for any inconvenience. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From edlinuxguru at gmail.com Fri Feb 16 21:02:01 2007 From: edlinuxguru at gmail.com (Eddie C) Date: Fri, 16 Feb 2007 16:02:01 -0500 Subject: [Fedora-directory-users] Stress tool to FDS In-Reply-To: <45D5E455.3020708@duke.edu> References: <45D5E455.3020708@duke.edu> Message-ID: You can use JMETER for load testing as well. I have never tried slam D but I will tell you what i think its biggest benefit is http://slamd.com/features.shtml Another is the LDAPDecoder, which can operate as either a simple LDAP proxy or analyze tcpdump and snoop capture files to decode LDAP communication in human-readable form or even automatically generate SLAMD scripts based on the captured data so that the same communication can be automatically replayed or customized to simulate real-world directory-enabled applications Let me tell you if you have every tried to go through ldap logs and pick out queries and try to design a stress test of your application you quickly determine you need an intern. Its a slow process. I like the idea of recording real ldap traffic and then just playing it back. Edward On 2/16/07, Tom Throckmorton wrote: > > On 02/16/2007 07:46 AM, Renato Ribeiro da Silva wrote: > > Thank you, > > Is's a good tool. I found another one too called Apache JMeter. > > Renato, > > If you're comfortable with the complexity of JMeter, you might also have > a look at slamd (http://slamd.com), which already includes unit tests > for LDAP. In fact, it was originally designed for LDAP stress-testing, > so it might do a more thorough job than JMeter. > > The big advantage slamd has over ldclt/rsearch (which are quite handy, > and shouldn't be overlooked), is that it can be used for distributed > load testing. > > Enjoy, > > -tt > > -- > Tom Throckmorton > OIT - CSI > Duke University > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rdronov at gmail.com Fri Feb 16 21:48:55 2007 From: rdronov at gmail.com (Roman Dronov) Date: Sat, 17 Feb 2007 00:48:55 +0300 Subject: [Fedora-directory-users] Do not yum install fedora-ds or yum upgrade! In-Reply-To: <45D60C83.2030501@redhat.com> References: <45D6016B.8090409@redhat.com> <2873d6f70702161155qfee5d15k7184c4665710dcd4@mail.gmail.com> <45D60C83.2030501@redhat.com> Message-ID: <2873d6f70702161348n20466331s5a0419130a180481@mail.gmail.com> Thanks! 2007/2/16, Richard Megginson : > > Roman Dronov wrote: > > Richard, good day! > > Where can i find roadmap and planing features for the next FDS release? > > http://directory.fedora.redhat.com/wiki/Documentation#Proposed_New_Features > > > > Thanks. > > > > With the greatest regard, > > Roman Dronov. > > > > 2007/2/16, Richard Megginson < rmeggins at redhat.com > > >: > > > > There is a problem with the new fedora-ds in Fedora Extras. It > > conflicts with the old fedora-ds 1.0.x installation. If you do a > 'yum > > install fedora-ds' or a 'yum update' on a system that has fedora-ds > > 1.0.x installed, the installation will remove the old > > binaries. You may > > be saying "So what? Isn't that what you want?" No, sadly. The > > fedora-ds 1.1.0a1 in Fedora Extras is the core only - when you > > upgrade, > > you remove all of the other files for admin server, console, > > etc. The > > good news is that none of the configuration or data is affected > > and you > > can easily recover by following these steps: > > > > * Find the fedora-ds 1.0.4 RPM you installed from originally, or > > download from http://directory.fedora.redhat.com/wiki/Download > > * rpm -Uvh --oldpackage fedora-ds-1.0.4-1......rpm > > > > We are working on a solution for this. We will hopefully figure > > out a > > way to install both 1.0.4 and 1.1 at the same time, but we may have > to > > make the 1.1 Conflicts: fedora-ds < 1.1 or something like > > that. In the > > meantime, fedora-ds is being pulled from the Fedora Extras yum > > repos so > > that this doesn't happen again. > > > > I apologize for any inconvenience. > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- ? ?????????, ????? ??????. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikael.kermorgant at gmail.com Mon Feb 19 07:01:00 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Mon, 19 Feb 2007 08:01:00 +0100 Subject: [Fedora-directory-users] ldapsearch on virtual view Message-ID: <9711147e0702182301j19611855iab085954bdd77e4f@mail.gmail.com> Hello, I've built a virtual view (ou=personnels) under "ou=people,dc=ourdomain" I'm running FDS 1.0.2 on Fedora core 4. Running ldapsearch on the virtual view doesn't give me the expected result. Here's the result for my uid which is present under both nodes. bash-3.00$ ldapsearch -H ldap://127.0.0.1 -W -x -b ou=people,dc=ourdomain-D uid=kermorgant,ou=people,dc=ourdomain"(uid=kermorgant)" cn Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope sub # filter: (uid=kermorgant) # requesting: cn # # kermorgant, People, ourdomain dn: uid=kermorgant,ou=People,dc=ourdomain cn: Kermorgant Mikael # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 bash-3.00$ ldapsearch -H ldap://127.0.0.1 -W -x -b ou=personnels,ou=people,dc=ourdomain -D uid=kermorgant,ou=people,dc=ourdomain "(uid=kermorgant)" cn Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope sub # filter: (uid=kermorgant) # requesting: cn # # search result search: 2 result: 0 Success # numResponses: 1 Isn't there something wrong with this result ? Regards, -- Mikael Kermorgant From ankur_agwal at yahoo.com Mon Feb 19 14:43:56 2007 From: ankur_agwal at yahoo.com (Ankur Agarwal) Date: Mon, 19 Feb 2007 06:43:56 -0800 (PST) Subject: [Fedora-directory-users] How to make application connect to multi-master set-up? Message-ID: <782072.82212.qm@web54111.mail.yahoo.com> Hi, We have a weblogic app server based application which talks to RedHat LDAP through weblogic's security provider APIs. On Production env we have set-up master-master LDAP servers i.e. there are two master LDAP servers. How should i make my application connect to these 2 servers? Should there be a front-end load balancer to which my application will make request and then load balancer will handle requests to one of the LDAP servers? Also note that we have weblogic cluster in Prod with 2 instances. So should i make each instance point to one LDAP server? But in that case how will automatic failover work if one of the LDAP servers go down? Would be great if people can suggest any standard solution to deal with such situations. regards, Ankur --------------------------------- The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. -------------- next part -------------- An HTML attachment was scrubbed... URL: From david_list at boreham.org Mon Feb 19 14:52:36 2007 From: david_list at boreham.org (David Boreham) Date: Mon, 19 Feb 2007 07:52:36 -0700 Subject: [Fedora-directory-users] How to make application connect to multi-master set-up? In-Reply-To: <782072.82212.qm@web54111.mail.yahoo.com> References: <782072.82212.qm@web54111.mail.yahoo.com> Message-ID: <45D9B9B4.5080008@boreham.org> Ankur Agarwal wrote: > We have a weblogic app server based application which talks to RedHat > LDAP through weblogic's security provider APIs. > > On Production env we have set-up master-master LDAP servers i.e. there > are two master LDAP servers. How should i make my application connect > to these 2 servers? > > Should there be a front-end load balancer to which my application will > make request and then load balancer will handle requests to one of the > LDAP servers? > > Also note that we have weblogic cluster in Prod with 2 instances. So > should i make each instance point to one LDAP server? But in that case > how will automatic failover work if one of the LDAP servers go down? > > Would be great if people can suggest any standard solution to deal > with such situations. > Typically this functionality is built in to the client (or in fact the LDAP client library). Interposed proxies or load balancers are possible with LDAP but not normally needed. I'm not sure about weblogic specifically but usually you get to configure two or more LDAP servers, or you can use multiple A records in the DNS. I'd ask BEA -- they should be able to tell you. From edlinuxguru at gmail.com Mon Feb 19 14:52:40 2007 From: edlinuxguru at gmail.com (Eddie C) Date: Mon, 19 Feb 2007 09:52:40 -0500 Subject: [Fedora-directory-users] How to make application connect to multi-master set-up? In-Reply-To: <782072.82212.qm@web54111.mail.yahoo.com> References: <782072.82212.qm@web54111.mail.yahoo.com> Message-ID: Interesting question. Yes a hardware load balancers works perfectly. In the configuration of a load balancer you create a virtual IP address and it will split off the requests between two servers. I accomplished rougly the same thing with linux-ha. I created two Virtual IP addresses. Pointed half the apps at one and half the apps at the other. Both of them will fail over to the other side. What I want to do but did not have the time is use the Linux Virtual Server Project. Ontop of linux-HA. In this way the VIRTUAL IP can float between the two productions systems. That is really the best way to go. (and you save on the cost of load balancing hardware) There might be some ldap proxy software (sun makes something I think) that can prooxy ldap and redirect it in a HA type way. I have not looked into that. If you go with the linux virtual server project keep me in the loop. Let me know how it turns out. Edward On 2/19/07, Ankur Agarwal wrote: > > Hi, > > We have a weblogic app server based application which talks to RedHat LDAP > through weblogic's security provider APIs. > > On Production env we have set-up master-master LDAP servers i.e. there are > two master LDAP servers. How should i make my application connect to these 2 > servers? > > Should there be a front-end load balancer to which my application will > make request and then load balancer will handle requests to one of the LDAP > servers? > > Also note that we have weblogic cluster in Prod with 2 instances. So > should i make each instance point to one LDAP server? But in that case how > will automatic failover work if one of the LDAP servers go down? > > Would be great if people can suggest any standard solution to deal with > such situations. > > regards, > Ankur > > ------------------------------ > The fish are biting. > Get more visitorson your site using Yahoo! > Search Marketing. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ABliss at preferredcare.org Mon Feb 19 15:37:50 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 19 Feb 2007 10:37:50 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Message-ID: Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help. Aaron Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Feb 19 15:40:32 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Feb 2007 08:40:32 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: Message-ID: <45D9C4F0.3060401@redhat.com> Bliss, Aaron wrote: > > Hi everyone > I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a > slave); are there any gotchas that I should look out for before > upgrading to 1.0.4? Can I go directly to this release, or do I need > to first upgrade to .3? Thanks for your help. > You can go directly from .2 to .4. Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there. > > Aaron > > Confidentiality Notice: > The information contained in this electronic message is intended for > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this > information is prohibited. If you have received this communication in > error, please notify the sender immediately by telephone and destroy > the copies you received. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From edlinuxguru at gmail.com Mon Feb 19 16:05:00 2007 From: edlinuxguru at gmail.com (Eddie C) Date: Mon, 19 Feb 2007 11:05:00 -0500 Subject: [Fedora-directory-users] How to make application connect to multi-master set-up? In-Reply-To: <45D9B9B4.5080008@boreham.org> References: <782072.82212.qm@web54111.mail.yahoo.com> <45D9B9B4.5080008@boreham.org> Message-ID: That is a viable option as well. I am always partial to using network wide solutions rather then client specific ones. We have had this problem before. Some applications are capable us talking the active backup protocal some applications are not. You get lulled into a false sence of security and you think the application is completely load balanced. Then you realized some other little app someone wrote somewhere is not configured the same way when one server goes out. Using multiple A records is an option as well. However the failover involves making DNS changes. Based on your DNS settings that might take 20 minutes to propagate. Plus the time to actually get a DNS change through. Load balancers and other HA solutions have a faster, sometimes almost instantanious recovery time. You manage them as a unit. There is no settings confusion. Point everythign at ldap_vip.domain.com and go. They offer niec options like 8 choices of algorithms Round robin, Weighted round robin, least connection. etc. Edward On 2/19/07, David Boreham wrote: > > Ankur Agarwal wrote: > > > We have a weblogic app server based application which talks to RedHat > > LDAP through weblogic's security provider APIs. > > > > On Production env we have set-up master-master LDAP servers i.e. there > > are two master LDAP servers. How should i make my application connect > > to these 2 servers? > > > > Should there be a front-end load balancer to which my application will > > make request and then load balancer will handle requests to one of the > > LDAP servers? > > > > Also note that we have weblogic cluster in Prod with 2 instances. So > > should i make each instance point to one LDAP server? But in that case > > how will automatic failover work if one of the LDAP servers go down? > > > > Would be great if people can suggest any standard solution to deal > > with such situations. > > > > Typically this functionality is built in to the client (or in fact the > LDAP client library). > Interposed proxies or load balancers are possible with LDAP but not > normally needed. > I'm not sure about weblogic specifically but usually you get to > configure two or more > LDAP servers, or you can use multiple A records in the DNS. I'd ask BEA > -- they > should be able to tell you. > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rdronov at gmail.com Mon Feb 19 16:18:27 2007 From: rdronov at gmail.com (Roman Dronov) Date: Mon, 19 Feb 2007 19:18:27 +0300 Subject: [Fedora-directory-users] (no subject) Message-ID: <2873d6f70702190818q109afc51h74741a1e2ae8b8b2@mail.gmail.com> From rdronov at gmail.com Mon Feb 19 16:19:22 2007 From: rdronov at gmail.com (Roman Dronov) Date: Mon, 19 Feb 2007 19:19:22 +0300 Subject: [Fedora-directory-users] rdronov@gmail.com Message-ID: <2873d6f70702190819j1b1bbe75tc6b0db62157727bd@mail.gmail.com> rdronov at gmail.com From rdronov at gmail.com Mon Feb 19 16:22:36 2007 From: rdronov at gmail.com (Roman Dronov) Date: Mon, 19 Feb 2007 19:22:36 +0300 Subject: [Fedora-directory-users] NT FDS emulation Message-ID: <2873d6f70702190822j14b353a5u88e2159e195dc085@mail.gmail.com> Good day! My question for FDS developers and guru: Is anybody know: may FDS last release provides FRS (File Replication Service for Windows Clients, this need for replication Group Policies, scripts, etc.) or this function will be introduced later? I understand that FRS is only AD feature but it's analog very important for migration (from AD to FDS). What you think about this, gentleman's? With the greatest regards, Roman Dronov. From ABliss at preferredcare.org Mon Feb 19 17:07:04 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 19 Feb 2007 12:07:04 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45D9C4F0.3060401@redhat.com> References: <45D9C4F0.3060401@redhat.com> Message-ID: Well, I checked out the release notes, and disabled all syntax checking in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is still running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or the console has lost the configuration piece that allows my uid to login); I remember setting this thru the console way back when I originally setup fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > > Hi everyone > I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a > slave); are there any gotchas that I should look out for before > upgrading to 1.0.4? Can I go directly to this release, or do I need > to first upgrade to .3? Thanks for your help. > You can go directly from .2 to .4. Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there. > > Aaron > > Confidentiality Notice: > The information contained in this electronic message is intended for > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this > information is prohibited. If you have received this communication in > error, please notify the sender immediately by telephone and destroy > the copies you received. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From lesmikesell at gmail.com Mon Feb 19 17:17:32 2007 From: lesmikesell at gmail.com (Les Mikesell) Date: Mon, 19 Feb 2007 11:17:32 -0600 Subject: [Fedora-directory-users] How to make application connect to multi-master set-up? In-Reply-To: <782072.82212.qm@web54111.mail.yahoo.com> References: <782072.82212.qm@web54111.mail.yahoo.com> Message-ID: <45D9DBAC.9040903@gmail.com> Ankur Agarwal wrote: > > We have a weblogic app server based application which talks to RedHat LDAP through weblogic's security provider APIs. > > On Production env we have set-up master-master LDAP servers i.e. there are two master LDAP servers. How should i make my application connect to these 2 servers? > > Should there be a front-end load balancer to which my application will make request and then load balancer will handle requests to one of the LDAP servers? > > Also note that we have weblogic cluster in Prod with 2 instances. So should i make each instance point to one LDAP server? But in that case how will automatic failover work if one of the LDAP servers go down? > > Would be great if people can suggest any standard solution to deal with such situations. > If you have multiple A records for the name in DNS, the client will receive all of them in a query and _can_ fail over quickly if the first choice does not respond. A lot of web browsers handle this sensibly but most other programs don't. The way to test it is to set up a DNS entry that contains one address that answers on the application's port and one that doesn't and see if the application works every time. If you are writing your own client you can get failover a lot cheaper than using a dedicated load balancer - and this approach also handles connection failures between the client and one of the servers that a load balancer would not know about. -- Les Mikesell lesmikesell at gmail.com From ABliss at preferredcare.org Mon Feb 19 17:26:07 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 19 Feb 2007 12:26:07 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> Message-ID: I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, February 19, 2007 12:07 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Well, I checked out the release notes, and disabled all syntax checking in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is still running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or the console has lost the configuration piece that allows my uid to login); I remember setting this thru the console way back when I originally setup fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > > Hi everyone > I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a > slave); are there any gotchas that I should look out for before > upgrading to 1.0.4? Can I go directly to this release, or do I need > to first upgrade to .3? Thanks for your help. > You can go directly from .2 to .4. Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there. > > Aaron > > Confidentiality Notice: > The information contained in this electronic message is intended for > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this > information is prohibited. If you have received this communication in > error, please notify the sender immediately by telephone and destroy > the copies you received. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From ABliss at preferredcare.org Mon Feb 19 17:38:55 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 19 Feb 2007 12:38:55 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> Message-ID: After doing some more reading, I did run the setup script, however I'm still having the login issue with my userid; I also seem to have a few other problems; any help would be much appreciated. [slapd-al-lnx-s11]: starting up server ... [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 (/opt/fedora-ds/slapd-al-lnx-s11) [slapd-al-lnx-s11]: [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - Fedora-Directory/1.0.4 B2006.312.435 starting up [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over SSL FAILED [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and requires administrator action [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests NMC_Status: 0 NMC_Description: Success! The server has been started. Start Slapd Starting Slapd server reconfiguration. Fatal Slapd ERROR: Could not update Directory Server Instance URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id admin DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t (19:Constraint violation) Configuring Administration Server... InstallInfo: Apache Directory "ApacheDir" is missing. /opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... Restarting Directory Server: /opt/fedora-ds/slapd-al-lnx-s11/start-slapd You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/ INFO Finished with setup, logfile is setup/setup.log -----Original Message----- From: Bliss, Aaron Sent: Monday, February 19, 2007 12:26 PM To: Bliss, Aaron; General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, February 19, 2007 12:07 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Well, I checked out the release notes, and disabled all syntax checking in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is still running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or the console has lost the configuration piece that allows my uid to login); I remember setting this thru the console way back when I originally setup fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > > Hi everyone > I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a > slave); are there any gotchas that I should look out for before > upgrading to 1.0.4? Can I go directly to this release, or do I need > to first upgrade to .3? Thanks for your help. > You can go directly from .2 to .4. Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there. > > Aaron > > Confidentiality Notice: > The information contained in this electronic message is intended for > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this > information is prohibited. If you have received this communication in > error, please notify the sender immediately by telephone and destroy > the copies you received. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From rmeggins at redhat.com Mon Feb 19 17:38:12 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Feb 2007 10:38:12 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> Message-ID: <45D9E084.3060204@redhat.com> Bliss, Aaron wrote: > I should mention that I didn't run setup after upgrading the rpm; is > this necessary? Thanks. > Yes. Please read http://directory.fedora.redhat.com/wiki/Release_Notes : Finally, run setup as follows: cd /opt/fedora-ds ; ./setup/setup > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss, > Aaron > Sent: Monday, February 19, 2007 12:07 PM > To: General discussion list for the Fedora Directory server project. > Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Well, I checked out the release notes, and disabled all syntax checking > in all password policies before upgrading; upgrade seems to have gone > okay, however I'm not unable to log into the directory server console; > directory server is running: > ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 > /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i > /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w > root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > > I can however login with the built-in admin account; I'm also able to > still log into the console on the slave directory server (which is still > running fds 1.0.2); login error is error 401 Authorization required; > next line displays status 401. Queries to the server seem to be okay; > It seems almost as if the console either isn't searching the proper > directory (like it's searching the Netscape directory name space or the > console has lost the configuration piece that allows my uid to login); I > remember setting this thru the console way back when I originally setup > fds, however I can't find where that option is thru the gui; any ideas > how to further troubleshoot? Thanks. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, February 19, 2007 10:41 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> Hi everyone >> I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a >> slave); are there any gotchas that I should look out for before >> upgrading to 1.0.4? Can I go directly to this release, or do I need >> to first upgrade to .3? Thanks for your help. >> >> > You can go directly from .2 to .4. > > Be sure to read the release notes - > http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the > directions there. > >> Aaron >> >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> the exclusive use of the individual or entity named above and may >> contain privileged or confidential information. If the reader of this >> > > >> message is not the intended recipient or the employee or agent >> responsible to deliver it to the intended recipient, you are hereby >> notified that dissemination, distribution or copying of this >> information is prohibited. If you have received this communication in >> > > >> error, please notify the sender immediately by telephone and destroy >> the copies you received. >> >> >> > ------------------------------------------------------------------------ > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Feb 19 18:02:26 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Feb 2007 11:02:26 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> Message-ID: <45D9E632.2000003@redhat.com> Bliss, Aaron wrote: > After doing some more reading, I did run the setup script, however I'm > still having the login issue with my userid; I also seem to have a few > other problems; any help would be much appreciated. > > [slapd-al-lnx-s11]: starting up server ... > [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 > [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 > (/opt/fedora-ds/slapd-al-lnx-s11) > [slapd-al-lnx-s11]: > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - > Fedora-Directory/1.0.4 B2006.312.435 starting up > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - > agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over > SSL FAILED > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - > agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and requires > administrator action > I think these are ok - ssl is disabled during the upgrade and reenabled at the end - see below. > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. > Listening on All Interfaces port 389 for LDAP requests > > NMC_Status: 0 > NMC_Description: Success! The server has been started. > > Start Slapd Starting Slapd server reconfiguration. > Fatal Slapd ERROR: Could not update Directory Server Instance > URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id admin > DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > t (19:Constraint violation) > This means password policy was not disabled during the upgrade - as specified in the Release Notes - http://directory.fedora.redhat.com/wiki/Release_Notes#Fedora_Directory_Server_1.0.4_-_11.2F09.2F2006 > Configuring Administration Server... > InstallInfo: Apache Directory "ApacheDir" is missing. > This may be a consequence of the constraint violation above. > /opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... > Restarting Directory Server: /opt/fedora-ds/slapd-al-lnx-s11/start-slapd > > You can now use the console. Here is the command to use to start the > console: > cd /opt/fedora-ds > /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/ > > INFO Finished with setup, logfile is setup/setup.log > > -----Original Message----- > From: Bliss, Aaron > Sent: Monday, February 19, 2007 12:26 PM > To: Bliss, Aaron; General discussion list for the Fedora Directory > server project. > Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > I should mention that I didn't run setup after upgrading the rpm; is > this necessary? Thanks. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss, > Aaron > Sent: Monday, February 19, 2007 12:07 PM > To: General discussion list for the Fedora Directory server project. > Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Well, I checked out the release notes, and disabled all syntax checking > in all password policies before upgrading; upgrade seems to have gone > okay, however I'm not unable to log into the directory server console; > directory server is running: > ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 > /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i > /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w > root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > > I can however login with the built-in admin account; I'm also able to > still log into the console on the slave directory server (which is still > running fds 1.0.2); login error is error 401 Authorization required; > next line displays status 401. Queries to the server seem to be okay; > It seems almost as if the console either isn't searching the proper > directory (like it's searching the Netscape directory name space or the > console has lost the configuration piece that allows my uid to login); I > remember setting this thru the console way back when I originally setup > fds, however I can't find where that option is thru the gui; any ideas > how to further troubleshoot? Thanks. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, February 19, 2007 10:41 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> Hi everyone >> I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a >> slave); are there any gotchas that I should look out for before >> upgrading to 1.0.4? Can I go directly to this release, or do I need >> to first upgrade to .3? Thanks for your help. >> >> > You can go directly from .2 to .4. > > Be sure to read the release notes - > http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the > directions there. > >> Aaron >> >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> the exclusive use of the individual or entity named above and may >> contain privileged or confidential information. If the reader of this >> > > >> message is not the intended recipient or the employee or agent >> responsible to deliver it to the intended recipient, you are hereby >> notified that dissemination, distribution or copying of this >> information is prohibited. If you have received this communication in >> > > >> error, please notify the sender immediately by telephone and destroy >> the copies you received. >> >> >> > ------------------------------------------------------------------------ > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Mon Feb 19 18:11:36 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 19 Feb 2007 13:11:36 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45D9E632.2000003@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E632.2000003@redhat.com> Message-ID: Thanks for pointing these out; I decided to restore the old fds instance that I had and will work try this on a test box. More to follow. Aaron -----Original Message----- From: Richard Megginson [mailto:rmeggins at redhat.com] Sent: Monday, February 19, 2007 1:02 PM To: General discussion list for the Fedora Directory server project. Cc: Bliss, Aaron Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > After doing some more reading, I did run the setup script, however I'm > still having the login issue with my userid; I also seem to have a few > other problems; any help would be much appreciated. > > [slapd-al-lnx-s11]: starting up server ... > [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 > [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 > (/opt/fedora-ds/slapd-al-lnx-s11) > [slapd-al-lnx-s11]: > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - > Fedora-Directory/1.0.4 B2006.312.435 starting up > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - > agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over > SSL FAILED > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - > agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and requires > administrator action > I think these are ok - ssl is disabled during the upgrade and reenabled at the end - see below. > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. > Listening on All Interfaces port 389 for LDAP requests > > NMC_Status: 0 > NMC_Description: Success! The server has been started. > > Start Slapd Starting Slapd server reconfiguration. > Fatal Slapd ERROR: Could not update Directory Server Instance > URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id admin > DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > t (19:Constraint violation) > This means password policy was not disabled during the upgrade - as specified in the Release Notes - http://directory.fedora.redhat.com/wiki/Release_Notes#Fedora_Directory_S erver_1.0.4_-_11.2F09.2F2006 > Configuring Administration Server... > InstallInfo: Apache Directory "ApacheDir" is missing. > This may be a consequence of the constraint violation above. > /opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... > Restarting Directory Server: /opt/fedora-ds/slapd-al-lnx-s11/start-slapd > > You can now use the console. Here is the command to use to start the > console: > cd /opt/fedora-ds > /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/ > > INFO Finished with setup, logfile is setup/setup.log > > -----Original Message----- > From: Bliss, Aaron > Sent: Monday, February 19, 2007 12:26 PM > To: Bliss, Aaron; General discussion list for the Fedora Directory > server project. > Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > I should mention that I didn't run setup after upgrading the rpm; is > this necessary? Thanks. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss, > Aaron > Sent: Monday, February 19, 2007 12:07 PM > To: General discussion list for the Fedora Directory server project. > Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Well, I checked out the release notes, and disabled all syntax checking > in all password policies before upgrading; upgrade seems to have gone > okay, however I'm not unable to log into the directory server console; > directory server is running: > ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 > /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i > /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w > root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > > I can however login with the built-in admin account; I'm also able to > still log into the console on the slave directory server (which is still > running fds 1.0.2); login error is error 401 Authorization required; > next line displays status 401. Queries to the server seem to be okay; > It seems almost as if the console either isn't searching the proper > directory (like it's searching the Netscape directory name space or the > console has lost the configuration piece that allows my uid to login); I > remember setting this thru the console way back when I originally setup > fds, however I can't find where that option is thru the gui; any ideas > how to further troubleshoot? Thanks. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, February 19, 2007 10:41 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> Hi everyone >> I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a >> slave); are there any gotchas that I should look out for before >> upgrading to 1.0.4? Can I go directly to this release, or do I need >> to first upgrade to .3? Thanks for your help. >> >> > You can go directly from .2 to .4. > > Be sure to read the release notes - > http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the > directions there. > >> Aaron >> >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> the exclusive use of the individual or entity named above and may >> contain privileged or confidential information. If the reader of this >> > > >> message is not the intended recipient or the employee or agent >> responsible to deliver it to the intended recipient, you are hereby >> notified that dissemination, distribution or copying of this >> information is prohibited. If you have received this communication in >> > > >> error, please notify the sender immediately by telephone and destroy >> the copies you received. >> >> >> > ------------------------------------------------------------------------ > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From edlinuxguru at gmail.com Mon Feb 19 18:32:44 2007 From: edlinuxguru at gmail.com (Eddie C) Date: Mon, 19 Feb 2007 13:32:44 -0500 Subject: [Fedora-directory-users] How to make application connect to multi-master set-up? In-Reply-To: <45D9DBAC.9040903@gmail.com> References: <782072.82212.qm@web54111.mail.yahoo.com> <45D9DBAC.9040903@gmail.com> Message-ID: Yes, If you custom code your application you can set it up to handle multiple A records. But you need to recode your applications each application has to be reconfigured each time you add a server to the group. As to the cost factor. Yes buying a load balancer might cost $2000.00. you might be able to ebay one for $1000.(Linux Virtual Server is open source and GPL but that is another story.) How much does it really cost to recode your applications, test, and redeploy? Probably a lot more work then $2000. Our LDAP database is the corner stone of our company. We would have to recorde 10 applications to achieve our own round robin. And would only get some of the features of a hardware load balancer. In a real world deployment more sophisticated algorithms are sometimes needed. For example say I have an older 2.0 GHZ web server and a newer 3.0GHZ server. A more sophisticated solution has more options. For example: Round Robin (you take one I take one) Weighted Round Robin (one server better then the other, ill take 3 your take 2) Least Connections (this server has LONG running ldap queries running on it. Send queries to the other one.) Weighted Least connection ( This server has long running LDAP queries but it is more powerful then the other one ) Source IP ( Particular source IP is always routed to same destination server ) Least Traffic (less TCP traffic, im busy your handle this one) Weighted Lest traffic (Im busy,but im alot better then you I will handle this one ) The health checking is built in at the load balancer level. If the load balancer detects a closed port that server is taken out of the group. Client applications do not need extra intelligence. When you want to upgrade a particular machine in the groop take it out of the configuration. Google seems to be taking a hybrid approach. They likely use GEO-DNS, mutliple A records. and hardware load balancing. Of course they are multi-datacenter. Non-authoritative answer: Name: www.l.google.com Addresses: 216.239.37.99, 216.239.37.104 I would be willing to bet that 216.239.37.99 and 216.239.37.104 are hardware load balancers. All methods are viable. It just depends on what you want. Cold Failover, High Availabilty (HA), or Constant Availablity (CA). For our deployment I have a two node LDAP system (multi master) If I drop one of the nodes the IP floats to the other node within a few seconds. We did not have to recode any application, just configure them with a floating IP address. Some of our developers have built failover into their apps. I think its just extra code that there is already a proven solution to. I am a fan of mutli-master and true TCP load balancing, but thats just me. Edward On 2/19/07, Les Mikesell wrote: > > Ankur Agarwal wrote: > > > > We have a weblogic app server based application which talks to RedHat > LDAP through weblogic's security provider APIs. > > > > On Production env we have set-up master-master LDAP servers i.e. there > are two master LDAP servers. How should i make my application connect to > these 2 servers? > > > > Should there be a front-end load balancer to which my application will > make request and then load balancer will handle requests to one of the LDAP > servers? > > > > Also note that we have weblogic cluster in Prod with 2 instances. So > should i make each instance point to one LDAP server? But in that case how > will automatic failover work if one of the LDAP servers go down? > > > > Would be great if people can suggest any standard solution to deal with > such situations. > > > > If you have multiple A records for the name in DNS, the client will > receive all of them in a query and _can_ fail over quickly if the first > choice does not respond. A lot of web browsers handle this sensibly but > most other programs don't. The way to test it is to set up a DNS > entry that contains one address that answers on the application's port > and one that doesn't and see if the application works every time. If > you are writing your own client you can get failover a lot cheaper than > using a dedicated load balancer - and this approach also handles > connection failures between the client and one of the servers that a > load balancer would not know about. > > -- > Les Mikesell > lesmikesell at gmail.com > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From marko.karg at web.de Mon Feb 19 18:46:24 2007 From: marko.karg at web.de (Marko Karg) Date: Mon, 19 Feb 2007 19:46:24 +0100 Subject: [Fedora-directory-users] Empty console window Message-ID: <45D9F080.10605@web.de> Hi, I installed fedora DS 1.0.4 without any problems, slapd and adminserver are up and running. When I start the admin-console, I get stuck after the authorization with an empty console window. I've put the debug output to http://paste.ausil.us/114 so you can have a look on it. Any help is appreciated. Cheers Marko From lesmikesell at gmail.com Mon Feb 19 19:19:43 2007 From: lesmikesell at gmail.com (Les Mikesell) Date: Mon, 19 Feb 2007 13:19:43 -0600 Subject: [Fedora-directory-users] How to make application connect to multi-master set-up? In-Reply-To: References: <782072.82212.qm@web54111.mail.yahoo.com> <45D9DBAC.9040903@gmail.com> Message-ID: <45D9F84F.9030909@gmail.com> Eddie C wrote: > If you custom code your application you can set it up to handle multiple A > records. But you need to recode your applications each application has > to be > reconfigured each time you add a server to the group. No it doesn't. The client just needs to retry on all the IP addresses that the DNS request returns. Add a server, add it's address to DNS, done. > As to the cost factor. Yes buying a load balancer might cost $2000.00. you > might be able to ebay one for $1000.(Linux Virtual Server is open source > and > GPL but that is another story.) You can easily pay $30,000 and up for a load balancer. Remember that it needs to be redundant and more reliable than the servers it balances to help any. Then there is maintenance - and repeat for every site. A good client software library routine would fix it for everyone. > How much does it really cost to recode your > applications, test, and redeploy? Why do it any other way in the first place? If you get alternative DNS addresses and the one you try first doesn't accept your connection, why shouldn't every application do the sensible thing? If IE can do it... > Probably a lot more work then $2000. Our > LDAP database is the corner stone of our company. We would have to recorde > 10 applications to achieve our own round robin. Does this mean you don't have a common library routine that connects to the server? > And would only get some of > the features of a hardware load balancer. And you get some the load balancer can't provide. > Google seems to be taking a hybrid approach. They likely use GEO-DNS, > mutliple A records. and hardware load balancing. Of course they are > multi-datacenter. > > Non-authoritative answer: > Name: www.l.google.com > Addresses: 216.239.37.99, 216.239.37.104 > > I would be willing to bet that 216.239.37.99 and 216.239.37.104 are > hardware load balancers. And you can bet that Google has spent hundreds of thousands on the balancing setup with DNS servers that are aware of the state of the servers behind a large number of local load balancers. > For our deployment I have a two node LDAP system (multi master) If I drop > one of the nodes the IP floats to the other node within a few seconds. We > did not have to recode any application, just configure them with a floating > IP address. Some of our developers have built failover into their apps. I > think its just extra code that there is already a proven solution to. I > am a fan of mutli-master and true TCP load balancing, but thats just me. I use hardware balancers too, but I recognize that most of what they do is cover up a problem of dumb clients that don't know enough to try the alternate address(es) that they already have. -- Les Mikesell lesmikesell at gmail.com From prowley at redhat.com Mon Feb 19 20:18:30 2007 From: prowley at redhat.com (Pete Rowley) Date: Mon, 19 Feb 2007 12:18:30 -0800 Subject: [Fedora-directory-users] ldapsearch on virtual view In-Reply-To: <9711147e0702182301j19611855iab085954bdd77e4f@mail.gmail.com> References: <9711147e0702182301j19611855iab085954bdd77e4f@mail.gmail.com> Message-ID: <45DA0616.4020409@redhat.com> Mikael Kermorgant wrote: > > Isn't there something wrong with this result ? > It is impossible to say without seeing the view filter. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Mon Feb 19 20:19:00 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Mon, 19 Feb 2007 15:19:00 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45D9E632.2000003@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E632.2000003@redhat.com> Message-ID: I attempted to run the following with of course a good directory manager password: ldapmodify -x -D "cn=directory manager" -w password dn: cn=config changetype: modify replace: passwordCheckSyntax passwordCheckSyntax: off And receive a response saying" modifying entry "cn=config" however it doesn't seem that the command ever completes, as control isn't returned back to the command line (I apologize for the newbie questions, however I'm not all that familiar with editing ldap entries from the command line). Thanks. Aaron -----Original Message----- From: Richard Megginson [mailto:rmeggins at redhat.com] Sent: Monday, February 19, 2007 1:02 PM To: General discussion list for the Fedora Directory server project. Cc: Bliss, Aaron Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > After doing some more reading, I did run the setup script, however I'm > still having the login issue with my userid; I also seem to have a few > other problems; any help would be much appreciated. > > [slapd-al-lnx-s11]: starting up server ... > [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 > [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 > (/opt/fedora-ds/slapd-al-lnx-s11) > [slapd-al-lnx-s11]: > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - > Fedora-Directory/1.0.4 B2006.312.435 starting up > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - > agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over > SSL FAILED > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - > agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and requires > administrator action > I think these are ok - ssl is disabled during the upgrade and reenabled at the end - see below. > [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. > Listening on All Interfaces port 389 for LDAP requests > > NMC_Status: 0 > NMC_Description: Success! The server has been started. > > Start Slapd Starting Slapd server reconfiguration. > Fatal Slapd ERROR: Could not update Directory Server Instance > URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id admin > DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > t (19:Constraint violation) > This means password policy was not disabled during the upgrade - as specified in the Release Notes - http://directory.fedora.redhat.com/wiki/Release_Notes#Fedora_Directory_S erver_1.0.4_-_11.2F09.2F2006 > Configuring Administration Server... > InstallInfo: Apache Directory "ApacheDir" is missing. > This may be a consequence of the constraint violation above. > /opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... > Restarting Directory Server: /opt/fedora-ds/slapd-al-lnx-s11/start-slapd > > You can now use the console. Here is the command to use to start the > console: > cd /opt/fedora-ds > /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/ > > INFO Finished with setup, logfile is setup/setup.log > > -----Original Message----- > From: Bliss, Aaron > Sent: Monday, February 19, 2007 12:26 PM > To: Bliss, Aaron; General discussion list for the Fedora Directory > server project. > Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > I should mention that I didn't run setup after upgrading the rpm; is > this necessary? Thanks. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss, > Aaron > Sent: Monday, February 19, 2007 12:07 PM > To: General discussion list for the Fedora Directory server project. > Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Well, I checked out the release notes, and disabled all syntax checking > in all password policies before upgrading; upgrade seems to have gone > okay, however I'm not unable to log into the directory server console; > directory server is running: > ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 > /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i > /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w > root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 > /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f > /opt/fedora-ds/admin-serv/co > > I can however login with the built-in admin account; I'm also able to > still log into the console on the slave directory server (which is still > running fds 1.0.2); login error is error 401 Authorization required; > next line displays status 401. Queries to the server seem to be okay; > It seems almost as if the console either isn't searching the proper > directory (like it's searching the Netscape directory name space or the > console has lost the configuration piece that allows my uid to login); I > remember setting this thru the console way back when I originally setup > fds, however I can't find where that option is thru the gui; any ideas > how to further troubleshoot? Thanks. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Monday, February 19, 2007 10:41 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> Hi everyone >> I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a >> slave); are there any gotchas that I should look out for before >> upgrading to 1.0.4? Can I go directly to this release, or do I need >> to first upgrade to .3? Thanks for your help. >> >> > You can go directly from .2 to .4. > > Be sure to read the release notes - > http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the > directions there. > >> Aaron >> >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> the exclusive use of the individual or entity named above and may >> contain privileged or confidential information. If the reader of this >> > > >> message is not the intended recipient or the employee or agent >> responsible to deliver it to the intended recipient, you are hereby >> notified that dissemination, distribution or copying of this >> information is prohibited. If you have received this communication in >> > > >> error, please notify the sender immediately by telephone and destroy >> the copies you received. >> >> >> > ------------------------------------------------------------------------ > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Mon Feb 19 20:40:14 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 19 Feb 2007 13:40:14 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> <45D9E632.2000003@redhat.com> Message-ID: <45DA0B2E.30000@redhat.com> Bliss, Aaron wrote: > I attempted to run the following with of course a good directory manager > password: > ldapmodify -x -D "cn=directory manager" -w password > dn: cn=config > changetype: modify > replace: passwordCheckSyntax > passwordCheckSyntax: off > > And receive a response saying" modifying entry "cn=config" however it > doesn't seem that the command ever completes, as control isn't returned > back to the command line (I apologize for the newbie questions, however > I'm not all that familiar with editing ldap entries from the command > line). Thanks. > You have to type Ctrl-D (the EOF character) to tell ldapmodify you are done. Also, your modify command must be followed by a blank line, so after the last character input, type Enter, Enter, then Ctrl-D. After typing the second Enter, you should see some feedback about your operation from ldapmodify. > Aaron > > -----Original Message----- > From: Richard Megginson [mailto:rmeggins at redhat.com] > Sent: Monday, February 19, 2007 1:02 PM > To: General discussion list for the Fedora Directory server project. > Cc: Bliss, Aaron > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> After doing some more reading, I did run the setup script, however I'm >> still having the login issue with my userid; I also seem to have a few >> other problems; any help would be much appreciated. >> >> [slapd-al-lnx-s11]: starting up server ... >> [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 >> [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 >> (/opt/fedora-ds/slapd-al-lnx-s11) >> [slapd-al-lnx-s11]: >> [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - >> Fedora-Directory/1.0.4 B2006.312.435 starting up >> [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin >> > - > >> agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over >> SSL FAILED >> [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin >> > - > >> agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and >> > requires > >> administrator action >> >> > I think these are ok - ssl is disabled during the upgrade and reenabled > at the end - see below. > >> [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. >> Listening on All Interfaces port 389 for LDAP requests >> >> NMC_Status: 0 >> NMC_Description: Success! The server has been started. >> >> Start Slapd Starting Slapd server reconfiguration. >> Fatal Slapd ERROR: Could not update Directory Server Instance >> URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id >> > admin > >> DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server >> >> > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > >> t (19:Constraint violation) >> >> > This means password policy was not disabled during the upgrade - as > specified in the Release Notes - > http://directory.fedora.redhat.com/wiki/Release_Notes#Fedora_Directory_S > erver_1.0.4_-_11.2F09.2F2006 > >> Configuring Administration Server... >> InstallInfo: Apache Directory "ApacheDir" is missing. >> >> > This may be a consequence of the constraint violation above. > >> /opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... >> Restarting Directory Server: >> > /opt/fedora-ds/slapd-al-lnx-s11/start-slapd > >> You can now use the console. Here is the command to use to start the >> console: >> cd /opt/fedora-ds >> /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/ >> >> INFO Finished with setup, logfile is setup/setup.log >> >> -----Original Message----- >> From: Bliss, Aaron >> Sent: Monday, February 19, 2007 12:26 PM >> To: Bliss, Aaron; General discussion list for the Fedora Directory >> server project. >> Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds >> > 1.0.4 > >> I should mention that I didn't run setup after upgrading the rpm; is >> this necessary? Thanks. >> >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss, >> Aaron >> Sent: Monday, February 19, 2007 12:07 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds >> > 1.0.4 > >> Well, I checked out the release notes, and disabled all syntax >> > checking > >> in all password policies before upgrading; upgrade seems to have gone >> okay, however I'm not unable to log into the directory server console; >> directory server is running: >> ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 >> /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i >> /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w >> root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 >> /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f >> /opt/fedora-ds/admin-serv/co >> root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 >> /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f >> /opt/fedora-ds/admin-serv/co >> ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 >> /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f >> /opt/fedora-ds/admin-serv/co >> >> I can however login with the built-in admin account; I'm also able to >> still log into the console on the slave directory server (which is >> > still > >> running fds 1.0.2); login error is error 401 Authorization required; >> next line displays status 401. Queries to the server seem to be okay; >> It seems almost as if the console either isn't searching the proper >> directory (like it's searching the Netscape directory name space or >> > the > >> console has lost the configuration piece that allows my uid to login); >> > I > >> remember setting this thru the console way back when I originally >> > setup > >> fds, however I can't find where that option is thru the gui; any ideas >> how to further troubleshoot? Thanks. >> >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >> > Richard > >> Megginson >> Sent: Monday, February 19, 2007 10:41 AM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >> > 1.0.4 > >> Bliss, Aaron wrote: >> >> >>> Hi everyone >>> I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a >>> slave); are there any gotchas that I should look out for before >>> upgrading to 1.0.4? Can I go directly to this release, or do I need >>> to first upgrade to .3? Thanks for your help. >>> >>> >>> >> You can go directly from .2 to .4. >> >> Be sure to read the release notes - >> http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the >> > > >> directions there. >> >> >>> Aaron >>> >>> Confidentiality Notice: >>> The information contained in this electronic message is intended for >>> the exclusive use of the individual or entity named above and may >>> contain privileged or confidential information. If the reader of >>> > this > >>> >>> >> >> >>> message is not the intended recipient or the employee or agent >>> responsible to deliver it to the intended recipient, you are hereby >>> notified that dissemination, distribution or copying of this >>> information is prohibited. If you have received this communication >>> > in > >>> >>> >> >> >>> error, please notify the sender immediately by telephone and destroy >>> the copies you received. >>> >>> >>> >>> > ------------------------------------------------------------------------ > >> >> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Mon Feb 19 20:52:57 2007 From: prowley at redhat.com (Pete Rowley) Date: Mon, 19 Feb 2007 12:52:57 -0800 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45DA0B2E.30000@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E632.2000003@redhat.com> <45DA0B2E.30000@redhat.com> Message-ID: <45DA0E29.6030103@redhat.com> Richard Megginson wrote: > Bliss, Aaron wrote: >> I attempted to run the following with of course a good directory manager >> password: >> ldapmodify -x -D "cn=directory manager" -w password >> dn: cn=config >> changetype: modify >> replace: passwordCheckSyntax >> passwordCheckSyntax: off >> >> And receive a response saying" modifying entry "cn=config" however it >> doesn't seem that the command ever completes, as control isn't returned >> back to the command line (I apologize for the newbie questions, however >> I'm not all that familiar with editing ldap entries from the command >> line). Thanks. >> > You have to type Ctrl-D (the EOF character) to tell ldapmodify you are > done. Also, your modify command must be followed by a blank line, so > after the last character input, type Enter, Enter, then Ctrl-D. After > typing the second Enter, you should see some feedback about your > operation from ldapmodify. Also, I find it much easier to create a file and use the -f option to point to it. Typos aren't such a big deal then and you don't have to remember it's ^D to complete the input :) -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Mon Feb 19 20:55:15 2007 From: prowley at redhat.com (Pete Rowley) Date: Mon, 19 Feb 2007 12:55:15 -0800 Subject: [Fedora-directory-users] NT FDS emulation In-Reply-To: <2873d6f70702190822j14b353a5u88e2159e195dc085@mail.gmail.com> References: <2873d6f70702190822j14b353a5u88e2159e195dc085@mail.gmail.com> Message-ID: <45DA0EB3.4080603@redhat.com> Roman Dronov wrote: > Good day! > My question for FDS developers and guru: > Is anybody know: may FDS last release provides FRS (File Replication > Service > for Windows Clients, this need for replication Group Policies, scripts, > etc.) or this function will be introduced later? > I understand that FRS is only AD feature but it's analog very > important for > migration (from AD to FDS). > What you think about this, gentleman's? You should look into Samba backed by LDAP for this kind of thing. In particular Samba 4 is aiming to look a lot like AD. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From rdronov at gmail.com Mon Feb 19 21:09:52 2007 From: rdronov at gmail.com (Roman Dronov) Date: Tue, 20 Feb 2007 00:09:52 +0300 Subject: [Fedora-directory-users] NT FDS emulation In-Reply-To: <45DA0EB3.4080603@redhat.com> References: <2873d6f70702190822j14b353a5u88e2159e195dc085@mail.gmail.com> <45DA0EB3.4080603@redhat.com> Message-ID: <2873d6f70702191309x7aae2946re4a948d4c0f0b8a2@mail.gmail.com> Thanks. 2007/2/19, Pete Rowley : > Roman Dronov wrote: > > Good day! > > My question for FDS developers and guru: > > Is anybody know: may FDS last release provides FRS (File Replication > > Service > > for Windows Clients, this need for replication Group Policies, scripts, > > etc.) or this function will be introduced later? > > I understand that FRS is only AD feature but it's analog very > > important for > > migration (from AD to FDS). > > What you think about this, gentleman's? > You should look into Samba backed by LDAP for this kind of thing. In > particular Samba 4 is aiming to look a lot like AD. > > -- > Pete > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- ? ?????????, ????? ??????. From sigid.wahyu at gmail.com Tue Feb 20 07:18:55 2007 From: sigid.wahyu at gmail.com (sigid@JINLab) Date: Tue, 20 Feb 2007 15:18:55 +0800 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45D9E084.3060204@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> Message-ID: <45DAA0DF.7000608@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Megginson wrote: > Bliss, Aaron wrote: >> I should mention that I didn't run setup after upgrading the rpm; is >> this necessary? Thanks. >> > Yes. Please read http://directory.fedora.redhat.com/wiki/Release_Notes : > > Finally, run setup as follows: > > cd /opt/fedora-ds ; ./setup/setup refering to the release notes there is no need to run setup again after upgrade. just restart the DS service and admin service. I already try this and the system runs well. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF2qDfa2bg8QmXta0RAifJAJ9to51/Ceqwx7+CFXMhLRfSceUX6ACgp4Ty ZMd8mpL6lzIx6+CGraMad38= =8yKr -----END PGP SIGNATURE----- From jo.de.troy at gmail.com Tue Feb 20 09:55:59 2007 From: jo.de.troy at gmail.com (Jo De Troy) Date: Tue, 20 Feb 2007 10:55:59 +0100 Subject: [Fedora-directory-users] admin console problem: Failed to instantiate Server Object Message-ID: Hello, we have a strange problem. I'm using the console on my Windows machine without a problem and 1 of my collegea's gets an error when trying to access the Directory server from within the console, it does work for both of us when accessing the admin server console. The error he gets is: Failed to instantiate Server Object for Directory Server (server name): com.netscape.admin.dirserv.DSAdmin I copied over my local directory containing the fedora console Thanks in advance, Jo -------------- next part -------------- An HTML attachment was scrubbed... URL: From bkyoung at gmail.com Tue Feb 20 21:22:04 2007 From: bkyoung at gmail.com (Brandon Young) Date: Tue, 20 Feb 2007 15:22:04 -0600 Subject: [Fedora-directory-users] FDS <-> AD Message-ID: <824ffea00702201322l41818d92j71a7033ee50b2036@mail.gmail.com> Hi All. I have been struggling with creating a Windows Sync agreement that works the way I think it's supposed to. Maybe someone can educate me as to what I'm doing wrong. Documentation on this subject is sparse and incomplete. If I can get this problem solved, I would be happy to contribute the detailed document on how I did it back to this list. Sort of a "Complete Idiots Guide to Windows Sync Agreements" or something. First, the way I *think* it's supposed to work ... 1. If I create an account or group in AD, it replicates to FDS 2. If I create an account or group in FDS it replicates to AD 3. If I change a user's password in one directory, it updates in the other >From the Redhat documentation: "The Windows Sync feature allows synchronization of adds, deletes and changes in groups, user entries, and their passwords between Red Hat Directory Server and both Microsoft Active Directory and Microsoft Windows NT 4.0 Server." Seems vague enough. I am left with a big question, though: is it possible to replicate UNIX uid/gid information to Active Directory? Somewhere along the path I got it in my head that I needed to install Windows Services for UNIX in order to share UNIX uid/gid/shell/homedir information between the two directories. Further, I came to believe that the sync agreement code in the Directory Server magically handles the translations between schemas ... that is to say, in AD the UNIX uid is stored as MSSFU30uid (or something close to that), while it's simply uid in FDS; and the sync code does that translation. Is all that wishful thinking on my part? It does not appear to work this way. I have SFU installed in AD. Any UNIX data I put into AD does not replicate down to my FDS. Is there a way to do what I'm talking about? Secondly, it has never been clear to me how changes on the FDS side replicate back up to AD. Do I need to set the replication up as Multimaster/Single Master/?? I'd appreciate any help someone may be able to give -- even if it's just educating me about some misconception I seem to have. -- Brandon From rmeggins at redhat.com Tue Feb 20 21:28:04 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 20 Feb 2007 14:28:04 -0700 Subject: [Fedora-directory-users] FDS <-> AD In-Reply-To: <824ffea00702201322l41818d92j71a7033ee50b2036@mail.gmail.com> References: <824ffea00702201322l41818d92j71a7033ee50b2036@mail.gmail.com> Message-ID: <45DB67E4.1070300@redhat.com> Brandon Young wrote: > Hi All. I have been struggling with creating a Windows Sync agreement > that works the way I think it's supposed to. Maybe someone can > educate me as to what I'm doing wrong. Documentation on this subject > is sparse and incomplete. If I can get this problem solved, I would > be happy to contribute the detailed document on how I did it back to > this list. Sort of a "Complete Idiots Guide to Windows Sync > Agreements" or something. > > First, the way I *think* it's supposed to work ... > 1. If I create an account or group in AD, it replicates to FDS > 2. If I create an account or group in FDS it replicates to AD > 3. If I change a user's password in one directory, it updates in the > other > >> From the Redhat documentation: "The Windows Sync feature allows > synchronization of adds, deletes and changes in groups, user entries, > and their passwords between Red Hat Directory Server and both > Microsoft Active Directory and Microsoft Windows NT 4.0 Server." > Seems vague enough. I am left with a big question, though: is it > possible to replicate UNIX uid/gid information to Active Directory? No. Adding support for POSIX attributes is on our to-do list. > Somewhere along the path I got it in my head that I needed to install > Windows Services for UNIX in order to share UNIX uid/gid/shell/homedir > information between the two directories. Further, I came to believe > that the sync agreement code in the Directory Server magically handles > the translations between schemas ... that is to say, in AD the UNIX > uid is stored as MSSFU30uid (or something close to that), while it's > simply uid in FDS; and the sync code does that translation. > > Is all that wishful thinking on my part? It does not appear to work > this way. I have SFU installed in AD. Any UNIX data I put into AD > does not replicate down to my FDS. Is there a way to do what I'm > talking about? > > Secondly, it has never been clear to me how changes on the FDS side > replicate back up to AD. Do I need to set the replication up as > Multimaster/Single Master/?? No, FDS doesn't use the MMR protocol to communicate with AD. > > I'd appreciate any help someone may be able to give -- even if it's > just educating me about some misconception I seem to have. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rdronov at gmail.com Wed Feb 21 07:13:46 2007 From: rdronov at gmail.com (Roman Dronov) Date: Wed, 21 Feb 2007 10:13:46 +0300 Subject: [Fedora-directory-users] FDS and trusts Message-ID: <2873d6f70702202313n78b77c33k9a0d5ab50196936f@mail.gmail.com> Good day! My question for developers. Can i organize trusts between FDS and AD? For example: user from AD domain can transparently access resources of FDS domain and vice versa. If no, what are you thinking about this function in the future releases of FDS? Or FDS is LDAP database with advanced GUI interface only? And trusts, group policy (and other tools normal in Windows world) required external soft? With the greatest regards, Roman Dronov. From davea at support.kcm.org Wed Feb 21 19:22:57 2007 From: davea at support.kcm.org (Dave Augustus) Date: Wed, 21 Feb 2007 13:22:57 -0600 Subject: [Fedora-directory-users] 2 SSL certs? Message-ID: <1172085777.19251.4.camel@kcm40202.kcmhq.org> Is it possible to have 2 SSL certs installed on FDS, given that I have 2 ip addresses? Thanks, Dave From rmeggins at redhat.com Wed Feb 21 19:35:02 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 21 Feb 2007 12:35:02 -0700 Subject: [Fedora-directory-users] 2 SSL certs? In-Reply-To: <1172085777.19251.4.camel@kcm40202.kcmhq.org> References: <1172085777.19251.4.camel@kcm40202.kcmhq.org> Message-ID: <45DC9EE6.4000907@redhat.com> Dave Augustus wrote: > Is it possible to have 2 SSL certs installed on FDS, given that I have 2 > ip addresses? > No. > Thanks, > Dave > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Wed Feb 21 19:53:28 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Wed, 21 Feb 2007 14:53:28 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45DAA0DF.7000608@gmail.com> References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> Message-ID: Well, unfortunately I'm still having the same problems, even after disabling all password policies in the directory; I'm still getting the constraint violation error as well as the ApacheDir directory error not found; can you tell me what the ApacheDir directory is suppose to be? I'll manually create it and try upgrading again; also, do I need to install fds 1.0.3 before installing fds 1.0.4? Thanks again. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of sigid at JINLab Sent: Tuesday, February 20, 2007 2:19 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Megginson wrote: > Bliss, Aaron wrote: >> I should mention that I didn't run setup after upgrading the rpm; is >> this necessary? Thanks. >> > Yes. Please read http://directory.fedora.redhat.com/wiki/Release_Notes : > > Finally, run setup as follows: > > cd /opt/fedora-ds ; ./setup/setup refering to the release notes there is no need to run setup again after upgrade. just restart the DS service and admin service. I already try this and the system runs well. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF2qDfa2bg8QmXta0RAifJAJ9to51/Ceqwx7+CFXMhLRfSceUX6ACgp4Ty ZMd8mpL6lzIx6+CGraMad38= =8yKr -----END PGP SIGNATURE----- -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. From rmeggins at redhat.com Wed Feb 21 20:54:19 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 21 Feb 2007 13:54:19 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> Message-ID: <45DCB17B.8000002@redhat.com> Bliss, Aaron wrote: > Well, unfortunately I'm still having the same problems, even after > disabling all password policies in the directory; I'm still getting the > constraint violation error Weird. Can you find err=19 in your directory server access log? > as well as the ApacheDir directory error not > found; can you tell me what the ApacheDir directory is suppose to be? > I think you can ignore this. > I'll manually create it and try upgrading again; also, do I need to > install fds 1.0.3 before installing fds 1.0.4? No. You should be able to go straight from 1.0.2 to 1.0.4. > Thanks again. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of > sigid at JINLab > Sent: Tuesday, February 20, 2007 2:19 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Richard Megginson wrote: > >> Bliss, Aaron wrote: >> >>> I should mention that I didn't run setup after upgrading the rpm; is >>> this necessary? Thanks. >>> >>> >> Yes. Please read >> > http://directory.fedora.redhat.com/wiki/Release_Notes : > >> Finally, run setup as follows: >> >> cd /opt/fedora-ds ; ./setup/setup >> > > refering to the release notes there is no need to run setup again after > upgrade. just restart the DS service and admin service. > I already try this and the system runs well. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFF2qDfa2bg8QmXta0RAifJAJ9to51/Ceqwx7+CFXMhLRfSceUX6ACgp4Ty > ZMd8mpL6lzIx6+CGraMad38= > =8yKr > -----END PGP SIGNATURE----- > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > Confidentiality Notice: > The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Thu Feb 22 00:14:12 2007 From: david_list at boreham.org (David Boreham) Date: Wed, 21 Feb 2007 17:14:12 -0700 Subject: [Fedora-directory-users] Error string : 'The server ID must be a valid filename and DN component' Message-ID: <45DCE054.102@boreham.org> Running setup from fedora-ds-1.0.4-1.FC6.i386.opt.rpm on FC6 (updated). I get this inscruitable message right after I enter the uid/gid (happens if I enter root or hit return) in setup. Any pointers on what I'm doing to upset it ? From rmeggins at redhat.com Thu Feb 22 00:53:33 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 21 Feb 2007 17:53:33 -0700 Subject: [Fedora-directory-users] Error string : 'The server ID must be a valid filename and DN component' In-Reply-To: <45DCE054.102@boreham.org> References: <45DCE054.102@boreham.org> Message-ID: <45DCE98D.6000906@redhat.com> David Boreham wrote: > Running setup from fedora-ds-1.0.4-1.FC6.i386.opt.rpm > > > on FC6 (updated). I get this inscruitable message right after > I enter the uid/gid (happens if I enter root or hit return) > in setup. Any pointers on what I'm doing to upset it ? What is the output of hostname and hostname -f? > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Thu Feb 22 02:56:35 2007 From: david_list at boreham.org (David Boreham) Date: Wed, 21 Feb 2007 19:56:35 -0700 Subject: [Fedora-directory-users] Error string : 'The server ID must be a valid filename and DN component' In-Reply-To: <45DCE98D.6000906@redhat.com> References: <45DCE054.102@boreham.org> <45DCE98D.6000906@redhat.com> Message-ID: <45DD0663.8020403@boreham.org> Richard Megginson wrote: > What is the output of hostname and hostname -f? 'servera' and 'servera' From rmeggins at redhat.com Thu Feb 22 03:23:05 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 21 Feb 2007 20:23:05 -0700 Subject: [Fedora-directory-users] Error string : 'The server ID must be a valid filename and DN component' In-Reply-To: <45DD0663.8020403@boreham.org> References: <45DCE054.102@boreham.org> <45DCE98D.6000906@redhat.com> <45DD0663.8020403@boreham.org> Message-ID: <45DD0C99.7080703@redhat.com> David Boreham wrote: > Richard Megginson wrote: > >> What is the output of hostname and hostname -f? > > 'servera' and 'servera' It's failing in the function isValidServerID in ux-dialog.cc The argument to this is the server id, which is usually everything to the left of "." in the FQDN. If you can manually specify either a FQDN in the hostname dialog, or a server ID in the server id dialog, you should not get this error. What does it say is the default server ID? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From david_list at boreham.org Thu Feb 22 03:45:51 2007 From: david_list at boreham.org (David Boreham) Date: Wed, 21 Feb 2007 20:45:51 -0700 Subject: [Fedora-directory-users] Error string : 'The server ID must be a valid filename and DN component' In-Reply-To: <45DD0C99.7080703@redhat.com> References: <45DCE054.102@boreham.org> <45DCE98D.6000906@redhat.com> <45DD0663.8020403@boreham.org> <45DD0C99.7080703@redhat.com> Message-ID: <45DD11EF.2020600@boreham.org> Richard Megginson wrote: > It's failing in the function isValidServerID in ux-dialog.cc The > argument to this is the server id, which is usually everything to the > left of "." in the FQDN. If you can manually specify either a FQDN in > the hostname dialog, or a server ID in the server id dialog, you > should not get this error. What does it say is the default server ID? Thanks, I see. This is a test network so 'servera' is the FQ name, but I can give it a period to make it happy. The default it offers is 'servera' (which presumably it gets from hostname). From ankur_agwal at yahoo.com Thu Feb 22 13:25:54 2007 From: ankur_agwal at yahoo.com (Ankur Agarwal) Date: Thu, 22 Feb 2007 05:25:54 -0800 (PST) Subject: [Fedora-directory-users] Setting password expiry and other rules through command line or script Message-ID: <36260.48321.qm@web54112.mail.yahoo.com> Hi, I have set password rules (expiry, lockout period etc) using RedHat management console. However on Production we do not have access to this console. Hence would be great if you could help me in applying those changes/policies/rules though some command line utility or command. Can i export from dev instance and apply to production somehow? regards, Ankur --------------------------------- No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ABliss at preferredcare.org Thu Feb 22 13:40:10 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Thu, 22 Feb 2007 08:40:10 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45DCB17B.8000002@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> Message-ID: Yep, err=19 was in the output log... [21/Feb/2007:17:08:01 -0500] conn=0 fd=64 slot=64 connection from 172.16.1.126 to 172.16.1.126 [21/Feb/2007:17:08:01 -0500] conn=0 op=0 BIND dn="" method=128 version=3 [21/Feb/2007:17:08:01 -0500] conn=0 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [21/Feb/2007:17:08:01 -0500] conn=0 op=1 SRCH base="cn=monitor" scope=0 filter="(objectClass=*)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:01 -0500] conn=0 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:01 -0500] conn=0 op=2 BIND dn="" method=128 version=3 [21/Feb/2007:17:08:01 -0500] conn=0 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [21/Feb/2007:17:08:01 -0500] conn=0 op=3 SRCH base="o=NetscapeRoot" scope=2 filter="(uid=admin)" attrs=ALL [21/Feb/2007:17:08:01 -0500] conn=0 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:01 -0500] conn=0 op=4 BIND dn="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128 version=3 [21/Feb/2007:17:08:01 -0500] conn=0 op=4 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" [21/Feb/2007:17:08:01 -0500] conn=0 op=5 SRCH base="cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org, o=NetscapeRoot" scope=2 filter="(&(objectClass=nsApplication)(nsNickName=slapd)(nsInstalledLocat ion=/opt/fedora-ds))" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=5 RESULT err=0 tag=101 nentries=1 etime=1 [21/Feb/2007:17:08:02 -0500] conn=0 op=6 SRCH base="cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t" scope=0 filter="(objectClass=*)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=7 MOD dn="cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t" [21/Feb/2007:17:08:02 -0500] conn=0 op=7 RESULT err=0 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=8 SRCH base="cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t" scope=1 filter="(objectClass=nsDirectoryServer)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=9 SRCH base="cn=slapd-al-lnx-s11, cn=Fedora Directory Server, cn=Server Group, cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org, o=NetscapeRoot" scope=0 filter="(objectClass=*)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=10 SRCH base="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t" scope=0 filter="(objectClass=*)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t", invalid password syntax [21/Feb/2007:17:08:02 -0500] conn=0 op=12 UNBIND [21/Feb/2007:17:08:02 -0500] conn=0 op=12 fd=64 closed - U1 Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Wednesday, February 21, 2007 3:54 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > Well, unfortunately I'm still having the same problems, even after > disabling all password policies in the directory; I'm still getting the > constraint violation error >>Weird. Can you find err=19 in your directory server access log? Yes, I found the error, it reads conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 -I'm not sure what this means, but it may be meaningful to you > as well as the ApacheDir directory error not > found; can you tell me what the ApacheDir directory is suppose to be? > I think you can ignore this. > I'll manually create it and try upgrading again; also, do I need to > install fds 1.0.3 before installing fds 1.0.4? No. You should be able to go straight from 1.0.2 to 1.0.4. > Thanks again. > > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of > sigid at JINLab > Sent: Tuesday, February 20, 2007 2:19 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Richard Megginson wrote: > >> Bliss, Aaron wrote: >> >>> I should mention that I didn't run setup after upgrading the rpm; is >>> this necessary? Thanks. >>> >>> >> Yes. Please read >> > http://directory.fedora.redhat.com/wiki/Release_Notes : > >> Finally, run setup as follows: >> >> cd /opt/fedora-ds ; ./setup/setup >> > > refering to the release notes there is no need to run setup again after > upgrade. just restart the DS service and admin service. > I already try this and the system runs well. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFF2qDfa2bg8QmXta0RAifJAJ9to51/Ceqwx7+CFXMhLRfSceUX6ACgp4Ty > ZMd8mpL6lzIx6+CGraMad38= > =8yKr > -----END PGP SIGNATURE----- > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > Confidentiality Notice: > The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Thu Feb 22 15:02:19 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Feb 2007 08:02:19 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> Message-ID: <45DDB07B.3080106@redhat.com> Bliss, Aaron wrote: > Yep, err=19 was in the output log... > > > [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 > nentries=0 etime=0 > [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD > dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > t", invalid password syntax > This means that there is still some password policy being applied. I'm not sure what's going on, but you need to make sure all password policy is disabled before running setup. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Feb 22 15:07:07 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Feb 2007 08:07:07 -0700 Subject: [Fedora-directory-users] Setting password expiry and other rules through command line or script In-Reply-To: <36260.48321.qm@web54112.mail.yahoo.com> References: <36260.48321.qm@web54112.mail.yahoo.com> Message-ID: <45DDB19B.2070604@redhat.com> Ankur Agarwal wrote: > Hi, > > I have set password rules (expiry, lockout period etc) using RedHat > management console. However on Production we do not have access to > this console. Hence would be great if you could help me in applying > those changes/policies/rules though some command line utility or command. http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1077081 > > Can i export from dev instance and apply to production somehow? > > regards, > Ankur > > ------------------------------------------------------------------------ > No need to miss a message. Get email on-the-go > > with Yahoo! Mail for Mobile. Get started. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Thu Feb 22 15:46:48 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Thu, 22 Feb 2007 10:46:48 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45DDB07B.3080106@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> <45DDB07B.3080106@redhat.com> Message-ID: I thought that you might say that...I'm not really sure where else there would be a password policy getting applied, is there any kind of custom ldap query that I would use to figure what dn's the policy is defined at? Thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > Yep, err=19 was in the output log... > > > [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 > nentries=0 etime=0 > [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD > dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > t", invalid password syntax > This means that there is still some password policy being applied. I'm not sure what's going on, but you need to make sure all password policy is disabled before running setup. Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. From rmeggins at redhat.com Thu Feb 22 15:48:50 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Feb 2007 08:48:50 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> <45DDB07B.3080106@redhat.com> Message-ID: <45DDBB62.5090407@redhat.com> Bliss, Aaron wrote: > I thought that you might say that...I'm not really sure where else there > would be a password policy getting applied, is there any kind of custom > ldap query that I would use to figure what dn's the policy is defined > at? Thanks. > Are you using global password policy or per-user/per-subtree? > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Thursday, February 22, 2007 10:02 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> Yep, err=19 was in the output log... >> >> > > >> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 >> nentries=0 etime=0 >> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD >> dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server >> >> > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > >> t", invalid password syntax >> >> > This means that there is still some password policy being applied. I'm > not sure what's going on, but you need to make sure all password policy > is disabled before running setup. > > > Confidentiality Notice: > The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Thu Feb 22 15:52:59 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Thu, 22 Feb 2007 10:52:59 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45DDBB62.5090407@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> <45DDB07B.3080106@redhat.com> <45DDBB62.5090407@redhat.com> Message-ID: I had both in place; a few users had individual password policies that I disabled, as well as a global password policy Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 10:49 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > I thought that you might say that...I'm not really sure where else there > would be a password policy getting applied, is there any kind of custom > ldap query that I would use to figure what dn's the policy is defined > at? Thanks. > Are you using global password policy or per-user/per-subtree? > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Thursday, February 22, 2007 10:02 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> Yep, err=19 was in the output log... >> >> > > >> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 >> nentries=0 etime=0 >> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD >> dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server >> >> > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > >> t", invalid password syntax >> >> > This means that there is still some password policy being applied. I'm > not sure what's going on, but you need to make sure all password policy > is disabled before running setup. > > > Confidentiality Notice: > The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Thu Feb 22 15:56:18 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Feb 2007 08:56:18 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> <45DDB07B.3080106@redhat.com> <45DDBB62.5090407@redhat.com> Message-ID: <45DDBD22.6020004@redhat.com> Bliss, Aaron wrote: > I had both in place; a few users had individual password policies that I > disabled, as well as a global password policy > I just don't know. The DN in question is under o=NetscapeRoot - I doubt you would have applied any user or subtree password policy there, so it must be the global password policy. Are you using the console? Can you verify that global password policy is disabled? > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Thursday, February 22, 2007 10:49 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> I thought that you might say that...I'm not really sure where else >> > there > >> would be a password policy getting applied, is there any kind of >> > custom > >> ldap query that I would use to figure what dn's the policy is defined >> at? Thanks. >> >> > Are you using global password policy or per-user/per-subtree? > >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >> > Richard > >> Megginson >> Sent: Thursday, February 22, 2007 10:02 AM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >> > 1.0.4 > >> Bliss, Aaron wrote: >> >> >>> Yep, err=19 was in the output log... >>> >>> >>> >> >> >> >>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 >>> nentries=0 etime=0 >>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD >>> dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server >>> >>> >>> > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > >> >> >>> t", invalid password syntax >>> >>> >>> >> This means that there is still some password policy being applied. >> > I'm > >> not sure what's going on, but you need to make sure all password >> > policy > >> is disabled before running setup. >> >> >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this information > is prohibited. If you have received this communication in error, please > notify the sender immediately by telephone and destroy the copies you > received. > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Thu Feb 22 18:23:29 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Thu, 22 Feb 2007 13:23:29 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45DDBD22.6020004@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> <45DDB07B.3080106@redhat.com> <45DDBB62.5090407@redhat.com> <45DDBD22.6020004@redhat.com> Message-ID: More progress; I've been able to find the lonely password policy that wasn't disabled; turns out the entire policy had to be disabled, not just the password syntax checking piece; so the setup piece finished without a hitch, Directory server shows version 1.0.4, however my userid is still unable to log into the console; this is so peculiar; I'm able to login as admin only; the directory console error log shows "user myuserid not found: /admin-serv/authenticate"; I've verified that myuserid is listed as follows; after logging into the console with the admin account, servername, server group, right click Administration Server, set access permissions; I did the same for the Directory Server. I'm just not sure what/where else to check...it's almost as if authenticating to the console is only searching the Netscape root, not the user directory database...Any other ideas? Thanks again. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 10:56 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > I had both in place; a few users had individual password policies that I > disabled, as well as a global password policy > I just don't know. The DN in question is under o=NetscapeRoot - I doubt you would have applied any user or subtree password policy there, so it must be the global password policy. Are you using the console? Can you verify that global password policy is disabled? > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Thursday, February 22, 2007 10:49 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> I thought that you might say that...I'm not really sure where else >> > there > >> would be a password policy getting applied, is there any kind of >> > custom > >> ldap query that I would use to figure what dn's the policy is defined >> at? Thanks. >> >> > Are you using global password policy or per-user/per-subtree? > >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >> > Richard > >> Megginson >> Sent: Thursday, February 22, 2007 10:02 AM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >> > 1.0.4 > >> Bliss, Aaron wrote: >> >> >>> Yep, err=19 was in the output log... >>> >>> >>> >> >> >> >>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 >>> nentries=0 etime=0 >>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD >>> dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server >>> >>> >>> > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > >> >> >>> t", invalid password syntax >>> >>> >>> >> This means that there is still some password policy being applied. >> > I'm > >> not sure what's going on, but you need to make sure all password >> > policy > >> is disabled before running setup. >> >> >> Confidentiality Notice: >> The information contained in this electronic message is intended for >> > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this information > is prohibited. If you have received this communication in error, please > notify the sender immediately by telephone and destroy the copies you > received. > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Thu Feb 22 19:22:05 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Feb 2007 12:22:05 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> <45DDB07B.3080106@redhat.com> <45DDBB62.5090407@redhat.com> <45DDBD22.6020004@redhat.com> Message-ID: <45DDED5D.7020801@redhat.com> Bliss, Aaron wrote: > More progress; I've been able to find the lonely password policy that > wasn't disabled; turns out the entire policy had to be disabled, not > just the password syntax checking piece; so the setup piece finished > without a hitch, Directory server shows version 1.0.4, however my userid > is still unable to log into the console; this is so peculiar; I'm able > to login as admin only; the directory console error log shows "user > myuserid not found: /admin-serv/authenticate"; I've verified that > myuserid is listed as follows; after logging into the console with the > admin account, servername, server group, right click Administration > Server, set access permissions; I did the same for the Directory Server. > I'm just not sure what/where else to check...it's almost as if > authenticating to the console is only searching the Netscape root, not > the user directory database...Any other ideas? Thanks again. > So, before the upgrade, you were able to login to the console using a regular user account, and now you are not able to? Did you login with just your uid or did you have to specify your full DN? > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Thursday, February 22, 2007 10:56 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> I had both in place; a few users had individual password policies that >> > I > >> disabled, as well as a global password policy >> >> > I just don't know. The DN in question is under o=NetscapeRoot - I doubt > > you would have applied any user or subtree password policy there, so it > must be the global password policy. Are you using the console? Can you > > verify that global password policy is disabled? > >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >> > Richard > >> Megginson >> Sent: Thursday, February 22, 2007 10:49 AM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >> > 1.0.4 > >> Bliss, Aaron wrote: >> >> >>> I thought that you might say that...I'm not really sure where else >>> >>> >> there >> >> >>> would be a password policy getting applied, is there any kind of >>> >>> >> custom >> >> >>> ldap query that I would use to figure what dn's the policy is defined >>> at? Thanks. >>> >>> >>> >> Are you using global password policy or per-user/per-subtree? >> >> >>> Aaron >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces at redhat.com >>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>> >>> >> Richard >> >> >>> Megginson >>> Sent: Thursday, February 22, 2007 10:02 AM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >>> >>> >> 1.0.4 >> >> >>> Bliss, Aaron wrote: >>> >>> >>> >>>> Yep, err=19 was in the output log... >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 >>>> nentries=0 etime=0 >>>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD >>>> dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server >>>> >>>> >>>> >>>> > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > >> >> >>> >>> >>> >>>> t", invalid password syntax >>>> >>>> >>>> >>>> >>> This means that there is still some password policy being applied. >>> >>> >> I'm >> >> >>> not sure what's going on, but you need to make sure all password >>> >>> >> policy >> >> >>> is disabled before running setup. >>> >>> >>> Confidentiality Notice: >>> The information contained in this electronic message is intended for >>> >>> >> the exclusive use of the individual or entity named above and may >> contain privileged or confidential information. If the reader of this >> message is not the intended recipient or the employee or agent >> responsible to deliver it to the intended recipient, you are hereby >> notified that dissemination, distribution or copying of this >> > information > >> is prohibited. If you have received this communication in error, >> > please > >> notify the sender immediately by telephone and destroy the copies you >> received. >> >> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Thu Feb 22 19:29:46 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Thu, 22 Feb 2007 14:29:46 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45DDED5D.7020801@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> <45DDB07B.3080106@redhat.com> <45DDBB62.5090407@redhat.com> <45DDBD22.6020004@redhat.com> <45DDED5D.7020801@redhat.com> Message-ID: Yes, before the upgrade I was able to login with my userid, was not fully qualified; I just tried fully qualifying my userid and it works...not sure if this is a bug... Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 2:22 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > More progress; I've been able to find the lonely password policy that > wasn't disabled; turns out the entire policy had to be disabled, not > just the password syntax checking piece; so the setup piece finished > without a hitch, Directory server shows version 1.0.4, however my userid > is still unable to log into the console; this is so peculiar; I'm able > to login as admin only; the directory console error log shows "user > myuserid not found: /admin-serv/authenticate"; I've verified that > myuserid is listed as follows; after logging into the console with the > admin account, servername, server group, right click Administration > Server, set access permissions; I did the same for the Directory Server. > I'm just not sure what/where else to check...it's almost as if > authenticating to the console is only searching the Netscape root, not > the user directory database...Any other ideas? Thanks again. > So, before the upgrade, you were able to login to the console using a regular user account, and now you are not able to? Did you login with just your uid or did you have to specify your full DN? > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Thursday, February 22, 2007 10:56 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> I had both in place; a few users had individual password policies that >> > I > >> disabled, as well as a global password policy >> >> > I just don't know. The DN in question is under o=NetscapeRoot - I doubt > > you would have applied any user or subtree password policy there, so it > must be the global password policy. Are you using the console? Can you > > verify that global password policy is disabled? > >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >> > Richard > >> Megginson >> Sent: Thursday, February 22, 2007 10:49 AM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >> > 1.0.4 > >> Bliss, Aaron wrote: >> >> >>> I thought that you might say that...I'm not really sure where else >>> >>> >> there >> >> >>> would be a password policy getting applied, is there any kind of >>> >>> >> custom >> >> >>> ldap query that I would use to figure what dn's the policy is defined >>> at? Thanks. >>> >>> >>> >> Are you using global password policy or per-user/per-subtree? >> >> >>> Aaron >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces at redhat.com >>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>> >>> >> Richard >> >> >>> Megginson >>> Sent: Thursday, February 22, 2007 10:02 AM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >>> >>> >> 1.0.4 >> >> >>> Bliss, Aaron wrote: >>> >>> >>> >>>> Yep, err=19 was in the output log... >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 >>>> nentries=0 etime=0 >>>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD >>>> dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server >>>> >>>> >>>> >>>> > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > >> >> >>> >>> >>> >>>> t", invalid password syntax >>>> >>>> >>>> >>>> >>> This means that there is still some password policy being applied. >>> >>> >> I'm >> >> >>> not sure what's going on, but you need to make sure all password >>> >>> >> policy >> >> >>> is disabled before running setup. >>> >>> >>> Confidentiality Notice: >>> The information contained in this electronic message is intended for >>> >>> >> the exclusive use of the individual or entity named above and may >> contain privileged or confidential information. If the reader of this >> message is not the intended recipient or the employee or agent >> responsible to deliver it to the intended recipient, you are hereby >> notified that dissemination, distribution or copying of this >> > information > >> is prohibited. If you have received this communication in error, >> > please > >> notify the sender immediately by telephone and destroy the copies you >> received. >> >> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Thu Feb 22 19:46:18 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Feb 2007 12:46:18 -0700 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> <45DDB07B.3080106@redhat.com> <45DDBB62.5090407@redhat.com> <45DDBD22.6020004@redhat.com> <45DDED5D.7020801@redhat.com> Message-ID: <45DDF30A.8050404@redhat.com> Bliss, Aaron wrote: > Yes, before the upgrade I was able to login with my userid, was not > fully qualified; I just tried fully qualifying my userid and it > works...not sure if this is a bug... > I'm really surprised that it ever worked. Did you have to do anything to make that work? I don't know how to make the console dialog box search somewhere other than o=NetscapeRoot. > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Thursday, February 22, 2007 2:22 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> More progress; I've been able to find the lonely password policy that >> wasn't disabled; turns out the entire policy had to be disabled, not >> just the password syntax checking piece; so the setup piece finished >> without a hitch, Directory server shows version 1.0.4, however my >> > userid > >> is still unable to log into the console; this is so peculiar; I'm able >> to login as admin only; the directory console error log shows "user >> myuserid not found: /admin-serv/authenticate"; I've verified that >> myuserid is listed as follows; after logging into the console with the >> admin account, servername, server group, right click Administration >> Server, set access permissions; I did the same for the Directory >> > Server. > >> I'm just not sure what/where else to check...it's almost as if >> authenticating to the console is only searching the Netscape root, not >> the user directory database...Any other ideas? Thanks again. >> >> > So, before the upgrade, you were able to login to the console using a > regular user account, and now you are not able to? Did you login with > just your uid or did you have to specify your full DN? > >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >> > Richard > >> Megginson >> Sent: Thursday, February 22, 2007 10:56 AM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >> > 1.0.4 > >> Bliss, Aaron wrote: >> >> >>> I had both in place; a few users had individual password policies >>> > that > >>> >>> >> I >> >> >>> disabled, as well as a global password policy >>> >>> >>> >> I just don't know. The DN in question is under o=NetscapeRoot - I >> > doubt > >> you would have applied any user or subtree password policy there, so >> > it > >> must be the global password policy. Are you using the console? Can >> > you > >> verify that global password policy is disabled? >> >> >>> Aaron >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces at redhat.com >>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>> >>> >> Richard >> >> >>> Megginson >>> Sent: Thursday, February 22, 2007 10:49 AM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >>> >>> >> 1.0.4 >> >> >>> Bliss, Aaron wrote: >>> >>> >>> >>>> I thought that you might say that...I'm not really sure where else >>>> >>>> >>>> >>> there >>> >>> >>> >>>> would be a password policy getting applied, is there any kind of >>>> >>>> >>>> >>> custom >>> >>> >>> >>>> ldap query that I would use to figure what dn's the policy is >>>> > defined > >>>> at? Thanks. >>>> >>>> >>>> >>>> >>> Are you using global password policy or per-user/per-subtree? >>> >>> >>> >>>> Aaron >>>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces at redhat.com >>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>>> >>>> >>>> >>> Richard >>> >>> >>> >>>> Megginson >>>> Sent: Thursday, February 22, 2007 10:02 AM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >>>> >>>> >>>> >>> 1.0.4 >>> >>> >>> >>>> Bliss, Aaron wrote: >>>> >>>> >>>> >>>> >>>>> Yep, err=19 was in the output log... >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>>>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 >>>>> nentries=0 etime=0 >>>>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD >>>>> dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server >>>>> >>>>> >>>>> >>>>> >>>>> > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > >> >> >>> >>> >>> >>>> >>>> >>>> >>>> >>>>> t", invalid password syntax >>>>> >>>>> >>>>> >>>>> >>>>> >>>> This means that there is still some password policy being applied. >>>> >>>> >>>> >>> I'm >>> >>> >>> >>>> not sure what's going on, but you need to make sure all password >>>> >>>> >>>> >>> policy >>> >>> >>> >>>> is disabled before running setup. >>>> >>>> >>>> Confidentiality Notice: >>>> The information contained in this electronic message is intended for >>>> >>>> >>>> >>> the exclusive use of the individual or entity named above and may >>> contain privileged or confidential information. If the reader of >>> > this > >>> message is not the intended recipient or the employee or agent >>> responsible to deliver it to the intended recipient, you are hereby >>> notified that dissemination, distribution or copying of this >>> >>> >> information >> >> >>> is prohibited. If you have received this communication in error, >>> >>> >> please >> >> >>> notify the sender immediately by telephone and destroy the copies you >>> received. >>> >>> >>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ABliss at preferredcare.org Thu Feb 22 19:51:07 2007 From: ABliss at preferredcare.org (Bliss, Aaron) Date: Thu, 22 Feb 2007 14:51:07 -0500 Subject: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 In-Reply-To: <45DDF30A.8050404@redhat.com> References: <45D9C4F0.3060401@redhat.com> <45D9E084.3060204@redhat.com> <45DAA0DF.7000608@gmail.com> <45DCB17B.8000002@redhat.com> <45DDB07B.3080106@redhat.com> <45DDBB62.5090407@redhat.com> <45DDBD22.6020004@redhat.com> <45DDED5D.7020801@redhat.com> <45DDF30A.8050404@redhat.com> Message-ID: No, never had to fully qualify my uid before...at any rate, thanks very much for working thru this with me...All seems okay. Aaron -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 2:46 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 Bliss, Aaron wrote: > Yes, before the upgrade I was able to login with my userid, was not > fully qualified; I just tried fully qualifying my userid and it > works...not sure if this is a bug... > I'm really surprised that it ever worked. Did you have to do anything to make that work? I don't know how to make the console dialog box search somewhere other than o=NetscapeRoot. > Aaron > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard > Megginson > Sent: Thursday, February 22, 2007 2:22 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4 > > Bliss, Aaron wrote: > >> More progress; I've been able to find the lonely password policy that >> wasn't disabled; turns out the entire policy had to be disabled, not >> just the password syntax checking piece; so the setup piece finished >> without a hitch, Directory server shows version 1.0.4, however my >> > userid > >> is still unable to log into the console; this is so peculiar; I'm able >> to login as admin only; the directory console error log shows "user >> myuserid not found: /admin-serv/authenticate"; I've verified that >> myuserid is listed as follows; after logging into the console with the >> admin account, servername, server group, right click Administration >> Server, set access permissions; I did the same for the Directory >> > Server. > >> I'm