From wpfontenot at cox.net Fri Feb 1 00:49:55 2008 From: wpfontenot at cox.net (Paul Fontenot) Date: Thu, 31 Jan 2008 17:49:55 -0700 Subject: [Fedora-directory-users] Email contacts Message-ID: <1201826995.21421.2.camel@squid.fontenotshome.org> Is there an easy to follow guide, howto, or tutorial for setting up email contact lists in FDS? If there is I would appreciate a link the the article. Thank you -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2764 bytes Desc: not available URL: From patrick.morris at hp.com Fri Feb 1 00:56:26 2008 From: patrick.morris at hp.com (Patrick Morris) Date: Thu, 31 Jan 2008 16:56:26 -0800 Subject: [Fedora-directory-users] Email contacts In-Reply-To: <1201826995.21421.2.camel@squid.fontenotshome.org> References: <1201826995.21421.2.camel@squid.fontenotshome.org> Message-ID: <20080201005626.GB7974@bakgwai.americas.hpqcorp.net> On Fri, 01 Feb 2008, Paul Fontenot wrote: > Is there an easy to follow guide, howto, or tutorial for setting up > email contact lists in FDS? If there is I would appreciate a link the > the article. I doubt you're going to find a one-size-fits-all article on setting up LDAP mailing lists -- there are a lot of variables. That said, popping "LDAP mailing list" into Google gave several examples for various mailers, and one of them might work for you. From patrick.morris at hp.com Fri Feb 1 01:01:32 2008 From: patrick.morris at hp.com (Patrick Morris) Date: Thu, 31 Jan 2008 17:01:32 -0800 Subject: [Fedora-directory-users] Email contacts In-Reply-To: <20080201005626.GB7974@bakgwai.americas.hpqcorp.net> References: <1201826995.21421.2.camel@squid.fontenotshome.org> <20080201005626.GB7974@bakgwai.americas.hpqcorp.net> Message-ID: <20080201010132.GC7974@bakgwai.americas.hpqcorp.net> ...and it just occurred to me that you may be asking for a basic contact list/address book, and not mailing lists. If a contact list is what you're looking for, log into the FDS admin utility, create some users, and you've got yourself a contact list. You'll just need to configure your client programs to query the LDAP server and chances are it'll just work. On Fri, 01 Feb 2008, Morris, Patrick wrote: > On Fri, 01 Feb 2008, Paul Fontenot wrote: > > > Is there an easy to follow guide, howto, or tutorial for setting up > > email contact lists in FDS? If there is I would appreciate a link the > > the article. > > I doubt you're going to find a one-size-fits-all article on setting up > LDAP mailing lists -- there are a lot of variables. > > That said, popping "LDAP mailing list" into Google gave several examples > for various mailers, and one of them might work for you. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From wpfontenot at cox.net Fri Feb 1 02:27:42 2008 From: wpfontenot at cox.net (Paul Fontenot) Date: Thu, 31 Jan 2008 19:27:42 -0700 Subject: [Fedora-directory-users] Email contacts In-Reply-To: <20080201010132.GC7974@bakgwai.americas.hpqcorp.net> References: <1201826995.21421.2.camel@squid.fontenotshome.org> <20080201005626.GB7974@bakgwai.americas.hpqcorp.net> <20080201010132.GC7974@bakgwai.americas.hpqcorp.net> Message-ID: <1201832862.22942.2.camel@squid.fontenotshome.org> That's the part that's got me stumped. For instance... My account is uid=fontenwp,ou=People,dc=fontenotshome,dc=org and the email address is there. When I configure Evolution I can't see my account. On Thu, 2008-01-31 at 17:01 -0800, Patrick Morris wrote: > ...and it just occurred to me that you may be asking for a basic contact > list/address book, and not mailing lists. > > If a contact list is what you're looking for, log into the FDS admin > utility, create some users, and you've got yourself a contact list. > You'll just need to configure your client programs to query the LDAP > server and chances are it'll just work. > > On Fri, 01 Feb 2008, Morris, Patrick wrote: > > > On Fri, 01 Feb 2008, Paul Fontenot wrote: > > > > > Is there an easy to follow guide, howto, or tutorial for setting up > > > email contact lists in FDS? If there is I would appreciate a link the > > > the article. > > > > I doubt you're going to find a one-size-fits-all article on setting up > > LDAP mailing lists -- there are a lot of variables. > > > > That said, popping "LDAP mailing list" into Google gave several examples > > for various mailers, and one of them might work for you. > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2764 bytes Desc: not available URL: From wpfontenot at cox.net Fri Feb 1 06:19:04 2008 From: wpfontenot at cox.net (Paul Fontenot) Date: Thu, 31 Jan 2008 23:19:04 -0700 Subject: [Fedora-directory-users] Email contacts In-Reply-To: <1201832862.22942.2.camel@squid.fontenotshome.org> References: <1201826995.21421.2.camel@squid.fontenotshome.org> <20080201005626.GB7974@bakgwai.americas.hpqcorp.net> <20080201010132.GC7974@bakgwai.americas.hpqcorp.net> <1201832862.22942.2.camel@squid.fontenotshome.org> Message-ID: <1201846745.26865.0.camel@squid.fontenotshome.org> I got it, thanks for all the help. It was a case of the client not acting quite the way I expected it to. On Thu, 2008-01-31 at 19:27 -0700, Paul Fontenot wrote: > That's the part that's got me stumped. For instance... > > My account is uid=fontenwp,ou=People,dc=fontenotshome,dc=org and the > email address is there. When I configure Evolution I can't see my > account. > > On Thu, 2008-01-31 at 17:01 -0800, Patrick Morris wrote: > > ...and it just occurred to me that you may be asking for a basic contact > > list/address book, and not mailing lists. > > > > If a contact list is what you're looking for, log into the FDS admin > > utility, create some users, and you've got yourself a contact list. > > You'll just need to configure your client programs to query the LDAP > > server and chances are it'll just work. > > > > On Fri, 01 Feb 2008, Morris, Patrick wrote: > > > > > On Fri, 01 Feb 2008, Paul Fontenot wrote: > > > > > > > Is there an easy to follow guide, howto, or tutorial for setting up > > > > email contact lists in FDS? If there is I would appreciate a link the > > > > the article. > > > > > > I doubt you're going to find a one-size-fits-all article on setting up > > > LDAP mailing lists -- there are a lot of variables. > > > > > > That said, popping "LDAP mailing list" into Google gave several examples > > > for various mailers, and one of them might work for you. > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2764 bytes Desc: not available URL: From j.barber at dundee.ac.uk Fri Feb 1 09:33:36 2008 From: j.barber at dundee.ac.uk (Jonathan Barber) Date: Fri, 1 Feb 2008 09:33:36 +0000 Subject: [Fedora-directory-users] heimdal and fds 1.1 In-Reply-To: References: Message-ID: <20080201093335.GU31935@flea.lifesci.dundee.ac.uk> On Wed, Jan 30, 2008 at 11:20:08PM -0800, Doug Chapman wrote: > Can anyone point me to a wiki/doc on using fds and kerberos where the db is > in the directory? (or maybe talk me out of this approach?) > > > These steps are for openldap, but after much googling, I can't find a faq, > or ready made schema file to try and wrestle this three headed dog into > submission... > > http://www.h5l.org/manual/heimdal-1-1-branch/info/heimdal.html#Using-LDAP-to-store-the-database MIT kerberos (krb5-1.6.3) will also work with an LDAP backend, the MIT docs are targeted towards openldap, but I've had it working with FDS in development. However, you'll need the FreeIPA password exop plugin to keep your kerberos/samba/ldap password's syncronized. > tia > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Jonathan Barber High Performance Computing Analyst Tel. +44 (0) 1382 386389 From linuxtrap at yahoo.co.in Fri Feb 1 11:55:02 2008 From: linuxtrap at yahoo.co.in (satish patel) Date: Fri, 1 Feb 2008 11:55:02 +0000 (GMT) Subject: [Fedora-directory-users] smbldap-tool Vs fedora directory server Message-ID: <293182.8061.qm@web8407.mail.in.yahoo.com> Dear all I have setup of samba domain with ldap backnd i am useing smb-ldap tool script to create users in ldap database now i want to migrate it on FDS so what is the extra feature in FDS what is the key point of FDS to use with samba Is there any addional feature in fedora directory server which i can never got from samba-ldap tool. $ cat ~/satish/url.txt http://www.linuxbug.org _____________________________________________________________________________________________________ --------------------------------- Download prohibited? No problem. CHAT from any browser, without download. -------------- next part -------------- An HTML attachment was scrubbed... URL: From capareci at uol.com.br Fri Feb 1 13:11:06 2008 From: capareci at uol.com.br (Renato Ribeiro da Silva) Date: Fri, 1 Feb 2008 11:11:06 -0200 Subject: [Fedora-directory-users] Browsing index - vlvSort Message-ID: Hello, I'd like to know if the new version of FDS 1.1 supports changing the order of sorting attributes. Example: "uid" instead of "cn givenname o ou sn" for the vlvsort attributes. Thank you, Renato. From ajeet.singh.raina at logicacmg.com Fri Feb 1 13:58:49 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Fri, 1 Feb 2008 19:28:49 +0530 Subject: [Fedora-directory-users] Migrating the NIS Database into Fedora DS ??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207984FAD@in-ex004.groupinfra.com> I have configured Fedora DS with SSL on RHEL 4.0 machine. I tried to migrate the NIS Databases to LDIF format running the migration script. The migrate_passwd.pl and migrate_netgroup.pl ran successfully and I can even import them into the Fedora DS database through fedora DS Console. But when I tried to import the group.ldif file into the fedora DS it showed the following error: Few of the Output: cn=fmaster,ou=Group,dc=im,dc=logica,dc=com: Error adding object 'dn: cn=fmaster,ou=Group,dc=im,dc=logica,dc=com'. The error sent by the server was 'No such object'. The object is: LDAPEntry: cn=fmaster,ou=Group,dc=im,dc=logica,dc=com; LDAPAttributeSet: LDAPAttribute {type='gidnumber', values='501'} LDAPAttribute {type='userpassword', values='{crypt}!'} LDAPAttribute {type='objectclass', values='posixGroup,top'} LDAPAttribute {type='cn', values='fmaster'}. cn=manish,ou=Group,dc=im,dc=logica,dc=com: Error adding object 'dn: cn=manish,ou=Group,dc=im,dc=logica,dc=com'. The error sent by the server was 'No such object'. The object is: LDAPEntry: cn=manish,ou=Group,dc=im,dc=logica,dc=com; LDAPAttributeSet: LDAPAttribute {type='gidnumber', values='502'} LDAPAttribute {type='userpassword', values='{crypt}!'} LDAPAttribute {type='objectclass', values='posixGroup,top'} LDAPAttribute {type='cn', values='manish'}. File : /etc/group: fmaster:!:501: manish:!:502: noorie:!:503: osharma:!:504: fmister:!:505: test:!:506: tester:!:507: karim:!:508: chirag:!:509: fedorauser:x:510: ntop:x:101: nagios:x:512: nagcmd:x:513:nagios,apache mysql:x:102: purushottam:x:514: sijo:x:515: fdsuser:x:516: project:x:517: fmast:x:518: ldap:x:519: File: /tmp/group.ldif dn: cn=fmaster,ou=Group,dc=im,dc=logica,dc=com objectClass: posixGroup objectClass: top cn: fmaster userPassword: {crypt}! gidNumber: 501 dn: cn=manish,ou=Group,dc=im,dc=logica,dc=com objectClass: posixGroup objectClass: top cn: manish userPassword: {crypt}! gidNumber: 502 Any idea why it is showing the error???? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Enrico.M.V.Fasanelli at le.infn.it Fri Feb 1 14:38:07 2008 From: Enrico.M.V.Fasanelli at le.infn.it (Enrico M. V. Fasanelli) Date: Fri, 01 Feb 2008 15:38:07 +0100 Subject: [Fedora-directory-users] Migrating the NIS Database into Fedora DS ??? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB207984FAD@in-ex004.groupinfra.com> References: <0139539A634FD04A99C9B8880AB70CB207984FAD@in-ex004.groupinfra.com> Message-ID: <47A32ECF.4090407@le.infn.it> Hi, by default, FDS does no have any ou=Group container. It uses ou=Groups, instead. If you need to use ou=Group, you mus create it before. Ciao, Enrico Singh Raina, Ajeet wrote: > I have configured Fedora DS with SSL on RHEL 4.0 machine. I tried to > migrate the NIS Databases to LDIF format running the migration script. > > The migrate_passwd.pl and migrate_netgroup.pl ran successfully and I can > even import them into the Fedora DS database through fedora DS Console. > > But when I tried to import the group.ldif file into the fedora DS it > showed the following error: > > > > > > > > Few of the Output: > > cn=fmaster,ou=Group,dc=im,dc=logica,dc=com: Error adding object 'dn: > cn=fmaster,ou=Group,dc=im,dc=logica,dc=com'. The error sent by the > server was 'No such object'. The object is: LDAPEntry: > cn=fmaster,ou=Group,dc=im,dc=logica,dc=com; LDAPAttributeSet: > LDAPAttribute {type='gidnumber', values='501'} LDAPAttribute > {type='userpassword', values='{crypt}!'} LDAPAttribute > {type='objectclass', values='posixGroup,top'} LDAPAttribute {type='cn', > values='fmaster'}. > > cn=manish,ou=Group,dc=im,dc=logica,dc=com: Error adding object 'dn: > cn=manish,ou=Group,dc=im,dc=logica,dc=com'. The error sent by the > server was 'No such object'. The object is: LDAPEntry: > cn=manish,ou=Group,dc=im,dc=logica,dc=com; LDAPAttributeSet: > LDAPAttribute {type='gidnumber', values='502'} LDAPAttribute > {type='userpassword', values='{crypt}!'} LDAPAttribute > {type='objectclass', values='posixGroup,top'} LDAPAttribute {type='cn', > values='manish'}. > > > > > > File : /etc/group: > > > > fmaster:!:501: > > manish:!:502: > > noorie:!:503: > > osharma:!:504: > > fmister:!:505: > > test:!:506: > > tester:!:507: > > karim:!:508: > > chirag:!:509: > > fedorauser:x:510: > > ntop:x:101: > > nagios:x:512: > > nagcmd:x:513:nagios,apache > > mysql:x:102: > > purushottam:x:514: > > sijo:x:515: > > fdsuser:x:516: > > project:x:517: > > fmast:x:518: > > ldap:x:519: > > > > > > > > > > File: /tmp/group.ldif > > > > dn: cn=fmaster,ou=Group,dc=im,dc=logica,dc=com > > objectClass: posixGroup > > objectClass: top > > cn: fmaster > > userPassword: {crypt}! > > gidNumber: 501 > > > > dn: cn=manish,ou=Group,dc=im,dc=logica,dc=com > > objectClass: posixGroup > > objectClass: top > > cn: manish > > userPassword: {crypt}! > > gidNumber: 502 > > > > > > Any idea why it is showing the error???? > > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you are > not an intended recipient then please promptly delete this e-mail and > any attachment and all copies and inform the sender. Thank you. > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- -------------- next part -------------- A non-text attachment was scrubbed... Name: Enrico_M_V_Fasanelli.vcf Type: text/x-vcard Size: 289 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2954 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Feb 1 15:07:37 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 01 Feb 2008 08:07:37 -0700 Subject: [Fedora-directory-users] Browsing index - vlvSort In-Reply-To: References: Message-ID: <47A335B9.9000907@redhat.com> Renato Ribeiro da Silva wrote: > Hello, > I'd like to know if the new version of FDS 1.1 supports changing the order of sorting attributes. > Example: "uid" instead of "cn givenname o ou sn" for the vlvsort attributes. > If you mean in the console directory browser, no, it does not. > Thank you, > Renato. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Fri Feb 1 22:46:09 2008 From: richard at powerset.com (Richard Hesse) Date: Fri, 1 Feb 2008 14:46:09 -0800 Subject: [Fedora-directory-users] Exception trying to use the 1.1 console Message-ID: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF96496@EXVMBX015-1.exch015.msoutlookonline.net> If I connect to a 1.04 DS that houses our configuration data, the initial console screen doesn't show the existing configuration data. If I hit refresh, I get this exception: Exception in thread "AWT-EventQueue-0" java.lang.ArrayIndexOutOfBoundsException: node has no children at javax.swing.tree.DefaultMutableTreeNode.getChildAt(Unknown Source) at com.netscape.management.client.topology.ServerLocNode.getChildAt(Unkn own Source) at com.netscape.management.client.ResourceModel.getChild(Unknown Source) at com.netscape.management.client.topology.TopologyModel.expandFirstNode (Unknown Source) at com.netscape.management.client.topology.TopologyModel.refreshTree(Unk nown Source) at com.netscape.management.client.topology.TopologyModel.actionMenuSelec ted(Unknown Source) Any ideas? 1.04 console works fine, but I'd like to get 1.1 working so that I can manage some 1.1 test instances. Thanks. -richard No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.18/1255 - Release Date: 2/1/2008 9:59 AM -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Feb 1 23:42:51 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 01 Feb 2008 16:42:51 -0700 Subject: [Fedora-directory-users] Exception trying to use the 1.1 console In-Reply-To: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF96496@EXVMBX015-1.exch015.msoutlookonline.net> References: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF96496@EXVMBX015-1.exch015.msoutlookonline.net> Message-ID: <47A3AE7B.4060308@redhat.com> Richard Hesse wrote: > > If I connect to a 1.04 DS that houses our configuration data, > With the fedora-idm-console command from 1.1? > > the initial console screen doesn't show the existing configuration > data. If I hit refresh, I get this exception: > > > > Exception in thread "AWT-EventQueue-0" > java.lang.ArrayIndexOutOfBoundsException: > > node has no children > > at javax.swing.tree.DefaultMutableTreeNode.getChildAt(Unknown > Source) > > at > com.netscape.management.client.topology.ServerLocNode.getChildAt(Unkn > > own Source) > > at > com.netscape.management.client.ResourceModel.getChild(Unknown Source) > > > > at > com.netscape.management.client.topology.TopologyModel.expandFirstNode > > (Unknown Source) > > at > com.netscape.management.client.topology.TopologyModel.refreshTree(Unk > > nown Source) > > at > com.netscape.management.client.topology.TopologyModel.actionMenuSelec > > ted(Unknown Source) > > > > Any ideas? 1.04 console works fine, but I'd like to get 1.1 working so > that I can manage some 1.1 test instances. Thanks. > > > > -richard > > No virus found in this outgoing message. Checked by AVG Free Edition. > Version: 7.5.516 / Virus Database: 269.19.18/1255 - Release Date: > 2/1/2008 9:59 AM > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Sat Feb 2 00:23:51 2008 From: richard at powerset.com (Richard Hesse) Date: Fri, 1 Feb 2008 16:23:51 -0800 Subject: [Fedora-directory-users] Exception trying to use the 1.1 console In-Reply-To: <47A3AE7B.4060308@redhat.com> References: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF96496@EXVMBX015-1.exch015.msoutlookonline.net> <47A3AE7B.4060308@redhat.com> Message-ID: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9650A@EXVMBX015-1.exch015.msoutlookonline.net> Actually from several clients. First I tried the 1.04 console but got some errors about not being able to download the jar files off the server (which I guess makes sense since the server didn't have the console installed). Then I tried using the 1.1 Windows console (which produced this error). Then I ended up installing the 1.1 console on the DS, copying the jar files to my Mac, then running the 1.1 console off my Mac using fedora-idm-console with modified file paths (yielding the same error as the Windows console). -richard -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich Megginson Sent: Friday, February 01, 2008 3:43 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Exception trying to use the 1.1 console Richard Hesse wrote: > > If I connect to a 1.04 DS that houses our configuration data, > With the fedora-idm-console command from 1.1? > > the initial console screen doesn't show the existing configuration > data. If I hit refresh, I get this exception: > > > > Exception in thread "AWT-EventQueue-0" > java.lang.ArrayIndexOutOfBoundsException: > > node has no children > > at javax.swing.tree.DefaultMutableTreeNode.getChildAt(Unknown > Source) > > at > com.netscape.management.client.topology.ServerLocNode.getChildAt(Unkn > > own Source) > > at > com.netscape.management.client.ResourceModel.getChild(Unknown Source) > > > > at > com.netscape.management.client.topology.TopologyModel.expandFirstNode > > (Unknown Source) > > at > com.netscape.management.client.topology.TopologyModel.refreshTree(Unk > > nown Source) > > at > com.netscape.management.client.topology.TopologyModel.actionMenuSelec > > ted(Unknown Source) > > > > Any ideas? 1.04 console works fine, but I'd like to get 1.1 working so > that I can manage some 1.1 test instances. Thanks. > > > > -richard > > ---------------------------------------------------------------------- > -- > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From linuxtrap at yahoo.co.in Sun Feb 3 15:01:58 2008 From: linuxtrap at yahoo.co.in (satish patel) Date: Sun, 3 Feb 2008 15:01:58 +0000 (GMT) Subject: [Fedora-directory-users] FDS + Samba + machine account Message-ID: <454454.43685.qm@web8409.mail.in.yahoo.com> Dear I have setup of samba + fds but i am not able to join machine in samba domain so how to add machine in samba domain with FDS backend >??? $ cat ~/satish/url.txt http://www.linuxbug.org _____________________________________________________________________________________________________ --------------------------------- Bring your gang together - do your thing. Start your group. -------------- next part -------------- An HTML attachment was scrubbed... URL: From suuuper at messinalug.org Sun Feb 3 20:52:41 2008 From: suuuper at messinalug.org (Giovanni Mancuso) Date: Sun, 03 Feb 2008 21:52:41 +0100 Subject: [Fedora-directory-users] Attributes of an entry Dynamic Message-ID: <47A62999.5050004@messinalug.org> Hi to all, i have a particular question. Can i create a cos that takes it parameters from a search ldap???? In my entry i want that there are a serier of parameters that are the result of a search ldap. Can Fedora DS do this? Thanks From sigidwu at gmail.com Mon Feb 4 01:08:31 2008 From: sigidwu at gmail.com (sigid@JINLab) Date: Mon, 04 Feb 2008 09:08:31 +0800 Subject: [Fedora-directory-users] FDS + Samba + machine account In-Reply-To: <454454.43685.qm@web8409.mail.in.yahoo.com> References: <454454.43685.qm@web8409.mail.in.yahoo.com> Message-ID: <47A6658F.3050301@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 satish patel wrote: > Dear > > I have setup of samba + fds but i am not able to join machine > in samba domain so how to add machine in samba domain with FDS backend >??? Usually i'm using LDAPAdmin tool to do that and so far so good. First make sure you already add the machine and then join the windows client as usual. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFHpmWOqiPNNgPlDu0RAqKOAJ9K/mXM6+SDoHmSPdBTaF53FjPxigCgkdOl 9WO/RhGW85xTC1cmftfjexI= =HkBV -----END PGP SIGNATURE----- From taruishi at redhat.com Mon Feb 4 04:51:16 2008 From: taruishi at redhat.com (Masato Taruishi) Date: Mon, 04 Feb 2008 13:51:16 +0900 Subject: [Fedora-directory-users] system-config-dirsrv Message-ID: <1202100676.4569.35.camel@localhost.localdomain> Hi, Though its features are very limited yet, I'm writing a simple graphical tool to configure Fedora Directory Server. If you want to change logging options quickly, then it would be already useful. http://gade.wiki.sourceforge.net/SystemConfigDirsrv My next plan is to add a tab to configure replication agreements, but I'd like your opinion about what features are more useful in order to decide its implementation priorities. Thanks in advance From linuxtrap at yahoo.co.in Mon Feb 4 05:31:36 2008 From: linuxtrap at yahoo.co.in (satish patel) Date: Mon, 4 Feb 2008 05:31:36 +0000 (GMT) Subject: [Fedora-directory-users] FDS + Samba + machine account In-Reply-To: <47A6658F.3050301@gmail.com> Message-ID: <127799.40124.qm@web8412.mail.in.yahoo.com> i am talking about directory server dear not openldap... how to create machine account in Fedora directry server..... "sigid at JINLab" wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 satish patel wrote: > Dear > > I have setup of samba + fds but i am not able to join machine > in samba domain so how to add machine in samba domain with FDS backend >??? Usually i'm using LDAPAdmin tool to do that and so far so good. First make sure you already add the machine and then join the windows client as usual. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFHpmWOqiPNNgPlDu0RAqKOAJ9K/mXM6+SDoHmSPdBTaF53FjPxigCgkdOl 9WO/RhGW85xTC1cmftfjexI= =HkBV -----END PGP SIGNATURE----- -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users $ cat ~/satish/url.txt http://www.linuxbug.org _____________________________________________________________________________________________________ --------------------------------- Forgot the famous last words? Access your message archive online. Click here. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Mon Feb 4 13:16:37 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 4 Feb 2008 18:46:37 +0530 Subject: [Fedora-directory-users] Setting Up Fedora DS Database with Replication??? Message-ID: <0139539A634FD04A99C9B8880AB70CB2079D017C@in-ex004.groupinfra.com> I have setup Fedora DS running on one of RHEL 4.0 System. I need to setup Fedora DS Database with Replication. Has anyone played with this aspect before? Pls Help. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Mon Feb 4 13:18:22 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 4 Feb 2008 18:48:22 +0530 Subject: [Fedora-directory-users] Managing LDAP via http (Apache Integration)??? Message-ID: <0139539A634FD04A99C9B8880AB70CB2079D0181@in-ex004.groupinfra.com> Hi Guys, Has anyone tried setting up "Managing LDAP via HTTP" for Fedora DS ? Thanks in advance, ~Ajeet This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From markwu at micron.com Fri Feb 1 22:17:56 2008 From: markwu at micron.com (markwu at micron.com) Date: Fri, 1 Feb 2008 14:17:56 -0800 Subject: [Fedora-directory-users] RE: Random UID not found problem In-Reply-To: References: Message-ID: We have found the problem is the overloading the master server, once we switch client to use a consumer server as primary ldap server, all problems are gone. The Master has 16G RAM, two quad-core 3G CPU and it is binding to 400 client machines with 7000 TCP connections. I will try some performance tuning. > From: markwu > Sent: Thursday, January 31, 2008 2:57 PM > To: 'fedora-directory-users at redhat.com' > Subject: RE: Random UID not found problem > > We just found that all cron jobs at 0,10,20,30,50 every hour would > fail consistently and give the error in my original post, but any > other minutes all cron jobs are OK. > We are using nss_ldap_226-18 and crontabs-1.10-7. I will check if UID > not found problem occurs also at 10th minutes. > > _____________________________________________ > From: markwu > Sent: Wednesday, January 30, 2008 2:42 PM > To: 'fedora-directory-users at redhat.com' > Subject: Random UID not found problem > > Hi, > Some of our users get "UID xxxx not found" message when they open a > new terminal or run a rsh command, it appears a few times a day and > it is mostly just annoying message because users can continue to work > as normal, however, sometimes It also causes cron jobs to fail, > In system log, it shows, > > crond(pam_unix)[9225]: could not identify user (from > getpwnam(USERNAME)) > crond[9225]: User not known to the underlying authentication module > > We are using Fedora DS 1.0.4, and clients are RHEL 4.5 . This problem > started ever since we switched into LDAP three months ago. > > Thanks > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Feb 4 15:07:33 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 04 Feb 2008 08:07:33 -0700 Subject: [Fedora-directory-users] Attributes of an entry Dynamic In-Reply-To: <47A62999.5050004@messinalug.org> References: <47A62999.5050004@messinalug.org> Message-ID: <47A72A35.5020102@redhat.com> Giovanni Mancuso wrote: > Hi to all, > i have a particular question. Can i create a cos that takes it > parameters from a search ldap???? > In my entry i want that there are a serier of parameters that are the > result of a search ldap. > Can Fedora DS do this? I'm not sure. Can you explain what you are trying to do in greater detail? > > Thanks > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Feb 4 15:12:38 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 04 Feb 2008 08:12:38 -0700 Subject: [Fedora-directory-users] Exception trying to use the 1.1 console In-Reply-To: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9650A@EXVMBX015-1.exch015.msoutlookonline.net> References: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF96496@EXVMBX015-1.exch015.msoutlookonline.net> <47A3AE7B.4060308@redhat.com> <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9650A@EXVMBX015-1.exch015.msoutlookonline.net> Message-ID: <47A72B66.1060109@redhat.com> Richard Hesse wrote: > Actually from several clients. First I tried the 1.04 console but got some errors about not being able to download the jar files off the server (which I guess makes sense since the server didn't have the console installed). How did you install the server without the console? If you do "yum install fedora-ds" it installs everything. > Then I tried using the 1.1 Windows console (which produced this error). Then I ended up installing the 1.1 console on the DS, How? > copying the jar files to my Mac, then running the 1.1 console off my Mac using fedora-idm-console with modified file paths (yielding the same error as the Windows console). > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich Megginson > Sent: Friday, February 01, 2008 3:43 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Exception trying to use the 1.1 console > > Richard Hesse wrote: > >> If I connect to a 1.04 DS that houses our configuration data, >> >> > With the fedora-idm-console command from 1.1? > >> the initial console screen doesn't show the existing configuration >> data. If I hit refresh, I get this exception: >> >> >> >> Exception in thread "AWT-EventQueue-0" >> java.lang.ArrayIndexOutOfBoundsException: >> >> node has no children >> >> at javax.swing.tree.DefaultMutableTreeNode.getChildAt(Unknown >> Source) >> >> at >> com.netscape.management.client.topology.ServerLocNode.getChildAt(Unkn >> >> own Source) >> >> at >> com.netscape.management.client.ResourceModel.getChild(Unknown Source) >> >> >> >> at >> com.netscape.management.client.topology.TopologyModel.expandFirstNode >> >> (Unknown Source) >> >> at >> com.netscape.management.client.topology.TopologyModel.refreshTree(Unk >> >> nown Source) >> >> at >> com.netscape.management.client.topology.TopologyModel.actionMenuSelec >> >> ted(Unknown Source) >> >> >> >> Any ideas? 1.04 console works fine, but I'd like to get 1.1 working so >> that I can manage some 1.1 test instances. Thanks. >> >> >> >> -richard >> >> ---------------------------------------------------------------------- >> -- >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From andrey.ivanov at polytechnique.fr Mon Feb 4 15:25:20 2008 From: andrey.ivanov at polytechnique.fr (Andrey Ivanov) Date: Mon, 4 Feb 2008 16:25:20 +0100 Subject: [Fedora-directory-users] Managing LDAP via http (Apache Integration)??? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB2079D0181@in-ex004.groupinfra.com> References: <0139539A634FD04A99C9B8880AB70CB2079D0181@in-ex004.groupinfra.com> Message-ID: <1601b8650802040725i61a5f6c0v79b8caf75b7c6fc7@mail.gmail.com> You may try this : http://phpldapadmin.sourceforge.net/ 2008/2/4, Singh Raina, Ajeet : > > Hi Guys, > > > > Has anyone tried setting up "Managing LDAP via HTTP" for Fedora DS ? > > > > > > Thanks in advance, > > > > ~Ajeet > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be copied, > disclosed to, retained or used by, any other party. If you are not an > intended recipient then please promptly delete this e-mail and any > attachment and all copies and inform the sender. Thank you. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Mon Feb 4 16:46:46 2008 From: michael at stroeder.com (=?windows-1252?Q?Michael_Str=F6der?=) Date: Mon, 04 Feb 2008 17:46:46 +0100 Subject: [Fedora-directory-users] Managing LDAP via http (Apache Integration)??? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB2079D0181@in-ex004.groupinfra.com> References: <0139539A634FD04A99C9B8880AB70CB2079D0181@in-ex004.groupinfra.com> Message-ID: <47A74176.8@stroeder.com> Singh Raina, Ajeet wrote: > > Has anyone tried setting up ?Managing LDAP via HTTP? for Fedora DS ? Can you please elaborate on what exactly you mean with this? Sure, there are many web-based LDAP clients out there... Ciao, Michael. From richard at powerset.com Mon Feb 4 21:52:21 2008 From: richard at powerset.com (Richard Hesse) Date: Mon, 4 Feb 2008 13:52:21 -0800 Subject: [Fedora-directory-users] Exception trying to use the 1.1 console In-Reply-To: <47A72B66.1060109@redhat.com> References: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF96496@EXVMBX015-1.exch015.msoutlookonline.net> <47A3AE7B.4060308@redhat.com> <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9650A@EXVMBX015-1.exch015.msoutlookonline.net> <47A72B66.1060109@redhat.com> Message-ID: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9687A@EXVMBX015-1.exch015.msoutlookonline.net> I installed the server using fedora-ds-base package, then installed the admin server using fedora-ds-admin package. I was trying to avoid installing the console on the server itself since I'm never going to use it on the server. I'm only going to use the console from a separate workstation. Since I didn't have anything in this new DS, I removed all of the packages and installed using the fedora-ds package instead. Still, same errors. -richard -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich Megginson Sent: Monday, February 04, 2008 7:13 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Exception trying to use the 1.1 console Richard Hesse wrote: > Actually from several clients. First I tried the 1.04 console but got some errors about not being able to download the jar files off the server (which I guess makes sense since the server didn't have the console installed). How did you install the server without the console? If you do "yum install fedora-ds" it installs everything. > Then I tried using the 1.1 Windows console (which produced this > error). Then I ended up installing the 1.1 console on the DS, How? > copying the jar files to my Mac, then running the 1.1 console off my Mac using fedora-idm-console with modified file paths (yielding the same error as the Windows console). > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich > Megginson > Sent: Friday, February 01, 2008 3:43 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Exception trying to use the 1.1 > console > > Richard Hesse wrote: > >> If I connect to a 1.04 DS that houses our configuration data, >> >> > With the fedora-idm-console command from 1.1? > >> the initial console screen doesn't show the existing configuration >> data. If I hit refresh, I get this exception: >> >> >> >> Exception in thread "AWT-EventQueue-0" >> java.lang.ArrayIndexOutOfBoundsException: >> >> node has no children >> >> at javax.swing.tree.DefaultMutableTreeNode.getChildAt(Unknown >> Source) >> >> at >> com.netscape.management.client.topology.ServerLocNode.getChildAt(Unkn >> >> own Source) >> >> at >> com.netscape.management.client.ResourceModel.getChild(Unknown Source) >> >> >> >> at >> com.netscape.management.client.topology.TopologyModel.expandFirstNode >> >> (Unknown Source) >> >> at >> com.netscape.management.client.topology.TopologyModel.refreshTree(Unk >> >> nown Source) >> >> at >> com.netscape.management.client.topology.TopologyModel.actionMenuSelec >> >> ted(Unknown Source) >> >> >> >> Any ideas? 1.04 console works fine, but I'd like to get 1.1 working >> so that I can manage some 1.1 test instances. Thanks. >> >> >> >> -richard >> >> --------------------------------------------------------------------- >> - >> -- >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From ajeet.singh.raina at logicacmg.com Tue Feb 5 05:53:39 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Tue, 5 Feb 2008 11:23:39 +0530 Subject: [Fedora-directory-users] Reply to the Post Message-ID: <0139539A634FD04A99C9B8880AB70CB2079D079B@in-ex004.groupinfra.com> How you people submit the reply to any thread been started?When I login into Mailing List I don't see any option to reply the post . Pls Help This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Tue Feb 5 06:07:47 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Tue, 5 Feb 2008 11:37:47 +0530 Subject: [Fedora-directory-users] Fedora IDM Console??? Message-ID: <0139539A634FD04A99C9B8880AB70CB2079D07E9@in-ex004.groupinfra.com> Hi Guys, I have Fedora DS running on RHEL 4.0 System. I want to install Fedora IDM Console on Windows Xp. I have j2sdk-1_4_2_13-nb-5_0-win-ml package installed on my Win Box. The Environmental Variable include : Variable Name : JAVA_HOME Variable Value : C:\Program Files\Java\j2re1.4.2\bin System Variable Variable Name : Path Variable Value : C:\Program Files\Java\j2re1.4.2\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot% \System32\Wbem; Now whenever I click on installed Fedora DS Icon it says: C:\Program Files\Fedora Identity Management Console>echo Off The Java Runtime Environment is installed on this machine,but the command java.exe is not in your PATH.You can either make sure java.exe is in your path or edit this script to set JAVA to the full path of java.exe Press any key to continue The batch file include : echo off rem BEGIN COPYRIGHT BLOCK rem Copyright (C) 2005 Red Hat, Inc. rem All rights reserved. rem rem This library is free software; you can redistribute it and/or rem modify it under the terms of the GNU Lesser General Public rem License as published by the Free Software Foundation version rem 2.1 of the License. rem rem This library is distributed in the hope that it will be useful, rem but WITHOUT ANY WARRANTY; without even the implied warranty of rem MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU rem Lesser General Public License for more details. rem rem You should have received a copy of the GNU Lesser General Public rem License along with this library; if not, write to the Free Software rem Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA rem END COPYRIGHT BLOCK rem set the JAVA to use here rem set JAVA=C:\Program Files\Java\j2re1.4.2\bin if not "%JAVA%foo"=="foo" goto launch where java > nul 2>&1 || goto findjre set JAVA=java goto launch :findjre rem look for Java Runtime Environment in registry reg QUERY "HKLM\SOFTWARE\JavaSoft\Java Runtime Environment" > nul 2>&1 || goto findjdk rem can we grab the java location from the registry? rem set JAVA=path\bin\java rem apparently not, in a batch file rem goto launch echo The Java Runtime Environment is installed on this machine, but the echo command java.exe is not in your PATH. You can either make sure java.exe echo is in the PATH, or edit this script to set JAVA to the full path of echo java.exe pause goto end :findjdk reg QUERY "HKLM\SOFTWARE\JavaSoft\Java Development Kit" > nul 2>&1 || goto nojava rem can we grab the java location from the registry? rem set JAVA=path\bin\java rem goto launch echo The Java Development Kit is installed on this machine, but the echo command java.exe is not in your PATH. You can either make sure java.exe echo is in the PATH, or edit this script to set JAVA to the full path of echo java.exe pause goto end :nojava echo Java does not appear to be installed on this machine. Please download and install the Java Runtime Environment and make sure the java.exe command is in the PATH of this command. pause goto end :launch set BASEPATH=. set FIDMCONSOLEJARDIR=%BASEPATH% set CONSOLEJARDIR=%BASEPATH% set JSSDIR=%BASEPATH% set LDAPJARDIR=%BASEPATH% set PATH=%BASEPATH%;%PATH% rem rem Launch the Console rem echo on "%JAVA%" "-Djava.library.path=%JSSDIR%" -cp "%JSSDIR%/jss4.jar;%LDAPJARDIR%/ldapjdk.jar;%CONSOLEJARDIR%/idm-console- base.jar;%CONSOLEJARDIR%/idm-console-mcc.jar;%CONSOLEJARDIR%/idm-console -mcc_en.jar;%CONSOLEJARDIR%/idm-console-nmclf.jar;%CONSOLEJARDIR%/idm-co nsole-nmclf_en.jar;%FIDMCONSOLEJARDIR%/fedora-idm-console_en.jar" -Djava.util.prefs.systemRoot=%HOME%/.fedora-idm-console -Djava.util.prefs.userRoot=%HOME%/.fedora-idm-console com.netscape.management.client.console.Console %* :end Has anyone tried with this Before??? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Tue Feb 5 06:10:17 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Tue, 5 Feb 2008 11:40:17 +0530 Subject: [Fedora-directory-users] Re:Fedora-directory-users] Managing LDAP via http (Apache Integration)??? Message-ID: <0139539A634FD04A99C9B8880AB70CB2079D07F8@in-ex004.groupinfra.com> Will this work on Windows too?? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Tue Feb 5 06:19:58 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Tue, 5 Feb 2008 11:49:58 +0530 Subject: [Fedora-directory-users] Migrating the NIS Database into Fedora DS ??? Message-ID: <0139539A634FD04A99C9B8880AB70CB2079D0828@in-ex004.groupinfra.com> This is the test mail to see if this post comes under the heading or not. I think moderators might help me with this if this post has been wrongly been place under the same. Thanks This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Tue Feb 5 06:28:27 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Tue, 5 Feb 2008 11:58:27 +0530 Subject: [Fedora-directory-users] Migrating the NIS Database into Fedora DS ??? Message-ID: <0139539A634FD04A99C9B8880AB70CB2079D0850@in-ex004.groupinfra.com> Thanks Enricho...It is now working. I have 1 more issue hope you people will help me too in this regard. Fedora DS seems to be running fine now. but how to manage Users, Group creation and restriction on domains for Fedora DS. Pls Help This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Tue Feb 5 06:32:48 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Tue, 5 Feb 2008 12:02:48 +0530 Subject: [Fedora-directory-users] Reply to the Post Message-ID: <0139539A634FD04A99C9B8880AB70CB2079D0866@in-ex004.groupinfra.com> Dear Moderator, Will please delete this post. Carelessly I have placed this thread while trying to check out where the reply goes. Also , Do place the above thread titled "Migration from NIS to Fedora DS " undet the appropriate thread or delete it therein. Thanks for the patience, Ajeet This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Feb 5 14:18:19 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 05 Feb 2008 07:18:19 -0700 Subject: [Fedora-directory-users] Fedora IDM Console??? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB2079D07E9@in-ex004.groupinfra.com> References: <0139539A634FD04A99C9B8880AB70CB2079D07E9@in-ex004.groupinfra.com> Message-ID: <47A8702B.1010004@redhat.com> Singh Raina, Ajeet wrote: > > Hi Guys, > > > > I have Fedora DS running on RHEL 4.0 System. I want to install Fedora > IDM Console on Windows Xp. I have j2sdk-1_4_2_13-nb-5_0-win-ml package > installed on my Win Box. > > > > The Environmental Variable include : > > > > Variable Name : JAVA_HOME > > Variable Value : C:\Program Files\Java\j2re1.4.2\bin > > > > System Variable > > > > Variable Name : Path > > Variable Value : C:\Program > Files\Java\j2re1.4.2\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem; > > > > > Now whenever I click on installed Fedora DS Icon it says: > > > > > > C:\Program Files\Fedora Identity Management Console>echo Off > > The Java Runtime Environment is installed on this machine,but the > command java.exe is not in your PATH.You can either make sure java.exe > is in your path or edit this script to set JAVA to the full path of > java.exe > > Press any key to continue > > > > The batch file include : > > > > > > echo off > > rem BEGIN COPYRIGHT BLOCK > > rem Copyright (C) 2005 Red Hat, Inc. > > rem All rights reserved. > > rem > > rem This library is free software; you can redistribute it and/or > > rem modify it under the terms of the GNU Lesser General Public > > rem License as published by the Free Software Foundation version > > rem 2.1 of the License. > > rem > > > rem This library is distributed in the hope that it will be useful, > > rem but WITHOUT ANY WARRANTY; without even the implied warranty of > > rem MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > > rem Lesser General Public License for more details. > > rem > > > rem You should have received a copy of the GNU Lesser General Public > > rem License along with this library; if not, write to the Free Software > > rem Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA > 02110-1301 USA > > rem END COPYRIGHT BLOCK > > > > rem set the JAVA to use here > > rem set JAVA=C:\Program Files\Java\j2re1.4.2\bin > > > > if not "%JAVA%foo"=="foo" goto launch > > > > where java > nul 2>&1 || goto findjre > This is the problem - there is no "where" command on XP (only on the Windows Server editions). Just edit the batch file to remove the where and it should be fine. If that still doesn't work, uncomment (rem means "comment" - it's like a # in a shell script) the line that sets the JAVA and hard code it to the full path and file name of your java.exe. > > > > set JAVA=java > > goto launch > > > > :findjre > > rem look for Java Runtime Environment in registry > > reg QUERY "HKLM\SOFTWARE\JavaSoft\Java Runtime Environment" > nul 2>&1 > || goto findjdk > > > > rem can we grab the java location from the registry? > > rem set JAVA=path\bin\java > > rem apparently not, in a batch file > > rem goto launch > > echo The Java Runtime Environment is installed on this machine, but the > > echo command java.exe is not in your PATH. You can either make sure > java.exe > > echo is in the PATH, or edit this script to set JAVA to the full path of > > echo java.exe > > pause > > goto end > > > > :findjdk > > reg QUERY "HKLM\SOFTWARE\JavaSoft\Java Development Kit" > nul 2>&1 || > goto nojava > > > > rem can we grab the java location from the registry? > > rem set JAVA=path\bin\java > > rem goto launch > > echo The Java Development Kit is installed on this machine, but the > > echo command java.exe is not in your PATH. You can either make sure > java.exe > > echo is in the PATH, or edit this script to set JAVA to the full path of > > echo java.exe > > pause > > goto end > > > > :nojava > > echo Java does not appear to be installed on this machine. Please > download and install the Java Runtime Environment and make sure the > java.exe command is in the PATH of this command. > > pause > > goto end > > > > :launch > > set BASEPATH=. > > set FIDMCONSOLEJARDIR=%BASEPATH% > > set CONSOLEJARDIR=%BASEPATH% > > set JSSDIR=%BASEPATH% > > set LDAPJARDIR=%BASEPATH% > > > > set PATH=%BASEPATH%;%PATH% > > > > rem > > rem Launch the Console > > rem > > echo on > > "%JAVA%" "-Djava.library.path=%JSSDIR%" -cp > "%JSSDIR%/jss4.jar;%LDAPJARDIR%/ldapjdk.jar;%CONSOLEJARDIR%/idm-console-base.jar;%CONSOLEJARDIR%/idm-console-mcc.jar;%CONSOLEJARDIR%/idm-console-mcc_en.jar;%CONSOLEJARDIR%/idm-console-nmclf.jar;%CONSOLEJARDIR%/idm-console-nmclf_en.jar;%FIDMCONSOLEJARDIR%/fedora-idm-console_en.jar" > -Djava.util.prefs.systemRoot=%HOME%/.fedora-idm-console > -Djava.util.prefs.userRoot=%HOME%/.fedora-idm-console > com.netscape.management.client.console.Console %* > > > > :end > > > > > > Has anyone tried with this Before??? > > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you are > not an intended recipient then please promptly delete this e-mail and > any attachment and all copies and inform the sender. Thank you. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From todd.nine at onwebconsulting.com Tue Feb 5 18:52:57 2008 From: todd.nine at onwebconsulting.com (Todd Nine) Date: Tue, 5 Feb 2008 13:52:57 -0500 Subject: [Fedora-directory-users] Using the fedora managment console and the libdna-plugin Message-ID: <996eb2230802051052h729766fcp747465fedb4beae6@mail.gmail.com> Hi all, I'm trying to create new users that have POSIX user attributes so I can set up PAM on our servers to authenticate against the fedora directory server, as well as subversion. I have directory server version 1.1 and I've enabled the libdna-plugin, and restarted both the directory server and the admin server. However when I enable POSIX on a new user through the admin console, I'm still required to enter a UID and GID. Am I missing the point of the libdna plugin, but isn't it going to generate this for me? Is it possible for me to make those fields not required in the admin interface? Thanks, Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at powerset.com Tue Feb 5 22:43:52 2008 From: richard at powerset.com (Richard Hesse) Date: Tue, 5 Feb 2008 14:43:52 -0800 Subject: [Fedora-directory-users] Exception trying to use the 1.1 console In-Reply-To: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9687A@EXVMBX015-1.exch015.msoutlookonline.net> References: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF96496@EXVMBX015-1.exch015.msoutlookonline.net> <47A3AE7B.4060308@redhat.com> <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9650A@EXVMBX015-1.exch015.msoutlookonline.net> <47A72B66.1060109@redhat.com> <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9687A@EXVMBX015-1.exch015.msoutlookonline.net> Message-ID: <84E2AE771361E9419DD0EFBD31F09C4D4D88E4B756@EXVMBX015-1.exch015.msoutlookonline.net> If it's any consolation, I really don't care about fixing the broken install scripts. I just want to use the console so that I can start testing 1.1. Tell me what to put in there and I'll create the entries manually. ;) Thanks. -richard -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Hesse Sent: Monday, February 04, 2008 1:52 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Exception trying to use the 1.1 console I installed the server using fedora-ds-base package, then installed the admin server using fedora-ds-admin package. I was trying to avoid installing the console on the server itself since I'm never going to use it on the server. I'm only going to use the console from a separate workstation. Since I didn't have anything in this new DS, I removed all of the packages and installed using the fedora-ds package instead. Still, same errors. -richard -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich Megginson Sent: Monday, February 04, 2008 7:13 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Exception trying to use the 1.1 console Richard Hesse wrote: > Actually from several clients. First I tried the 1.04 console but got some errors about not being able to download the jar files off the server (which I guess makes sense since the server didn't have the console installed). How did you install the server without the console? If you do "yum install fedora-ds" it installs everything. > Then I tried using the 1.1 Windows console (which produced this > error). Then I ended up installing the 1.1 console on the DS, How? > copying the jar files to my Mac, then running the 1.1 console off my Mac using fedora-idm-console with modified file paths (yielding the same error as the Windows console). > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich > Megginson > Sent: Friday, February 01, 2008 3:43 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Exception trying to use the 1.1 > console > > Richard Hesse wrote: > >> If I connect to a 1.04 DS that houses our configuration data, >> >> > With the fedora-idm-console command from 1.1? > >> the initial console screen doesn't show the existing configuration >> data. If I hit refresh, I get this exception: >> >> >> >> Exception in thread "AWT-EventQueue-0" >> java.lang.ArrayIndexOutOfBoundsException: >> >> node has no children >> >> at javax.swing.tree.DefaultMutableTreeNode.getChildAt(Unknown >> Source) >> >> at >> com.netscape.management.client.topology.ServerLocNode.getChildAt(Unkn >> >> own Source) >> >> at >> com.netscape.management.client.ResourceModel.getChild(Unknown Source) >> >> >> >> at >> com.netscape.management.client.topology.TopologyModel.expandFirstNode >> >> (Unknown Source) >> >> at >> com.netscape.management.client.topology.TopologyModel.refreshTree(Unk >> >> nown Source) >> >> at >> com.netscape.management.client.topology.TopologyModel.actionMenuSelec >> >> ted(Unknown Source) >> >> >> >> Any ideas? 1.04 console works fine, but I'd like to get 1.1 working >> so that I can manage some 1.1 test instances. Thanks. >> >> >> >> -richard >> >> --------------------------------------------------------------------- >> - >> -- >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users From vaddarapu at gmail.com Wed Feb 6 00:36:50 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Wed, 6 Feb 2008 11:36:50 +1100 Subject: [Fedora-directory-users] SSL issue Message-ID: Hi, Restarted my FDS as soon as enable SSL service. I try to restarted my dirsrv-admin, its promt me for password. When i enter valid password , the error mesg appers saying "incorrect password". I m damn sure that entered password was correct. When it happened to me first time i tought i forgot password and reinstall the FDS. Again happened second time. Please let me know how can i recover password or any alternative way to restart my dirsrv-admin. Thanks Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: From sigidwu at gmail.com Wed Feb 6 02:24:23 2008 From: sigidwu at gmail.com (sigid@JINLab) Date: Wed, 06 Feb 2008 10:24:23 +0800 Subject: [Fedora-directory-users] Mixing Directory Servers In-Reply-To: <47A255A4.8050903@redhat.com> References: <31084967.156271201820106874.JavaMail.root@zimbra1.farheap.com> <47A255A4.8050903@redhat.com> Message-ID: <47A91A57.9060207@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rich Megginson wrote: > Jared B. Griffith wrote: >> Is it possible to build and install a 1.1 instance and make it a slave >> of a 1.0.4 insstance? > Yes. Replication works fine from 1.1 to 1.0.4 and vice versa. If it possible to do replication between 1.1 and 1.0.4 which mmr.pl we should use? Btw why it so difficult to download the new mmr.pl script? ist there any mirror for that script? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFHqRpXqiPNNgPlDu0RAiwtAKCRvFkaM0MF2TQCiLk572wsZybX/wCfTyvq z2HhhVqvulb7q2dzunr84RE= =OJWe -----END PGP SIGNATURE----- From ajeet.singh.raina at logicacmg.com Wed Feb 6 04:52:34 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Wed, 6 Feb 2008 10:22:34 +0530 Subject: [Fedora-directory-users] Fedora IDM Console??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207A0B5EC@in-ex004.groupinfra.com> I removed the rem and where but it dint solved my issue. Now the modified batch file : echo off if not "%JAVA%foo"=="foo" goto launch java > nul 2>&1 || goto findjre set JAVA=java goto launch :findjre echo The Java Runtime Environment is installed on this machine, but the echo command java.exe is not in your PATH. You can either make sure java.exe echo is in the PATH, or edit this script to set JAVA to the full path of echo java.exe pause goto end :findjdk reg QUERY "HKLM\SOFTWARE\JavaSoft\Java Development Kit" > nul 2>&1 || goto nojava echo The Java Development Kit is installed on this machine, but the echo command java.exe is not in your PATH. You can either make sure java.exe echo is in the PATH, or edit this script to set JAVA to the full path of echo java.exe pause goto end :nojava echo Java does not appear to be installed on this machine. Please download and install the Java Runtime Environment and make sure the java.exe command is in the PATH of this command. pause goto end :launch set BASEPATH=. set FIDMCONSOLEJARDIR=%BASEPATH% set CONSOLEJARDIR=%BASEPATH% set JSSDIR=%BASEPATH% set LDAPJARDIR=%BASEPATH% set PATH=%BASEPATH%;%PATH% echo on "%JAVA%" "-Djava.library.path=%JSSDIR%" -cp "%JSSDIR%/jss4.jar;%LDAPJARDIR%/ldapjdk.jar;%CONSOLEJARDIR%/idm-console- base.jar;%CONSOLEJARDIR%/idm-console-mcc.jar;%CONSOLEJARDIR%/idm-console -mcc_en.jar;%CONSOLEJARDIR%/idm-console-nmclf.jar;%CONSOLEJARDIR%/idm-co nsole-nmclf_en.jar;%FIDMCONSOLEJARDIR%/fedora-idm-console_en.jar" -Djava.util.prefs.systemRoot=%HOME%/.fedora-idm-console -Djava.util.prefs.userRoot=%HOME%/.fedora-idm-console com.netscape.management.client.console.Console %* :end Pls Help??? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From vaddarapu at gmail.com Wed Feb 6 00:33:09 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Wed, 6 Feb 2008 11:33:09 +1100 Subject: [Fedora-directory-users] SSL issue Message-ID: Hi, Restarted my FDS as soon as enable SSL service. I try to restarted my dirsrv-admin, its promt me for password. When i enter valid password , the error mesg appers saying "incorrect password". I m damn sure that entered password was correct. When it happened to me first time i tought i forgot password and reinstall the FDS. Again happened second time. Please let me know how can i recover password or any alternative way to restart my dirsrv-admin. Thanks Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Feb 6 14:15:11 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 06 Feb 2008 07:15:11 -0700 Subject: [Fedora-directory-users] Fedora IDM Console??? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB207A0B5EC@in-ex004.groupinfra.com> References: <0139539A634FD04A99C9B8880AB70CB207A0B5EC@in-ex004.groupinfra.com> Message-ID: <47A9C0EF.8090306@redhat.com> Singh Raina, Ajeet wrote: > > I removed the rem and where but it dint solved my issue. > See https://bugzilla.redhat.com/show_bug.cgi?id=431681 > > > > Now the modified batch file : > > > > echo off > > > > > > > > > > > > if not "%JAVA%foo"=="foo" goto launch > > > > java > nul 2>&1 || goto findjre > > > > set JAVA=java > > goto launch > > > > :findjre > > > > echo The Java Runtime Environment is installed on this machine, but the > > echo command java.exe is not in your PATH. You can either make sure > java.exe > > echo is in the PATH, or edit this script to set JAVA to the full path of > > echo java.exe > > pause > > goto end > > > > :findjdk > > reg QUERY "HKLM\SOFTWARE\JavaSoft\Java Development Kit" > nul 2>&1 || > goto nojava > > > > > > echo The Java Development Kit is installed on this machine, but the > > echo command java.exe is not in your PATH. You can either make sure > java.exe > > echo is in the PATH, or edit this script to set JAVA to the full path of > > echo java.exe > > pause > > goto end > > > > :nojava > > echo Java does not appear to be installed on this machine. Please > download and install the Java Runtime Environment and make sure the > java.exe command is in the PATH of this command. > > pause > > goto end > > > > :launch > > set BASEPATH=. > > set FIDMCONSOLEJARDIR=%BASEPATH% > > set CONSOLEJARDIR=%BASEPATH% > > set JSSDIR=%BASEPATH% > > set LDAPJARDIR=%BASEPATH% > > > > set PATH=%BASEPATH%;%PATH% > > > > > > echo on > > "%JAVA%" "-Djava.library.path=%JSSDIR%" -cp > "%JSSDIR%/jss4.jar;%LDAPJARDIR%/ldapjdk.jar;%CONSOLEJARDIR%/idm-console-base.jar;%CONSOLEJARDIR%/idm-console-mcc.jar;%CONSOLEJARDIR%/idm-console-mcc_en.jar;%CONSOLEJARDIR%/idm-console-nmclf.jar;%CONSOLEJARDIR%/idm-console-nmclf_en.jar;%FIDMCONSOLEJARDIR%/fedora-idm-console_en.jar" > -Djava.util.prefs.systemRoot=%HOME%/.fedora-idm-console > -Djava.util.prefs.userRoot=%HOME%/.fedora-idm-console > com.netscape.management.client.console.Console %* > > > > :end > > > > > > > > Pls Help??? > > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you are > not an intended recipient then please promptly delete this e-mail and > any attachment and all copies and inform the sender. Thank you. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Feb 6 14:18:40 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 06 Feb 2008 07:18:40 -0700 Subject: [Fedora-directory-users] SSL issue In-Reply-To: References: Message-ID: <47A9C1C0.8000902@redhat.com> Anand Vaddarapu wrote: > Hi, > > Restarted my FDS as soon as enable SSL service. I try to restarted my > dirsrv-admin, its promt me for password. When i enter valid password , > the error mesg appers saying "incorrect password". I m damn sure that > entered password was correct. When it happened to me first time i > tought i forgot password and reinstall the FDS. Again happened second > time. Please let me know how can i recover password or any alternative > way to restart my dirsrv-admin. Did you see this? http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information How did you configure SSL for the Admin Server? If you created a cert/key for the Admin Server, you must have given a password when you imported the key/cert. If you used the setupssl2.sh script (or setupssl.sh if you are using Fedora DS 1.0.4) then it created the password.conf file for you. > > Thanks > Vivek > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Feb 6 14:20:01 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 06 Feb 2008 07:20:01 -0700 Subject: [Fedora-directory-users] Exception trying to use the 1.1 console In-Reply-To: <84E2AE771361E9419DD0EFBD31F09C4D4D88E4B756@EXVMBX015-1.exch015.msoutlookonline.net> References: <84E2AE771361E9419DD0EFBD31F09C4D4CBBF96496@EXVMBX015-1.exch015.msoutlookonline.net> <47A3AE7B.4060308@redhat.com> <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9650A@EXVMBX015-1.exch015.msoutlookonline.net> <47A72B66.1060109@redhat.com> <84E2AE771361E9419DD0EFBD31F09C4D4CBBF9687A@EXVMBX015-1.exch015.msoutlookonline.net> <84E2AE771361E9419DD0EFBD31F09C4D4D88E4B756@EXVMBX015-1.exch015.msoutlookonline.net> Message-ID: <47A9C211.6030107@redhat.com> Richard Hesse wrote: > If it's any consolation, I really don't care about fixing the broken install scripts. I just want to use the console so that I can start testing 1.1. Tell me what to put in there and I'll create the entries manually. ;) > Well, I'm not exactly sure which entries it's missing. You could use the -D 9 console log level to see what missing entries it is complaining about, and add them. It may take a few iterations. But that's what I would do (and probably what the eventual bug fixer will do as well). > Thanks. > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Hesse > Sent: Monday, February 04, 2008 1:52 PM > To: General discussion list for the Fedora Directory server project. > Subject: RE: [Fedora-directory-users] Exception trying to use the 1.1 console > > I installed the server using fedora-ds-base package, then installed the admin server using fedora-ds-admin package. I was trying to avoid installing the console on the server itself since I'm never going to use it on the server. I'm only going to use the console from a separate workstation. > > Since I didn't have anything in this new DS, I removed all of the packages and installed using the fedora-ds package instead. Still, same errors. > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich Megginson > Sent: Monday, February 04, 2008 7:13 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Exception trying to use the 1.1 console > > Richard Hesse wrote: > >> Actually from several clients. First I tried the 1.04 console but got some errors about not being able to download the jar files off the server (which I guess makes sense since the server didn't have the console installed). >> > How did you install the server without the console? If you do "yum install fedora-ds" it installs everything. > >> Then I tried using the 1.1 Windows console (which produced this >> error). Then I ended up installing the 1.1 console on the DS, >> > How? > >> copying the jar files to my Mac, then running the 1.1 console off my Mac using fedora-idm-console with modified file paths (yielding the same error as the Windows console). >> >> -richard >> >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich >> Megginson >> Sent: Friday, February 01, 2008 3:43 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Exception trying to use the 1.1 >> console >> >> Richard Hesse wrote: >> >> >>> If I connect to a 1.04 DS that houses our configuration data, >>> >>> >>> >> With the fedora-idm-console command from 1.1? >> >> >>> the initial console screen doesn't show the existing configuration >>> data. If I hit refresh, I get this exception: >>> >>> >>> >>> Exception in thread "AWT-EventQueue-0" >>> java.lang.ArrayIndexOutOfBoundsException: >>> >>> node has no children >>> >>> at javax.swing.tree.DefaultMutableTreeNode.getChildAt(Unknown >>> Source) >>> >>> at >>> com.netscape.management.client.topology.ServerLocNode.getChildAt(Unkn >>> >>> own Source) >>> >>> at >>> com.netscape.management.client.ResourceModel.getChild(Unknown Source) >>> >>> >>> >>> at >>> com.netscape.management.client.topology.TopologyModel.expandFirstNode >>> >>> (Unknown Source) >>> >>> at >>> com.netscape.management.client.topology.TopologyModel.refreshTree(Unk >>> >>> nown Source) >>> >>> at >>> com.netscape.management.client.topology.TopologyModel.actionMenuSelec >>> >>> ted(Unknown Source) >>> >>> >>> >>> Any ideas? 1.04 console works fine, but I'd like to get 1.1 working >>> so that I can manage some 1.1 test instances. Thanks. >>> >>> >>> >>> -richard >>> >>> --------------------------------------------------------------------- >>> - >>> -- >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From howard at cohtech.com Wed Feb 6 15:27:41 2008 From: howard at cohtech.com (Howard Wilkinson) Date: Wed, 06 Feb 2008 15:27:41 +0000 Subject: [Fedora-directory-users] Generating and installing certificates for Fedora-ds 1.1.0 usig Openssl base CA Message-ID: <47A9D1ED.70606@cohtech.com> We have a CA using our corporate certificate which we want to sign our certificates for the fedora-ds and clients. I am trying to work out how to do this. The setupssl2 script works fine in generating and installing a self-signed certifictae on the server(s) but we now want to generate and sign using our CA. Does anybody have a set of instructions that would cover this case? In particular I would like to understand when the use of certutil is mandatory and when it can be replaced with one or more openssl commands. Eventually I would like to be able to configure the server using the setup-ds-admin script with a certificate already pre-generated by openssl quoted as the CACertificate parameter. One complication to all of this is that we need to assign a number of SubjectAltNames to the certificates so that a server may have multiple identities! Regards, Howard From rmeggins at redhat.com Wed Feb 6 15:45:40 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 06 Feb 2008 08:45:40 -0700 Subject: [Fedora-directory-users] Generating and installing certificates for Fedora-ds 1.1.0 usig Openssl base CA In-Reply-To: <47A9D1ED.70606@cohtech.com> References: <47A9D1ED.70606@cohtech.com> Message-ID: <47A9D624.9090802@redhat.com> Howard Wilkinson wrote: > We have a CA using our corporate certificate which we want to sign our > certificates for the fedora-ds and clients. > > I am trying to work out how to do this. The setupssl2 script works > fine in generating and installing a self-signed certifictae on the > server(s) but we now want to generate and sign using our CA. > > Does anybody have a set of instructions that would cover this case? Do you have any instructions in general about generating cert requests and signing them with your CA? If so, then they would mostly apply. You would use certutil to generate your CSR (certutil -R) for your server, then create the server cert on your CA from the server CSR, then install the new server cert in your server's key/cert db using certutil (certutil -A for an ascii/pem cert). > > In particular I would like to understand when the use of certutil is > mandatory and when it can be replaced with one or more openssl commands. Anything which touches the key/cert databases (generate server cert request, add a cert) must use certutil. The other operations can be done with openssl. > > Eventually I would like to be able to configure the server using the > setup-ds-admin script with a certificate already pre-generated by > openssl quoted as the CACertificate parameter. That will work fine for the SSL client side of things. But setup-ds-admin cannot generate a server cert request, wait for the new cert to be issued, and install the new server cert. > > One complication to all of this is that we need to assign a number of > SubjectAltNames to the certificates so that a server may have multiple > identities! Sure. When you generate your cert request using certutil -R, use the -8 argument to specify the subject alt names. See also http://directory.fedoraproject.org/wiki/Howto:SSL#Using_Subject_Alt_Name > > Regards, Howard > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From todd.nine at onwebconsulting.com Wed Feb 6 17:35:24 2008 From: todd.nine at onwebconsulting.com (Todd Nine) Date: Wed, 6 Feb 2008 12:35:24 -0500 Subject: [Fedora-directory-users] Generating UID and GID with 1.1 and admin console Message-ID: <996eb2230802060935l26fe4dd5j8de6d537dc5a6270@mail.gmail.com> Hi all, I'm trying to create new users that have POSIX user attributes so I can set up PAM on our servers to authenticate against the fedora directory server, as well as subversion. I have directory server version 1.1 and I've enabled the libdna-plugin, and restarted both the directory server and the admin server. However when I enable POSIX on a new user through the admin console, I'm still required to enter a UID and GID. Am I missing the point of the libdna plugin, but isn't it going to generate this for me? Is it possible for me to make those fields not required in the admin interface? Thanks, Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: From gregory_laroche at yahoo.fr Wed Feb 6 19:53:52 2008 From: gregory_laroche at yahoo.fr (gregory LAROCHE) Date: Wed, 6 Feb 2008 20:53:52 +0100 (CET) Subject: [Fedora-directory-users] pam ldap nss_ldap Message-ID: <515189.40215.qm@web26910.mail.ukl.yahoo.com> I have a problem with ldap authentification and pam, that generate an error message like: pam_unix(vsftpd:auth): authentication failure pam_unix(sshd:auth): authentication failure Did I need attributs for my users or something else ? /etc/pam.d/vsftpd auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include system-auth /etc/pam.d/system-auth auth required pam_env.so ### if the next lign is commented, I could not authenticate "myuser" by ftp or ssh, to the machine through ldap directory server #auth sufficient pam_unix.so nullok try_first_pass ### if the lign before is not commented, I could auth, to the machine through ldap but with the error message, shown below auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so # error messages in /var/log/secure pam_unix(vsftpd:auth): authentication failure pam_unix(sshd:auth): authentication failure # ldap entries dn: uid=myuser,ou=people,dc=mydomain,dc=com givenName: myuser sn: myuser mail: myuser.myuser at mydomain.com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: shadowaccount objectClass: posixAccount objectClass: account objectClass: authorizedserviceobject uid: myuser cn: myuser myuser uidNumber: 521 gidNumber: 521 homeDirectory: /tmp loginShell: /bin/bash host: myhost.mydomain.com authorizedService: vsftpd authorizedService: sshd shadowLastChange: 13313 shadowMax: 99999 shadowWarning: 7 userPassword: {SSHA}yOhxgKxfjdkjfkdmjfkmdsjf298*x$== nsuniqueid: 8fd56b01-1dd211b2-8724ac3a-e0940000 parentid: 4 entryid: 82 entrydn: uid=myuser,ou=people,dc=mydomain,dc=com hassubordinates: FALSE numsubordinates: 0 subschemasubentry: cn=schema dn: cn=myuser+gidnumber=521,ou=Groups,dc=mydomain,dc=com cn: myuser gidNumber: 521 objectClass: top objectClass: posixgroup nsuniqueid: d75bf701-1dd111b2-8725ac3a-e0940000 parentid: 3 entryid: 83 entrydn: cn=myuser+gidnumber=521,ou=groups,dc=mydomain,dc=com hassubordinates: FALSE numsubordinates: 0 subschemasubentry: cn=schema # config PAM : fedora core 5 # FDS 1.1 : fedora core 7 ## -- Thanks you _____________________________________________________________________________ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail http://mail.yahoo.fr From Chris.Hendry at turner.com Wed Feb 6 20:37:14 2008 From: Chris.Hendry at turner.com (Hendry, Chris) Date: Wed, 6 Feb 2008 15:37:14 -0500 Subject: [Fedora-directory-users] Wierd failed install In-Reply-To: <6226D9DC6FB8434688DE30EE9385A7F10B0355@ATLMSG31.turner.com> Message-ID: <6226D9DC6FB8434688DE30EE9385A7F10B0356@ATLMSG31.turner.com> This is my second upgrade to fedora-ds 1.1 on fedora-core 6. The config O/S install is the same. The first went great, no problem, but then after running setup-ds-admin.pl on the second server got: Are you ready to set up your servers? [yes]: Creating directory server . . . Your new DS instance 'p4ds03' was successfully created. Creating the configuration directory server . . . Error: failed to open an LDAP connection to host 'p4ds03.mydomain.com' port '389' as user 'cn=Directory Manager'. Error : unknown. Failed to create the configuration directory server Exiting . . . Log file is '/tmp/setupHxsAmb.log' In log file: /var/log/dirsrv/admin-serv/error : Configuration Failed [Wed Feb 06 10:00:01 2008] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache. [Wed Feb 06 10:00:01 2008] [notice] Access Host filter is: *.mydomain.com [Wed Feb 06 10:00:01 2008] [notice] Access Address filter is: * Tried to manually connect but got: [root at p4ds03 dirsrv]# ldapsearch -x -h p4ds03.mydomain.com -p 389 -D "cn=directory manager" -w "mypassword" -s base -b "" ldap_bind: Can't contact LDAP server (-1) /var/log/dirsrv/slapd-p4ds03/errors: [06/Feb/2008:10:01:32 -0500] - slapd shutting down - signaling operation threads [06/Feb/2008:10:01:32 -0500] - slapd shutting down - waiting for 25 threads to terminate [06/Feb/2008:10:01:32 -0500] - slapd shutting down - closing down internal subsystems and plugins [06/Feb/2008:10:01:32 -0500] - Waiting for 4 database threads to stop [06/Feb/2008:10:01:32 -0500] - All database threads now stopped [06/Feb/2008:10:01:32 -0500] - slapd stopped. [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, pages: 518667, procpages: 6666 [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [06/Feb/2008:10:02:43 -0500] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, pages: 518667, procpages: 6666 [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [06/Feb/2008:10:02:43 -0500] - import userRoot: Beginning import job... [06/Feb/2008:10:02:43 -0500] - import userRoot: Index buffering enabled with bucket size 100 [06/Feb/2008:10:02:43 -0500] - import userRoot: Processing file "/tmp/ldifXRKznG.ldif" [06/Feb/2008:10:02:43 -0500] - import userRoot: Finished scanning file "/tmp/ldifXRKznG.ldif" (9 entries) [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers finished; cleaning up... [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers cleaned up. [06/Feb/2008:10:02:44 -0500] - import userRoot: Cleaning up producer thread... [06/Feb/2008:10:02:44 -0500] - import userRoot: Indexing complete. Post-processing... [06/Feb/2008:10:02:44 -0500] - import userRoot: Flushing caches... [06/Feb/2008:10:02:44 -0500] - import userRoot: Closing files... [06/Feb/2008:10:02:44 -0500] - All database threads now stopped [06/Feb/2008:10:02:44 -0500] - import userRoot: Import complete. Processed 9 entries in 1 seconds. (9.00 entries/sec) [06/Feb/2008:10:02:44 -0500] - Fedora-Directory/1.1.0 B2007.354.1236 starting up [06/Feb/2008:10:02:44 -0500] - I'm resizing my cache now...cache was 209715200 and is now 8000000 [06/Feb/2008:10:02:44 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests /var/log/dirsrv/slapd-p4ds03/access: [06/Feb/2008:10:00:40 -0500] conn=0 op=-1 fd=64 closed - B1 [06/Feb/2008:10:01:02 -0500] conn=1 fd=64 slot=64 connection from 10.188.49.54 to 10.188.135.186 [06/Feb/2008:10:01:02 -0500] conn=1 op=0 BIND dn="(null)" method=128 version=3 [06/Feb/2008:10:01:02 -0500] conn=1 op=0 RESULT err=32 tag=97 nentries=0 etime=0 [06/Feb/2008:10:01:08 -0500] conn=1 op=-1 fd=64 closed - B1 Any ideas before I give up and just upgrade to Fedora 8? Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Feb 6 20:43:30 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 06 Feb 2008 13:43:30 -0700 Subject: [Fedora-directory-users] Wierd failed install In-Reply-To: <6226D9DC6FB8434688DE30EE9385A7F10B0356@ATLMSG31.turner.com> References: <6226D9DC6FB8434688DE30EE9385A7F10B0356@ATLMSG31.turner.com> Message-ID: <47AA1BF2.9020200@redhat.com> Hendry, Chris wrote: > > This is my second upgrade to fedora-ds 1.1 on fedora-core 6. > The config O/S install is the same. > The first went great, no problem, but then after running > setup-ds-admin.pl on the second server got: > Are you ready to set up your servers? [yes]: > Creating directory server . . . > Your new DS instance 'p4ds03' was successfully created. > Creating the configuration directory server . . . > Error: failed to open an LDAP connection to host 'p4ds03.mydomain.com' > port '389' as user 'cn=Directory Manager'. Error > : unknown. > Failed to create the configuration directory server > Exiting . . . > Log file is '/tmp/setupHxsAmb.log' > /usr/bin/ldapsearch -x -h p4ds03.mydomain.com -p 389 -D "cn=directory manager" -w yourpassword -s base -b "" "objectclass=*" Does that display anything? If you get an error - is p4ds03.mydomain.com defined in DNS or /etc/hosts? If the former, do you have your DNS and /etc/resolv.conf settings correct? If the latter, do you have /etc/nsswitch.conf configured properly? > > > > In log file: /var/log/dirsrv/admin-serv/error : > Configuration Failed > [Wed Feb 06 10:00:01 2008] [warn] Unable to bind as LocalAdmin to > populate LocalAdmin tasks into cache. > [Wed Feb 06 10:00:01 2008] [notice] Access Host filter is: *.mydomain.com > [Wed Feb 06 10:00:01 2008] [notice] Access Address filter is: * > > Tried to manually connect but got: > > [root at p4ds03 dirsrv]# ldapsearch -x -h p4ds03.mydomain.com -p 389 -D > "cn=directory manager" -w ?mypassword" -s base -b "" > ldap_bind: Can't contact LDAP server (-1) > > > /var/log/dirsrv/slapd-p4ds03/errors: > [06/Feb/2008:10:01:32 -0500] - slapd shutting down - signaling > operation threads > [06/Feb/2008:10:01:32 -0500] - slapd shutting down - waiting for 25 > threads to terminate > [06/Feb/2008:10:01:32 -0500] - slapd shutting down - closing down > internal subsystems and plugins > [06/Feb/2008:10:01:32 -0500] - Waiting for 4 database threads to stop > [06/Feb/2008:10:01:32 -0500] - All database threads now stopped > [06/Feb/2008:10:01:32 -0500] - slapd stopped. > [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, > pages: 518667, procpages: 6666 > [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k > [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, > import_pages: 51200, pagesize: 4096 > [06/Feb/2008:10:02:43 -0500] - WARNING: Import is running with > nsslapd-db-private-import-mem on; No other process is allowed to > access the database > [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, > pages: 518667, procpages: 6666 > [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k > [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, > import_pages: 51200, pagesize: 4096 > [06/Feb/2008:10:02:43 -0500] - import userRoot: Beginning import job... > [06/Feb/2008:10:02:43 -0500] - import userRoot: Index buffering > enabled with bucket size 100 > [06/Feb/2008:10:02:43 -0500] - import userRoot: Processing file > "/tmp/ldifXRKznG.ldif" > [06/Feb/2008:10:02:43 -0500] - import userRoot: Finished scanning file > "/tmp/ldifXRKznG.ldif" (9 entries) > [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers finished; > cleaning up... > [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers cleaned up. > [06/Feb/2008:10:02:44 -0500] - import userRoot: Cleaning up producer > thread... > [06/Feb/2008:10:02:44 -0500] - import userRoot: Indexing complete. > Post-processing... > [06/Feb/2008:10:02:44 -0500] - import userRoot: Flushing caches... > [06/Feb/2008:10:02:44 -0500] - import userRoot: Closing files... > [06/Feb/2008:10:02:44 -0500] - All database threads now stopped > [06/Feb/2008:10:02:44 -0500] - import userRoot: Import complete. > Processed 9 entries in 1 seconds. (9.00 entries/sec) > [06/Feb/2008:10:02:44 -0500] - Fedora-Directory/1.1.0 B2007.354.1236 > starting up > [06/Feb/2008:10:02:44 -0500] - I'm resizing my cache now...cache was > 209715200 and is now 8000000 > [06/Feb/2008:10:02:44 -0500] - slapd started. Listening on All > Interfaces port 389 for LDAP requests > > > /var/log/dirsrv/slapd-p4ds03/access: > [06/Feb/2008:10:00:40 -0500] conn=0 op=-1 fd=64 closed - B1 > [06/Feb/2008:10:01:02 -0500] conn=1 fd=64 slot=64 connection from > 10.188.49.54 to 10.188.135.186 > [06/Feb/2008:10:01:02 -0500] conn=1 op=0 BIND dn="(null)" method=128 > version=3 > [06/Feb/2008:10:01:02 -0500] conn=1 op=0 RESULT err=32 tag=97 > nentries=0 etime=0 > [06/Feb/2008:10:01:08 -0500] conn=1 op=-1 fd=64 closed - B1 > > Any ideas before I give up and just upgrade to Fedora 8? > > Chris > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From AOas at redbrickhealth.com Wed Feb 6 22:06:37 2008 From: AOas at redbrickhealth.com (Aaron Oas) Date: Wed, 6 Feb 2008 16:06:37 -0600 Subject: [Fedora-directory-users] where is password sync for rhds 8.0 Message-ID: Apologies in advance for invoking rhds instead of fds, and for what will surely prove to be a glaringly obvious answer, but I am tearing my hair out trying to find where passsync.msi or passsync.exe went with the release of redhat directory server 8.0. I have googled and have done the brute-force approaches like: rpm -ql redhat-ds*rpm |grep -I passsync find / -iname "passsync*" to no avail. In 19.2.4 of the Red Hat Directory Server 8.0 Administration Guide, it says: "NOTE If the Directory Server is upgraded from 7.1 to a service pack or to version 8.0, then the Password Sync service must be reinstalled with the newer version. " So I assume there is a new version of the password sync service in 8.0, but I cannot find any mention of what directory or RPM to get the passsync.msi from. In rhds 7.1, the file was in /opt/redhat-ds/winsync/PassSync.msi, but in rhds 8.0, the packages and filesystem layout is different. Does anyone know where the PassSync.msi file is in redhat directory server 8.0? - Aaron Oas From rmeggins at redhat.com Wed Feb 6 22:16:32 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 06 Feb 2008 15:16:32 -0700 Subject: [Fedora-directory-users] where is password sync for rhds 8.0 In-Reply-To: References: Message-ID: <47AA31C0.50706@redhat.com> Aaron Oas wrote: > Apologies in advance for invoking rhds instead of fds, and for what will > surely prove to be a glaringly obvious answer, but I am tearing my hair > out trying to find where passsync.msi or passsync.exe went with the > release of redhat directory server 8.0. > > I have googled and have done the brute-force approaches like: > rpm -ql redhat-ds*rpm |grep -I passsync > find / -iname "passsync*" > > to no avail. > > In 19.2.4 of the Red Hat Directory Server 8.0 Administration Guide, it > says: > > "NOTE > > If the Directory Server is upgraded from 7.1 to a service pack or to > version 8.0, then the Password Sync service must be reinstalled with the > newer version. " > > So I assume there is a new version of the password sync service in 8.0, > but I cannot find any mention of what directory or RPM to get the > passsync.msi from. In rhds 7.1, the file was in > /opt/redhat-ds/winsync/PassSync.msi, but in rhds 8.0, the packages and > filesystem layout is different. > > Does anyone know where the PassSync.msi file is in redhat directory > server 8.0? > I think you can just use http://directory.fedoraproject.org/wiki/Download the latest PassSync.msi here. If you're already using it, you shouldn't have to do anything. This is dated 20060330 which was well after the 7.1 release. I suppose this is one of those times where the Red Hat docs can trip you up if you are a Fedora DS user. > > - Aaron Oas > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From vaddarapu at gmail.com Wed Feb 6 22:44:27 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Thu, 7 Feb 2008 09:44:27 +1100 Subject: [Fedora-directory-users] SSL issue In-Reply-To: <47A9C1C0.8000902@redhat.com> References: <47A9C1C0.8000902@redhat.com> Message-ID: Hi, I installed with the setupssl2.sh script. with password file i can able to restart dirsrv. is it allowed to login into console more than 1 location after enabling SSL? Thanks Vivek On Feb 7, 2008 1:18 AM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi, > > > > Restarted my FDS as soon as enable SSL service. I try to restarted my > > dirsrv-admin, its promt me for password. When i enter valid password , > > the error mesg appers saying "incorrect password". I m damn sure that > > entered password was correct. When it happened to me first time i > > tought i forgot password and reinstall the FDS. Again happened second > > time. Please let me know how can i recover password or any alternative > > way to restart my dirsrv-admin. > Did you see this? > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > How did you configure SSL for the Admin Server? If you created a > cert/key for the Admin Server, you must have given a password when you > imported the key/cert. If you used the setupssl2.sh script (or > setupssl.sh if you are using Fedora DS 1.0.4) then it created the > password.conf file for you. > > > > Thanks > > Vivek > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Feb 7 02:42:36 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 06 Feb 2008 19:42:36 -0700 Subject: [Fedora-directory-users] SSL issue In-Reply-To: References: <47A9C1C0.8000902@redhat.com> Message-ID: <47AA701C.4000602@redhat.com> Anand Vaddarapu wrote: > Hi, > > I installed with the setupssl2.sh script. with password file i can > able to restart dirsrv. But you were having a problem with dirsrv-admin? > is it allowed to login into console more than 1 location after > enabling SSL? Not sure what you mean. Is something not working correctly? > Thanks > Vivek > > On Feb 7, 2008 1:18 AM, Rich Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi, > > > > Restarted my FDS as soon as enable SSL service. I try to > restarted my > > dirsrv-admin, its promt me for password. When i enter valid > password , > > the error mesg appers saying "incorrect password". I m damn sure > that > > entered password was correct. When it happened to me first time i > > tought i forgot password and reinstall the FDS. Again happened > second > > time. Please let me know how can i recover password or any > alternative > > way to restart my dirsrv-admin. > Did you see this? > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > How did you configure SSL for the Admin Server? If you created a > cert/key for the Admin Server, you must have given a password when you > imported the key/cert. If you used the setupssl2.sh script (or > setupssl.sh if you are using Fedora DS 1.0.4) then it created the > password.conf file for you. > > > > Thanks > > Vivek > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From vaddarapu at gmail.com Thu Feb 7 03:35:27 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Thu, 7 Feb 2008 14:35:27 +1100 Subject: [Fedora-directory-users] SSL issue In-Reply-To: <47AA701C.4000602@redhat.com> References: <47A9C1C0.8000902@redhat.com> <47AA701C.4000602@redhat.com> Message-ID: Hi, I can start both dirsrv and dirsrv-admin as well. i can login into console from local host but can not login from remote host. any ideas? Thanks On Feb 7, 2008 1:42 PM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi, > > > > I installed with the setupssl2.sh script. with password file i can > > able to restart dirsrv. > But you were having a problem with dirsrv-admin? > > is it allowed to login into console more than 1 location after > > enabling SSL? > Not sure what you mean. Is something not working correctly? > > Thanks > > Vivek > > > > On Feb 7, 2008 1:18 AM, Rich Megginson > > wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > Restarted my FDS as soon as enable SSL service. I try to > > restarted my > > > dirsrv-admin, its promt me for password. When i enter valid > > password , > > > the error mesg appers saying "incorrect password". I m damn sure > > that > > > entered password was correct. When it happened to me first time i > > > tought i forgot password and reinstall the FDS. Again happened > > second > > > time. Please let me know how can i recover password or any > > alternative > > > way to restart my dirsrv-admin. > > Did you see this? > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > How did you configure SSL for the Admin Server? If you created a > > cert/key for the Admin Server, you must have given a password when > you > > imported the key/cert. If you used the setupssl2.sh script (or > > setupssl.sh if you are using Fedora DS 1.0.4) then it created the > > password.conf file for you. > > > > > > Thanks > > > Vivek > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Feb 7 03:36:57 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 06 Feb 2008 20:36:57 -0700 Subject: [Fedora-directory-users] SSL issue In-Reply-To: References: <47A9C1C0.8000902@redhat.com> <47AA701C.4000602@redhat.com> Message-ID: <47AA7CD9.5090802@redhat.com> Anand Vaddarapu wrote: > Hi, > > I can start both dirsrv and dirsrv-admin as well. i can login into > console from local host but can not login from remote host. any ideas? > Thanks fedora-idm-console -D 9 -f console.log Any clues in console.log? > > On Feb 7, 2008 1:42 PM, Rich Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi, > > > > I installed with the setupssl2.sh script. with password file i can > > able to restart dirsrv. > But you were having a problem with dirsrv-admin? > > is it allowed to login into console more than 1 location after > > enabling SSL? > Not sure what you mean. Is something not working correctly? > > Thanks > > Vivek > > > > On Feb 7, 2008 1:18 AM, Rich Megginson > > >> wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > Restarted my FDS as soon as enable SSL service. I try to > > restarted my > > > dirsrv-admin, its promt me for password. When i enter valid > > password , > > > the error mesg appers saying "incorrect password". I m > damn sure > > that > > > entered password was correct. When it happened to me first > time i > > > tought i forgot password and reinstall the FDS. Again happened > > second > > > time. Please let me know how can i recover password or any > > alternative > > > way to restart my dirsrv-admin. > > Did you see this? > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > How did you configure SSL for the Admin Server? If you > created a > > cert/key for the Admin Server, you must have given a > password when you > > imported the key/cert. If you used the setupssl2.sh script (or > > setupssl.sh if you are using Fedora DS 1.0.4) then it > created the > > password.conf file for you. > > > > > > Thanks > > > Vivek > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From AOas at redbrickhealth.com Thu Feb 7 03:59:06 2008 From: AOas at redbrickhealth.com (Aaron Oas) Date: Wed, 6 Feb 2008 21:59:06 -0600 Subject: [Fedora-directory-users] where is password sync for rhds Message-ID: > I think you can just use > http://directory.fedoraproject.org/wiki/Download the latest PassSync.msi > here. If you're already using it, you shouldn't have to do anything. > This is dated 20060330 which was well after the 7.1 release. I suppose > this is one of those times where the Red Hat docs can trip you up if you > are a Fedora DS user. # rpm -q --whatprovides /opt/redhat-ds/winsync/PassSync.msi redhat-ds-7.1SP3-5.RHEL4 # md5sum /opt/redhat-ds/winsync/PassSync.msi 54c33a6e665bb2526f1f286e505cc0ff /opt/redhat-ds/winsync/PassSync.msi The one we installed when setting up RHDS 7.1SP3 has the same md5sum as the latest one on the FDS download site. I assume PassSync.msi in RHDS 7.1 was updated to current as part of one of the service packs to RHDS 7.1. That seems to be in alignment with the verbiage "if 7.1 is upgraded to a *service pack* [emphasis added] or 8.0" that I found in the 8.0 documentation -- i.e. if you had a non-service-pack 7.1 and upgraded to a 7.1SP version, you also needed to upgrade the PassSync.msi on the AD server. Well, it continues to seem odd that Red Hat is not supplying the PassSync.msi anywhere in the RHDS 8.0 packages. Where would a new customer implementing RHDS 8.0 expect to find PassSync.msi? On the other hand, it looks like I'm current. If I hear back from my Red Hat support ticket to the contrary, I'll reply to this in case anyone else was dying to know the answer. Thanks, Rich! - Aaron Oas From vaddarapu at gmail.com Thu Feb 7 04:35:57 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Thu, 7 Feb 2008 15:35:57 +1100 Subject: [Fedora-directory-users] SSL issue In-Reply-To: <47AA7CD9.5090802@redhat.com> References: <47A9C1C0.8000902@redhat.com> <47AA701C.4000602@redhat.com> <47AA7CD9.5090802@redhat.com> Message-ID: Hi Rich, let me breifly explain my settings. I installed FDS in Virtual Machine. Virtual Machine is running in windows machine. when i start console from VM everything works fine. But when i start console from windows machine, will take user logins and hangs while showing message authenticating the user. thats all wont go further i have to kill the console window. virtual machine and Windows are connect using network bridge. following are the console error logs: Severity: [notice][Client10.50.5.79]admserv_host_ip_check ap_get_remote_host could not resolve 10.50.5.79 Severity: [notice][Client10.50.5.79]admserv_host_ip_check host [piquant] did not match pattern [*.localdomain] -will scan aliases Severity: [notice][Client10.50.5.79]admserv_host_ip_check ap_get_remote_host could not resolve 10.50.5.79, referer: http://10.50.5.91:17881/admin-serv/tasks/configuration/HTMLAdmin?op=status Severity: [notice][Client10.50.5.79]admserv_host_ip_check ap_get_remote_host could not resolve 127.0.0.1 windows host IP is 10.50.5.89 (logs showing 10.50.5.79, i dont how that happens) VM IP is 10.50.5.91 help appreciated. Thanks Vivek On Feb 7, 2008 2:36 PM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi, > > > > I can start both dirsrv and dirsrv-admin as well. i can login into > > console from local host but can not login from remote host. any ideas? > > Thanks > fedora-idm-console -D 9 -f console.log > > Any clues in console.log? > > > > On Feb 7, 2008 1:42 PM, Rich Megginson > > wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > I installed with the setupssl2.sh script. with password file i > can > > > able to restart dirsrv. > > But you were having a problem with dirsrv-admin? > > > is it allowed to login into console more than 1 location after > > > enabling SSL? > > Not sure what you mean. Is something not working correctly? > > > Thanks > > > Vivek > > > > > > On Feb 7, 2008 1:18 AM, Rich Megginson > > > > >> wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi, > > > > > > > > Restarted my FDS as soon as enable SSL service. I try to > > > restarted my > > > > dirsrv-admin, its promt me for password. When i enter valid > > > password , > > > > the error mesg appers saying "incorrect password". I m > > damn sure > > > that > > > > entered password was correct. When it happened to me first > > time i > > > > tought i forgot password and reinstall the FDS. Again > happened > > > second > > > > time. Please let me know how can i recover password or any > > > alternative > > > > way to restart my dirsrv-admin. > > > Did you see this? > > > > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > > > How did you configure SSL for the Admin Server? If you > > created a > > > cert/key for the Admin Server, you must have given a > > password when you > > > imported the key/cert. If you used the setupssl2.sh script > (or > > > setupssl.sh if you are using Fedora DS 1.0.4) then it > > created the > > > password.conf file for you. > > > > > > > > Thanks > > > > Vivek > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From santangelo.luigi at tiscali.it Thu Feb 7 12:18:35 2008 From: santangelo.luigi at tiscali.it (Luigi Santangelo) Date: Thu, 7 Feb 2008 13:18:35 +0100 (CET) Subject: [Fedora-directory-users] sync new attribute Message-ID: <25526101.1202386715258.JavaMail.root@ps22> Hi all I configured Fedora DS so that now I can sync it with Windows AD. Then, I modified the Fedora LDAP schema adding a new attribute called memberOf. Windows AD has already an attribute with the same name. When I start the sync, all the attributes are syncronized unless the new attribute. How can I sync the new attribute in the same way? thanks Luigi ________________________________________________________ Tiscali Voce 8 Mega: Telefono + Adsl a soli ? 