just not sure what/where else to check...it's almost as if >> authenticating to the console is only searching the Netscape root, not >> the user directory database...Any other ideas? Thanks again. >> >> > So, before the upgrade, you were able to login to the console using a > regular user account, and now you are not able to? Did you login with > just your uid or did you have to specify your full DN? > >> Aaron >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >> > Richard > >> Megginson >> Sent: Thursday, February 22, 2007 10:56 AM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >> > 1.0.4 > >> Bliss, Aaron wrote: >> >> >>> I had both in place; a few users had individual password policies >>> > that > >>> >>> >> I >> >> >>> disabled, as well as a global password policy >>> >>> >>> >> I just don't know. The DN in question is under o=NetscapeRoot - I >> > doubt > >> you would have applied any user or subtree password policy there, so >> > it > >> must be the global password policy. Are you using the console? Can >> > you > >> verify that global password policy is disabled? >> >> >>> Aaron >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces at redhat.com >>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>> >>> >> Richard >> >> >>> Megginson >>> Sent: Thursday, February 22, 2007 10:49 AM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >>> >>> >> 1.0.4 >> >> >>> Bliss, Aaron wrote: >>> >>> >>> >>>> I thought that you might say that...I'm not really sure where else >>>> >>>> >>>> >>> there >>> >>> >>> >>>> would be a password policy getting applied, is there any kind of >>>> >>>> >>>> >>> custom >>> >>> >>> >>>> ldap query that I would use to figure what dn's the policy is >>>> > defined > >>>> at? Thanks. >>>> >>>> >>>> >>>> >>> Are you using global password policy or per-user/per-subtree? >>> >>> >>> >>>> Aaron >>>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces at redhat.com >>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of >>>> >>>> >>>> >>> Richard >>> >>> >>> >>>> Megginson >>>> Sent: Thursday, February 22, 2007 10:02 AM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds >>>> >>>> >>>> >>> 1.0.4 >>> >>> >>> >>>> Bliss, Aaron wrote: >>>> >>>> >>>> >>>> >>>>> Yep, err=19 was in the output log... >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>>>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 >>>>> nentries=0 etime=0 >>>>> [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD >>>>> dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server >>>>> >>>>> >>>>> >>>>> >>>>> > Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo > >> >> >>> >>> >>> >>>> >>>> >>>> >>>> >>>>> t", invalid password syntax >>>>> >>>>> >>>>> >>>>> >>>>> >>>> This means that there is still some password policy being applied. >>>> >>>> >>>> >>> I'm >>> >>> >>> >>>> not sure what's going on, but you need to make sure all password >>>> >>>> >>>> >>> policy >>> >>> >>> >>>> is disabled before running setup. >>>> >>>> >>>> Confidentiality Notice: >>>> The information contained in this electronic message is intended for >>>> >>>> >>>> >>> the exclusive use of the individual or entity named above and may >>> contain privileged or confidential information. If the reader of >>> > this > >>> message is not the intended recipient or the employee or agent >>> responsible to deliver it to the intended recipient, you are hereby >>> notified that dissemination, distribution or copying of this >>> >>> >> information >> >> >>> is prohibited. If you have received this communication in error, >>> >>> >> please >> >> >>> notify the sender immediately by telephone and destroy the copies you >>> received. >>> >>> >>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From richard at powerset.com Thu Feb 22 20:03:37 2007 From: richard at powerset.com (Richard Hesse) Date: Thu, 22 Feb 2007 12:03:37 -0800 Subject: [Fedora-directory-users] Admin server installation failed, which logfile should I check? Message-ID: Background: Installing a new DS into an existing FDS configuration container. Existing container is fds1.hq.powerset.com, I'm installing a new server as fds1.sv.powerset.com and writing the configuration info to fds1.hq.powerset.com. Here's my setup log: [slapd-fds1]: [22/Feb/2007:19:38:46 +0000] - slapd started. Listening on All In terfaces port 389 for LDAP requests Your new directory server has been started. Created new Directory Server Start Slapd Starting Slapd server configuration. Success Slapd Added Directory Server information to Configuration Server. Configuring Administration Server... Setting up Administration Server Instance... ERROR: Administration Server configuration failed. You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds ./startconsole -u admin -a http://fds1.sv.powerset.com:22628/ INFO Finished with setup, logfile is setup/setup.log The configuration information was successfully written to fds1.hq, but the admin server on fds1.sv was not setup correctly. I tried looking around for any relevant logfiles, but couldn't find any. Any suggestions on where to look? Thanks. -richard From rmeggins at redhat.com Thu Feb 22 20:50:23 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Feb 2007 13:50:23 -0700 Subject: [Fedora-directory-users] Admin server installation failed, which logfile should I check? In-Reply-To: References: Message-ID: <45DE020F.9080905@redhat.com> Richard Hesse wrote: > Background: > Installing a new DS into an existing FDS configuration container. Existing > container is fds1.hq.powerset.com, I'm installing a new server as > fds1.sv.powerset.com and writing the configuration info to > fds1.hq.powerset.com. > > Here's my setup log: > [slapd-fds1]: [22/Feb/2007:19:38:46 +0000] - slapd started. Listening on > All In > terfaces port 389 for LDAP requests > Your new directory server has been started. > Created new Directory Server > Start Slapd Starting Slapd server configuration. > Success Slapd Added Directory Server information to Configuration Server. > Configuring Administration Server... > Setting up Administration Server Instance... > ERROR: Administration Server configuration failed. > You can now use the console. Here is the command to use to start the > console: > cd /opt/fedora-ds > ./startconsole -u admin -a http://fds1.sv.powerset.com:22628/ > INFO Finished with setup, logfile is setup/setup.log > > The configuration information was successfully written to fds1.hq, but the > admin server on fds1.sv was not setup correctly. I tried looking around for > any relevant logfiles, but couldn't find any. Any suggestions on where to > look? Thanks. > Try admin-serv/logs > -richard > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Thu Feb 22 20:57:18 2007 From: richard at powerset.com (Richard Hesse) Date: Thu, 22 Feb 2007 12:57:18 -0800 Subject: [Fedora-directory-users] Admin server installation failed, which logfile should I check? In-Reply-To: <45DE020F.9080905@redhat.com> Message-ID: Tried checking there initially, but the directory is empty. Also of note, none of the start, stop, or restart-admin scripts were created. -richard On 2/22/07 12:50 PM, "Richard Megginson" wrote: >> The configuration information was successfully written to fds1.hq, but the >> admin server on fds1.sv was not setup correctly. I tried looking around for >> any relevant logfiles, but couldn't find any. Any suggestions on where to >> look? Thanks. >> > Try admin-serv/logs From rmeggins at redhat.com Thu Feb 22 21:06:28 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Feb 2007 14:06:28 -0700 Subject: [Fedora-directory-users] Admin server installation failed, which logfile should I check? In-Reply-To: References: Message-ID: <45DE05D4.6070708@redhat.com> Richard Hesse wrote: > Tried checking there initially, but the directory is empty. Also of note, > none of the start, stop, or restart-admin scripts were created. > Anything in the setup log? Look in the setup directory. > -richard > > On 2/22/07 12:50 PM, "Richard Megginson" wrote: > > >>> The configuration information was successfully written to fds1.hq, but the >>> admin server on fds1.sv was not setup correctly. I tried looking around for >>> any relevant logfiles, but couldn't find any. Any suggestions on where to >>> look? Thanks. >>> >>> >> Try admin-serv/logs >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Thu Feb 22 21:21:30 2007 From: richard at powerset.com (Richard Hesse) Date: Thu, 22 Feb 2007 13:21:30 -0800 Subject: [Fedora-directory-users] Admin server installation failed, which logfile should I check? In-Reply-To: <45DE05D4.6070708@redhat.com> Message-ID: My initial post included the snippet from setup.log which was lacking any real information. Is there an argument to run setup in a more verbose debugging mode? Thanks. -richard On 2/22/07 1:06 PM, "Richard Megginson" wrote: > Richard Hesse wrote: >> Tried checking there initially, but the directory is empty. Also of note, >> none of the start, stop, or restart-admin scripts were created. >> > Anything in the setup log? Look in the setup directory. >> -richard >> >> On 2/22/07 12:50 PM, "Richard Megginson" wrote: >> >> >>>> The configuration information was successfully written to fds1.hq, but the >>>> admin server on fds1.sv was not setup correctly. I tried looking around for >>>> any relevant logfiles, but couldn't find any. Any suggestions on where to >>>> look? Thanks. >>>> >>>> >>> Try admin-serv/logs >>> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From rmeggins at redhat.com Thu Feb 22 21:22:12 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 22 Feb 2007 14:22:12 -0700 Subject: [Fedora-directory-users] Admin server installation failed, which logfile should I check? In-Reply-To: References: Message-ID: <45DE0984.20701@redhat.com> Richard Hesse wrote: > My initial post included the snippet from setup.log which was lacking any > real information. Is there an argument to run setup in a more verbose > debugging mode? Thanks. > No, not really. Do you have any corefiles? find /opt/fedora-ds -name core.\* -ls You may have to use ulimit -c unlimited to allow setup to produce core files. > -richard > > On 2/22/07 1:06 PM, "Richard Megginson" wrote: > > >> Richard Hesse wrote: >> >>> Tried checking there initially, but the directory is empty. Also of note, >>> none of the start, stop, or restart-admin scripts were created. >>> >>> >> Anything in the setup log? Look in the setup directory. >> >>> -richard >>> >>> On 2/22/07 12:50 PM, "Richard Megginson" wrote: >>> >>> >>> >>>>> The configuration information was successfully written to fds1.hq, but the >>>>> admin server on fds1.sv was not setup correctly. I tried looking around for >>>>> any relevant logfiles, but couldn't find any. Any suggestions on where to >>>>> look? Thanks. >>>>> >>>>> >>>>> >>>> Try admin-serv/logs >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Fri Feb 23 00:10:26 2007 From: richard at powerset.com (Richard Hesse) Date: Thu, 22 Feb 2007 16:10:26 -0800 Subject: [Fedora-directory-users] Admin server installation failed, which logfile should I check? In-Reply-To: <45DE0984.20701@redhat.com> Message-ID: Nope, no core files. No success on successive attempts either. Question though, the firewall between the configuration server and new server only allows TCP 389 and 636 through. Are there any other ports used or is it all TCP 389? I ask because the LDAP DS portion is written ok, just not the admin. -richard On 2/22/07 1:22 PM, "Richard Megginson" wrote: > Richard Hesse wrote: >> My initial post included the snippet from setup.log which was lacking any >> real information. Is there an argument to run setup in a more verbose >> debugging mode? Thanks. >> > No, not really. Do you have any corefiles? find /opt/fedora-ds -name > core.\* -ls > You may have to use ulimit -c unlimited to allow setup to produce core > files. >> -richard >> >> On 2/22/07 1:06 PM, "Richard Megginson" wrote: >> >> >>> Richard Hesse wrote: >>> >>>> Tried checking there initially, but the directory is empty. Also of note, >>>> none of the start, stop, or restart-admin scripts were created. >>>> >>>> >>> Anything in the setup log? Look in the setup directory. >>> >>>> -richard >>>> >>>> On 2/22/07 12:50 PM, "Richard Megginson" wrote: >>>> >>>> >>>> >>>>>> The configuration information was successfully written to fds1.hq, but >>>>>> the >>>>>> admin server on fds1.sv was not setup correctly. I tried looking around >>>>>> for >>>>>> any relevant logfiles, but couldn't find any. Any suggestions on where to >>>>>> look? Thanks. >>>>>> >>>>>> >>>>>> >>>>> Try admin-serv/logs >>>>> >>>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From richard at powerset.com Fri Feb 23 00:27:09 2007 From: richard at powerset.com (Richard Hesse) Date: Thu, 22 Feb 2007 16:27:09 -0800 Subject: [Fedora-directory-users] Admin server installation failed, which logfile should I check? In-Reply-To: Message-ID: Eh must have been something ACI related. I ran setup and told it to use directory manager instead of admin when writing the configuration info and it all worked. I'll have to look into it more but for now I'm up and running. Thanks for everyone's help. -richard On 2/22/07 4:10 PM, "Richard Hesse" wrote: > Nope, no core files. No success on successive attempts either. Question > though, the firewall between the configuration server and new server only > allows TCP 389 and 636 through. Are there any other ports used or is it all > TCP 389? I ask because the LDAP DS portion is written ok, just not the > admin. > > -richard > > > On 2/22/07 1:22 PM, "Richard Megginson" wrote: > >> Richard Hesse wrote: >>> My initial post included the snippet from setup.log which was lacking any >>> real information. Is there an argument to run setup in a more verbose >>> debugging mode? Thanks. >>> >> No, not really. Do you have any corefiles? find /opt/fedora-ds -name >> core.\* -ls >> You may have to use ulimit -c unlimited to allow setup to produce core >> files. >>> -richard >>> >>> On 2/22/07 1:06 PM, "Richard Megginson" wrote: >>> >>> >>>> Richard Hesse wrote: >>>> >>>>> Tried checking there initially, but the directory is empty. Also of note, >>>>> none of the start, stop, or restart-admin scripts were created. >>>>> >>>>> >>>> Anything in the setup log? Look in the setup directory. >>>> >>>>> -richard >>>>> >>>>> On 2/22/07 12:50 PM, "Richard Megginson" wrote: >>>>> >>>>> >>>>> >>>>>>> The configuration information was successfully written to fds1.hq, but >>>>>>> the >>>>>>> admin server on fds1.sv was not setup correctly. I tried looking around >>>>>>> for >>>>>>> any relevant logfiles, but couldn't find any. Any suggestions on where >>>>>>> to >>>>>>> look? Thanks. >>>>>>> >>>>>>> >>>>>>> >>>>>> Try admin-serv/logs >>>>>> >>>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From oscar.valdez at duraflex.com.sv Sat Feb 24 16:36:44 2007 From: oscar.valdez at duraflex.com.sv (Oscar A. Valdez) Date: Sat, 24 Feb 2007 10:36:44 -0600 Subject: [Fedora-directory-users] Granting authority to run ldapmodify and ldapdelete Message-ID: <1172335005.2330.23.camel@wzowski.duraflex.com.sv> I need to grant authority to run ldapmodify and ldapdelete to a few users (our users have these objectClass attributes: person, organizationalPerson, inetOrgPerson, posixAccount, and dn's of this type: dn: uid=jdoe,ou=People,dc=domain,dc=com) How should I grant a few of these users authority to run ldapmodify and ldapdelete? -- Oscar A. Valdez From joshkel at gmail.com Mon Feb 26 15:50:42 2007 From: joshkel at gmail.com (Josh Kelley) Date: Mon, 26 Feb 2007 10:50:42 -0500 Subject: [Fedora-directory-users] Granting authority to run ldapmodify and ldapdelete In-Reply-To: <1172335005.2330.23.camel@wzowski.duraflex.com.sv> References: <1172335005.2330.23.camel@wzowski.duraflex.com.sv> Message-ID: <97cbd1a90702260750n5ba0bed0iba7b48a3ceb77ccf@mail.gmail.com> On 2/24/07, Oscar A. Valdez wrote: > I need to grant authority to run ldapmodify and ldapdelete to a few > users (our users have these objectClass attributes: person, > organizationalPerson, inetOrgPerson, posixAccount, and dn's of this > type: dn: uid=jdoe,ou=People,dc=domain,dc=com) You should be able to use access control to give select users write access to the directory. See http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#997355. Josh Kelley From stephen_nesbitt at alumni.cmc.edu Tue Feb 27 16:15:13 2007 From: stephen_nesbitt at alumni.cmc.edu (Stephen Nesbitt) Date: Tue, 27 Feb 2007 08:15:13 -0800 Subject: [Fedora-directory-users] Manually reset ldap port? Message-ID: <200702270815.13713.stephen_nesbitt@alumni.cmc.edu> All: For testing purposes I installed ds with the ldap port set to 65000. I am done with my testing and now would like to change that to the standard 389 port. I tried following the written instructions for using the console to change it, but messed up and now am unable to start the console. I can see it is still trying to us port 65000. How can I get this updated? I've tried manually changing all the files in the ds root dir which contained an instance of the old 65000 URL, but no joy. Thanks! -steve From rmeggins at redhat.com Tue Feb 27 16:24:58 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 27 Feb 2007 09:24:58 -0700 Subject: [Fedora-directory-users] Manually reset ldap port? In-Reply-To: <200702270815.13713.stephen_nesbitt@alumni.cmc.edu> References: <200702270815.13713.stephen_nesbitt@alumni.cmc.edu> Message-ID: <45E45B5A.20004@redhat.com> Stephen Nesbitt wrote: > All: > > For testing purposes I installed ds with the ldap port set to 65000. I am done > with my testing and now would like to change that to the standard 389 port. > > I tried following the written instructions for using the console to change it, > but messed up and now am unable to start the console. I can see it is still > trying to us port 65000. > > How can I get this updated? I've tried manually changing all the files in the > ds root dir which contained an instance of the old 65000 URL, but no joy. > > Thanks! > There are also several entries in the configuration DS under o=NetscapeRoot that have the old port number - these must be changed as well. > -steve > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ankur_agwal at yahoo.com Wed Feb 28 04:07:46 2007 From: ankur_agwal at yahoo.com (Ankur Agarwal) Date: Tue, 27 Feb 2007 20:07:46 -0800 (PST) Subject: [Fedora-directory-users] Schema changes not reflected Message-ID: <344365.36113.qm@web54110.mail.yahoo.com> Hi, I have a ldif file for adding new attributes and objectClass. I use ldapmodify command and i am able to add attributes and objectclass on my dev and test environments. However when i run ldapmodify on Prod env (having master-master setup), command runs fine, status shows OK but schema modification do not get reflected. Since there are no error shown during script execution i am not able to figure out the cause. Strangely 99user.ldif file shows these new attributes but still I dont see these added using LDAP browser. Do I need to follow different steps for master-master set-up? Or is there some other mechanism to modify schema for this set-up? regards, Ankur Schema ldif contents are as given below: ================== dn: cn=schema changetype: modify add: objectClasses objectClasses: ( coltOnlineUser-oid NAME 'testOnlineUser' SUP inetorgperson STRUCTURAL MUST ( c $ isPartner $ isPasswordLocked $ preferredContactMethod ) MAY ( address1 $ address2 $ belongsToOCN $ city $ isDeleted $ isMemberOf $ nsAccountLock $ status ) X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( isMemberOf-oid NAME 'isMemberOf' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( address1-oid NAME 'address1' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( belongsToOCN-oid NAME 'belongsToOCN' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( isPasswordLocked-oid NAME 'isPasswordLocked' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( address2-oid NAME 'address2' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( preferredContactMethod-oid NAME 'preferredContactMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( city-oid NAME 'city' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( isDeleted-oid NAME 'isDeleted' DESC 'Whether the user is deleted from the system or not.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( isPartner-oid NAME 'isPartner' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) - add: attributeTypes attributeTypes: ( status-oid NAME 'status' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) ================== --------------------------------- Food fight? Enjoy some healthy debate in the Yahoo! Answers Food & Drink Q&A. -------------- next part -------------- An HTML attachment was scrubbed... URL: From yoram.kahana at gmail.com Wed Feb 28 08:21:20 2007 From: yoram.kahana at gmail.com (Yoram Kahana) Date: Wed, 28 Feb 2007 10:21:20 +0200 Subject: [Fedora-directory-users] authentication linux users via Fedora directory server Message-ID: <37d92a190702280021t75497b14w84c276c01548a6d7@mail.gmail.com> Hi My goal is to authenticate our users via the Fedora directory server (FDS 7.1). The users OS is RedHat entrerprise linux 4, update 4. I have started with openldap and everything works fine. Using the same clients configuration file (exept changing the HOST to the fedora directory server IP) i have fail to authenticate users to the FDS. I created two users (via the console) and define the posixaccount parameters as well. I also failed to add new users via ldapadd using prepared ldif file. I have a feeling that i miss somthing with the bind authentication. Maybe somthing related to the why Fedora relate to the passwd (md5,Sha.....). Any idea? Thanks in advance Yoram -------------- next part -------------- An HTML attachment was scrubbed... URL: From jepoy25 at lycos.com Wed Feb 28 12:06:33 2007 From: jepoy25 at lycos.com (Jeffrey Jamisola) Date: Wed, 28 Feb 2007 07:06:33 -0500 (EST) Subject: [Fedora-directory-users] Password Sync Error Message-ID: <20070228070633.HM.00000000000003o@jepoy25.bos-mail-wwl4.lycos.com> An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Feb 28 14:57:55 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 28 Feb 2007 07:57:55 -0700 Subject: [Fedora-directory-users] Schema changes not reflected In-Reply-To: <344365.36113.qm@web54110.mail.yahoo.com> References: <344365.36113.qm@web54110.mail.yahoo.com> Message-ID: <45E59873.7000008@redhat.com> Ankur Agarwal wrote: > Hi, > > I have a ldif file for adding new attributes and objectClass. I use > ldapmodify command and i am able to add attributes and objectclass on > my dev and test environments. However when i run ldapmodify on Prod > env (having master-master setup), command runs fine, status shows OK > but schema modification do not get reflected. On the master you added them to, or the other master? If you do a search of cn=schema do you see your new schema? > Since there are no error shown during script execution i am not able > to figure out the cause. Also check the access and error logs. You should see the MOD request when you added the schema and you can find out the result. > > Strangely 99user.ldif file shows these new attributes but still I dont > see these added using LDAP browser. 99user.ldif on the original master or the other master? Do you need to refresh your ldap browser or even possibly restart it for the schema changes to be reflected? Please use ldapsearch to verify the contents of cn=schema. > > Do I need to follow different steps for master-master set-up? Or is > there some other mechanism to modify schema for this set-up? > > regards, > Ankur > > > Schema ldif contents are as given below: > ================== > dn: cn=schema > changetype: modify > add: objectClasses > objectClasses: ( coltOnlineUser-oid NAME 'testOnlineUser' SUP > inetorgperson STRUCTURAL MUST ( c $ isPartner $ isPasswordLocked $ > preferredContactMethod ) MAY ( address1 $ address2 $ belongsToOCN $ > city $ isDeleted $ isMemberOf $ nsAccountLock $ status ) X-ORIGIN > 'user defined' ) > - > add: attributeTypes > attributeTypes: ( isMemberOf-oid NAME 'isMemberOf' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( address1-oid NAME 'address1' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( belongsToOCN-oid NAME 'belongsToOCN' SYNTAX > 1.3.6.1.4.1.146 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( isPasswordLocked-oid NAME 'isPasswordLocked' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( address2-oid NAME 'address2' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( preferredContactMethod-oid NAME > 'preferredContactMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 > SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( city-oid NAME 'city' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( isDeleted-oid NAME 'isDeleted' DESC 'Whether the > user is deleted from the system or not.' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( isPartner-oid NAME 'isPartner' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( status-oid NAME 'status' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > > ================== > > > ------------------------------------------------------------------------ > Food fight? > > Enjoy some healthy debate > in the Yahoo! Answers Food & Drink Q&A. > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Feb 28 14:59:14 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 28 Feb 2007 07:59:14 -0700 Subject: [Fedora-directory-users] authentication linux users via Fedora directory server In-Reply-To: <37d92a190702280021t75497b14w84c276c01548a6d7@mail.gmail.com> References: <37d92a190702280021t75497b14w84c276c01548a6d7@mail.gmail.com> Message-ID: <45E598C2.9070309@redhat.com> Yoram Kahana wrote: > Hi > > My goal is to authenticate our users via the Fedora directory server > (FDS 7.1). > The users OS is RedHat entrerprise linux 4, update 4. > > I have started with openldap and everything works fine. Using the same > clients configuration file (exept changing the HOST to the fedora > directory server IP) i have fail to authenticate users to the FDS. Please look at the FDS access log to look for failed BIND or SRCH attempts. > I created two users (via the console) and define the posixaccount > parameters as well. > I also failed to add new users via ldapadd using prepared ldif file. Errors? > > I have a feeling that i miss somthing with the bind authentication. > Maybe somthing related to the why Fedora relate to the passwd > (md5,Sha.....). You might also want to post your /etc/ldap.conf file > > Any idea? > > Thanks in advance > Yoram > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Feb 28 15:00:59 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 28 Feb 2007 08:00:59 -0700 Subject: [Fedora-directory-users] Password Sync Error In-Reply-To: <20070228070633.HM.00000000000003o@jepoy25.bos-mail-wwl4.lycos.com> References: <20070228070633.HM.00000000000003o@jepoy25.bos-mail-wwl4.lycos.com> Message-ID: <45E5992B.7040400@redhat.com> Jeffrey Jamisola wrote: > Synchronization of users between active directory and directory server > is already done. > However, I am trying to synchronize password for redhat directory > server & windows 2003 > active directory. > > Installed Password Sync for active directory with the following: > > Host Name: 192.36.253.152 > Port Number: 389 > User Name: Directory Manager > Password: > Cert Token: > Search Base: ou=People,dc=example,dc=com > > > > > Checking the password sync log file, found this error: > > --------------- > 02/09/07 19:18:32 : Ldap bind error in Connect > 81:Can't connect to LDAP Server > 02/09/07 19:18:32 : Can not connect to ldap server in syncPasswords Firewall? > -------------- > > does anyone know how to solve this problem? > ------------------------------------------------------------------------ > > *Create and Share your own Video Clip Playlist in minutes at Lycos MIX > (_http://mix.lycos.com_ )* > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ankur_agwal at yahoo.com Wed Feb 28 16:27:34 2007 From: ankur_agwal at yahoo.com (Ankur Agarwal) Date: Wed, 28 Feb 2007 08:27:34 -0800 (PST) Subject: [Fedora-directory-users] Schema changes not reflected In-Reply-To: <45E59873.7000008@redhat.com> Message-ID: <709730.84272.qm@web54111.mail.yahoo.com> As suggested I ran ldapsearch command : ./ldapsearch -p 8001 -b "cn=schema" -s base "objectclass=subschema" and I am able to see my new class name and attributes in the output. Hence look like my ldapmodify command to modify schema had run fine. What else could be the issue behind this new class and attributes not being visible? Thanks, Ankur Richard Megginson wrote: Ankur Agarwal wrote: > Hi, > > I have a ldif file for adding new attributes and objectClass. I use > ldapmodify command and i am able to add attributes and objectclass on > my dev and test environments. However when i run ldapmodify on Prod > env (having master-master setup), command runs fine, status shows OK > but schema modification do not get reflected. On the master you added them to, or the other master? If you do a search of cn=schema do you see your new schema? > Since there are no error shown during script execution i am not able > to figure out the cause. Also check the access and error logs. You should see the MOD request when you added the schema and you can find out the result. > > Strangely 99user.ldif file shows these new attributes but still I dont > see these added using LDAP browser. 99user.ldif on the original master or the other master? Do you need to refresh your ldap browser or even possibly restart it for the schema changes to be reflected? Please use ldapsearch to verify the contents of cn=schema. > > Do I need to follow different steps for master-master set-up? Or is > there some other mechanism to modify schema for this set-up? > > regards, > Ankur > > > Schema ldif contents are as given below: > ================== > dn: cn=schema > changetype: modify > add: objectClasses > objectClasses: ( coltOnlineUser-oid NAME 'testOnlineUser' SUP > inetorgperson STRUCTURAL MUST ( c $ isPartner $ isPasswordLocked $ > preferredContactMethod ) MAY ( address1 $ address2 $ belongsToOCN $ > city $ isDeleted $ isMemberOf $ nsAccountLock $ status ) X-ORIGIN > 'user defined' ) > - > add: attributeTypes > attributeTypes: ( isMemberOf-oid NAME 'isMemberOf' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( address1-oid NAME 'address1' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( belongsToOCN-oid NAME 'belongsToOCN' SYNTAX > 1.3.6.1.4.1.146 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( isPasswordLocked-oid NAME 'isPasswordLocked' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( address2-oid NAME 'address2' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( preferredContactMethod-oid NAME > 'preferredContactMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 > SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( city-oid NAME 'city' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( isDeleted-oid NAME 'isDeleted' DESC 'Whether the > user is deleted from the system or not.' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( isPartner-oid NAME 'isPartner' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) > - > add: attributeTypes > attributeTypes: ( status-oid NAME 'status' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > > ================== > > > ------------------------------------------------------------------------ > Food fight? > > Enjoy some healthy debate > in the Yahoo! Answers Food & Drink Q&A. > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users --------------------------------- Sucker-punch spam with award-winning protection. Try the free Yahoo! Mail Beta. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Feb 28 16:32:28 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 28 Feb 2007 09:32:28 -0700 Subject: [Fedora-directory-users] Schema changes not reflected In-Reply-To: <709730.84272.qm@web54111.mail.yahoo.com> References: <709730.84272.qm@web54111.mail.yahoo.com> Message-ID: <45E5AE9C.7030001@redhat.com> Ankur Agarwal wrote: > As suggested I ran ldapsearch command : > > ./ldapsearch -p 8001 -b "cn=schema" -s base "objectclass=subschema" > > and I am able to see my new class name and attributes in the output. > Hence look like my ldapmodify command to modify schema had run fine. > > What else could be the issue behind this new class and attributes not > being visible? Where are they not visible? If ldapsearch says that they are there, then they are there. > > Thanks, > Ankur > > */Richard Megginson /* wrote: > > Ankur Agarwal wrote: > > Hi, > > > > I have a ldif file for adding new attributes and objectClass. I use > > ldapmodify command and i am able to add attributes and > objectclass on > > my dev and test environments. However when i run ldapmodify on Prod > > env (having master-master setup), command runs fine, status > shows OK > > but schema modification do not get reflected. > On the master you added them to, or the other master? If you do a > search of cn=schema do you see your new schema? > > Since there are no error shown during script execution i am not > able > > to figure out the cause. > Also check the access and error logs. You should see the MOD request > when you added the schema and you can find out the result. > > > > Strangely 99user.ldif file shows these new attributes but still > I dont > > see these added using LDAP browser. > 99user.ldif on the original master or the other master? Do you > need to > refresh your ldap browser or even possibly restart it for the schema > changes to be reflected? Please use ldapsearch to verify the contents > of cn=schema. > > > > Do I need to follow different steps for master-master set-up? Or is > > there some other mechanism to modify schema for this set-up? > > > > regards, > > Ankur > > > > > > Schema ldif contents are as given below: > > ================== > > dn: cn=schema > > changetype: modify > > add: objectClasses > > objectClasses: ( coltOnlineUser-oid NAME 'testOnlineUser' SUP > > inetorgperson STRUCTURAL MUST ( c $ isPartner $ isPasswordLocked $ > > preferredContactMethod ) MAY ( address1 $ address2 $ belongsToOCN $ > > city $ isDeleted $ isMemberOf $ nsAccountLock $ status ) X-ORIGIN > > 'user defined' ) > > - > > add: attributeTypes > > attributeTypes: ( isMemberOf-oid NAME 'isMemberOf' SYNTAX > > 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) > > - > > add: attributeTypes > > attributeTypes: ( address1-oid NAME 'address1' SYNTAX > > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > > - > > add: attributeTypes > > attributeTypes: ( belongsToOCN-oid NAME 'belongsToOCN' SYNTAX > > 1.3.6.1.4.1.146 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user > defined' ) > > - > > add: attributeTypes > > attributeTypes: ( isPasswordLocked-oid NAME 'isPasswordLocked' > SYNTAX > > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) > > - > > add: attributeTypes > > attributeTypes: ( address2-oid NAME 'address2' SYNTAX > > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > > - > > add: attributeTypes > > attributeTypes: ( preferredContactMethod-oid NAME > > 'preferredContactMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 > > SINGLE-VALUE X-ORIGIN 'user defined' ) > > - > > add: attributeTypes > > attributeTypes: ( city-oid NAME 'city' SYNTAX > > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > > - > > add: attributeTypes > > attributeTypes: ( isDeleted-oid NAME 'isDeleted' DESC 'Whether the > > user is deleted from the system or not.' SYNTAX > > 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) > > - > > add: attributeTypes > > attributeTypes: ( isPartner-oid NAME 'isPartner' SYNTAX > > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) > > - > > add: attributeTypes > > attributeTypes: ( status-oid NAME 'status' SYNTAX > > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) > > > > ================== > > > > > > > ------------------------------------------------------------------------ > > Food fight? > > > > Enjoy some healthy debate > > in the Yahoo! Answers Food & Drink Q&A. > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > Sucker-punch spam > > with award-winning protection. > Try the free Yahoo! Mail Beta. > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From Kent.Rankin at orau.org Wed Feb 28 18:41:05 2007 From: Kent.Rankin at orau.org (Rankin, Kent) Date: Wed, 28 Feb 2007 13:41:05 -0500 Subject: [Fedora-directory-users] Password expiration question Message-ID: <3B1B40BF9A684D49B927F7BE5CEE1D660866737C@zirconium.orau.net> I've got FDS supporting RHEL 4 clients, and have apparently missed something in setup. I've set up the password policies on my FDS servers, but still get the following sort of error: [root at system ~]# su - arbitrary_username Warning: your password will expire in 7 days System.network.tld> Do I need to disable pam_unix.so in /etc/pam.d/system-auth now that I have that sort of thing handled in FDS? -- Kent Rankin Enterprise Systems Administrator Information Systems Department Oak Ridge Associated Universities