4,95 al mese. http://abbonati.tiscali.it/promo/mail/ From Chris.Hendry at turner.com Thu Feb 7 13:02:23 2008 From: Chris.Hendry at turner.com (Hendry, Chris) Date: Thu, 7 Feb 2008 08:02:23 -0500 Subject: [Fedora-directory-users] Wierd failed install In-Reply-To: <47AA1BF2.9020200@redhat.com> Message-ID: <6226D9DC6FB8434688DE30EE9385A7F10B035C@ATLMSG31.turner.com> If I execute the following on the actual ldap server: /usr/bin/ldapsearch -x -h p4ds03.mydomain.com -p 389 -D cn="directory manager" -w yourpassword -s base -b "" "objectclass=*" I get: ldap_bind: Can't contact LDAP server (-1) p4ds03 is in DNS and resolf.conf properly configured, but as I stated above, I'm running the command on the actual server. -----Original Message----- From: Rich Megginson [mailto:rmeggins at redhat.com] Sent: Wednesday, February 06, 2008 3:44 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Wierd failed install Hendry, Chris wrote: > > This is my second upgrade to fedora-ds 1.1 on fedora-core 6. > The config O/S install is the same. > The first went great, no problem, but then after running > setup-ds-admin.pl on the second server got: > Are you ready to set up your servers? [yes]: > Creating directory server . . . > Your new DS instance 'p4ds03' was successfully created. > Creating the configuration directory server . . . > Error: failed to open an LDAP connection to host 'p4ds03.mydomain.com' > port '389' as user 'cn=Directory Manager'. Error > : unknown. > Failed to create the configuration directory server > Exiting . . . > Log file is '/tmp/setupHxsAmb.log' > /usr/bin/ldapsearch -x -h p4ds03.mydomain.com -p 389 -D "cn=directory manager" -w yourpassword -s base -b "" "objectclass=*" Does that display anything? If you get an error - is p4ds03.mydomain.com defined in DNS or /etc/hosts? If the former, do you have your DNS and /etc/resolv.conf settings correct? If the latter, do you have /etc/nsswitch.conf configured properly? > > > > In log file: /var/log/dirsrv/admin-serv/error : > Configuration Failed > [Wed Feb 06 10:00:01 2008] [warn] Unable to bind as LocalAdmin to > populate LocalAdmin tasks into cache. > [Wed Feb 06 10:00:01 2008] [notice] Access Host filter is: *.mydomain.com > [Wed Feb 06 10:00:01 2008] [notice] Access Address filter is: * > > Tried to manually connect but got: > > [root at p4ds03 dirsrv]# ldapsearch -x -h p4ds03.mydomain.com -p 389 -D > "cn=directory manager" -w "mypassword" -s base -b "" > ldap_bind: Can't contact LDAP server (-1) > > > /var/log/dirsrv/slapd-p4ds03/errors: > [06/Feb/2008:10:01:32 -0500] - slapd shutting down - signaling > operation threads > [06/Feb/2008:10:01:32 -0500] - slapd shutting down - waiting for 25 > threads to terminate > [06/Feb/2008:10:01:32 -0500] - slapd shutting down - closing down > internal subsystems and plugins > [06/Feb/2008:10:01:32 -0500] - Waiting for 4 database threads to stop > [06/Feb/2008:10:01:32 -0500] - All database threads now stopped > [06/Feb/2008:10:01:32 -0500] - slapd stopped. > [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, > pages: 518667, procpages: 6666 > [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k > [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, > import_pages: 51200, pagesize: 4096 > [06/Feb/2008:10:02:43 -0500] - WARNING: Import is running with > nsslapd-db-private-import-mem on; No other process is allowed to > access the database > [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, > pages: 518667, procpages: 6666 > [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k > [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, > import_pages: 51200, pagesize: 4096 > [06/Feb/2008:10:02:43 -0500] - import userRoot: Beginning import job... > [06/Feb/2008:10:02:43 -0500] - import userRoot: Index buffering > enabled with bucket size 100 > [06/Feb/2008:10:02:43 -0500] - import userRoot: Processing file > "/tmp/ldifXRKznG.ldif" > [06/Feb/2008:10:02:43 -0500] - import userRoot: Finished scanning file > "/tmp/ldifXRKznG.ldif" (9 entries) > [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers finished; > cleaning up... > [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers cleaned up. > [06/Feb/2008:10:02:44 -0500] - import userRoot: Cleaning up producer > thread... > [06/Feb/2008:10:02:44 -0500] - import userRoot: Indexing complete. > Post-processing... > [06/Feb/2008:10:02:44 -0500] - import userRoot: Flushing caches... > [06/Feb/2008:10:02:44 -0500] - import userRoot: Closing files... > [06/Feb/2008:10:02:44 -0500] - All database threads now stopped > [06/Feb/2008:10:02:44 -0500] - import userRoot: Import complete. > Processed 9 entries in 1 seconds. (9.00 entries/sec) > [06/Feb/2008:10:02:44 -0500] - Fedora-Directory/1.1.0 B2007.354.1236 > starting up > [06/Feb/2008:10:02:44 -0500] - I'm resizing my cache now...cache was > 209715200 and is now 8000000 > [06/Feb/2008:10:02:44 -0500] - slapd started. Listening on All > Interfaces port 389 for LDAP requests > > > /var/log/dirsrv/slapd-p4ds03/access: > [06/Feb/2008:10:00:40 -0500] conn=0 op=-1 fd=64 closed - B1 > [06/Feb/2008:10:01:02 -0500] conn=1 fd=64 slot=64 connection from > 10.188.49.54 to 10.188.135.186 > [06/Feb/2008:10:01:02 -0500] conn=1 op=0 BIND dn="(null)" method=128 > version=3 > [06/Feb/2008:10:01:02 -0500] conn=1 op=0 RESULT err=32 tag=97 > nentries=0 etime=0 > [06/Feb/2008:10:01:08 -0500] conn=1 op=-1 fd=64 closed - B1 > > Any ideas before I give up and just upgrade to Fedora 8? > > Chris > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Thu Feb 7 14:29:18 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 07 Feb 2008 07:29:18 -0700 Subject: [Fedora-directory-users] sync new attribute In-Reply-To: <25526101.1202386715258.JavaMail.root@ps22> References: <25526101.1202386715258.JavaMail.root@ps22> Message-ID: <47AB15BE.7050504@redhat.com> Luigi Santangelo wrote: > Hi all > I configured Fedora DS so that now I can sync it with Windows AD. > Then, I modified the Fedora LDAP schema adding a new attribute called > memberOf. Windows AD has already an attribute with the same name. > When I start the sync, all the attributes are syncronized unless the > new attribute. How can I sync the new attribute in the same way? > You can't sync any attributes other than the hard coded list. We're going to be fixing that in an upcoming release. > thanks > > Luigi > > > ________________________________________________________ > Tiscali Voce 8 Mega: Telefono + Adsl a soli ? 4,95 al mese. > http://abbonati.tiscali.it/promo/mail/ > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Feb 7 14:51:20 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 07 Feb 2008 07:51:20 -0700 Subject: [Fedora-directory-users] Wierd failed install In-Reply-To: <6226D9DC6FB8434688DE30EE9385A7F10B035C@ATLMSG31.turner.com> References: <6226D9DC6FB8434688DE30EE9385A7F10B035C@ATLMSG31.turner.com> Message-ID: <47AB1AE8.80006@redhat.com> Hendry, Chris wrote: > If I execute the following on the actual ldap server: > /usr/bin/ldapsearch -x -h p4ds03.mydomain.com -p 389 -D cn="directory > manager" -w yourpassword -s base -b "" "objectclass=*" > > I get: > ldap_bind: Can't contact LDAP server (-1) > > p4ds03 is in DNS and resolf.conf properly configured, but as I stated > above, I'm running the command on the actual server. > Is your ds running? ps -ef|grep ns-slapd Is your ds listening to port 389? netstat -an | grep 389 Does ping p4ds03.mydomain.com work? Does nslookup p4ds03.mydomain.com work? > -----Original Message----- > From: Rich Megginson [mailto:rmeggins at redhat.com] > Sent: Wednesday, February 06, 2008 3:44 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Wierd failed install > > Hendry, Chris wrote: > >> This is my second upgrade to fedora-ds 1.1 on fedora-core 6. >> The config O/S install is the same. >> The first went great, no problem, but then after running >> setup-ds-admin.pl on the second server got: >> Are you ready to set up your servers? [yes]: >> Creating directory server . . . >> Your new DS instance 'p4ds03' was successfully created. >> Creating the configuration directory server . . . >> Error: failed to open an LDAP connection to host 'p4ds03.mydomain.com' >> > > >> port '389' as user 'cn=Directory Manager'. Error >> : unknown. >> Failed to create the configuration directory server >> Exiting . . . >> Log file is '/tmp/setupHxsAmb.log' >> >> > /usr/bin/ldapsearch -x -h p4ds03.mydomain.com -p 389 -D "cn=directory > manager" -w yourpassword -s base -b "" "objectclass=*" > > Does that display anything? If you get an error - is p4ds03.mydomain.com > > defined in DNS or /etc/hosts? If the former, do you have your DNS and > /etc/resolv.conf settings correct? If the latter, do you have > /etc/nsswitch.conf configured properly? > >> >> In log file: /var/log/dirsrv/admin-serv/error : >> Configuration Failed >> [Wed Feb 06 10:00:01 2008] [warn] Unable to bind as LocalAdmin to >> populate LocalAdmin tasks into cache. >> [Wed Feb 06 10:00:01 2008] [notice] Access Host filter is: >> > *.mydomain.com > >> [Wed Feb 06 10:00:01 2008] [notice] Access Address filter is: * >> >> Tried to manually connect but got: >> >> [root at p4ds03 dirsrv]# ldapsearch -x -h p4ds03.mydomain.com -p 389 -D >> "cn=directory manager" -w "mypassword" -s base -b "" >> ldap_bind: Can't contact LDAP server (-1) >> >> >> /var/log/dirsrv/slapd-p4ds03/errors: >> [06/Feb/2008:10:01:32 -0500] - slapd shutting down - signaling >> operation threads >> [06/Feb/2008:10:01:32 -0500] - slapd shutting down - waiting for 25 >> threads to terminate >> [06/Feb/2008:10:01:32 -0500] - slapd shutting down - closing down >> internal subsystems and plugins >> [06/Feb/2008:10:01:32 -0500] - Waiting for 4 database threads to stop >> [06/Feb/2008:10:01:32 -0500] - All database threads now stopped >> [06/Feb/2008:10:01:32 -0500] - slapd stopped. >> [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, >> > > >> pages: 518667, procpages: 6666 >> [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k >> [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, >> import_pages: 51200, pagesize: 4096 >> [06/Feb/2008:10:02:43 -0500] - WARNING: Import is running with >> nsslapd-db-private-import-mem on; No other process is allowed to >> access the database >> [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, >> > > >> pages: 518667, procpages: 6666 >> [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k >> [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, >> import_pages: 51200, pagesize: 4096 >> [06/Feb/2008:10:02:43 -0500] - import userRoot: Beginning import >> > job... > >> [06/Feb/2008:10:02:43 -0500] - import userRoot: Index buffering >> enabled with bucket size 100 >> [06/Feb/2008:10:02:43 -0500] - import userRoot: Processing file >> "/tmp/ldifXRKznG.ldif" >> [06/Feb/2008:10:02:43 -0500] - import userRoot: Finished scanning file >> > > >> "/tmp/ldifXRKznG.ldif" (9 entries) >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers finished; >> cleaning up... >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers cleaned up. >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Cleaning up producer >> thread... >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Indexing complete. >> Post-processing... >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Flushing caches... >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Closing files... >> [06/Feb/2008:10:02:44 -0500] - All database threads now stopped >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Import complete. >> Processed 9 entries in 1 seconds. (9.00 entries/sec) >> [06/Feb/2008:10:02:44 -0500] - Fedora-Directory/1.1.0 B2007.354.1236 >> starting up >> [06/Feb/2008:10:02:44 -0500] - I'm resizing my cache now...cache was >> 209715200 and is now 8000000 >> [06/Feb/2008:10:02:44 -0500] - slapd started. Listening on All >> Interfaces port 389 for LDAP requests >> >> >> /var/log/dirsrv/slapd-p4ds03/access: >> [06/Feb/2008:10:00:40 -0500] conn=0 op=-1 fd=64 closed - B1 >> [06/Feb/2008:10:01:02 -0500] conn=1 fd=64 slot=64 connection from >> 10.188.49.54 to 10.188.135.186 >> [06/Feb/2008:10:01:02 -0500] conn=1 op=0 BIND dn="(null)" method=128 >> version=3 >> [06/Feb/2008:10:01:02 -0500] conn=1 op=0 RESULT err=32 tag=97 >> nentries=0 etime=0 >> [06/Feb/2008:10:01:08 -0500] conn=1 op=-1 fd=64 closed - B1 >> >> Any ideas before I give up and just upgrade to Fedora 8? >> >> Chris >> >> >> > ------------------------------------------------------------------------ > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Feb 7 14:53:52 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 07 Feb 2008 07:53:52 -0700 Subject: [Fedora-directory-users] SSL issue In-Reply-To: References: <47A9C1C0.8000902@redhat.com> <47AA701C.4000602@redhat.com> <47AA7CD9.5090802@redhat.com> Message-ID: <47AB1B80.4010400@redhat.com> Anand Vaddarapu wrote: > Hi Rich, > > let me breifly explain my settings. I installed FDS in Virtual > Machine. Virtual Machine is running in windows machine. when i start > console from VM everything works fine. But when i start console from > windows machine, will take user logins and hangs while showing message > authenticating the user. thats all wont go further i have to kill the > console window. virtual machine and Windows are connect using network > bridge. You could try editing the windows console batch file to add -D 9 after the Console class on the java command line - see if that gives you any more information. If you suspect it is a problem with admin server host/ip access control, try this - http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt > > > following are the console error logs: > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > ap_get_remote_host could not resolve 10.50.5.79 > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > host [piquant] did not match pattern [*.localdomain] -will scan aliases > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > ap_get_remote_host could not resolve 10.50.5.79 , > referer:http://10.50.5.91:17881/admin-serv/tasks/configuration/HTMLAdmin?op=status > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > ap_get_remote_host could not resolve 127.0.0.1 > > > windows host IP is 10.50.5.89 (logs showing > 10.50.5.79 , i dont how that happens) > VM IP is 10.50.5.91 > > help appreciated. > Thanks > Vivek > > On Feb 7, 2008 2:36 PM, Rich Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi, > > > > I can start both dirsrv and dirsrv-admin as well. i can login into > > console from local host but can not login from remote host. any > ideas? > > Thanks > fedora-idm-console -D 9 -f console.log > > Any clues in console.log? > > > > On Feb 7, 2008 1:42 PM, Rich Megginson > > >> wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > I installed with the setupssl2.sh script. with password > file i can > > > able to restart dirsrv. > > But you were having a problem with dirsrv-admin? > > > is it allowed to login into console more than 1 location after > > > enabling SSL? > > Not sure what you mean. Is something not working correctly? > > > Thanks > > > Vivek > > > > > > On Feb 7, 2008 1:18 AM, Rich Megginson > > > > > > > > >>> wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi, > > > > > > > > Restarted my FDS as soon as enable SSL service. I try to > > > restarted my > > > > dirsrv-admin, its promt me for password. When i > enter valid > > > password , > > > > the error mesg appers saying "incorrect password". I m > > damn sure > > > that > > > > entered password was correct. When it happened to me > first > > time i > > > > tought i forgot password and reinstall the FDS. > Again happened > > > second > > > > time. Please let me know how can i recover password > or any > > > alternative > > > > way to restart my dirsrv-admin. > > > Did you see this? > > > > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > > > How did you configure SSL for the Admin Server? If you > > created a > > > cert/key for the Admin Server, you must have given a > > password when you > > > imported the key/cert. If you used the setupssl2.sh > script (or > > > setupssl.sh if you are using Fedora DS 1.0.4) then it > > created the > > > password.conf file for you. > > > > > > > > Thanks > > > > Vivek > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Feb 7 14:56:15 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 07 Feb 2008 07:56:15 -0700 Subject: [Fedora-directory-users] where is password sync for rhds In-Reply-To: References: Message-ID: <47AB1C0F.1020000@redhat.com> Aaron Oas wrote: >> I think you can just use >> http://directory.fedoraproject.org/wiki/Download the latest >> > PassSync.msi > >> here. If you're already using it, you shouldn't have to do anything. >> > > >> This is dated 20060330 which was well after the 7.1 release. I >> > suppose > >> this is one of those times where the Red Hat docs can trip you up if >> > you > >> are a Fedora DS user. >> > > # rpm -q --whatprovides /opt/redhat-ds/winsync/PassSync.msi > redhat-ds-7.1SP3-5.RHEL4 > # md5sum /opt/redhat-ds/winsync/PassSync.msi > 54c33a6e665bb2526f1f286e505cc0ff /opt/redhat-ds/winsync/PassSync.msi > > The one we installed when setting up RHDS 7.1SP3 has the same md5sum as > the latest one on the FDS download site. I assume PassSync.msi in RHDS > 7.1 was updated to current as part of one of the service packs to RHDS > 7.1. > Yes. And that is the most current one. > That seems to be in alignment with the verbiage "if 7.1 is upgraded to a > *service pack* [emphasis added] or 8.0" that I found in the 8.0 > documentation -- i.e. if you had a non-service-pack 7.1 and upgraded to > a 7.1SP version, you also needed to upgrade the PassSync.msi on the AD > server. > The problem with the verbiage has been reported and will be fixed shortly. > Well, it continues to seem odd that Red Hat is not supplying the > PassSync.msi anywhere in the RHDS 8.0 packages. Where would a new > customer implementing RHDS 8.0 expect to find PassSync.msi? > I'm not sure. You should definitely file a ticket via your RHDS support channel. It may be a separate file in your RHN channel. > On the other hand, it looks like I'm current. If I hear back from my > Red Hat support ticket to the contrary, I'll reply to this in case > anyone else was dying to know the answer. > Yes. The PassSync.msi available from the fedora ds download page is the same one to use with RHDS 8.0 > Thanks, Rich! > > > - Aaron Oas > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From Chris.Hendry at turner.com Thu Feb 7 17:20:26 2008 From: Chris.Hendry at turner.com (Hendry, Chris) Date: Thu, 7 Feb 2008 12:20:26 -0500 Subject: [Fedora-directory-users] Wierd failed install In-Reply-To: <47AB1AE8.80006@redhat.com> Message-ID: <6226D9DC6FB8434688DE30EE9385A7F10B0360@ATLMSG31.turner.com> OK, thank you, found the problem, due to your questions. Yes, it is running and listening to port 389. But when I tried to ping the server p4ds03 on the server itself p4ds03, it 1st tried to ping using an older IP address. I had to change its IP address a day before. I made the change the ifcfg-eth0 file and in DNS, I did do a ifdown eth0 and ifup eth0, but there was still an entry in the arp cache with the older IP address. Thus I cleared it out with "arp -d p4ds03" and all works!!! Rich, thank you for your persistence!!!! Most grateful!!! Chris -----Original Message----- From: Rich Megginson [mailto:rmeggins at redhat.com] Sent: Thursday, February 07, 2008 9:51 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Wierd failed install Hendry, Chris wrote: > If I execute the following on the actual ldap server: > /usr/bin/ldapsearch -x -h p4ds03.mydomain.com -p 389 -D cn="directory > manager" -w yourpassword -s base -b "" "objectclass=*" > > I get: > ldap_bind: Can't contact LDAP server (-1) > > p4ds03 is in DNS and resolf.conf properly configured, but as I stated > above, I'm running the command on the actual server. > Is your ds running? ps -ef|grep ns-slapd Is your ds listening to port 389? netstat -an | grep 389 Does ping p4ds03.mydomain.com work? Does nslookup p4ds03.mydomain.com work? > -----Original Message----- > From: Rich Megginson [mailto:rmeggins at redhat.com] > Sent: Wednesday, February 06, 2008 3:44 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Wierd failed install > > Hendry, Chris wrote: > >> This is my second upgrade to fedora-ds 1.1 on fedora-core 6. >> The config O/S install is the same. >> The first went great, no problem, but then after running >> setup-ds-admin.pl on the second server got: >> Are you ready to set up your servers? [yes]: >> Creating directory server . . . >> Your new DS instance 'p4ds03' was successfully created. >> Creating the configuration directory server . . . >> Error: failed to open an LDAP connection to host 'p4ds03.mydomain.com' >> > > >> port '389' as user 'cn=Directory Manager'. Error >> : unknown. >> Failed to create the configuration directory server >> Exiting . . . >> Log file is '/tmp/setupHxsAmb.log' >> >> > /usr/bin/ldapsearch -x -h p4ds03.mydomain.com -p 389 -D "cn=directory > manager" -w yourpassword -s base -b "" "objectclass=*" > > Does that display anything? If you get an error - is p4ds03.mydomain.com > > defined in DNS or /etc/hosts? If the former, do you have your DNS and > /etc/resolv.conf settings correct? If the latter, do you have > /etc/nsswitch.conf configured properly? > >> >> In log file: /var/log/dirsrv/admin-serv/error : >> Configuration Failed >> [Wed Feb 06 10:00:01 2008] [warn] Unable to bind as LocalAdmin to >> populate LocalAdmin tasks into cache. >> [Wed Feb 06 10:00:01 2008] [notice] Access Host filter is: >> > *.mydomain.com > >> [Wed Feb 06 10:00:01 2008] [notice] Access Address filter is: * >> >> Tried to manually connect but got: >> >> [root at p4ds03 dirsrv]# ldapsearch -x -h p4ds03.mydomain.com -p 389 -D >> "cn=directory manager" -w "mypassword" -s base -b "" >> ldap_bind: Can't contact LDAP server (-1) >> >> >> /var/log/dirsrv/slapd-p4ds03/errors: >> [06/Feb/2008:10:01:32 -0500] - slapd shutting down - signaling >> operation threads >> [06/Feb/2008:10:01:32 -0500] - slapd shutting down - waiting for 25 >> threads to terminate >> [06/Feb/2008:10:01:32 -0500] - slapd shutting down - closing down >> internal subsystems and plugins >> [06/Feb/2008:10:01:32 -0500] - Waiting for 4 database threads to stop >> [06/Feb/2008:10:01:32 -0500] - All database threads now stopped >> [06/Feb/2008:10:01:32 -0500] - slapd stopped. >> [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, >> > > >> pages: 518667, procpages: 6666 >> [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k >> [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, >> import_pages: 51200, pagesize: 4096 >> [06/Feb/2008:10:02:43 -0500] - WARNING: Import is running with >> nsslapd-db-private-import-mem on; No other process is allowed to >> access the database >> [06/Feb/2008:10:02:43 -0500] - dblayer_instance_start: pagesize: 4096, >> > > >> pages: 518667, procpages: 6666 >> [06/Feb/2008:10:02:43 -0500] - cache autosizing: import cache: 204800k >> [06/Feb/2008:10:02:43 -0500] - li_import_cache_autosize: 50, >> import_pages: 51200, pagesize: 4096 >> [06/Feb/2008:10:02:43 -0500] - import userRoot: Beginning import >> > job... > >> [06/Feb/2008:10:02:43 -0500] - import userRoot: Index buffering >> enabled with bucket size 100 >> [06/Feb/2008:10:02:43 -0500] - import userRoot: Processing file >> "/tmp/ldifXRKznG.ldif" >> [06/Feb/2008:10:02:43 -0500] - import userRoot: Finished scanning file >> > > >> "/tmp/ldifXRKznG.ldif" (9 entries) >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers finished; >> cleaning up... >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Workers cleaned up. >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Cleaning up producer >> thread... >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Indexing complete. >> Post-processing... >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Flushing caches... >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Closing files... >> [06/Feb/2008:10:02:44 -0500] - All database threads now stopped >> [06/Feb/2008:10:02:44 -0500] - import userRoot: Import complete. >> Processed 9 entries in 1 seconds. (9.00 entries/sec) >> [06/Feb/2008:10:02:44 -0500] - Fedora-Directory/1.1.0 B2007.354.1236 >> starting up >> [06/Feb/2008:10:02:44 -0500] - I'm resizing my cache now...cache was >> 209715200 and is now 8000000 >> [06/Feb/2008:10:02:44 -0500] - slapd started. Listening on All >> Interfaces port 389 for LDAP requests >> >> >> /var/log/dirsrv/slapd-p4ds03/access: >> [06/Feb/2008:10:00:40 -0500] conn=0 op=-1 fd=64 closed - B1 >> [06/Feb/2008:10:01:02 -0500] conn=1 fd=64 slot=64 connection from >> 10.188.49.54 to 10.188.135.186 >> [06/Feb/2008:10:01:02 -0500] conn=1 op=0 BIND dn="(null)" method=128 >> version=3 >> [06/Feb/2008:10:01:02 -0500] conn=1 op=0 RESULT err=32 tag=97 >> nentries=0 etime=0 >> [06/Feb/2008:10:01:08 -0500] conn=1 op=-1 fd=64 closed - B1 >> >> Any ideas before I give up and just upgrade to Fedora 8? >> >> Chris >> >> >> > ------------------------------------------------------------------------ > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From Chris.Brandt at ernex.com Thu Feb 7 18:57:46 2008 From: Chris.Brandt at ernex.com (Chris Brandt) Date: Thu, 7 Feb 2008 10:57:46 -0800 Subject: [Fedora-directory-users] Windows Management Console Message-ID: <019D3BDD4896BD49AFB801020D20BEB0039BA32E@ernexmail02.ernex.dom> Hi there, I'm having some issues with the Windows Console. The console runs, connects to my server and I can do a simple search returning results. So it basically works. But there are some problems: 1. Servers and Applications tab is always empty. Not sure if I'm doing something wrong or just havn't done something. But the web based console (Administration Express) does show my servers and groups. Do I need to add a group to the java console? 2. I get exceptions showing up in the java text console when I try different operations in the graphical console window. For example I can do a search and get results, but if I double click a name the cursor changes to an hour glass and the following exception shows up in the java console : Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException and nothing happens in the graphical console. I am running JRE 1.6.0_03, I see that the website recommends 1.4.2. I'm not a java guy, is it possible to easily do a side by side installation? Or does any one know that JRE 1.6.0 works. Any ideas on what I can do to get this thing working properly? Thanks Christopher Brandt Systems Architect Suite 225 - 4259 Canada Way Burnaby, BC V5G 1H1 e. chris.brandt at ernex.com p. 604.415.1554 c. 604.318-5724 f. 604.415.1591 A Division of Moneris Solutions Corporation -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 2389 bytes Desc: image001.gif URL: From Chris.Hendry at turner.com Thu Feb 7 20:37:53 2008 From: Chris.Hendry at turner.com (Hendry, Chris) Date: Thu, 7 Feb 2008 15:37:53 -0500 Subject: [Fedora-directory-users] New install, not authenticating Message-ID: <6226D9DC6FB8434688DE30EE9385A7F10B0366@ATLMSG31.turner.com> Upgraded Fedora-ds-1.1 from 1.0. Version 1.0 worked great, no problems, I upgraded, ran the setup-ds-admin.pl in the most default way. Clients can not login when pointing to this new DS. Focus line in /var/log/dirsrv/slapd-servername/access [07/Feb/2008:14:24:01 -0500] conn=172 op=1 RESULT err=49 tag=97 nentries=0 etime=0 tag=97 for a result from a client bind operation err=49 = invalid credentials Entire log: [07/Feb/2008:14:24:01 -0500] conn=169 fd=71 slot=71 connection from 10.188.49.187 to 10.188.135.186 [07/Feb/2008:14:24:01 -0500] conn=169 op=-1 fd=71 closed - B1 [07/Feb/2008:14:24:01 -0500] conn=170 fd=71 slot=71 connection from 10.188.49.187 to 10.188.135.186 [07/Feb/2008:14:24:01 -0500] conn=170 op=0 BIND dn="" method=128 version=3 [07/Feb/2008:14:24:01 -0500] conn=170 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [07/Feb/2008:14:24:01 -0500] conn=170 op=1 SRCH base="dc=post,dc=cnn" scope=2 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" attrs="homeDirectory userPassword gidNumber cn uid cn uidNumber loginShell" [07/Feb/2008:14:24:01 -0500] conn=170 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [07/Feb/2008:14:24:01 -0500] conn=170 op=2 SRCH base="dc=post,dc=cnn" scope=2 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(uidNumber=8000)))" attrs="uidNumber uid cn gidNumber" [07/Feb/2008:14:24:01 -0500] conn=170 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [07/Feb/2008:14:24:01 -0500] conn=170 op=3 SRCH base="dc=post,dc=cnn" scope=2 filter="(&(|(objectClass=posixGroup))(|(gidNumber=8000)))" attrs="cn gidNumber" [07/Feb/2008:14:24:01 -0500] conn=170 op=3 RESULT err=0 tag=101 nentries=0 etime=0 [07/Feb/2008:14:24:01 -0500] conn=170 op=4 SRCH base="dc=post,dc=cnn" scope=2 filter="(&(|(objectClass=posixGroup))(|(memberUid=dme)))" attrs="cn gidNumber" [07/Feb/2008:14:24:01 -0500] conn=170 op=4 RESULT err=0 tag=101 nentries=0 etime=0 [07/Feb/2008:14:24:01 -0500] conn=170 op=5 SRCH base="dc=post,dc=cnn" scope=2 filter="(&(|(objectClass=posixGroup))(|(cn=FFFFEEEE-DDDD-CCCC-BBBB-AAAA0 0001F40)))" attrs="cn gidNumber" [07/Feb/2008:14:24:01 -0500] conn=170 op=5 RESULT err=0 tag=101 nentries=0 etime=0 [07/Feb/2008:14:24:01 -0500] conn=170 op=6 SRCH base="dc=post,dc=cnn" scope=2 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" attrs="uid cn userPassword cn homeDirectory loginShell uidNumber gidNumber shadowLastChange shadowExpire" [07/Feb/2008:14:24:01 -0500] conn=170 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [07/Feb/2008:14:24:01 -0500] conn=170 op=7 SRCH base="dc=post,dc=cnn" scope=2 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" attrs="uid cn" [07/Feb/2008:14:24:01 -0500] conn=170 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [07/Feb/2008:14:24:01 -0500] conn=170 op=8 SRCH base="dc=post,dc=cnn" scope=2 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(uid=dme)(cn=dme)))" attrs="userPassword" [07/Feb/2008:14:24:01 -0500] conn=170 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [07/Feb/2008:14:24:01 -0500] conn=170 op=9 SRCH base="dc=post,dc=cnn" scope=2 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(uid=dme)(cn=dme)))" attrs=ALL [07/Feb/2008:14:24:01 -0500] conn=170 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [07/Feb/2008:14:24:01 -0500] conn=171 fd=72 slot=72 connection from 10.188.49.187 to 10.188.135.186 [07/Feb/2008:14:24:01 -0500] conn=171 op=-1 fd=72 closed - B1 [07/Feb/2008:14:24:01 -0500] conn=172 fd=72 slot=72 connection from 10.188.49.187 to 10.188.135.186 [07/Feb/2008:14:24:01 -0500] conn=172 op=0 BIND dn="" method=sasl version=3 mech=CRAM-MD5 [07/Feb/2008:14:24:01 -0500] conn=172 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [07/Feb/2008:14:24:01 -0500] conn=172 op=1 BIND dn="" method=sasl version=3 mech=CRAM-MD5 [07/Feb/2008:14:24:01 -0500] conn=172 op=1 RESULT err=49 tag=97 nentries=0 etime=0 [07/Feb/2008:14:24:01 -0500] conn=172 op=2 UNBIND [07/Feb/2008:14:24:01 -0500] conn=172 op=2 fd=72 closed - U1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Feb 7 20:51:15 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 07 Feb 2008 13:51:15 -0700 Subject: [Fedora-directory-users] New install, not authenticating In-Reply-To: <6226D9DC6FB8434688DE30EE9385A7F10B0366@ATLMSG31.turner.com> References: <6226D9DC6FB8434688DE30EE9385A7F10B0366@ATLMSG31.turner.com> Message-ID: <47AB6F43.7020107@redhat.com> Hendry, Chris wrote: > > Upgraded Fedora-ds-1.1 from 1.0. > How? What exactly did you do? > > Version 1.0 worked great, no problems, I upgraded, ran the > setup-ds-admin.pl in the most default way. > setup-ds-admin.pl is only for new servers. You should use migrate-ds-admin.pl to upgrade from 1.0.4 to 1.1. > > Clients can not login when pointing to this new DS. > > > > Focus line in /var/log/dirsrv/slapd-servername/access > > [07/Feb/2008:14:24:01 -0500] conn=172 op=1 RESULT err=49 > tag=97 nentries=0 etime=0 > > |tag=97| for a result from a client bind operation > > err=49 = invalid credentials > Invalid credentials means the given password is incorrect. > > > > > > Entire log: > > > > [07/Feb/2008:14:24:01 -0500] conn=169 fd=71 slot=71 connection > from 10.188.49.187 to 10.188.135.186 > > [07/Feb/2008:14:24:01 -0500] conn=169 op=-1 fd=71 closed - B1 > > [07/Feb/2008:14:24:01 -0500] conn=170 fd=71 slot=71 connection > from 10.188.49.187 to 10.188.135.186 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=0 BIND dn="" > method=128 version=3 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=0 RESULT err=0 tag=97 > nentries=0 etime=0 dn="" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=1 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" > attrs="homeDirectory userPassword gidNumber cn uid cn > uidNumber loginShell" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=1 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=2 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uidNumber=8000)))" > attrs="uidNumber uid cn gidNumber" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=2 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=3 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixGroup))(|(gidNumber=8000)))" > attrs="cn gidNumber" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=3 RESULT err=0 > tag=101 nentries=0 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=4 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixGroup))(|(memberUid=dme)))" > attrs="cn gidNumber" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=4 RESULT err=0 > tag=101 nentries=0 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=5 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixGroup))(|(cn=FFFFEEEE-DDDD-CCCC-BBBB-AAAA00001F40)))" > attrs="cn gidNumber" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=5 RESULT err=0 > tag=101 nentries=0 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=6 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" > attrs="uid cn userPassword cn homeDirectory loginShell > uidNumber gidNumber shadowLastChange shadowExpire" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=6 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=7 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" > attrs="uid cn" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=7 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=8 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=dme)(cn=dme)))" > attrs="userPassword" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=8 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=9 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=dme)(cn=dme)))" > attrs=ALL > > [07/Feb/2008:14:24:01 -0500] conn=170 op=9 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=171 fd=72 slot=72 connection > from 10.188.49.187 to 10.188.135.186 > > [07/Feb/2008:14:24:01 -0500] conn=171 op=-1 fd=72 closed - B1 > > [07/Feb/2008:14:24:01 -0500] conn=172 fd=72 slot=72 connection > from 10.188.49.187 to 10.188.135.186 > > [07/Feb/2008:14:24:01 -0500] conn=172 op=0 BIND dn="" > method=sasl version=3 mech=CRAM-MD5 > > [07/Feb/2008:14:24:01 -0500] conn=172 op=0 RESULT err=14 > tag=97 nentries=0 etime=0, SASL bind in progress > > [07/Feb/2008:14:24:01 -0500] conn=172 op=1 BIND dn="" > method=sasl version=3 mech=CRAM-MD5 > > [07/Feb/2008:14:24:01 -0500] conn=172 op=1 RESULT err=49 > tag=97 nentries=0 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=172 op=2 UNBIND > > [07/Feb/2008:14:24:01 -0500] conn=172 op=2 fd=72 closed - U1 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From Chris.Hendry at turner.com Thu Feb 7 21:13:47 2008 From: Chris.Hendry at turner.com (Hendry, Chris) Date: Thu, 7 Feb 2008 16:13:47 -0500 Subject: [Fedora-directory-users] New install, not authenticating In-Reply-To: <47AB6F43.7020107@redhat.com> Message-ID: <6226D9DC6FB8434688DE30EE9385A7F10B0368@ATLMSG31.turner.com> Just did a yum install fedora-ds My thinking was that I did not care about the data, this was considered the backup anyway. I made sure the passwords would match, I several times set the password using the gui console. Chris -----Original Message----- From: Rich Megginson [mailto:rmeggins at redhat.com] Sent: Thursday, February 07, 2008 3:51 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] New install, not authenticating Hendry, Chris wrote: > > Upgraded Fedora-ds-1.1 from 1.0. > How? What exactly did you do? > > Version 1.0 worked great, no problems, I upgraded, ran the > setup-ds-admin.pl in the most default way. > setup-ds-admin.pl is only for new servers. You should use migrate-ds-admin.pl to upgrade from 1.0.4 to 1.1. > > Clients can not login when pointing to this new DS. > > > > Focus line in /var/log/dirsrv/slapd-servername/access > > [07/Feb/2008:14:24:01 -0500] conn=172 op=1 RESULT err=49 > tag=97 nentries=0 etime=0 > > |tag=97| for a result from a client bind operation > > err=49 = invalid credentials > Invalid credentials means the given password is incorrect. > > > > > > Entire log: > > > > [07/Feb/2008:14:24:01 -0500] conn=169 fd=71 slot=71 connection > from 10.188.49.187 to 10.188.135.186 > > [07/Feb/2008:14:24:01 -0500] conn=169 op=-1 fd=71 closed - B1 > > [07/Feb/2008:14:24:01 -0500] conn=170 fd=71 slot=71 connection > from 10.188.49.187 to 10.188.135.186 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=0 BIND dn="" > method=128 version=3 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=0 RESULT err=0 tag=97 > nentries=0 etime=0 dn="" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=1 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" > attrs="homeDirectory userPassword gidNumber cn uid cn > uidNumber loginShell" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=1 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=2 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(uidNumber=8000)))" > attrs="uidNumber uid cn gidNumber" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=2 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=3 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixGroup))(|(gidNumber=8000)))" > attrs="cn gidNumber" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=3 RESULT err=0 > tag=101 nentries=0 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=4 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixGroup))(|(memberUid=dme)))" > attrs="cn gidNumber" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=4 RESULT err=0 > tag=101 nentries=0 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=5 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixGroup))(|(cn=FFFFEEEE-DDDD-CCCC-BBBB-AAAA0 0001F40)))" > attrs="cn gidNumber" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=5 RESULT err=0 > tag=101 nentries=0 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=6 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" > attrs="uid cn userPassword cn homeDirectory loginShell > uidNumber gidNumber shadowLastChange shadowExpire" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=6 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=7 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" > attrs="uid cn" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=7 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=8 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(uid=dme)(cn=dme)))" > attrs="userPassword" > > [07/Feb/2008:14:24:01 -0500] conn=170 op=8 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=170 op=9 SRCH > base="dc=post,dc=cnn" scope=2 > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object Class=shadowAccount))(|(uid=dme)(cn=dme)))" > attrs=ALL > > [07/Feb/2008:14:24:01 -0500] conn=170 op=9 RESULT err=0 > tag=101 nentries=1 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=171 fd=72 slot=72 connection > from 10.188.49.187 to 10.188.135.186 > > [07/Feb/2008:14:24:01 -0500] conn=171 op=-1 fd=72 closed - B1 > > [07/Feb/2008:14:24:01 -0500] conn=172 fd=72 slot=72 connection > from 10.188.49.187 to 10.188.135.186 > > [07/Feb/2008:14:24:01 -0500] conn=172 op=0 BIND dn="" > method=sasl version=3 mech=CRAM-MD5 > > [07/Feb/2008:14:24:01 -0500] conn=172 op=0 RESULT err=14 > tag=97 nentries=0 etime=0, SASL bind in progress > > [07/Feb/2008:14:24:01 -0500] conn=172 op=1 BIND dn="" > method=sasl version=3 mech=CRAM-MD5 > > [07/Feb/2008:14:24:01 -0500] conn=172 op=1 RESULT err=49 > tag=97 nentries=0 etime=0 > > [07/Feb/2008:14:24:01 -0500] conn=172 op=2 UNBIND > > [07/Feb/2008:14:24:01 -0500] conn=172 op=2 fd=72 closed - U1 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From cwaltham at bowdoin.edu Thu Feb 7 21:21:50 2008 From: cwaltham at bowdoin.edu (Chris Waltham) Date: Thu, 07 Feb 2008 16:21:50 -0500 Subject: [Fedora-directory-users] Help needed migrating from Sun ONE to Fedora DS 1.1 Message-ID: <320D5A77-9125-4421-9289-6C521FD50498@bowdoin.edu> I'm reasonably new to LDAP and very new to Fedora's DirectoryServer. I'm trying to "migrate" (I use the term loosely) from a Sun ONE (specifically, JES 2004Q2, which is Directory Server 5.2) LDAP server to a Fedora Core 8 server running DS 1.1.0 (installed from a yum respository's binary). My problems are twofold: I have custom schema authored by Bowdoin (a college, my employer), and I have schema that comes from Sun's implementation of LDAP. For example, on the Sun server, 99user.ldif contains the following: objectClasses: ( nsmsgCfgmtaautoreplyhandler-oid NAME 'nsmsgCfgmtaautoreplyhan dler' SUP top STRUCTURAL MUST cn MAY ( nsmsgDefaultecho $ nsmsgDefaultreply $ nsmsgDefaultvacation ) X-ORIGIN ( 'iPlanet Messaging Server configuration' 'user defined' ) ) (which is for iPlanet, a part of Sun's... well, whatever) As well as: attributeTypes: ( majorname-oid NAME 'majorname' DESC 'Major Full Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) Which is used to track students' majors. I tried following the instructions I found here: http://www.redhat.com/docs/manuals/dir-server/MigrateFromSun.html and "converting" the 99user.ldif file into a more typical LDIF and adding that with ldapmodify, but that didn't work particularly well -- a lot of the Sun-specific schema was rejected by Fedora DS. Then I tried removing what I thought was the Sun schema extensions leaving Bowdoin's extensions, and that seemed to work (with one or two strange exceptions). However, when I tried to import the LDIF full of users from the Sun system (which I dumped with db2ldif), I get a whole host of errors: mostly things like "Error adding object 'dn: cn=Administrators,o=Bowdoin College,c=US'. The error sent by the server was 'Object class violation. attribute "mgmanmembervisibility" not allowed". I'm no expert, but I presume this is because the LDIF of users still contains references to the Sun schema attributes. So, here are my questions: * why can't I import the Sun schema if that's what I want to do? * if I can't import the Sun schema, is there an easy way of stripping out the Sun attributes from a 10,000-user LDIF file? Thanks, Chris From rmeggins at redhat.com Thu Feb 7 21:29:29 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 07 Feb 2008 14:29:29 -0700 Subject: [Fedora-directory-users] New install, not authenticating In-Reply-To: <6226D9DC6FB8434688DE30EE9385A7F10B0368@ATLMSG31.turner.com> References: <6226D9DC6FB8434688DE30EE9385A7F10B0368@ATLMSG31.turner.com> Message-ID: <47AB7839.2030002@redhat.com> Hendry, Chris wrote: > Just did a yum install fedora-ds > > My thinking was that I did not care about the data, this was considered > the backup anyway. > Just doing yum install fedora-ds should break just about everything until migrate-ds-admin.pl is run - or at least, if you use the old scripts and such to start and manage fedora ds, you won't be using the 1.1 software. > I made sure the passwords would match, I several times set the password > using the gui console. > I'm not sure what's going on, but error 49 very clearly means invalid password. > Chris > > > -----Original Message----- > From: Rich Megginson [mailto:rmeggins at redhat.com] > Sent: Thursday, February 07, 2008 3:51 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] New install, not authenticating > > Hendry, Chris wrote: > >> Upgraded Fedora-ds-1.1 from 1.0. >> >> > How? What exactly did you do? > >> Version 1.0 worked great, no problems, I upgraded, ran the >> setup-ds-admin.pl in the most default way. >> >> > setup-ds-admin.pl is only for new servers. You should use > migrate-ds-admin.pl to upgrade from 1.0.4 to 1.1. > >> Clients can not login when pointing to this new DS. >> >> >> >> Focus line in /var/log/dirsrv/slapd-servername/access >> >> [07/Feb/2008:14:24:01 -0500] conn=172 op=1 RESULT err=49 >> tag=97 nentries=0 etime=0 >> >> |tag=97| for a result from a client bind operation >> >> err=49 = invalid credentials >> >> > Invalid credentials means the given password is incorrect. > >> >> >> >> >> Entire log: >> >> >> >> [07/Feb/2008:14:24:01 -0500] conn=169 fd=71 slot=71 connection >> from 10.188.49.187 to 10.188.135.186 >> >> [07/Feb/2008:14:24:01 -0500] conn=169 op=-1 fd=71 closed - B1 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 fd=71 slot=71 connection >> from 10.188.49.187 to 10.188.135.186 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=0 BIND dn="" >> method=128 version=3 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=0 RESULT err=0 tag=97 >> nentries=0 etime=0 dn="" >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=1 SRCH >> base="dc=post,dc=cnn" scope=2 >> >> > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object > Class=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" > >> attrs="homeDirectory userPassword gidNumber cn uid cn >> uidNumber loginShell" >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=1 RESULT err=0 >> tag=101 nentries=1 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=2 SRCH >> base="dc=post,dc=cnn" scope=2 >> >> > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object > Class=shadowAccount))(|(uidNumber=8000)))" > >> attrs="uidNumber uid cn gidNumber" >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=2 RESULT err=0 >> tag=101 nentries=1 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=3 SRCH >> base="dc=post,dc=cnn" scope=2 >> filter="(&(|(objectClass=posixGroup))(|(gidNumber=8000)))" >> attrs="cn gidNumber" >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=3 RESULT err=0 >> tag=101 nentries=0 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=4 SRCH >> base="dc=post,dc=cnn" scope=2 >> filter="(&(|(objectClass=posixGroup))(|(memberUid=dme)))" >> attrs="cn gidNumber" >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=4 RESULT err=0 >> tag=101 nentries=0 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=5 SRCH >> base="dc=post,dc=cnn" scope=2 >> >> > filter="(&(|(objectClass=posixGroup))(|(cn=FFFFEEEE-DDDD-CCCC-BBBB-AAAA0 > 0001F40)))" > >> attrs="cn gidNumber" >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=5 RESULT err=0 >> tag=101 nentries=0 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=6 SRCH >> base="dc=post,dc=cnn" scope=2 >> >> > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object > Class=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" > >> attrs="uid cn userPassword cn homeDirectory loginShell >> uidNumber gidNumber shadowLastChange shadowExpire" >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=6 RESULT err=0 >> tag=101 nentries=1 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=7 SRCH >> base="dc=post,dc=cnn" scope=2 >> >> > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object > Class=shadowAccount))(|(|(uid=dme))(|(cn=dme))))" > >> attrs="uid cn" >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=7 RESULT err=0 >> tag=101 nentries=1 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=8 SRCH >> base="dc=post,dc=cnn" scope=2 >> >> > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object > Class=shadowAccount))(|(uid=dme)(cn=dme)))" > >> attrs="userPassword" >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=8 RESULT err=0 >> tag=101 nentries=1 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=9 SRCH >> base="dc=post,dc=cnn" scope=2 >> >> > filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(object > Class=shadowAccount))(|(uid=dme)(cn=dme)))" > >> attrs=ALL >> >> [07/Feb/2008:14:24:01 -0500] conn=170 op=9 RESULT err=0 >> tag=101 nentries=1 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=171 fd=72 slot=72 connection >> from 10.188.49.187 to 10.188.135.186 >> >> [07/Feb/2008:14:24:01 -0500] conn=171 op=-1 fd=72 closed - B1 >> >> [07/Feb/2008:14:24:01 -0500] conn=172 fd=72 slot=72 connection >> from 10.188.49.187 to 10.188.135.186 >> >> [07/Feb/2008:14:24:01 -0500] conn=172 op=0 BIND dn="" >> method=sasl version=3 mech=CRAM-MD5 >> >> [07/Feb/2008:14:24:01 -0500] conn=172 op=0 RESULT err=14 >> tag=97 nentries=0 etime=0, SASL bind in progress >> >> [07/Feb/2008:14:24:01 -0500] conn=172 op=1 BIND dn="" >> method=sasl version=3 mech=CRAM-MD5 >> >> [07/Feb/2008:14:24:01 -0500] conn=172 op=1 RESULT err=49 >> tag=97 nentries=0 etime=0 >> >> [07/Feb/2008:14:24:01 -0500] conn=172 op=2 UNBIND >> >> [07/Feb/2008:14:24:01 -0500] conn=172 op=2 fd=72 closed - U1 >> >> >> > ------------------------------------------------------------------------ > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Feb 7 21:33:02 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 07 Feb 2008 14:33:02 -0700 Subject: [Fedora-directory-users] Help needed migrating from Sun ONE to Fedora DS 1.1 In-Reply-To: <320D5A77-9125-4421-9289-6C521FD50498@bowdoin.edu> References: <320D5A77-9125-4421-9289-6C521FD50498@bowdoin.edu> Message-ID: <47AB790E.8030600@redhat.com> Chris Waltham wrote: > I'm reasonably new to LDAP and very new to Fedora's DirectoryServer. > I'm trying to "migrate" (I use the term loosely) from a Sun ONE > (specifically, JES 2004Q2, which is Directory Server 5.2) LDAP server > to a Fedora Core 8 server running DS 1.1.0 (installed from a yum > respository's binary). > > My problems are twofold: I have custom schema authored by Bowdoin (a > college, my employer), and I have schema that comes from Sun's > implementation of LDAP. For example, on the Sun server, 99user.ldif > contains the following: > > objectClasses: ( nsmsgCfgmtaautoreplyhandler-oid NAME > 'nsmsgCfgmtaautoreplyhan > dler' SUP top STRUCTURAL MUST cn MAY ( nsmsgDefaultecho $ > nsmsgDefaultreply > $ nsmsgDefaultvacation ) X-ORIGIN ( 'iPlanet Messaging Server > configuration' > 'user defined' ) ) > > (which is for iPlanet, a part of Sun's... well, whatever) > > As well as: > > attributeTypes: ( majorname-oid NAME 'majorname' DESC 'Major Full > Name' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) > > Which is used to track students' majors. I tried following the > instructions I found here: > http://www.redhat.com/docs/manuals/dir-server/MigrateFromSun.html and > "converting" the 99user.ldif file into a more typical LDIF and adding > that with ldapmodify, but that didn't work particularly well -- a lot > of the Sun-specific schema was rejected by Fedora DS. Then I tried > removing what I thought was the Sun schema extensions leaving > Bowdoin's extensions, and that seemed to work (with one or two strange > exceptions). > > However, when I tried to import the LDIF full of users from the Sun > system (which I dumped with db2ldif), I get a whole host of errors: > mostly things like "Error adding object 'dn: > cn=Administrators,o=Bowdoin College,c=US'. The error sent by the > server was 'Object class violation. attribute "mgmanmembervisibility" > not allowed". I'm no expert, but I presume this is because the LDIF of > users still contains references to the Sun schema attributes. So, here > are my questions: > > * why can't I import the Sun schema if that's what I want to do? You should be able to do that. It's really odd that Sun defined schema is in 99user.ldif - that file is reserved solely for user defined schema added via LDAP. You'll have to post the errors here so we can address the issues. > * if I can't import the Sun schema, is there an easy way of stripping > out the Sun attributes from a 10,000-user LDIF file? If you are a Perl hacker, you could use Mozilla perldap (included with the fedora ds software) or Net::LDAP (probably bundled with your linux OS perl distribution). If you prefer python, python-ldap also has an LDIF parser. > > Thanks, > > > Chris > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From cwaltham at bowdoin.edu Thu Feb 7 21:46:01 2008 From: cwaltham at bowdoin.edu (Chris Waltham) Date: Thu, 07 Feb 2008 16:46:01 -0500 Subject: [Fedora-directory-users] Help needed migrating from Sun ONE to Fedora DS 1.1 In-Reply-To: <47AB790E.8030600@redhat.com> References: <320D5A77-9125-4421-9289-6C521FD50498@bowdoin.edu> <47AB790E.8030600@redhat.com> Message-ID: On Feb 7, 2008, at 4:33 PM, Rich Megginson wrote: > Chris Waltham wrote: >> * why can't I import the Sun schema if that's what I want to do? > You should be able to do that. It's really odd that Sun defined > schema is in 99user.ldif - that file is reserved solely for user > defined schema added via LDAP. You'll have to post the errors here > so we can address the issues. I did one better: I simply copied the entire config/schema/ directory from the Sun box to the Fedora box, and tried to restart Fedora DS. I got some non-fatal errors: [root at hebron slapd-hebron]# /etc/init.d/dirsrv start Starting dirsrv: hebron...[07/Feb/2008:16:41:00 -0500] - Entry "cn=SNMP,cn=config" -- attribute "nssnmpname" not allowed [07/Feb/2008:16:41:00 -0500] - Entry "cn=PAM Pass Through Auth,cn=plugins,cn=config" has unknown object class "pamConfig" [07/Feb/2008:16:41:00 -0500] - Entry "cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config" has unknown object class "nsSaslMapping" [07/Feb/2008:16:41:00 -0500] - Entry "cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config" has unknown object class "nsSaslMapping" [07/Feb/2008:16:41:00 -0500] - Entry "cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config" has unknown object class "nsSaslMapping" [07/Feb/2008:16:41:00 -0500] - Entry "cn=uid mapping,cn=mapping,cn=sasl,cn=config" has unknown object class "nsSaslMapping" [07/Feb/2008:16:41:00 -0500] - Entry "cn=SNMP,cn=config" -- attribute "nssnmpname" not allowed [ OK ] That gave me some hope, so then I tried to import my database from an LDAP. FWIW, this is how I generated the LDIF on the Sun box: db2ldif 'o=Bowdoin College, c=US' Then I just tried this in Fedora: /usr/lib/dirsrv/slapd-hebron/ldif2db -s 'o=Bowdoin College, c=US' -i / path/to/dumpfile.ldif And I got the following errors: importing data ... [07/Feb/2008:16:41:08 -0500] - Entry "cn=SNMP,cn=config" -- attribute "nssnmpname" not allowed [07/Feb/2008:16:41:08 -0500] - Entry "cn=PAM Pass Through Auth,cn=plugins,cn=config" has unknown object class "pamConfig" [07/Feb/2008:16:41:08 -0500] - Entry "cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config" has unknown object class "nsSaslMapping" [07/Feb/2008:16:41:08 -0500] - Entry "cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config" has unknown object class "nsSaslMapping" [07/Feb/2008:16:41:08 -0500] - Entry "cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config" has unknown object class "nsSaslMapping" [07/Feb/2008:16:41:08 -0500] - Entry "cn=uid mapping,cn=mapping,cn=sasl,cn=config" has unknown object class "nsSaslMapping" [07/Feb/2008:16:41:08 -0500] - Entry "cn=SNMP,cn=config" -- attribute "nssnmpname" not allowed [07/Feb/2008:16:41:08 -0500] - ERROR 2: There is no backend instance to import to. To be honest, I am a little confused at the relationship between instances and backends. From what I can see, Sun includes the following instances: userRoot, internetdb, pab and netscapeRoot (and possibly others?). But, I only have one suffix that I need, which is o=Bowdoin College, c=US. Chris > >> * if I can't import the Sun schema, is there an easy way of >> stripping out the Sun attributes from a 10,000-user LDIF file? > If you are a Perl hacker, you could use Mozilla perldap (included > with the fedora ds software) or Net::LDAP (probably bundled with > your linux OS perl distribution). If you prefer python, python-ldap > also has an LDIF parser. >> >> Thanks, >> >> >> Chris From rmeggins at redhat.com Thu Feb 7 21:56:48 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 07 Feb 2008 14:56:48 -0700 Subject: [Fedora-directory-users] Help needed migrating from Sun ONE to Fedora DS 1.1 In-Reply-To: References: <320D5A77-9125-4421-9289-6C521FD50498@bowdoin.edu> <47AB790E.8030600@redhat.com> Message-ID: <47AB7EA0.8020506@redhat.com> Chris Waltham wrote: > On Feb 7, 2008, at 4:33 PM, Rich Megginson wrote: > >> Chris Waltham wrote: >>> * why can't I import the Sun schema if that's what I want to do? >> You should be able to do that. It's really odd that Sun defined >> schema is in 99user.ldif - that file is reserved solely for user >> defined schema added via LDAP. You'll have to post the errors here >> so we can address the issues. > > I did one better: I simply copied the entire config/schema/ directory > from the Sun box to the Fedora box, and tried to restart Fedora DS. It would probably be better to only copy the files not already in the Fedora DS schema directory e.g. pseudocode for file in sun/config/schema/*.ldif name=`basename $file` if [ ! -f /etc/dirsrv/slapd-instancename/schema/$name ] ; then cp $file /etc/dirsrv/slapd-instancename/schema/$name fi done Because the Fedora DS schema has changed someone. For starters, our new 00core.ldif contains only the very core essential schema required to start the server - the non-essential schema has been moved to 01common.ldif. Their 00core.ldif probably still contains everything. So if you overwrite the fedora ds 00core.ldif with theirs, chaos will ensue. > I got some non-fatal errors: > > [root at hebron slapd-hebron]# /etc/init.d/dirsrv start > Starting dirsrv: > hebron...[07/Feb/2008:16:41:00 -0500] - Entry "cn=SNMP,cn=config" > -- attribute "nssnmpname" not allowed > [07/Feb/2008:16:41:00 -0500] - Entry "cn=PAM Pass Through > Auth,cn=plugins,cn=config" has unknown object class "pamConfig" > [07/Feb/2008:16:41:00 -0500] - Entry "cn=Kerberos uid > mapping,cn=mapping,cn=sasl,cn=config" has unknown object class > "nsSaslMapping" > [07/Feb/2008:16:41:00 -0500] - Entry "cn=rfc 2829 dn > syntax,cn=mapping,cn=sasl,cn=config" has unknown object class > "nsSaslMapping" > [07/Feb/2008:16:41:00 -0500] - Entry "cn=rfc 2829 u > syntax,cn=mapping,cn=sasl,cn=config" has unknown object class > "nsSaslMapping" > [07/Feb/2008:16:41:00 -0500] - Entry "cn=uid > mapping,cn=mapping,cn=sasl,cn=config" has unknown object class > "nsSaslMapping" > [07/Feb/2008:16:41:00 -0500] - Entry "cn=SNMP,cn=config" -- attribute > "nssnmpname" not allowed > [ OK ] > > That gave me some hope, so then I tried to import my database from an > LDAP. FWIW, this is how I generated the LDIF on the Sun box: > > db2ldif 'o=Bowdoin College, c=US' > > Then I just tried this in Fedora: > > /usr/lib/dirsrv/slapd-hebron/ldif2db -s 'o=Bowdoin College, c=US' -i > /path/to/dumpfile.ldif > > And I got the following errors: > > importing data ... > [07/Feb/2008:16:41:08 -0500] - Entry "cn=SNMP,cn=config" -- attribute > "nssnmpname" not allowed > [07/Feb/2008:16:41:08 -0500] - Entry "cn=PAM Pass Through > Auth,cn=plugins,cn=config" has unknown object class "pamConfig" > [07/Feb/2008:16:41:08 -0500] - Entry "cn=Kerberos uid > mapping,cn=mapping,cn=sasl,cn=config" has unknown object class > "nsSaslMapping" > [07/Feb/2008:16:41:08 -0500] - Entry "cn=rfc 2829 dn > syntax,cn=mapping,cn=sasl,cn=config" has unknown object class > "nsSaslMapping" > [07/Feb/2008:16:41:08 -0500] - Entry "cn=rfc 2829 u > syntax,cn=mapping,cn=sasl,cn=config" has unknown object class > "nsSaslMapping" > [07/Feb/2008:16:41:08 -0500] - Entry "cn=uid > mapping,cn=mapping,cn=sasl,cn=config" has unknown object class > "nsSaslMapping" > [07/Feb/2008:16:41:08 -0500] - Entry "cn=SNMP,cn=config" -- attribute > "nssnmpname" not allowed > [07/Feb/2008:16:41:08 -0500] - ERROR 2: There is no backend instance > to import to. > > To be honest, I am a little confused at the relationship between > instances and backends. From what I can see, Sun includes the > following instances: userRoot, internetdb, pab and netscapeRoot (and > possibly others?). But, I only have one suffix that I need, which is > o=Bowdoin College, c=US. You might try the migrate-ds-admin.pl script. It might be able to handle the Sun data. Use -o /opt/iplanet or whatever they use for their server root directory. If migration does not work, then you will at least have to create a database and configure a suffix for o=Bowdoin College, c=US See - http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Configuring_Directory_Databases.html > > > Chris > >> >>> * if I can't import the Sun schema, is there an easy way of >>> stripping out the Sun attributes from a 10,000-user LDIF file? >> If you are a Perl hacker, you could use Mozilla perldap (included >> with the fedora ds software) or Net::LDAP (probably bundled with your >> linux OS perl distribution). If you prefer python, python-ldap also >> has an LDIF parser. >>> >>> Thanks, >>> >>> >>> Chris > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From jared.griffith at farheap.com Thu Feb 7 22:30:22 2008 From: jared.griffith at farheap.com (Jared B. Griffith) Date: Thu, 7 Feb 2008 14:30:22 -0800 (PST) Subject: [Fedora-directory-users] FDS Sudo Management In-Reply-To: <23761524.392281202423109363.JavaMail.root@zimbra1.farheap.com> Message-ID: <25914124.392591202423422638.JavaMail.root@zimbra1.farheap.com> Has anyone managed sudoers via FDS here? I have been trying to create LDAP entries as mentioned here: http://www.gratisoft.us/sudo/readme_ldap.html Which FDS will not allow me to do, even though the schemas for SUDO are in the server. Is there a walkthrough, or is there anyone that is managing SUDO via FDS here successfully? -- - Thank you, - Jared B. Griffith - Farheap Solutions, Inc. - Lead Systems Administrator - California IT Department - Email - jared.griffith at farheap.com - Phone - 949.417.1500 ext. 266 - Cell Phone - 949.910.6542 -------------- next part -------------- An HTML attachment was scrubbed... URL: From vaddarapu at gmail.com Thu Feb 7 23:15:53 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Fri, 8 Feb 2008 10:15:53 +1100 Subject: [Fedora-directory-users] SSL issue In-Reply-To: <47AB1B80.4010400@redhat.com> References: <47A9C1C0.8000902@redhat.com> <47AA701C.4000602@redhat.com> <47AA7CD9.5090802@redhat.com> <47AB1B80.4010400@redhat.com> Message-ID: Hi Rich, Im going through this URL material intructions http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt. but i could not find the directory that mentioned in the notes cd /opt/fedora-ds/shared/bin. I installed FDS 1.1 but this notes related to FDS 1.04 i believe. I think im having some DNS based problems. Thanks for your suggestions Vivek. On Feb 8, 2008 1:53 AM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi Rich, > > > > let me breifly explain my settings. I installed FDS in Virtual > > Machine. Virtual Machine is running in windows machine. when i start > > console from VM everything works fine. But when i start console from > > windows machine, will take user logins and hangs while showing message > > authenticating the user. thats all wont go further i have to kill the > > console window. virtual machine and Windows are connect using network > > bridge. > You could try editing the windows console batch file to add -D 9 after > the Console class on the java command line - see if that gives you any > more information. > > If you suspect it is a problem with admin server host/ip access control, > try this - > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt > > > > > > following are the console error logs: > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > ap_get_remote_host could not resolve 10.50.5.79 > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > host [piquant] did not match pattern [*.localdomain] -will scan aliases > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > ap_get_remote_host could not resolve 10.50.5.79 , > > referer: > http://10.50.5.91:17881/admin-serv/tasks/configuration/HTMLAdmin?op=status > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > ap_get_remote_host could not resolve 127.0.0.1 > > > > > > windows host IP is 10.50.5.89 (logs showing > > 10.50.5.79 , i dont how that happens) > > VM IP is 10.50.5.91 > > > > help appreciated. > > Thanks > > Vivek > > > > On Feb 7, 2008 2:36 PM, Rich Megginson > > wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > I can start both dirsrv and dirsrv-admin as well. i can login > into > > > console from local host but can not login from remote host. any > > ideas? > > > Thanks > > fedora-idm-console -D 9 -f console.log > > > > Any clues in console.log? > > > > > > On Feb 7, 2008 1:42 PM, Rich Megginson > > > > >> wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi, > > > > > > > > I installed with the setupssl2.sh script. with password > > file i can > > > > able to restart dirsrv. > > > But you were having a problem with dirsrv-admin? > > > > is it allowed to login into console more than 1 location > after > > > > enabling SSL? > > > Not sure what you mean. Is something not working correctly? > > > > Thanks > > > > Vivek > > > > > > > > On Feb 7, 2008 1:18 AM, Rich Megginson > > > > > > > > > > > > >>> wrote: > > > > > > > > Anand Vaddarapu wrote: > > > > > Hi, > > > > > > > > > > Restarted my FDS as soon as enable SSL service. I try > to > > > > restarted my > > > > > dirsrv-admin, its promt me for password. When i > > enter valid > > > > password , > > > > > the error mesg appers saying "incorrect password". I m > > > damn sure > > > > that > > > > > entered password was correct. When it happened to me > > first > > > time i > > > > > tought i forgot password and reinstall the FDS. > > Again happened > > > > second > > > > > time. Please let me know how can i recover password > > or any > > > > alternative > > > > > way to restart my dirsrv-admin. > > > > Did you see this? > > > > > > > > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > > > > > How did you configure SSL for the Admin Server? If you > > > created a > > > > cert/key for the Admin Server, you must have given a > > > password when you > > > > imported the key/cert. If you used the setupssl2.sh > > script (or > > > > setupssl.sh if you are using Fedora DS 1.0.4) then it > > > created the > > > > password.conf file for you. > > > > > > > > > > Thanks > > > > > Vivek > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Feb 7 23:28:15 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 07 Feb 2008 16:28:15 -0700 Subject: [Fedora-directory-users] SSL issue In-Reply-To: References: <47A9C1C0.8000902@redhat.com> <47AA701C.4000602@redhat.com> <47AA7CD9.5090802@redhat.com> <47AB1B80.4010400@redhat.com> Message-ID: <47AB940F.3010608@redhat.com> Anand Vaddarapu wrote: > Hi Rich, > > Im going through this URL material intructions > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt. but > i could not find the directory that mentioned in the notes cd > /opt/fedora-ds/shared/bin. I installed FDS 1.1 but this notes related > to FDS 1.04 i believe. I think im having some DNS based problems. I changed that wiki page to have instructions that should work with Fedora DS 1.1 > > Thanks for your suggestions > Vivek. > > > > On Feb 8, 2008 1:53 AM, Rich Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi Rich, > > > > let me breifly explain my settings. I installed FDS in Virtual > > Machine. Virtual Machine is running in windows machine. when i start > > console from VM everything works fine. But when i start console from > > windows machine, will take user logins and hangs while showing > message > > authenticating the user. thats all wont go further i have to > kill the > > console window. virtual machine and Windows are connect using > network > > bridge. > You could try editing the windows console batch file to add -D 9 after > the Console class on the java command line - see if that gives you any > more information. > > If you suspect it is a problem with admin server host/ip access > control, > try this - > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt > > > > > > following are the console error logs: > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > ap_get_remote_host could not resolve 10.50.5.79 > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > host [piquant] did not match pattern [*.localdomain] -will scan > aliases > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > ap_get_remote_host could not resolve 10.50.5.79 > , > > > referer:http://10.50.5.91:17881/admin-serv/tasks/configuration/HTMLAdmin?op=status > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > ap_get_remote_host could not resolve 127.0.0.1 > > > > > > > windows host IP is 10.50.5.89 > (logs showing > > 10.50.5.79 , i dont how > that happens) > > VM IP is 10.50.5.91 > > > > help appreciated. > > Thanks > > Vivek > > > > On Feb 7, 2008 2:36 PM, Rich Megginson > > >> wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > I can start both dirsrv and dirsrv-admin as well. i can > login into > > > console from local host but can not login from remote > host. any > > ideas? > > > Thanks > > fedora-idm-console -D 9 -f console.log > > > > Any clues in console.log? > > > > > > On Feb 7, 2008 1:42 PM, Rich Megginson > > > > > > > > >>> wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi, > > > > > > > > I installed with the setupssl2.sh script. with password > > file i can > > > > able to restart dirsrv. > > > But you were having a problem with dirsrv-admin? > > > > is it allowed to login into console more than 1 > location after > > > > enabling SSL? > > > Not sure what you mean. Is something not working > correctly? > > > > Thanks > > > > Vivek > > > > > > > > On Feb 7, 2008 1:18 AM, Rich Megginson > > > > > > > >> > > > > > > > > >>>> wrote: > > > > > > > > Anand Vaddarapu wrote: > > > > > Hi, > > > > > > > > > > Restarted my FDS as soon as enable SSL > service. I try to > > > > restarted my > > > > > dirsrv-admin, its promt me for password. When i > > enter valid > > > > password , > > > > > the error mesg appers saying "incorrect > password". I m > > > damn sure > > > > that > > > > > entered password was correct. When it happened > to me > > first > > > time i > > > > > tought i forgot password and reinstall the FDS. > > Again happened > > > > second > > > > > time. Please let me know how can i recover > password > > or any > > > > alternative > > > > > way to restart my dirsrv-admin. > > > > Did you see this? > > > > > > > > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > > > > > How did you configure SSL for the Admin Server? > If you > > > created a > > > > cert/key for the Admin Server, you must have given a > > > password when you > > > > imported the key/cert. If you used the setupssl2.sh > > script (or > > > > setupssl.sh if you are using Fedora DS 1.0.4) > then it > > > created the > > > > password.conf file for you. > > > > > > > > > > Thanks > > > > > Vivek > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > > > > > > > > > >>> > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > > > > > > > > > >>> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From vaddarapu at gmail.com Thu Feb 7 23:40:55 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Fri, 8 Feb 2008 10:40:55 +1100 Subject: [Fedora-directory-users] SSL issue In-Reply-To: <47AB940F.3010608@redhat.com> References: <47A9C1C0.8000902@redhat.com> <47AA701C.4000602@redhat.com> <47AA7CD9.5090802@redhat.com> <47AB1B80.4010400@redhat.com> <47AB940F.3010608@redhat.com> Message-ID: Hi Rich, I am getting new error when i try start the dirsrv-admin. #service dirsrv-admin start Starting dirsrv-admin: syntax error on line 89 of /etc/dirsrv/admin-serv/console.conf: NSSNickname takes one argument, SSL RSA server certificate nickname (`Server-Cert [failed] I tried to add "Server-Cert" at line number 89, still im getting same error when i start dirsrv-admin. Thanks for your help. Vivek On Feb 8, 2008 10:28 AM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi Rich, > > > > Im going through this URL material intructions > > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt. but > > i could not find the directory that mentioned in the notes cd > > /opt/fedora-ds/shared/bin. I installed FDS 1.1 but this notes related > > to FDS 1.04 i believe. I think im having some DNS based problems. > I changed that wiki page to have instructions that should work with > Fedora DS 1.1 > > > > Thanks for your suggestions > > Vivek. > > > > > > > > On Feb 8, 2008 1:53 AM, Rich Megginson > > wrote: > > > > Anand Vaddarapu wrote: > > > Hi Rich, > > > > > > let me breifly explain my settings. I installed FDS in Virtual > > > Machine. Virtual Machine is running in windows machine. when i > start > > > console from VM everything works fine. But when i start console > from > > > windows machine, will take user logins and hangs while showing > > message > > > authenticating the user. thats all wont go further i have to > > kill the > > > console window. virtual machine and Windows are connect using > > network > > > bridge. > > You could try editing the windows console batch file to add -D 9 > after > > the Console class on the java command line - see if that gives you > any > > more information. > > > > If you suspect it is a problem with admin server host/ip access > > control, > > try this - > > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt > > > > > > > > > following are the console error logs: > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > ap_get_remote_host could not resolve 10.50.5.79 > > > > > > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > host [piquant] did not match pattern [*.localdomain] -will scan > > aliases > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > ap_get_remote_host could not resolve 10.50.5.79 > > , > > > > > referer: > http://10.50.5.91:17881/admin-serv/tasks/configuration/HTMLAdmin?op=status > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > ap_get_remote_host could not resolve 127.0.0.1 > > > > > > > > > > > windows host IP is 10.50.5.89 > > (logs showing > > > 10.50.5.79 , i dont how > > that happens) > > > VM IP is 10.50.5.91 > > > > > > help appreciated. > > > Thanks > > > Vivek > > > > > > On Feb 7, 2008 2:36 PM, Rich Megginson > > > > >> wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi, > > > > > > > > I can start both dirsrv and dirsrv-admin as well. i can > > login into > > > > console from local host but can not login from remote > > host. any > > > ideas? > > > > Thanks > > > fedora-idm-console -D 9 -f console.log > > > > > > Any clues in console.log? > > > > > > > > On Feb 7, 2008 1:42 PM, Rich Megginson > > > > > > > > > > > > >>> wrote: > > > > > > > > Anand Vaddarapu wrote: > > > > > Hi, > > > > > > > > > > I installed with the setupssl2.sh script. with > password > > > file i can > > > > > able to restart dirsrv. > > > > But you were having a problem with dirsrv-admin? > > > > > is it allowed to login into console more than 1 > > location after > > > > > enabling SSL? > > > > Not sure what you mean. Is something not working > > correctly? > > > > > Thanks > > > > > Vivek > > > > > > > > > > On Feb 7, 2008 1:18 AM, Rich Megginson > > > > > > > > > > > > >> > > > > > > > > > > > > > >>>> wrote: > > > > > > > > > > Anand Vaddarapu wrote: > > > > > > Hi, > > > > > > > > > > > > Restarted my FDS as soon as enable SSL > > service. I try to > > > > > restarted my > > > > > > dirsrv-admin, its promt me for password. When i > > > enter valid > > > > > password , > > > > > > the error mesg appers saying "incorrect > > password". I m > > > > damn sure > > > > > that > > > > > > entered password was correct. When it happened > > to me > > > first > > > > time i > > > > > > tought i forgot password and reinstall the FDS. > > > Again happened > > > > > second > > > > > > time. Please let me know how can i recover > > password > > > or any > > > > > alternative > > > > > > way to restart my dirsrv-admin. > > > > > Did you see this? > > > > > > > > > > > > > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > > > > > > > How did you configure SSL for the Admin Server? > > If you > > > > created a > > > > > cert/key for the Admin Server, you must have given > a > > > > password when you > > > > > imported the key/cert. If you used the > setupssl2.sh > > > script (or > > > > > setupssl.sh if you are using Fedora DS 1.0.4) > > then it > > > > created the > > > > > password.conf file for you. > > > > > > > > > > > > Thanks > > > > > > Vivek > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > > > -- > > > > > > Fedora-directory-users mailing list > > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > >>> > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > >>> > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vaddarapu at gmail.com Fri Feb 8 00:24:47 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Fri, 8 Feb 2008 11:24:47 +1100 Subject: [Fedora-directory-users] SSL issue In-Reply-To: References: <47AA701C.4000602@redhat.com> <47AA7CD9.5090802@redhat.com> <47AB1B80.4010400@redhat.com> <47AB940F.3010608@redhat.com> Message-ID: Hi Rich, I fixed this. Thanks On Feb 8, 2008 10:40 AM, Anand Vaddarapu wrote: > Hi Rich, > > I am getting new error when i try start the dirsrv-admin. > #service dirsrv-admin start > Starting dirsrv-admin: > syntax error on line 89 of /etc/dirsrv/admin-serv/console.conf: > NSSNickname takes one argument, SSL RSA server certificate nickname > (`Server-Cert [failed] > > > > I tried to add "Server-Cert" at line number 89, still im getting same > error when i start dirsrv-admin. > > Thanks for your help. > > Vivek > > > On Feb 8, 2008 10:28 AM, Rich Megginson wrote: > > > Anand Vaddarapu wrote: > > > Hi Rich, > > > > > > Im going through this URL material intructions > > > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt. but > > > i could not find the directory that mentioned in the notes cd > > > /opt/fedora-ds/shared/bin. I installed FDS 1.1 but this notes related > > > to FDS 1.04 i believe. I think im having some DNS based problems. > > I changed that wiki page to have instructions that should work with > > Fedora DS 1.1 > > > > > > Thanks for your suggestions > > > Vivek. > > > > > > > > > > > > On Feb 8, 2008 1:53 AM, Rich Megginson > > > wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi Rich, > > > > > > > > let me breifly explain my settings. I installed FDS in Virtual > > > > Machine. Virtual Machine is running in windows machine. when i > > start > > > > console from VM everything works fine. But when i start console > > from > > > > windows machine, will take user logins and hangs while showing > > > message > > > > authenticating the user. thats all wont go further i have to > > > kill the > > > > console window. virtual machine and Windows are connect using > > > network > > > > bridge. > > > You could try editing the windows console batch file to add -D 9 > > after > > > the Console class on the java command line - see if that gives you > > any > > > more information. > > > > > > If you suspect it is a problem with admin server host/ip access > > > control, > > > try this - > > > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt > > > > > > > > > > > > following are the console error logs: > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > > ap_get_remote_host could not resolve 10.50.5.79 > > > > > > > > > > > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > > host [piquant] did not match pattern [*.localdomain] -will scan > > > aliases > > > > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > > ap_get_remote_host could not resolve 10.50.5.79 > > > , > > > > > > > referer: > > http://10.50.5.91:17881/admin-serv/tasks/configuration/HTMLAdmin?op=status > > > > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > > ap_get_remote_host could not resolve 127.0.0.1 > > > > > > > > > > > > > > > windows host IP is 10.50.5.89 > > > (logs showing > > > > 10.50.5.79 , i dont how > > > that happens) > > > > VM IP is 10.50.5.91 > > > > > > > > help appreciated. > > > > Thanks > > > > Vivek > > > > > > > > On Feb 7, 2008 2:36 PM, Rich Megginson > > > > > > >> > > wrote: > > > > > > > > Anand Vaddarapu wrote: > > > > > Hi, > > > > > > > > > > I can start both dirsrv and dirsrv-admin as well. i can > > > login into > > > > > console from local host but can not login from remote > > > host. any > > > > ideas? > > > > > Thanks > > > > fedora-idm-console -D 9 -f console.log > > > > > > > > Any clues in console.log? > > > > > > > > > > On Feb 7, 2008 1:42 PM, Rich Megginson > > > > > > > > > > > > > > > > >>> wrote: > > > > > > > > > > Anand Vaddarapu wrote: > > > > > > Hi, > > > > > > > > > > > > I installed with the setupssl2.sh script. with > > password > > > > file i can > > > > > > able to restart dirsrv. > > > > > But you were having a problem with dirsrv-admin? > > > > > > is it allowed to login into console more than 1 > > > location after > > > > > > enabling SSL? > > > > > Not sure what you mean. Is something not working > > > correctly? > > > > > > Thanks > > > > > > Vivek > > > > > > > > > > > > On Feb 7, 2008 1:18 AM, Rich Megginson > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > >>>> > > wrote: > > > > > > > > > > > > Anand Vaddarapu wrote: > > > > > > > Hi, > > > > > > > > > > > > > > Restarted my FDS as soon as enable SSL > > > service. I try to > > > > > > restarted my > > > > > > > dirsrv-admin, its promt me for password. When > > i > > > > enter valid > > > > > > password , > > > > > > > the error mesg appers saying "incorrect > > > password". I m > > > > > damn sure > > > > > > that > > > > > > > entered password was correct. When it happened > > > to me > > > > first > > > > > time i > > > > > > > tought i forgot password and reinstall the > > FDS. > > > > Again happened > > > > > > second > > > > > > > time. Please let me know how can i recover > > > password > > > > or any > > > > > > alternative > > > > > > > way to restart my dirsrv-admin. > > > > > > Did you see this? > > > > > > > > > > > > > > > > > > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > > > > > > > > > How did you configure SSL for the Admin Server? > > > If you > > > > > created a > > > > > > cert/key for the Admin Server, you must have > > given a > > > > > password when you > > > > > > imported the key/cert. If you used the > > setupssl2.sh > > > > script (or > > > > > > setupssl.sh if you are using Fedora DS 1.0.4) > > > then it > > > > > created the > > > > > > password.conf file for you. > > > > > > > > > > > > > > Thanks > > > > > > > Vivek > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > > > > > -- > > > > > > > Fedora-directory-users mailing list > > > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>> > > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Fedora-directory-users mailing list > > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>> > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > > > -- > > > > > > Fedora-directory-users mailing list > > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kmarsh at gdrs.com Fri Feb 8 01:52:47 2008 From: kmarsh at gdrs.com (Ken Marsh) Date: Thu, 7 Feb 2008 20:52:47 -0500 Subject: [Fedora-directory-users] ldif error on startup Message-ID: <5AD9B0E562FEFB4E933861904D7135C5715333@gdrs-exchange.gdrs.com> Hi, Thanks to all the Fedora DS development team for supporting us poor souls and creating a great product. I have a MultiMaster replicated 1.0.4-1 DS running on RHES5 x64. It's worked fine since it was created a few weeks ago. When the host system was rebooted, it refused to come up. This is the reason why: [07/Feb/2008:20:25:41 -0500] dse - The entry cn=schema in file /opt/fedora-ds/slapd-server2/config/schema/99user.ldif is invalid, error code 20 (Type or value exists) - attribute type pamMapMethod: Does not match the O ID "2.16.840.1.113730.3.1.2070". Another attribute type is already using the name or OID. [07/Feb/2008:20:25:41 -0500] dse - Please edit the file to correct the reported problems and then restart the server. Fedora-Directory/1.0.4 B2006.338.2215 : (/opt/fedora-ds/slapd-server2) I edited the file and removed the offending entry, and it restarted. The offending entry which looks like this in file 99user.ldif: attributeTypes: ( 2.16.840.1.113730.3.1.2070 NAME 'pamMapMethod' DESC 'How to map BIND DN to PAM identity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN ( 'Red Hat Directory Server' 'user defined' ) ) Grepping around, I found the same OID in 60pam-plugin.ldif: attributeTypes: ( 2.16.840.1.113730.3.1.2070 NAME 'pamIDMapMethod' DESC 'How to map BIND DN to PAM identity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) My questions are, will my removing this entry break anything? And if so, what? Should I replace the entry with a corrected value? Since removing it from 99user.ldif, the DS seems to be running fine now. This DS was originally populated by replication from a 7.1 DS, if that makes any difference. Thanks and keep up the good work, Ken. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sigidwu at gmail.com Fri Feb 8 00:51:31 2008 From: sigidwu at gmail.com (sigid@JINLab) Date: Fri, 08 Feb 2008 08:51:31 +0800 Subject: [Fedora-directory-users] FDS + Samba + machine account In-Reply-To: <127799.40124.qm@web8412.mail.in.yahoo.com> References: <127799.40124.qm@web8412.mail.in.yahoo.com> Message-ID: <47ABA793.4040502@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 satish patel wrote: > i am talking about directory server dear not openldap... how to create > machine account in Fedora directry server..... No "openldap" string on my previous mail... FYI currently I'm using FDS 1.0.4 on two machine (PDC + BDC) and using webmin to create user account and using LDAPAdmin (http://ldapadmin.sourceforge.net/) to create machine account. Sorry for this misunderstanding. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFHq6eTqiPNNgPlDu0RAmTKAJsGMcWBOX4HZeRh8sVp+7pOS5KdqwCgpnBQ X8yPZRUFI7lF3Gr771bIjlY= =544v -----END PGP SIGNATURE----- From ajeet.singh.raina at logicacmg.com Fri Feb 8 05:17:26 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Fri, 8 Feb 2008 10:47:26 +0530 Subject: [Fedora-directory-users] Fedora IDM Console??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207AB7467@in-ex004.groupinfra.com> I changed the java to java -version but it dint worked. PLs Help?? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Fri Feb 8 09:19:27 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Fri, 8 Feb 2008 14:49:27 +0530 Subject: [Fedora-directory-users] Managing NIS Servers into LDAP? Message-ID: <0139539A634FD04A99C9B8880AB70CB207AB79C2@in-ex004.groupinfra.com> Hi Guys, I have a fedora DS running on RHEL 4.0.I have 3 NIS Servers - Jupiter, Saturn and Pluto. Each one of them has around 300 users.The users in Jupiter should not have access rights for other Servers. Let me tell you about my attempt and where I am facing problem at: I have migrated all the NIS to Fedora DS through migrate.pl scripts. Now when I use Fedora DS Console it asks for just /tmp/passwd.ldif file and doesn't talk about People/Special Group/Group. All I can see in Directory Server > Directory(TAB) > Click on im > People where I see all the users get updated to. What My Plan is to create three sub-division of People - Jupr, Satn and Plo and restrict one another from accessing the other unrelated projects. Can I know what can help me to particularly migrate the Jupiter NIS Users strictly to Jupr and vice versa Pls Help. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Fri Feb 8 11:14:45 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Fri, 8 Feb 2008 16:44:45 +0530 Subject: [Fedora-directory-users] Managing NIS Servers into LDAP? Message-ID: <0139539A634FD04A99C9B8880AB70CB207AB7D2E@in-ex004.groupinfra.com> I want to make it more "clear". Say, I have 300 users on each NIS Users. The overall DS should resemble the following architecture: People -------|----Jupr-------------------------------|--- |--- Satn--------------------------|--- |----Plo---------------------------|--- This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Fri Feb 8 12:11:11 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Fri, 8 Feb 2008 17:41:11 +0530 Subject: [Fedora-directory-users] Fedora DS Console? Message-ID: <0139539A634FD04A99C9B8880AB70CB207AB7EF7@in-ex004.groupinfra.com> Where can I find resources related to Fedora Directory Console???? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Feb 8 14:28:21 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 08 Feb 2008 07:28:21 -0700 Subject: [Fedora-directory-users] Fedora IDM Console??? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB207AB7467@in-ex004.groupinfra.com> References: <0139539A634FD04A99C9B8880AB70CB207AB7467@in-ex004.groupinfra.com> Message-ID: <47AC6705.8090007@redhat.com> Singh Raina, Ajeet wrote: > > I changed the java to java ?version but it dint worked. > > PLs Help?? > Can you post your fedora-idm-console.bat file? > > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you are > not an intended recipient then please promptly delete this e-mail and > any attachment and all copies and inform the sender. Thank you. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Feb 8 14:33:39 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 08 Feb 2008 07:33:39 -0700 Subject: [Fedora-directory-users] ldif error on startup In-Reply-To: <5AD9B0E562FEFB4E933861904D7135C5715333@gdrs-exchange.gdrs.com> References: <5AD9B0E562FEFB4E933861904D7135C5715333@gdrs-exchange.gdrs.com> Message-ID: <47AC6843.1080009@redhat.com> Ken Marsh wrote: > > Hi, > > Thanks to all the Fedora DS development team for supporting us poor > souls and creating a great product. > > I have a MultiMaster replicated 1.0.4-1 DS running on RHES5 x64. It?s > worked fine since it was created a few weeks ago. When the host system > was rebooted, it refused to come up. This is the reason why: > > [07/Feb/2008:20:25:41 -0500] dse - The entry cn=schema in file > /opt/fedora-ds/slapd-server2/config/schema/99user.ldif is invalid, > error code 20 (Type or value exists) - attribute type pamMapMethod: > Does not match the O > > ID "2.16.840.1.113730.3.1.2070". Another attribute type is already > using the name or OID. > > [07/Feb/2008:20:25:41 -0500] dse - Please edit the file to correct the > reported problems and then restart the server. > > Fedora-Directory/1.0.4 B2006.338.2215 > > : (/opt/fedora-ds/slapd-server2) > > I edited the file and removed the offending entry, and it restarted. > The offending entry which looks like this in file 99user.ldif: > > attributeTypes: ( 2.16.840.1.113730.3.1.2070 NAME 'pamMapMethod' DESC > 'How to > > map BIND DN to PAM identity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 > SINGLE-VAL > > UE X-ORIGIN ( 'Red Hat Directory Server' 'user defined' ) ) > > Grepping around, I found the same OID in 60pam-plugin.ldif: > > attributeTypes: ( 2.16.840.1.113730.3.1.2070 NAME 'pamIDMapMethod' > DESC 'How to map BIND DN to PAM identity' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory > Server' ) > > My questions are, will my removing this entry break anything? And if > so, what? Should I replace the entry with a corrected value? Since > removing it from 99user.ldif, the DS seems to be running fine now. > > This DS was originally populated by replication from a 7.1 DS, if that > makes any difference. > I'm wondering how that attribute type definition got into 99user.ldif in the first place. That's odd. If there are any other schema definitions in 99user.ldif that you didn't explicitly define, you should remove them. Including pamMapMethod. And you should probably check your 7.1 server too. > > Thanks and keep up the good work, > > Ken. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From edlinuxguru at gmail.com Fri Feb 8 15:38:59 2008 From: edlinuxguru at gmail.com (Eddie C) Date: Fri, 8 Feb 2008 10:38:59 -0500 Subject: [Fedora-directory-users] Help needed migrating from Sun ONE to Fedora DS 1.1 In-Reply-To: <47AB7EA0.8020506@redhat.com> References: <320D5A77-9125-4421-9289-6C521FD50498@bowdoin.edu> <47AB790E.8030600@redhat.com> <47AB7EA0.8020506@redhat.com> Message-ID: Also you may not even need to copy the SUN schema unless you really need it. Use the default FDS schema and then add your custom schema. Then import some data, if your just importing common objects they might not even require that schema. Edward On Feb 7, 2008 4:56 PM, Rich Megginson wrote: > Chris Waltham wrote: > > On Feb 7, 2008, at 4:33 PM, Rich Megginson wrote: > > > >> Chris Waltham wrote: > >>> * why can't I import the Sun schema if that's what I want to do? > >> You should be able to do that. It's really odd that Sun defined > >> schema is in 99user.ldif - that file is reserved solely for user > >> defined schema added via LDAP. You'll have to post the errors here > >> so we can address the issues. > > > > I did one better: I simply copied the entire config/schema/ directory > > from the Sun box to the Fedora box, and tried to restart Fedora DS. > It would probably be better to only copy the files not already in the > Fedora DS schema directory e.g. pseudocode > > for file in sun/config/schema/*.ldif > name=`basename $file` > if [ ! -f /etc/dirsrv/slapd-instancename/schema/$name ] ; then > cp $file /etc/dirsrv/slapd-instancename/schema/$name > fi > done > > Because the Fedora DS schema has changed someone. For starters, our new > 00core.ldif contains only the very core essential schema required to > start the server - the non-essential schema has been moved to > 01common.ldif. Their 00core.ldif probably still contains everything. > So if you overwrite the fedora ds 00core.ldif with theirs, chaos will ensue. > > > I got some non-fatal errors: > > > > [root at hebron slapd-hebron]# /etc/init.d/dirsrv start > > Starting dirsrv: > > hebron...[07/Feb/2008:16:41:00 -0500] - Entry "cn=SNMP,cn=config" > > -- attribute "nssnmpname" not allowed > > [07/Feb/2008:16:41:00 -0500] - Entry "cn=PAM Pass Through > > Auth,cn=plugins,cn=config" has unknown object class "pamConfig" > > [07/Feb/2008:16:41:00 -0500] - Entry "cn=Kerberos uid > > mapping,cn=mapping,cn=sasl,cn=config" has unknown object class > > "nsSaslMapping" > > [07/Feb/2008:16:41:00 -0500] - Entry "cn=rfc 2829 dn > > syntax,cn=mapping,cn=sasl,cn=config" has unknown object class > > "nsSaslMapping" > > [07/Feb/2008:16:41:00 -0500] - Entry "cn=rfc 2829 u > > syntax,cn=mapping,cn=sasl,cn=config" has unknown object class > > "nsSaslMapping" > > [07/Feb/2008:16:41:00 -0500] - Entry "cn=uid > > mapping,cn=mapping,cn=sasl,cn=config" has unknown object class > > "nsSaslMapping" > > [07/Feb/2008:16:41:00 -0500] - Entry "cn=SNMP,cn=config" -- attribute > > "nssnmpname" not allowed > > [ OK ] > > > > That gave me some hope, so then I tried to import my database from an > > LDAP. FWIW, this is how I generated the LDIF on the Sun box: > > > > db2ldif 'o=Bowdoin College, c=US' > > > > Then I just tried this in Fedora: > > > > /usr/lib/dirsrv/slapd-hebron/ldif2db -s 'o=Bowdoin College, c=US' -i > > /path/to/dumpfile.ldif > > > > And I got the following errors: > > > > importing data ... > > [07/Feb/2008:16:41:08 -0500] - Entry "cn=SNMP,cn=config" -- attribute > > "nssnmpname" not allowed > > [07/Feb/2008:16:41:08 -0500] - Entry "cn=PAM Pass Through > > Auth,cn=plugins,cn=config" has unknown object class "pamConfig" > > [07/Feb/2008:16:41:08 -0500] - Entry "cn=Kerberos uid > > mapping,cn=mapping,cn=sasl,cn=config" has unknown object class > > "nsSaslMapping" > > [07/Feb/2008:16:41:08 -0500] - Entry "cn=rfc 2829 dn > > syntax,cn=mapping,cn=sasl,cn=config" has unknown object class > > "nsSaslMapping" > > [07/Feb/2008:16:41:08 -0500] - Entry "cn=rfc 2829 u > > syntax,cn=mapping,cn=sasl,cn=config" has unknown object class > > "nsSaslMapping" > > [07/Feb/2008:16:41:08 -0500] - Entry "cn=uid > > mapping,cn=mapping,cn=sasl,cn=config" has unknown object class > > "nsSaslMapping" > > [07/Feb/2008:16:41:08 -0500] - Entry "cn=SNMP,cn=config" -- attribute > > "nssnmpname" not allowed > > [07/Feb/2008:16:41:08 -0500] - ERROR 2: There is no backend instance > > to import to. > > > > To be honest, I am a little confused at the relationship between > > instances and backends. From what I can see, Sun includes the > > following instances: userRoot, internetdb, pab and netscapeRoot (and > > possibly others?). But, I only have one suffix that I need, which is > > o=Bowdoin College, c=US. > You might try the migrate-ds-admin.pl script. It might be able to > handle the Sun data. Use -o /opt/iplanet or whatever they use for their > server root directory. > > If migration does not work, then you will at least have to create a > database and configure a suffix for o=Bowdoin College, c=US > See - > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Configuring_Directory_Databases.html > > > > > > > Chris > > > >> > >>> * if I can't import the Sun schema, is there an easy way of > >>> stripping out the Sun attributes from a 10,000-user LDIF file? > >> If you are a Perl hacker, you could use Mozilla perldap (included > >> with the fedora ds software) or Net::LDAP (probably bundled with your > >> linux OS perl distribution). If you prefer python, python-ldap also > >> has an LDIF parser. > >>> > >>> Thanks, > >>> > >>> > >>> Chris > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From scrubb at localroot.de Fri Feb 8 20:32:47 2008 From: scrubb at localroot.de (Sascha Scrubb Bendix) Date: Fri, 8 Feb 2008 21:32:47 +0100 Subject: [Fedora-directory-users] Problem with a new installation Message-ID: <20080208213247.7d7a18ea@maggie.boeblingen.de.ibm.com> Hi, I'm currently looking for a central authentication solution and wanted to try the fedora directory server. So I took a x86_64-Machine and installed a fresh fedora system. I tried to install as less as possible and havn't selected X, gnome, or the fonts for installation. After this I followed the instructions in the install guide (except that I mirrored the packages to a local repository, because my system doesn't have a direct internet connection. I finished the configuration with /usr/sbin/setup-ds-admin.pl the ds and ds-admin, but it failed. The message (it's the same when I do /etc/init.d/dirsrv-admin start) was: Starting dirsrv-admin: httpd.worker: Syntax error on line 147 of /etc/dirsrv/admin-serv/httpd.conf: Cannot load /usr/lib64/dirsrv/modules/mod_admserv.so into server: /usr/lib64/libadminutil.so.1: undefined symbol: u_strToUTF8_3_7 [FAILED] The httpd module is loaded, because of this line in the config: LoadModule admserv_module /usr/lib64/dirsrv/modules/mod_admserv.so Here are some more infos about my system: # cat /etc/redhat-release Fedora release 8 (Werewolf) # rpm -qa basesystem-8.1-1 comps-extras-13-1 ql2400-firmware-4.00.27-1.fc8.1 iwl3945-firmware-2.14.1.5-2 rt61pci-firmware-1.2-4 words-3.0-12.fc7 glibc-2.7-2 ncurses-5.6-12.20070812.fc8 chkconfig-1.3.36-1 libSM-1.0.2-4.fc8 bzip2-libs-1.0.4-12.fc8 libjpeg-6b-39.fc8 elfutils-libelf-0.130-3.fc8 libgpg-error-1.5-6 libpcap-0.9.7-3.fc8 libIDL-0.8.9-1.fc8 bluez-libs-3.20-1.fc8 hesiod-3.1.0-9 libvolume_id-116-3.fc8 libXau-1.0.3-3.fc8 audit-libs-1.6.2-4.fc8 info-4.11-1.fc8 sed-4.1.5-9.fc8 readline-5.2-7.fc8 device-mapper-1.02.22-1.fc8 shadow-utils-4.0.18.1-18.fc8 module-init-tools-3.4-2.fc8 psmisc-22.5-2.fc8 cyrus-sasl-lib-2.1.22-7 make-3.81-10.fc8 device-mapper-libs-1.02.22-1.fc8 libICE-1.0.4-2.fc8 logrotate-3.7.6-1.3.fc8 net-tools-1.60-84.fc8 readline-5.2-7.fc8 libgcrypt-1.2.4-6 cups-libs-1.3.3-3.fc8 e2fsprogs-1.40.2-10.fc8 libsmbios-libs-0.13.10-1.fc8 m4-1.4.10-1.fc8 libtiff-3.8.2-9.fc8 pcsc-lite-libs-1.3.3-1.fc8 libdrm-2.3.0-7.fc8 iptables-ipv6-1.3.8-5.fc8 esound-libs-0.2.38-6.fc8 libutempter-1.1.4-4.fc8 groff-1.18.1.4-10.fc8 vim-common-7.1.135-1.fc8 file-libs-4.21-3.fc8 libevent-1.3b-1.fc7 mingetty-1.07-6 libdrm-2.3.0-7.fc8 libxcb-1.0-3.fc8 dmraid-1.0.0.rc14-4.fc8 popt-1.12-3.fc8 krb5-libs-1.6.2-9.fc8 rpcbind-0.1.4-11.fc8 cups-libs-1.3.3-3.fc8 iptstate-2.2.1-1.fc8 gnupg-1.4.7-7 nss_db-2.2-38 irda-utils-0.9.18-3.fc8 psacct-6.3.2-48.fc8 mcelog-0.7-1.22.fc6 ntfsprogs-1.13.1-7.fc8.2 mtr-0.72-3.fc8 traceroute-2.0.9-1.fc8 pcsc-lite-libs-1.3.3-1.fc8 rsh-0.17-44.fc8 dos2unix-3.1-29.fc8 libxcb-1.0-3.fc8 gpm-1.20.1-89.fc8 pciutils-2.2.6-3.fc8 libuser-0.56.6-2 crontabs-1.10-18.fc8 libXrender-0.9.4-1.fc8 libXrandr-1.2.2-1.fc8 libXft-2.1.12-3.fc8 libXdamage-1.1.1-3.fc8 fedora-release-notes-8.0.0-3 pam_krb5-2.2.18-1 grub-0.97-19 pam-0.99.8.1-10.fc8 libXfixes-4.0.3-2.fc8 libXft-2.1.12-3.fc8 libXi-1.1.3-1.fc8 libXtst-1.0.3-1.fc8 libgcj-4.1.2-33 libXt-1.0.4-3.fc8 pam_pkcs11-0.5.3-25 python-2.5.1-15.fc8 libbonobo-2.20.1-1.fc8 rpm-4.4.2.2-3.fc8 notification-daemon-0.3.7-6.fc8 kudzu-1.2.79-1 libuser-python-0.56.6-2 notify-python-0.1.0-4.fc7 pygtk2-2.12.0-2.fc8 pyxf86config-0.3.34-1.fc8 pyorbit-2.14.3-1.fc8 java-1.5.0-gcj-1.5.0.0-17.fc8 yp-tools-2.9-2 numactl-0.9.8-4.fc8 lftp-3.5.14-2.fc8 dbus-libs-1.1.2-7.fc8 util-linux-ng-2.13-3.fc8 udev-116-3.fc8 man-1.6e-3.fc7 dhclient-3.0.6-10.fc8 avahi-0.6.21-6.fc8 kbd-1.12-27.fc8 mkinitrd-6.0.19-4.fc8 isdn4k-utils-3.2-55.fc8 dhcpv6-client-0.10-51.fc8 anacron-2.3-56.fc8 xdg-utils-1.0.2-2.fc8 system-config-users-1.2.72-1.fc8 system-config-language-1.2.12-1.fc8 redhat-lsb-3.1-19.fc8 fuse-2.7.0-8.fc8 hal-0.5.10-1.fc8 NetworkManager-glib-0.7.0-0.5.svn3030.fc8 NetworkManager-0.7.0-0.5.svn3030.fc8 libgnome-2.20.1-2.fc8 gnome-python2-canvas-2.20.0-1.fc8 bluez-gnome-0.14-8.fc8 system-config-date-1.9.16-1.fc8 bluez-utils-3.20-4.fc8 system-config-keyboard-1.2.11-3.fc8 apr-1.2.11-2 httpd-2.2.6-3 cyrus-sasl-gssapi-2.1.22-7 lm_sensors-2.10.4-2.fc8 jss-4.2.5-1.fc8 fedora-ds-console-1.1.0-5.fc6 libgcc-4.1.2-33 filesystem-2.4.11-1.fc8 fedora-gnome-theme-8.0.0-1.fc8 glibc-common-2.7-2 tzdata-java-2007h-1.fc8 rt73usb-firmware-1.8-4 atmel-firmware-1.3-2 ql23xx-firmware-3.03.20-1.fc8.1 ipw2200-firmware-3.0-9 ql2200-firmware-2.02.08-1.fc8.1 zd1211-firmware-1.4-1 man-pages-2.66-1.fc8 mailcap-2.1.25-1.fc8 libgcc-4.1.2-33 glibc-2.7-2 zlib-1.2.3-14.fc8 atk-1.20.0-1.fc8 popt-1.12-3.fc8 libstdc++-4.1.2-33 libICE-1.0.4-2.fc8 libart_lgpl-2.3.19-3.fc8 libusb-0.1.12-10.fc8 tcp_wrappers-libs-7.6-50.fc8 db4-4.6.21-1.fc8 libpng-1.2.22-1.fc8 cyrus-sasl-lib-2.1.22-7 libattr-2.4.38-1.fc8 libnl-1.0-0.10.pre5.4 libgcrypt-1.2.4-6 libtiff-3.8.2-9.fc8 beecrypt-4.1.2-13 pcre-7.3-1 ORBit2-2.14.10-2.fc8 wireless-tools-29-0.2.pre22.fc8 patch-2.5.4-30.fc8 libsysfs-2.1.0-1.fc7 mailx-8.1.1-46.fc7 gdbm-1.8.0-27.fc7 libthai-0.1.7-6.fc8 newt-0.52.7-4.fc8 audiofile-0.2.6-7.fc8 zlib-1.2.3-14.fc8 libstdc++-4.1.2-33 bash-3.2-18.fc8 grep-2.5.1-57.fc7 libselinux-2.0.37-1.fc8 libxml2-2.6.30-1 e2fsprogs-libs-1.40.2-10.fc8 nspr-4.6.7-3.fc8 gawk-3.1.5-15.fc7 freetype-2.3.5-3.fc8 coreutils-6.9-9.fc8 krb5-libs-1.6.2-9.fc8 openldap-2.3.38-3.fc8 freetype-2.3.5-3.fc8 findutils-4.2.31-2.fc8 GConf2-2.20.1-1.fc8 procps-3.2.7-17.fc8 alsa-lib-1.0.15-1.fc8 libidn-0.6.14-4 iproute-2.6.22-2.fc8 libsepol-2.0.11-1.fc8 e2fsprogs-libs-1.40.2-10.fc8 atk-1.20.0-1.fc8 db4-4.6.21-1.fc8 libdhcp6client-0.10-51.fc8 kpartx-0.4.7-11.fc7 tar-1.17-3.fc8 cpio-2.9-4.fc8 libSM-1.0.2-4.fc8 nspr-4.6.7-3.fc8 libgpg-error-1.5-6 libjpeg-6b-39.fc8 libdhcp-1.27-3.fc8 lockdev-1.0.1-11.fc8.1 MAKEDEV-3.23-1.2 nss-tools-3.11.7-10.fc8 bc-1.06-29 shared-mime-info-0.22-3.fc8 time-1.7-30.fc8 binutils-2.17.50.0.18-1 gamin-0.1.9-4.fc8 gnutls-1.6.3-2.fc8 alsa-lib-1.0.15-1.fc8 wireless-tools-29-0.2.pre22.fc8 libnl-1.0-0.10.pre5.4 libXau-1.0.3-3.fc8 libsmbios-bin-0.13.10-1.fc8 iputils-20070202-5.fc8 alsa-utils-1.0.15-1.fc8 tmpwatch-2.9.11-2 bind-libs-9.5.0-16.a6.fc8 lvm2-2.02.28-1.fc8 libxslt-1.1.22-1.fc8 vim-minimal-7.1.135-1.fc8 bzip2-1.0.4-12.fc8 ntsysv-1.3.36-1 libedit-2.10-1.20070831cvs.fc8 file-4.21-3.fc8 lrzsz-0.12.20-22.1 checkpolicy-2.0.4-1.fc8 ethtool-5-1.fc7 libnfnetlink-0.0.30-1.fc8 dmidecode-2.7-1.26.1.fc6 ustr-1.0.1-6.fc8 libXdmcp-1.0.2-4.fc8 libdaemon-0.12-2.fc8 parted-1.8.6-10.fc8 aspell-0.60.5-3.fc7 fuse-libs-2.7.0-8.fc8 cryptsetup-luks-1.0.5-7.fc8 keyutils-libs-1.2-2.fc6 openssl-0.9.8b-17.fc8 libtirpc-0.1.7-12.fc8 nash-6.0.19-4.fc8 nfs-utils-lib-1.1.0-3.fc8 libcap-1.10-30 krb5-workstation-1.6.2-9.fc8 minicom-2.2-5.fc8 bind-utils-9.5.0-16.a6.fc8 tcp_wrappers-7.6-50.fc8 dmraid-1.0.0.rc14-4.fc8 jwhois-4.0-3.fc8 autofs-5.0.2-16 wget-1.10.2-16.fc8 mlocate-0.18-1 ftp-0.17-42.fc8 lsof-4.78-7.fc8 aspell-0.60.5-3.fc7 acpid-1.0.6-3.fc8 unzip-5.52-5.fc8 nc-1.84-13.fc8 rsync-2.6.9-3.2.fc8 telnet-0.17-41.fc8 talk-0.17-29.2.3 setserial-2.17-21.fc8 vconfig-1.9-4.fc8 finger-0.17-35.fc8 rdate-1.4-9.fc8 pam_smb-1.1.7-7.2.2 unix2dos-2.2-29.fc8 rdist-6.1.5-44 eject-2.1.5-5 b43-fwcutter-008-1.fc8 ntfsprogs-1.13.1-7.fc8.2 cyrus-sasl-plain-2.1.22-7 pam_smb-1.1.7-7.2.2 hicolor-icon-theme-0.10-2 cracklib-dicts-2.8.10-3 sysvinit-2.86-18 vixie-cron-4.2-3.fc8 fedora-logos-8.0.2-1.fc8 xorg-x11-filesystem-7.1-2.fc6 libXext-1.0.1-4.fc8 cairo-1.4.10-2.fc8 libXfixes-4.0.3-2.fc8 libXi-1.1.3-1.fc8 libXcursor-1.1.9-1.fc8 libXtst-1.0.3-1.fc8 java-1.7.0-icedtea-1.7.0.0-0.19.b21.snapshot.fc8 libXxf86vm-1.0.1-4.fc8 gnome-mime-data-2.18.0-2.fc7 nss_ldap-257-3.fc8 pam_ccreds-4-3.fc8 pam_passwdqc-1.0.4-4 fedora-release-8-3 aspell-en-6.0-8.fc8 libX11-1.1.3-4.fc8 libXext-1.0.1-4.fc8 cairo-1.4.10-2.fc8 passwd-0.74-5.fc8 libXrandr-1.2.2-1.fc8 pango-1.18.3-1.fc8 gtk2-2.12.1-5.fc8 metacity-2.20.0-3.fc8 libXdamage-1.1.1-3.fc8 libXinerama-1.0.2-3.fc8 libglade2-2.6.2-3.fc8 libgcj-4.1.2-33 mesa-libGL-7.0.1-7.fc8 wvdial-1.60-3.fc8 nss_ldap-257-3.fc8 pam_ccreds-4-3.fc8 pam_passwdqc-1.0.4-4 dbus-libs-1.1.2-7.fc8 dbus-glib-0.73-4.fc8 libgnomecanvas-2.20.1-1.fc8 rhpl-0.210-1 newt-python-0.52.7-4.fc8 dbus-python-0.82.0-2.fc8 libnotify-0.4.4-8.fc8 wpa_supplicant-0.5.7-15.fc8 pycairo-1.4.0-2.fc8 gettext-0.16.1-12.fc8 perl-libs-5.8.8-30.fc8 rpm-python-4.4.2.2-3.fc8 yum-metadata-parser-1.1.2-1.fc8 python-numeric-24.2-6.fc8 pygtk2-libglade-2.12.0-2.fc8 ntp-4.2.4p2-6.fc8 gamin-python-0.1.9-4.fc8 cracklib-python-2.8.10-3 gail-1.20.1-1.fc8 jpackage-utils-1.7.3-1jpp.3.fc8 sinjdoc-0.5-4.fc7 python-urlgrabber-3.0.0-3.fc8 vim-enhanced-7.1.135-1.fc8 stunnel-4.20-4 fbset-2.1-24.fc7 logwatch-7.3.6-9.fc8 numactl-0.9.8-4.fc8 hal-libs-0.5.10-1.fc8 gnome-keyring-2.20.1-3.fc8 ConsoleKit-libs-0.2.3-1.fc8 initscripts-8.60-1 dbus-glib-0.73-4.fc8 which-2.16-8 gzip-1.3.12-4.fc8 PolicyKit-0.6-1.fc8 policycoreutils-2.0.31-7.fc8 openssh-4.7p1-2.fc8 cyrus-sasl-2.1.22-7 sendmail-8.14.1-4.2.fc8 avahi-glib-0.6.21-6.fc8 pm-utils-0.99.4-6.fc8 mdadm-2.6.2-5.fc8 sendmail-8.14.1-4.2.fc8 openssh-server-4.7p1-2.fc8 setuptool-1.19.3-1.fc8 irqbalance-0.55-6.fc8 microcode_ctl-1.17-1.38.fc8 smartmontools-5.37-7.fc8 rp-pppoe-3.8-1.fc7 nfs-utils-1.1.0-6.fc8 system-config-network-tui-1.4.3-1.fc8 firstboot-tui-1.4.39-1.fc8 authconfig-gtk-5.3.18-1.fc8 system-config-soundcard-2.0.6-11.fc8 pinfo-0.6.9-5.fc8 redhat-lsb-3.1-19.fc8 yum-updatesd-0.7-1.fc8 kernel-2.6.23.1-42.fc8 ntfs-3g-1.1030-1.fc8 ntfs-3g-1.1030-1.fc8 pcsc-lite-1.3.3-1.fc8 ccid-1.2.1-3.fc8 NetworkManager-glib-0.7.0-0.5.svn3030.fc8 hal-info-20071030-1.fc8 coolkey-1.1.0-5.fc8 gnome-vfs2-2.20.0-3.fc8 libbonoboui-2.20.0-1.fc8 gnome-python2-2.20.0-1.fc8 gnome-python2-gconf-2.20.0-1.fc8 gnome-vfs2-obexftp-0.4-2.fc8 gnome-python2-gnomevfs-2.20.0-1.fc8 system-config-network-1.4.3-1.fc8 java-1.7.0-icedtea-plugin-1.7.0.0-0.19.b21.snapshot.fc8 gnome-python2-bonobo-2.20.0-1.fc8 firstboot-1.4.39-1.fc8 libicu-3.8-1.fc8 mozldap-6.0.4-2.fc8 apr-util-1.2.10-2.fc8 httpd-tools-2.2.6-3 mod_nss-1.0.7-1.fc8 adminutil-1.1.4-2.fc8 jakarta-oro-2.0.8-3jpp.1 cyrus-sasl-md5-2.1.22-7 net-snmp-libs-5.4.1-4.fc8 fedora-ds-admin-1.1.1-1.fc8 idm-console-framework-1.1.0-2.fc6 fedora-admin-console-1.1.0-4.fc6 fedora-ds-1.1.0-3.fc8 setup-2.6.10-1.fc8 tzdata-2007h-1.fc8 ql2100-firmware-1.19.38-1.fc8.1 iwl4965-firmware-4.44.1.18-2 ipw2100-firmware-1.3-8 specspo-15-1 rootfiles-8.1-1.1.1 glib2-2.14.2-1.fc8 mktemp-1.5-25.fc7 audit-libs-1.6.2-4.fc8 expat-2.0.1-2 libcap-1.10-30 desktop-file-utils-0.13-3.fc8 libacl-2.2.39-10.fc8 gnutls-1.6.3-2.fc8 libdhcp4client-3.0.6-10.fc8 zip-2.31-3.fc7 pax-3.4-4.fc8 keyutils-libs-1.2-2.fc6 slang-2.1.2-2.fc8 glib2-2.14.2-1.fc8 ncurses-5.6-12.20070812.fc8 libsepol-2.0.11-1.fc8 device-mapper-libs-1.02.22-1.fc8 nss-3.11.7-10.fc8 libselinux-2.0.37-1.fc8 openssl-0.9.8b-17.fc8 fontconfig-2.4.2-5.fc8 diffutils-2.8.1-17.fc8 sqlite-3.4.2-3.fc8 cracklib-2.8.10-3 libusb-0.1.12-10.fc8 expat-2.0.1-2 iptables-1.3.8-5.fc8 fontconfig-2.4.2-5.fc8 libpng-1.2.22-1.fc8 rsyslog-1.19.6-3.fc8 nscd-2.7-2 parted-1.8.6-10.fc8 ed-0.8-1.fc8 procmail-3.22-20.fc8 nss-3.11.7-10.fc8 libpcap-0.9.7-3.fc8 tcp_wrappers-libs-7.6-50.fc8 curl-7.16.4-8.fc8 libwvstreams-4.4-1.fc8 rmt-0.4b41-6.fc8 gpm-1.20.1-89.fc8 acl-2.2.39-10.fc8 radeontool-1.5-2.fc8 fuse-libs-2.7.0-8.fc8 libnetfilter_conntrack-0.0.81-1.fc8 libgomp-4.1.2-33 pkgconfig-0.22-3.fc8 cracklib-2.8.10-3 hesiod-3.1.0-9 libgssglue-0.1-4.fc8 openldap-2.3.38-3.fc8 libXdmcp-1.0.2-4.fc8 dump-0.4b41-6.fc8 device-mapper-multipath-0.4.7-11.fc7 cyrus-sasl-plain-2.1.22-7 tcpdump-3.9.7-5.fc8 cryptsetup-luks-1.0.5-7.fc8 nano-2.0.6-2.fc8 cpuspeed-1.2.1-3.fc8 attr-2.4.38-1.fc8 hdparm-7.7-1.fc8 dosfstools-2.11-8.fc7 symlinks-1.2-30.fc8 tree-1.5.0-8.fc8 bcm43xx-fwcutter-006-3.fc8 nss_db-2.2-38 hwdata-0.207-2.fc8 pam-0.99.8.1-10.fc8 at-3.1.10-17.fc8 libX11-1.1.3-4.fc8 libXinerama-1.0.2-3.fc8 startup-notification-0.9-3.fc8 libXt-1.0.4-3.fc8 mesa-libGL-7.0.1-7.fc8 pam_pkcs11-0.5.3-25 usbutils-0.71-2.1 sysreport-1.4.3-10 libXrender-0.9.4-1.fc8 ppp-2.4.4-2 pango-1.18.3-1.fc8 libXcursor-1.1.9-1.fc8 gtk2-2.12.1-5.fc8 libXxf86vm-1.0.1-4.fc8 sudo-1.6.9p4-2.fc8 pam_krb5-2.2.18-1 perl-5.8.8-30.fc8 python-libs-2.5.1-15.fc8 libsemanage-2.0.12-1.fc8 perl-String-CRC32-1.4-3.fc8 pygobject2-2.14.0-1.fc8 rpm-libs-4.4.2.2-3.fc8 audit-libs-python-1.6.2-4.fc8 ypbind-1.20.4-2.fc8 libselinux-python-2.0.37-1.fc8 python-iniparse-0.2.2-1.fc8 java_cup-0.10-0.k.6jpp.1 lftp-3.5.14-2.fc8 yum-3.2.7-1.fc8 dbus-1.1.2-7.fc8 ConsoleKit-0.2.3-1.fc8 usermode-1.93.1-1.fc8 less-406-12.fc8 authconfig-5.3.18-1.fc8 cups-1.3.3-3.fc8 hal-libs-0.5.10-1.fc8 usermode-gtk-1.93.1-1.fc8 openssh-clients-4.7p1-2.fc8 quota-3.14-1.fc7 rng-utils-2.0-1.14.1.fc6 prelink-0.4.0-1 system-config-firewall-tui-1.0.8-3.fc8 selinux-policy-3.0.8-44.fc8 selinux-policy-targeted-3.0.8-44.fc8 isdn4k-utils-3.2-55.fc8 pcmciautils-014-11.fc8 ifd-egate-0.05-19 NetworkManager-0.7.0-0.5.svn3030.fc8 coolkey-1.1.0-5.fc8 libgnomeui-2.20.1.1-1.fc8 PolicyKit-gnome-0.6-1.fc8 gnome-mount-0.7-1.fc8 firefox-2.0.0.8-2.fc8 pirut-1.3.25-2.fc8 svrcore-4.0.4-1.fc7 perl-Mozilla-LDAP-1.5.2-2.fc8.1 mozldap-tools-6.0.4-2.fc8 ldapjdk-4.17-1jpp.7 fedora-ds-base-1.1.0-1.2.fc8 fedora-idm-console-1.1.0-5.fc6 # ldd /usr/lib64/dirsrv/modules/mod_admserv.so linux-vdso.so.1 => (0x00007fff2b7fe000) libadminutil.so.1 => /usr/lib64/libadminutil.so.1 (0x00002aaaaacc3000) libadmsslutil.so.1 => /usr/lib64/libadmsslutil.so.1 (0x00002aaaaaed7000) libicui18n.so.38 => /usr/lib64/libicui18n.so.38 (0x00002aaaab0e3000) libicuuc.so.38 => /usr/lib64/libicuuc.so.38 (0x00002aaaab434000) libicudata.so.38 => /usr/lib64/libicudata.so.38 (0x00002aaaab76c000) libssldap60.so => /usr/lib64/libssldap60.so (0x00002aaaac416000) libprldap60.so => /usr/lib64/libprldap60.so (0x00002aaaac622000) libldap60.so => /usr/lib64/libldap60.so (0x00002aaaac827000) libssl3.so => /usr/lib64/libssl3.so (0x00002aaaaca5e000) libnss3.so => /usr/lib64/libnss3.so (0x00002aaaacc8a000) libnspr4.so => /usr/lib64/libnspr4.so (0x00002aaaacf13000) libplc4.so => /usr/lib64/libplc4.so (0x00002aaaad14d000) libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002aaaad352000) libc.so.6 => /lib64/libc.so.6 (0x00002aaaad56b000) libldif60.so => /usr/lib64/libldif60.so (0x00002aaaad8c3000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00002aaaadac5000) libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00002aaaadce0000) libm.so.6 => /lib64/libm.so.6 (0x00002aaaadfe1000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00002aaaae264000) libsmime3.so => /usr/lib64/libsmime3.so (0x00002aaaae472000) libsoftokn3.so => /usr/lib64/libsoftokn3.so (0x00002aaaae69d000) libplds4.so => /usr/lib64/libplds4.so (0x00002aaaae8f7000) libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaaeafa000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaaecff000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaaaef14000) /lib64/ld-linux-x86-64.so.2 (0x0000003383200000) I hope you can give me a clue what I've done wrong and want to thank you in advance. Sincerly yours, Sascha bendix From rmeggins at redhat.com Fri Feb 8 21:11:36 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 08 Feb 2008 14:11:36 -0700 Subject: [Fedora-directory-users] Problem with a new installation In-Reply-To: <20080208213247.7d7a18ea@maggie.boeblingen.de.ibm.com> References: <20080208213247.7d7a18ea@maggie.boeblingen.de.ibm.com> Message-ID: <47ACC588.9010901@redhat.com> Sascha Scrubb Bendix wrote: > Hi, > > I'm currently looking for a central authentication solution and wanted > to try the fedora directory server. So I took a x86_64-Machine and > installed a fresh fedora system. I tried to install as less as possible > and havn't selected X, gnome, or the fonts for installation. > > After this I followed the instructions in the install guide (except > that I mirrored the packages to a local repository, because my system > doesn't have a direct internet connection. I finished the configuration > with /usr/sbin/setup-ds-admin.pl the ds and ds-admin, but it failed. > The message (it's the same when I do /etc/init.d/dirsrv-admin start) > was: > > Starting dirsrv-admin: > httpd.worker: Syntax error on line 147 > of /etc/dirsrv/admin-serv/httpd.conf: Cannot > load /usr/lib64/dirsrv/modules/mod_admserv.so into > server: /usr/lib64/libadminutil.so.1: undefined symbol: u_strToUTF8_3_7 > [FAILED] > > The httpd module is loaded, because of this line in the config: > > LoadModule admserv_module /usr/lib64/dirsrv/modules/mod_admserv.so > > Here are some more infos about my system: > > # cat /etc/redhat-release > Fedora release 8 (Werewolf) > > # rpm -qa > basesystem-8.1-1 > > adminutil-1.1.4-2.fc8 > The current version of adminutil is 1.1.5-1 which should fix this problem. yum update adminutil > > > I hope you can give me a clue what I've done wrong and want to thank > you in advance. > > Sincerly yours, > > Sascha bendix > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Feb 8 22:06:07 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 08 Feb 2008 15:06:07 -0700 Subject: [Fedora-directory-users] One step build for platforms other than Fedora Message-ID: <47ACD24F.1000208@redhat.com> I've updated the one step build scripts for Fedora DS 1.1. The new version allows you to pick and choose which components you want to build from source and which you want to just use from the operating system. I don't have a tarball up yet, but you can get it from anonymous CVS: cvs -d :pserver:anonymous at cvs.fedoraproject.org:/cvs/dirsec co dsbuild or if you don't want the CVS directories cvs -d :pserver:anonymous at cvs.fedoraproject.org:/cvs/dirsec export -rHEAD dsbuild FAQ: * How does it work? after checkout/export cd dsbuild/meta/ds make help Help only tells about SASL_SOURCE and SNMP_SOURCE - but if you look at the meta/ds/Makefile you will see that there are many COMPONENT_SOURCE variables (NSPR_SOURCE, NSS_SOURCE, etc.). The script is not smart enough to figure out which components are provided by your OS, so if you want to build something from source you'll have to explicitly specify it. Use make PREFIX=/opt/dirsrv to compile and install directly into /opt/dirsrv Use make PREFIX=/opt/dirsrv DESTDIR=/var/tmp to compile and install into /var/tmp for packaging that at runtime will use /opt/dirsrv e.g. for native system packaging systems * What's missing? All console/java code is still incomplete - jss, ldapjdk, etc. dsbuild/README needs to be updated make help needs to be updated * What platforms are supported? You'll need relatively recent versions of GNU make, sed, wget, bzip2, gzip, tar, patch, md5sum -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From vaddarapu at gmail.com Sat Feb 9 10:19:22 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Sat, 9 Feb 2008 02:19:22 -0800 Subject: [Fedora-directory-users] Re: SSL issue In-Reply-To: References: Message-ID: Hi, When i access FDS web interface http://192.168.0.123:9830, from another computer from same network i can get to this URL and also able to login into FDS web interface but when i click on "server info " or "logs" im receiving this error "can't find the server at localhost.localdomain.". Please help me someone how to resolve this problem. thanks in advance. Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: From vaddarapu at gmail.com Sat Feb 9 10:20:36 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Sat, 9 Feb 2008 02:20:36 -0800 Subject: [Fedora-directory-users] SSL issue In-Reply-To: References: <47AA701C.4000602@redhat.com> <47AA7CD9.5090802@redhat.com> <47AB1B80.4010400@redhat.com> <47AB940F.3010608@redhat.com> Message-ID: On Feb 7, 2008 4:24 PM, Anand Vaddarapu wrote: > Hi Rich, > > > I fixed this. > > Thanks > > > > On Feb 8, 2008 10:40 AM, Anand Vaddarapu wrote: > > > Hi Rich, > > > > I am getting new error when i try start the dirsrv-admin. > > #service dirsrv-admin start > > Starting dirsrv-admin: > > syntax error on line 89 of /etc/dirsrv/admin-serv/console.conf: > > NSSNickname takes one argument, SSL RSA server certificate nickname > > (`Server-Cert [failed] > > > > > > > > I tried to add "Server-Cert" at line number 89, still im getting same > > error when i start dirsrv-admin. > > > > Thanks for your help. > > > > Vivek > > > > > > On Feb 8, 2008 10:28 AM, Rich Megginson wrote: > > > > > Anand Vaddarapu wrote: > > > > Hi Rich, > > > > > > > > Im going through this URL material intructions > > > > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt. > > > but > > > > i could not find the directory that mentioned in the notes cd > > > > /opt/fedora-ds/shared/bin. I installed FDS 1.1 but this notes > > > related > > > > to FDS 1.04 i believe. I think im having some DNS based problems. > > > I changed that wiki page to have instructions that should work with > > > Fedora DS 1.1 > > > > > > > > Thanks for your suggestions > > > > Vivek. > > > > > > > > > > > > > > > > On Feb 8, 2008 1:53 AM, Rich Megginson > > > > wrote: > > > > > > > > Anand Vaddarapu wrote: > > > > > Hi Rich, > > > > > > > > > > let me breifly explain my settings. I installed FDS in Virtual > > > > > Machine. Virtual Machine is running in windows machine. when i > > > start > > > > > console from VM everything works fine. But when i start > > > console from > > > > > windows machine, will take user logins and hangs while showing > > > > message > > > > > authenticating the user. thats all wont go further i have to > > > > kill the > > > > > console window. virtual machine and Windows are connect using > > > > network > > > > > bridge. > > > > You could try editing the windows console batch file to add -D 9 > > > after > > > > the Console class on the java command line - see if that gives > > > you any > > > > more information. > > > > > > > > If you suspect it is a problem with admin server host/ip access > > > > control, > > > > try this - > > > > > > > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt > > > > > > > > > > > > > > > following are the console error logs: > > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > > > ap_get_remote_host could not resolve 10.50.5.79 > > > > > > > > > > > > > > > > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > > > host [piquant] did not match pattern [*.localdomain] -will > > > scan > > > > aliases > > > > > > > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > > > ap_get_remote_host could not resolve 10.50.5.79 > > > > , > > > > > > > > > referer: > > > http://10.50.5.91:17881/admin-serv/tasks/configuration/HTMLAdmin?op=status > > > > > > > > > > > > > > > Severity: [notice][Client10.50.5.79]admserv_host_ip_check > > > > > ap_get_remote_host could not resolve 127.0.0.1 > > > > > > > > > > > > > > > > > > > windows host IP is 10.50.5.89 > > > > (logs showing > > > > > 10.50.5.79 , i dont how > > > > that happens) > > > > > VM IP is 10.50.5.91 > > > > > > > > > > help appreciated. > > > > > Thanks > > > > > Vivek > > > > > > > > > > On Feb 7, 2008 2:36 PM, Rich Megginson > > > > > > > > >> > > > wrote: > > > > > > > > > > Anand Vaddarapu wrote: > > > > > > Hi, > > > > > > > > > > > > I can start both dirsrv and dirsrv-admin as well. i can > > > > login into > > > > > > console from local host but can not login from remote > > > > host. any > > > > > ideas? > > > > > > Thanks > > > > > fedora-idm-console -D 9 -f console.log > > > > > > > > > > Any clues in console.log? > > > > > > > > > > > > On Feb 7, 2008 1:42 PM, Rich Megginson > > > > > > > > > > > > > > > > > > > > >>> > > > wrote: > > > > > > > > > > > > Anand Vaddarapu wrote: > > > > > > > Hi, > > > > > > > > > > > > > > I installed with the setupssl2.sh script. with > > > password > > > > > file i can > > > > > > > able to restart dirsrv. > > > > > > But you were having a problem with dirsrv-admin? > > > > > > > is it allowed to login into console more than 1 > > > > location after > > > > > > > enabling SSL? > > > > > > Not sure what you mean. Is something not working > > > > correctly? > > > > > > > Thanks > > > > > > > Vivek > > > > > > > > > > > > > > On Feb 7, 2008 1:18 AM, Rich Megginson > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >>>> > > > wrote: > > > > > > > > > > > > > > Anand Vaddarapu wrote: > > > > > > > > Hi, > > > > > > > > > > > > > > > > Restarted my FDS as soon as enable SSL > > > > service. I try to > > > > > > > restarted my > > > > > > > > dirsrv-admin, its promt me for password. > > > When i > > > > > enter valid > > > > > > > password , > > > > > > > > the error mesg appers saying "incorrect > > > > password". I m > > > > > > damn sure > > > > > > > that > > > > > > > > entered password was correct. When it > > > happened > > > > to me > > > > > first > > > > > > time i > > > > > > > > tought i forgot password and reinstall the > > > FDS. > > > > > Again happened > > > > > > > second > > > > > > > > time. Please let me know how can i recover > > > > password > > > > > or any > > > > > > > alternative > > > > > > > > way to restart my dirsrv-admin. > > > > > > > Did you see this? > > > > > > > > > > > > > > > > > > > > > > > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > > > > > > > > > > > How did you configure SSL for the Admin > > > Server? > > > > If you > > > > > > created a > > > > > > > cert/key for the Admin Server, you must have > > > given a > > > > > > password when you > > > > > > > imported the key/cert. If you used the > > > setupssl2.sh > > > > > script (or > > > > > > > setupssl.sh if you are using Fedora DS 1.0.4) > > > > then it > > > > > > created the > > > > > > > password.conf file for you. > > > > > > > > > > > > > > > > Thanks > > > > > > > > Vivek > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > > > > > > > -- > > > > > > > > Fedora-directory-users mailing list > > > > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>> > > > > > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Fedora-directory-users mailing list > > > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>> > > > > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > > > > > -- > > > > > > > Fedora-directory-users mailing list > > > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Fedora-directory-users mailing list > > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > > > -- > > > > > > Fedora-directory-users mailing list > > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrey.ivanov at polytechnique.fr Sat Feb 9 14:30:28 2008 From: andrey.ivanov at polytechnique.fr (Andrey Ivanov) Date: Sat, 9 Feb 2008 15:30:28 +0100 Subject: [Fedora-directory-users] Re: [Fedora-directory-announce] One step build for platforms other than Fedora In-Reply-To: <47ACD24F.1000208@redhat.com> References: <47ACD24F.1000208@redhat.com> Message-ID: <1601b8650802090630y48ea5f1o33a15f27e1694dd@mail.gmail.com> CentOS 5.1 x86_64 with all the latest patches: unable to do the build if i activate the rebuild form sources of the db4 : make DB_SOURCE=1 PREFIX=/Local/fds DESTDIR=/var/tmp USE_64=1 The error : ==> Running configure in work/fedora-ds-base-1.1.0 ... configure: checking for db... checking for --with-db... using /var/tmp/Local/fds checking for db_create in -ldb-4.2... no configure: error: /var/tmp/Local/fds/include/db.h is version 4.2 but libdb-4.2 not found make[1]: *** [configure-work/fedora-ds-base-1.1.0/configure] Error 1 make[1]: Leaving directory `/Admin/BUILD/One-Step/dsbuild/ds/ldapserver' make: *** [dep-../../ds/ldapserver] Error 2 Details in /Admin/BUILD/One-Step/dsbuild/ds/ldapserver/work/fedora- ds-base-1.1.0/config.log : configure:24156: checking for db... configure:24159: checking for --with-db configure:24180: result: using /var/tmp/Local/fds configure:24229: checking for db_create in -ldb-4.2 configure:24259: gcc -o conftest -g -L/var/tmp/Local/fds/lib conftest.c - ldb-4.2 >&5 /var/tmp/Local/fds/lib/libdb-4.2.so: undefined reference to `pthread_mutex_trylock' /var/tmp/Local/fds/lib/libdb-4.2.so: undefined reference to `pthread_mutexattr_setpshared' /var/tmp/Local/fds/lib/libdb-4.2.so: undefined reference to `pthread_mutexattr_destroy' /var/tmp/Local/fds/lib/libdb-4.2.so: undefined reference to `pthread_condattr_setpshared' /var/tmp/Local/fds/lib/libdb-4.2.so: undefined reference to `pthread_mutexattr_init' collect2: ld returned 1 exit status configure:24265: $? = 1 configure: failed program was: | /* confdefs.h. */ ... | /* end confdefs.h. */ | | /* Override any gcc2 internal prototype to avoid an error. */ | #ifdef __cplusplus | extern "C" | #endif | /* We use char because int might match the return type of a gcc2 | builtin and then its argument prototype would still apply. */ | char db_create (); | int | main () | { | db_create (); | ; | return 0; | } configure:24291: result: no configure:24296: error: /var/tmp/Local/fds/include/db.h is version 4.2 but libdb-4.2 not found The db4 build and installation is however succesful and with '-lpthreads' : ==> Running configure in work/db-4.2.52.NC/built cd work/db-4.2.52.NC/built && LIBSO_LIBS=-lpthread CFLAGS=-O2 ../dist/configure --enable-dynamic --disable-debug --prefix=/Local/fds ... checking for main in -lpthread... yes ... checking for mutexes... POSIX/pthreads/library ... [install] complete for db. [root at ldap-model ds]# ls -alF /var/tmp/Local/fds/lib/ total 3544 drwxr-xr-x 2 root root 4096 Feb 9 15:20 ./ drwxr-xr-x 6 root root 4096 Feb 9 15:20 ../ -rw-r--r-- 1 root root 1366338 Feb 9 15:20 libdb-4.2.a -rw-r--r-- 1 root root 797 Feb 9 15:20 libdb-4.2.la -rwxr-xr-x 1 root root 864660 Feb 9 15:20 libdb-4.2.so* lrwxrwxrwx 1 root root 12 Feb 9 15:20 libdb-4.so -> libdb-4.2.so* -rw-r--r-- 1 root root 1366338 Feb 9 15:20 libdb.a lrwxrwxrwx 1 root root 12 Feb 9 15:20 libdb.so -> libdb-4.2.so* 2008/2/8, Rich Megginson : > > I've updated the one step build scripts for Fedora DS 1.1. The new > version allows you to pick and choose which components you want to build > from source and which you want to just use from the operating system. I > don't have a tarball up yet, but you can get it from anonymous CVS: > > cvs -d :pserver:anonymous at cvs.fedoraproject.org:/cvs/dirsec co dsbuild > or if you don't want the CVS directories > cvs -d :pserver:anonymous at cvs.fedoraproject.org:/cvs/dirsec export > -rHEAD dsbuild > > FAQ: > * How does it work? > after checkout/export > cd dsbuild/meta/ds > make help > Help only tells about SASL_SOURCE and SNMP_SOURCE - but if you look at > the meta/ds/Makefile you will see that there are many COMPONENT_SOURCE > variables (NSPR_SOURCE, NSS_SOURCE, etc.). The script is not smart > enough to figure out which components are provided by your OS, so if you > want to build something from source you'll have to explicitly specify it. > > Use make PREFIX=/opt/dirsrv to compile and install directly into > /opt/dirsrv > Use make PREFIX=/opt/dirsrv DESTDIR=/var/tmp to compile and install into > /var/tmp for packaging that at runtime will use /opt/dirsrv e.g. for > native system packaging systems > > * What's missing? > All console/java code is still incomplete - jss, ldapjdk, etc. > dsbuild/README needs to be updated > make help needs to be updated > > * What platforms are supported? > You'll need relatively recent versions of GNU make, sed, wget, bzip2, > gzip, tar, patch, md5sum > > -- > Fedora-directory-announce mailing list > Fedora-directory-announce at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-announce > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From branimirp at gmail.com Sat Feb 9 17:33:23 2008 From: branimirp at gmail.com (Branimir Pejakovic) Date: Sat, 09 Feb 2008 18:33:23 +0100 Subject: [Fedora-directory-users] Replication from Critical Path to FDS 1.0.4 Message-ID: <47ADE3E3.4070502@gmail.com> Hi everyone! I hope someone could give me an advice for the issue described in the subject. I contacted CP support and they suggested that we should buy their Meta Directory server which can process incremental updates between CP and FDS (or any other LDAP) and, initially, to dump our DIT into LDIF and import it to FDS. I created a few shell scripts that manage daily "replication" between two servers using LDIF dump and exporting the dump into FDS. I know that this is far from an elegant solution (especially concerning incremental updates) but before we make a decision to buy CP Meta Directory server, I wonder if we have other options? Thank you in advance! Regards Branimir From todd.nine at onwebconsulting.com Sat Feb 9 18:27:53 2008 From: todd.nine at onwebconsulting.com (Todd Nine) Date: Sat, 9 Feb 2008 13:27:53 -0500 Subject: [Fedora-directory-users] Installing on Cent OS 5.1 Message-ID: <996eb2230802091027n7ea2a342rd5b9295d799ea908@mail.gmail.com> Hi all, I'd like to install Fedora Directory server 1.1 on Cent OS 5.1 I'm in the process of installing it now, and everything is going well. However, I feel a bit like Alice in Wonderland. I basically want to replace Active Directory functionality with Fedora Core. I *think* I may need to install and integrate Kerberos as well. What I basically need is to allow users to log in via SSH and PAM to Fedora Directory, as well as authenticate our numerous webapps with the LDAP functionality. Are there any good books or tutorials available that I can read? I've read the quick tutorials on the website regarding integrating PAM, but I can't seem to get the user information to work. When a user logs in, their home directory is not created, and their UID and GID aren't downloaded. I'm a bit lost, so any documentation that is at a higher level system architecture would be greatly appreciated, I'm not sure I have all the components I need to build this . I want to build a solid framework to allow us to easily administer users and groups. Thanks, Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: From scrubb at localroot.de Sun Feb 10 11:15:01 2008 From: scrubb at localroot.de (Sascha Scrubb Bendix) Date: Sun, 10 Feb 2008 12:15:01 +0100 Subject: [Fedora-directory-users] [SOLVED] Re: Problem with a new installation In-Reply-To: <47ACC588.9010901@redhat.com> References: <20080208213247.7d7a18ea@maggie.boeblingen.de.ibm.com> <47ACC588.9010901@redhat.com> Message-ID: <20080210121501.73789c84@logos.localroot.de.localroot.de> Hi, > > # rpm -qa > > basesystem-8.1-1 > > > > adminutil-1.1.4-2.fc8 > > > The current version of adminutil is 1.1.5-1 which should fix this > problem. > > yum update adminutil Yes, you're right. Thanks again for the fast help. Regards, Sascha Bendix From howard at cohtech.com Mon Feb 11 08:34:47 2008 From: howard at cohtech.com (Howard Wilkinson) Date: Mon, 11 Feb 2008 08:34:47 +0000 Subject: [Fedora-directory-users] Importing pre-encrypted passwords into FDS Message-ID: <47B008A7.3050403@cohtech.com> I am sure I have seen discussion of this problem on the mailing list but cannot find it after some hours of exhaustive search. I have a ldif dump of an OpenLDAP dit that I would like to import into FDS. Everything works except the passwords. The password fields are pre-encrypted as in userPassword:: e2NyeXB0fSQxJDQ3MzI3NzgyJEY5RTQxMXJQQVdUV2Zhbnp6ZWZWcC4= I think this is probably MD5 encoded! Not sure how I find out definitively. I know I can import this into FDS but how do I tell FDS it is pre-encrypted? And what are the encryption options? Does anybody know if I am right about MD5? Regards, Howard -- Howard Wilkinson Phone: +44(20)76907075 Coherent Technology Limited Fax: 23 Northampton Square, Mobile: +44(7980)639379 United Kingdom, EC1V 0HL Email: howard at cohtech.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From vaddarapu at gmail.com Mon Feb 11 10:03:47 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Mon, 11 Feb 2008 02:03:47 -0800 Subject: [Fedora-directory-users] Console issue Message-ID: Hi, I am trying to access console from another computer but same network. I am receiving following error " Can not connect to the Directory Server "ldap://localhost.localdomain:389", LDAP error: failed to connect to server ldap://localhost.localdomain:389. would you like to attempt to restart the Directory Server? I installed FDS with default "localhost.localdomain". later i changed the hostname. and i also trying to set host IP address using ldapmodify. But same results. any ideas and suggestions. thanks in an advance. Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Mon Feb 11 10:21:46 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 11 Feb 2008 15:51:46 +0530 Subject: [Fedora-directory-users] getent passwd not displaying??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207AEB7A1@in-ex004.groupinfra.com> Hi, I have been using the Fedora DS Console for adding users under ou=People, dc=csse, dc=edu, dc=com. Now I have two projects : SMS and Payment. Under the two project I have group of Users. Now what I did is I created ou=SMS, dc=csse, dc=edu, dc=com and ou =Payment,dc=csse,dc=edu,dc=com. Now when I am trying # getent passwd it is not working. Can anyone please help me with this. Also. I want is NOT TO give access rights for one project user to access the other one . Pls Help This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From j.barber at dundee.ac.uk Mon Feb 11 10:24:26 2008 From: j.barber at dundee.ac.uk (Jonathan Barber) Date: Mon, 11 Feb 2008 10:24:26 +0000 Subject: [Fedora-directory-users] Importing pre-encrypted passwords into FDS In-Reply-To: <47B008A7.3050403@cohtech.com> References: <47B008A7.3050403@cohtech.com> Message-ID: <20080211102426.GB21395@flea.lifesci.dundee.ac.uk> On Mon, Feb 11, 2008 at 08:34:47AM +0000, Howard Wilkinson wrote: > I am sure I have seen discussion of this problem on the mailing list but > cannot find it after some hours of exhaustive search. > > I have a ldif dump of an OpenLDAP dit that I would like to import into > FDS. Everything works except the passwords. The password fields are > pre-encrypted as in > > userPassword:: e2NyeXB0fSQxJDQ3MzI3NzgyJEY5RTQxMXJQQVdUV2Zhbnp6ZWZWcC4= The "::" tells you it's base64 encoded: $ echo "e2NyeXB0fSQxJDQ3MzI3NzgyJEY5RTQxMXJQQVdUV2Zhbnp6ZWZWcC4=" | openssl base64 -d This is MD5 rather than traditional DES crypt. As long as your version of FDS is linked against glibc, it should just passwords then they'll be stored in the scheme FDS is configured to use (default is SSHA). > I think this is probably MD5 encoded! Not sure how I find out definitively. > > I know I can import this into FDS but how do I tell FDS it is > pre-encrypted? And what are the encryption options? If you import with the "{scheme}" sigal then FDS knows it's already hashed and doesn't do it again. > Does anybody know if I am right about MD5? > > Regards, Howard > -- > > Howard Wilkinson > > > > Phone: > > > > +44(20)76907075 > > Coherent Technology Limited > > > > Fax: > > > > > > 23 Northampton Square, > > > > Mobile: > > > > +44(7980)639379 > > United Kingdom, EC1V 0HL > > > > Email: > > > > howard at cohtech.com > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Jonathan Barber High Performance Computing Analyst Tel. +44 (0) 1382 386389 From niranjan.ashok at gmail.com Mon Feb 11 11:46:23 2008 From: niranjan.ashok at gmail.com (Niranjan M.R) Date: Mon, 11 Feb 2008 17:16:23 +0530 Subject: [Fedora-directory-users] getent passwd not displaying??? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB207AEB7A1@in-ex004.groupinfra.com> References: <0139539A634FD04A99C9B8880AB70CB207AEB7A1@in-ex004.groupinfra.com> Message-ID: <47B0358F.2000702@gmail.com> Singh Raina, Ajeet wrote: > > Hi, > > > > I have been using the Fedora DS Console for adding users under > ou=People, dc=csse, dc=edu, dc=com. Now I have two projects : SMS and > Payment. > > Under the two project I have group of Users. Now what I did is I > created ou=SMS, dc=csse, dc=edu, dc=com and ou > =Payment,dc=csse,dc=edu,dc=com. > > Now when I am trying # getent passwd it is > not working. > > Can anyone please help me with this. Also. I want is NOT TO give > access rights for one project user to access the other one . > > > > > If you are adding user's under ou=People, dc=csse, dc=edu, dc=com. , and then creating user's also in ou=sms, dc=csse, dc=edu, dc=com and ou =Payment,dc=csse,dc=edu,dc=com. You should probably create ou=sms and ou=Payment under ou=people, For example you should create some thing like this ou=People, ou=SMS, dc=csse, dc=edu, dc=com ou=People,ou=Payment,dc=csse,dc=edu,dc=com. And then your /etc/ldap.conf should have nss_base_passwd ou=People,dc=dc=csse, dc=edu, dc=com?sub Or if you want the user's of Ou=People,ou=Payment should only be able to login then your /etc/ldap.conf should be nss_base_passwd ou=People,ou=Payment,dc=dc=csse, dc=edu, dc=com?one Regards Niranjan > Pls Help > > > > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you are > not an intended recipient then please promptly delete this e-mail and > any attachment and all copies and inform the sender. Thank you. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From ajeet.singh.raina at logicacmg.com Mon Feb 11 12:05:32 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 11 Feb 2008 17:35:32 +0530 Subject: [Fedora-directory-users] getent passwd not displaying??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207AEBAFC@in-ex004.groupinfra.com> Great !! Its working. I want one more help from your side. From last 3 days I have been working with fedora DS Console and trying to play with ACL stuff. But I am not able to work it out. All I want to disallow the Payment Guys not to access SMS project details and vice versa. Pls do let me know what other Stuffs can be configured with ACL?? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From cychau at gmail.com Mon Feb 11 12:08:37 2008 From: cychau at gmail.com (CheeYang Chau) Date: Mon, 11 Feb 2008 20:08:37 +0800 Subject: [Fedora-directory-users] Is Fedora Directory Server support collective attribute Message-ID: Hi, I just wonder if Fedora Directory Server support collective attributes? -- Best regards, Chau Chee Yang E Stream Software Sdn Bhd URL: www.sql.com.my SQL Financial Accounting -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Mon Feb 11 12:11:30 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 11 Feb 2008 17:41:30 +0530 Subject: [Fedora-directory-users] Looking for training Message-ID: <0139539A634FD04A99C9B8880AB70CB207AEBB2E@in-ex004.groupinfra.com> Well, I am ready to assist you in this regard as I have already setup HP-UX, Solaris ,RHEL and CentOS working with RHEl 4.0 fedora DS. You can call me at 9740535000 and I am right now placed in India Waiting for your reply This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Mon Feb 11 12:37:23 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 11 Feb 2008 18:07:23 +0530 Subject: [Fedora-directory-users] getent passwd not displaying??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207B32AEA@in-ex004.groupinfra.com> Let me Elaborate what I want to ask you. Say, I have 2 project under People directory structure - 1. DICE and 2. IM. Under ----DICE I have two users - Vinod and Sapna and Under -----IM two users - shamim and Shreepath Now What I did is I right clicked on DICE. > Set Access Permission > New > Named ACI as "Access Control" > Added user "Shamim" from IM(Coz I don't want him to access DICE project) > Rights(I dint selected any-completely unticked) > Target (Target Directory Entry-->Same entry (ou=DICE,ou=People,dc=csse,dc=edu,dc=com) > Host = 10.14.242.93 > time(Left unaltered) The rule which was constructed : (targetattr = "*") (target = "ldap:///ou=DICE,ou=People, dc=csse,dc=edu,dc=com") (version 3.0;acl "Acess rights for these users";deny (all)(userdn = "ldap:///uid=shamim,ou=IM,ou=People, dc=csse,dc=edu,dc=com") and (ip="10.14.242.93");) Now It means that if it work fine...If I login as Shamim in 10.14.242.93 it should not be able to throw any output as I run: $pwd /home/shamim $getent passwd Vinod An I right??????if not then what is the correct way to implement this??? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Mon Feb 11 12:40:35 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 11 Feb 2008 18:10:35 +0530 Subject: [Fedora-directory-users] Looking for training Message-ID: <0139539A634FD04A99C9B8880AB70CB207B32AFD@in-ex004.groupinfra.com> I am sorry this is reply to the thread of June 2007.Kindly ignore This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Christina.Plummer at energyeast.com Mon Feb 11 14:45:38 2008 From: Christina.Plummer at energyeast.com (Plummer, Christina E.) Date: Mon, 11 Feb 2008 09:45:38 -0500 Subject: [Fedora-directory-users] FDS Sudo Management In-Reply-To: <25914124.392591202423422638.JavaMail.root@zimbra1.farheap.com> References: <23761524.392281202423109363.JavaMail.root@zimbra1.farheap.com> <25914124.392591202423422638.JavaMail.root@zimbra1.farheap.com> Message-ID: <52275B23AC73464CBE7DE410046DFC0DF3662E@ROCMSGCL01.Energyeast.net> Hello Jared, I haven't tried this yet, but I'd be interested if you can post back to the list any more information if you do get sudo working with FDS. Can you be more specific on what steps you have taken, and where you are running into problems? The instructions on the page you linked look pretty good to me. You might want to check on the sudo-users mailing list archives for any tips. I would say doublecheck that you added the schema.iPlanet file to the schema - if it's giving you an objectclass violation error, then you probably either didn't install the schema properly, or are trying to add an element from the schema to an object that doesn't have that objectclass (e.g. you can't add a "sudoCommand" attribute to an object that doesn't have the "sudoRole" objectclass). -- Christina Plummer ________________________________ From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Jared B. Griffith Sent: Thursday, February 07, 2008 5:30 PM To: fedora-directory-users Subject: [Fedora-directory-users] FDS Sudo Management Has anyone managed sudoers via FDS here? I have been trying to create LDAP entries as mentioned here: http://www.gratisoft.us/sudo/readme_ldap.html Which FDS will not allow me to do, even though the schemas for SUDO are in the server. Is there a walkthrough, or is there anyone that is managing SUDO via FDS here successfully? -- - Thank you, - Jared B. Griffith - Farheap Solutions, Inc. - Lead Systems Administrator - California IT Department - Email - jared.griffith at farheap.com - Phone - 949.417.1500 ext. 266 - Cell Phone - 949.910.6542 -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Mon Feb 11 14:40:14 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 11 Feb 2008 15:40:14 +0100 Subject: [Fedora-directory-users] Help needed migrating from Sun ONE to Fedora DS 1.1 In-Reply-To: <47AB790E.8030600@redhat.com> References: <320D5A77-9125-4421-9289-6C521FD50498@bowdoin.edu> <47AB790E.8030600@redhat.com> Message-ID: <47B05E4E.1070306@stroeder.com> Rich Megginson wrote: > Chris Waltham wrote: >> * if I can't import the Sun schema, is there an easy way of stripping >> out the Sun attributes from a 10,000-user LDIF file? > If you are a Perl hacker, you could use Mozilla perldap (included with > the fedora ds software) or Net::LDAP (probably bundled with your linux > OS perl distribution). If you prefer python, python-ldap also has an > LDIF parser. python-ldap also has a schema parser with which you could follow cross-references between schema elements programmatically... Ciao, Michael. From Dan.HAWKER at uk4.astrium.eads.net Mon Feb 11 15:59:35 2008 From: Dan.HAWKER at uk4.astrium.eads.net (HAWKER, Dan 2 (external)) Date: Mon, 11 Feb 2008 15:59:35 -0000 Subject: UNCLASSIFIED - RE: [Fedora-directory-users] FDS Sudo Management Message-ID: <7F6B06837A5DBD49AC6E1650EFF5490601C64C28@auk52177.ukr.astrium.corp> Has anyone managed sudoers via FDS here? I have been trying to create LDAP entries as mentioned here: http://www.gratisoft.us/sudo/readme_ldap.html Which FDS will not allow me to do, even though the schemas for SUDO are in the server. Is there a walkthrough, or is there anyone that is managing SUDO via FDS here successfully? -- Hi Jared, Am using FDS and SUDO quite successfully here. Was a bit odd to setup (mostly due to some older clients we have here, and the effort in consolidating the sudoers files to LDAP), but was well worth the effort. Have just uploaded my notes about it to my external note wiki. Bit rough around the edges, but I think its mostly there so may be of help to get you started. (http://danwiki.wessexmc.org.uk/wiki/index.php/SUDOFDS) HTH Dan -- Dan Hawker Linux System Administrator Astrium http://www.astrium.eads.net -- This email (including any attachments) may contain confidential and/or privileged information or information otherwise protected from disclosure. If you are not the intended recipient, please notify the sender immediately, do not copy this message or any attachments and do not use it for any purpose or disclose its content to any person, but delete this message and any attachments from your system. Astrium disclaims any and all liability if this email transmission was virus corrupted, altered or falsified. --------------------------------------------------------------------- Astrium Limited, Registered in England and Wales No. 2449259 REGISTERED OFFICE:- Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England From koippa at gmail.com Mon Feb 11 16:11:43 2008 From: koippa at gmail.com (Kimmo Koivisto) Date: Mon, 11 Feb 2008 18:11:43 +0200 Subject: [Fedora-directory-users] FDS, Radius and Beyond In-Reply-To: <1196674371.4955.33.camel@acd600.internal.dingman.org> References: <4753081D.5080008@suburbia.org.au> <1196674371.4955.33.camel@acd600.internal.dingman.org> Message-ID: <200802111811.45410.koippa@gmail.com> Andrew C. Dingman wrote: > On Sun, 2007-12-02 at 11:31 -0800, Satish Chetty wrote: > > This is a not a direct FDS question but I thought I will ask anyway. I > > want to issue digital certificates (stored and verified on FDS) to every > > laptop and desktop. > > If I needed this today, I'd use Red Hat Certificate System to do it. > Soon there will be a Fedora Certificate System as well... > pki.fedoraproject.org When that website (pki.fedoraproject.org) is going to be opened to the public? Regards, Kimmo Koivisto From koippa at gmail.com Mon Feb 11 16:28:15 2008 From: koippa at gmail.com (Kimmo Koivisto) Date: Mon, 11 Feb 2008 18:28:15 +0200 Subject: [Fedora-directory-users] FDS Sudo Management In-Reply-To: <25914124.392591202423422638.JavaMail.root@zimbra1.farheap.com> References: <25914124.392591202423422638.JavaMail.root@zimbra1.farheap.com> Message-ID: <200802111828.15732.koippa@gmail.com> Jared B. Griffith wrote: > Has anyone managed sudoers via FDS here? I have been trying to create LDAP > entries as mentioned here: http://www.gratisoft.us/sudo/readme_ldap.html > Which FDS will not allow me to do, even though the schemas for SUDO are in > the server. Is there a walkthrough, or is there anyone that is managing > SUDO via FDS here successfully? I have but it was in 2006, I have not documented it, this is what I remember from it: I added 69sudoschema.ldif (see attached files) to the FDS and restarted it. Then I converted sudoers file with sudoers2ldif (and made some entries by hand). For administration I have used phpldapadmin and sudoers.xml template. I used RHEL4 and had to compile newer sudo (sudo-1.6.8p8-2.4.i686.rpm), original one did not support LDAP. I took that version from Fedora Core X and enabled LDAP support from spec file (see .patch file). Regards, Kimmo -------------- next part -------------- A non-text attachment was scrubbed... Name: 69sudoschema.ldif Type: text/x-ldif Size: 1178 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: sudoers2ldif Type: application/x-perl Size: 2902 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: sudoers.xml Type: text/xml Size: 1908 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: sudo-spec-ldap-patch.diff Type: text/x-diff Size: 560 bytes Desc: not available URL: From rmeggins at redhat.com Mon Feb 11 17:08:02 2008 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 11 Feb 2008 09:08:02 -0800 Subject: [Fedora-directory-users] Is Fedora Directory Server support collective attribute In-Reply-To: References: Message-ID: <47B080F2.4040405@redhat.com> CheeYang Chau wrote: > Hi, > > I just wonder if Fedora Directory Server support collective attributes? No, but Fedora DS supports something similar - Class of Service - http://directory.fedoraproject.org/wiki/Howto:ClassOfService > > -- > Best regards, > Chau Chee Yang > > E Stream Software Sdn Bhd > URL: www.sql.com.my > SQL Financial Accounting > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Feb 11 17:17:41 2008 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 11 Feb 2008 09:17:41 -0800 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: Message-ID: <47B08335.8060407@redhat.com> Anand Vaddarapu wrote: > Hi, > > I am trying to access console from another computer but same network. > I am receiving following error " Can not connect to the Directory > Server "ldap://localhost.localdomain:389", LDAP error: failed to > connect to server ldap://localhost.localdomain:389. > > would you like to attempt to restart the Directory Server? > > I installed FDS with default "localhost.localdomain". later i changed > the hostname. Herein lies the problem. The hostname that you provide during setup is written in many different places in config files and in configuration entries under o=NetscapeRoot in the configuration directory server and under cn=config in each local directory server. So you will have to change all of these if you really want to change your hostname. Or just start over. > and i also trying to set host IP address using ldapmodify. But same > results. > > any ideas and suggestions. > > thanks in an advance. > Vivek > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From jared.griffith at farheap.com Mon Feb 11 18:05:36 2008 From: jared.griffith at farheap.com (Jared B. Griffith) Date: Mon, 11 Feb 2008 10:05:36 -0800 (PST) Subject: [Fedora-directory-users] Admin-serv Seg fault Message-ID: <2231174.481581202753136591.JavaMail.root@zimbra1.farheap.com> I am getting seg faults when trying to start the admin-server of a 1.0.4 install I had done quite some time ago, and up until now was running perfectly. Nothing has changed on the server itself other than me stopping and starting both the ldap and admin server. I need some help here. Here is the error: start-admin: line 60: 14542 Segmentation fault $HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf "$@" -- - Thank you, - Jared B. Griffith - Farheap Solutions, Inc. - Lead Systems Administrator - California IT Department - Email - jared.griffith at farheap.com - Phone - 949.417.1500 ext. 266 - Cell Phone - 949.910.6542 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Feb 11 18:25:57 2008 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 11 Feb 2008 10:25:57 -0800 Subject: [Fedora-directory-users] Admin-serv Seg fault In-Reply-To: <2231174.481581202753136591.JavaMail.root@zimbra1.farheap.com> References: <2231174.481581202753136591.JavaMail.root@zimbra1.farheap.com> Message-ID: <47B09335.9030508@redhat.com> Jared B. Griffith wrote: > I am getting seg faults when trying to start the admin-server of a > 1.0.4 install I had done quite some time ago, and up until now was > running perfectly. > Nothing has changed on the server itself other than me stopping and > starting both the ldap and admin server. > I need some help here. > Here is the error: > start-admin: line 60: 14542 Segmentation fault $HTTPD -k start -d > $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf "$@" /opt/fedora-ds/start-admin -e debug Does that show anything? > > -- > - Thank you, > - Jared B. Griffith > - Farheap Solutions, Inc. > - Lead Systems Administrator > - California IT Department > - Email - jared.griffith at farheap.com > - Phone - 949.417.1500 ext. 266 > - Cell Phone - 949.910.6542 > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From vaddarapu at gmail.com Mon Feb 11 21:27:19 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Tue, 12 Feb 2008 08:27:19 +1100 Subject: [Fedora-directory-users] Console issue In-Reply-To: <47B08335.8060407@redhat.com> References: <47B08335.8060407@redhat.com> Message-ID: Hi Rich, How can i change hostname for different places in config files and in configuration entries under o=NetscapeRoot in the configuration directory server and under cn=config in each local directory server. Thanks in advance. Vivek On Feb 12, 2008 4:17 AM, Richard Megginson wrote: > Anand Vaddarapu wrote: > > Hi, > > > > I am trying to access console from another computer but same network. > > I am receiving following error " Can not connect to the Directory > > Server "ldap://localhost.localdomain:389", LDAP error: failed to > > connect to server ldap://localhost.localdomain:389. > > > > would you like to attempt to restart the Directory Server? > > > > I installed FDS with default "localhost.localdomain". later i changed > > the hostname. > Herein lies the problem. The hostname that you provide during setup is > written in many different places in config files and in configuration > entries under o=NetscapeRoot in the configuration directory server and > under cn=config in each local directory server. So you will have to > change all of these if you really want to change your hostname. Or just > start over. > > and i also trying to set host IP address using ldapmodify. But same > > results. > > > > any ideas and suggestions. > > > > thanks in an advance. > > Vivek > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Feb 11 21:37:53 2008 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 11 Feb 2008 13:37:53 -0800 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: <47B08335.8060407@redhat.com> Message-ID: <47B0C031.9050606@redhat.com> Anand Vaddarapu wrote: > Hi Rich, > > How can i change hostname for different places in config files and in > configuration > entries under o=NetscapeRoot in the configuration directory server and > under cn=config in each local directory server. There is no documented procedure. What version of Fedora DS? > > Thanks in advance. > Vivek > > On Feb 12, 2008 4:17 AM, Richard Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi, > > > > I am trying to access console from another computer but same > network. > > I am receiving following error " Can not connect to the Directory > > Server "ldap://localhost.localdomain:389", LDAP error: failed to > > connect to server ldap://localhost.localdomain:389. > > > > would you like to attempt to restart the Directory Server? > > > > I installed FDS with default "localhost.localdomain". later i > changed > > the hostname. > Herein lies the problem. The hostname that you provide during > setup is > written in many different places in config files and in configuration > entries under o=NetscapeRoot in the configuration directory server and > under cn=config in each local directory server. So you will have to > change all of these if you really want to change your hostname. > Or just > start over. > > and i also trying to set host IP address using ldapmodify. But same > > results. > > > > any ideas and suggestions. > > > > thanks in an advance. > > Vivek > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From vaddarapu at gmail.com Mon Feb 11 23:02:48 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Tue, 12 Feb 2008 10:02:48 +1100 Subject: [Fedora-directory-users] Console issue In-Reply-To: <47B0C031.9050606@redhat.com> References: <47B08335.8060407@redhat.com> <47B0C031.9050606@redhat.com> Message-ID: Hi Rich, I have installed centos 5.1 and FDS 1.1. Thanks vivek On Feb 12, 2008 8:37 AM, Richard Megginson wrote: > Anand Vaddarapu wrote: > > Hi Rich, > > > > How can i change hostname for different places in config files and in > > configuration > > entries under o=NetscapeRoot in the configuration directory server and > > under cn=config in each local directory server. > There is no documented procedure. What version of Fedora DS? > > > > Thanks in advance. > > Vivek > > > > On Feb 12, 2008 4:17 AM, Richard Megginson > > wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > I am trying to access console from another computer but same > > network. > > > I am receiving following error " Can not connect to the Directory > > > Server "ldap://localhost.localdomain:389", LDAP error: failed to > > > connect to server ldap://localhost.localdomain:389. > > > > > > would you like to attempt to restart the Directory Server? > > > > > > I installed FDS with default "localhost.localdomain". later i > > changed > > > the hostname. > > Herein lies the problem. The hostname that you provide during > > setup is > > written in many different places in config files and in > configuration > > entries under o=NetscapeRoot in the configuration directory server > and > > under cn=config in each local directory server. So you will have to > > change all of these if you really want to change your hostname. > > Or just > > start over. > > > and i also trying to set host IP address using ldapmodify. But > same > > > results. > > > > > > any ideas and suggestions. > > > > > > thanks in an advance. > > > Vivek > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Feb 12 01:35:46 2008 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 11 Feb 2008 17:35:46 -0800 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: <47B08335.8060407@redhat.com> <47B0C031.9050606@redhat.com> Message-ID: <47B0F7F2.5060900@redhat.com> Anand Vaddarapu wrote: > Hi Rich, > I have installed centos 5.1 and FDS 1.1. The local directory server information is stored under cn=config. With the mozldap ldapsearch command: /usr/lib/mozldap/ldapsearch -T -D "cn=directory manager" -w yourpassword -s sub -b cn=config | grep youroldhostname Use the -T option to disable LDIF line wrapping - otherwise you will have to use sed/perl to re-fold the lines for grep to work. Use a similar command to identify places under o=NetscapeRoot in your configuration directory server: /usr/lib/mozldap/ldapsearch -T -h configdshost -p configdsport -D "cn=directory manager" -w yourpassword -s sub -b o=NetscapeRoot | grep youroldhostname You must identify the entry and the attribute. Then, using ldapmodify: dn: the dn of the entry changetype: modify replace: theattributename theattributename: the new value with the new hostname Edit /etc/dirsrv/admin-serv/adm.conf - update your ldap server hostname - you will then have to restart the admin server. > Thanks > vivek > > On Feb 12, 2008 8:37 AM, Richard Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi Rich, > > > > How can i change hostname for different places in config files > and in > > configuration > > entries under o=NetscapeRoot in the configuration directory > server and > > under cn=config in each local directory server. > There is no documented procedure. What version of Fedora DS? > > > > Thanks in advance. > > Vivek > > > > On Feb 12, 2008 4:17 AM, Richard Megginson > > >> wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > I am trying to access console from another computer but same > > network. > > > I am receiving following error " Can not connect to the > Directory > > > Server "ldap://localhost.localdomain:389", LDAP error: > failed to > > > connect to server ldap://localhost.localdomain:389. > > > > > > would you like to attempt to restart the Directory Server? > > > > > > I installed FDS with default "localhost.localdomain". later i > > changed > > > the hostname. > > Herein lies the problem. The hostname that you provide during > > setup is > > written in many different places in config files and in > configuration > > entries under o=NetscapeRoot in the configuration directory > server and > > under cn=config in each local directory server. So you will > have to > > change all of these if you really want to change your hostname. > > Or just > > start over. > > > and i also trying to set host IP address using ldapmodify. > But same > > > results. > > > > > > any ideas and suggestions. > > > > > > thanks in an advance. > > > Vivek > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Tue Feb 12 03:23:06 2008 From: richard at powerset.com (Richard Hesse) Date: Mon, 11 Feb 2008 19:23:06 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected Message-ID: <84E2AE771361E9419DD0EFBD31F09C4D4F41EAA89A@EXVMBX015-1.exch015.msoutlookonline.net> Started to play with FDS 1.1 for some dogfood testing. After running for 10-15 minutes, the server stopped responding to network requests and went silent. The process was running, the error log was updating with the ldbm event loop, but no socket requests were fulfilled. Checking the access log, I saw this: [12/Feb/2008:01:47:58 +0000] conn=71108 op=-1 fd=79 closed error 107 (Transport endpoint is not connected) - Network file descriptor is not connected. [12/Feb/2008:01:47:59 +0000] conn=71007 op=60 fd=69 closed - B4 [12/Feb/2008:01:48:00 +0000] conn=71003 op=48 fd=68 closed - B4 [12/Feb/2008:01:48:01 +0000] conn=71017 op=47 fd=72 closed - B4 [12/Feb/2008:01:48:06 +0000] conn=71102 op=2 fd=66 closed - B4 [12/Feb/2008:01:48:07 +0000] conn=71103 op=2 fd=70 closed - B4 [12/Feb/2008:01:48:07 +0000] conn=71040 op=10 fd=76 closed - B4 Any ideas or suggestions on how to approach troubleshooting this issue would be greatly appreciated. Thanks. -richard From rmeggins at redhat.com Tue Feb 12 03:43:26 2008 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 11 Feb 2008 19:43:26 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: <84E2AE771361E9419DD0EFBD31F09C4D4F41EAA89A@EXVMBX015-1.exch015.msoutlookonline.net> References: <84E2AE771361E9419DD0EFBD31F09C4D4F41EAA89A@EXVMBX015-1.exch015.msoutlookonline.net> Message-ID: <47B115DE.9050108@redhat.com> Richard Hesse wrote: > Started to play with FDS 1.1 for some dogfood testing. After running for 10-15 minutes, the server stopped responding to network requests and went silent. The process was running, the error log was updating with the ldbm event loop, but no socket requests were fulfilled. Checking the access log, I saw this: > > [12/Feb/2008:01:47:58 +0000] conn=71108 op=-1 fd=79 closed error 107 (Transport endpoint is not connected) - Network file descriptor is not connected. > [12/Feb/2008:01:47:59 +0000] conn=71007 op=60 fd=69 closed - B4 > [12/Feb/2008:01:48:00 +0000] conn=71003 op=48 fd=68 closed - B4 > [12/Feb/2008:01:48:01 +0000] conn=71017 op=47 fd=72 closed - B4 > [12/Feb/2008:01:48:06 +0000] conn=71102 op=2 fd=66 closed - B4 > [12/Feb/2008:01:48:07 +0000] conn=71103 op=2 fd=70 closed - B4 > [12/Feb/2008:01:48:07 +0000] conn=71040 op=10 fd=76 closed - B4 > > Any ideas or suggestions on how to approach troubleshooting this issue would be greatly appreciated. > B4 means SLAPD_DISCONNECT_BER_FLUSH - this usually means the client has reset or closed the connection while the server was attempting to send a response. http://www.redhat.com/docs/manuals/dir-server/cli/8.0/Configuration_Command_File_Reference-Access_Log_and_Connection_Code_Reference-Common_Connection_Codes.html Do you have a firewall or some other network device? > Thanks. > > -richard > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ajeet.singh.raina at logicacmg.com Tue Feb 12 05:38:50 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Tue, 12 Feb 2008 11:08:50 +0530 Subject: [Fedora-directory-users] List of Hosts in fedora DS Console??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207B3313B@in-ex004.groupinfra.com> Hi Guys, I have fedora DS installed on RHEL 4.0.I want to setup Access Control List regarding group of 100 Hosts. How can I add the list of host IP/Hostname on fedora DS Console? I have 2 project : DICE and IM. Under each project I have 100 Users. There are 100 Hosts and all my requirement ACL restriction for few list of users to access the hosts. Has anyone any idea how to implement the task? Thanks in advance This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From vaddarapu at gmail.com Tue Feb 12 11:17:23 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Tue, 12 Feb 2008 03:17:23 -0800 Subject: [Fedora-directory-users] FDS reinstall Message-ID: Hi, Im trying to reinstall the FDS im getting following error. "could not copy file '/etc/dirsrv/config/certmap.conf to /etc/dirsrv/slapd-ldaptest1/certmap.conf' error :no such file or directory." any help much appreciated. Thanks Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Tue Feb 12 13:44:56 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Tue, 12 Feb 2008 19:14:56 +0530 Subject: [Fedora-directory-users] List of Hosts in fedora DS Console??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207B6A8B1@in-ex004.groupinfra.com> I attempted to implement the above mentioned condition.What I did is I created two Project - DICE and IM under ou=People. As for test, I created two User - Shamim and Shreepath under IM and I created two Users - Sapna and Vinod under DICE Now I went to Fedora DS Console and tried setting the below mentioned ACL on DICE project: ------------------------------------------------------------------------ -------------------------------------------------- (targetattr = "*") (target = "ldap:///ou=DICE,ou=People, dc=im,dc=logica,dc=com") (version 3.0;acl "Restrcited for IM Hosts";deny (all)(userdn = "ldap:///uid=Shreepath,ou=IM,ou=People, dc=im,dc=logica,dc=com" or userdn = "ldap:///uid=shamim,ou=IM,ou=People, dc=im,dc=logica,dc=com") and (ip="10.14.0.*");) ------------------------------------------------------------------------ -------------------------------------------------------- All I am trying not to let specific host and users of specific projects to access the DICE project. Am I right in doing that?? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Feb 12 16:08:31 2008 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 12 Feb 2008 08:08:31 -0800 Subject: [Fedora-directory-users] FDS reinstall In-Reply-To: References: Message-ID: <47B1C47F.30003@redhat.com> Anand Vaddarapu wrote: > Hi, > > Im trying to reinstall the FDS im getting following error. > > "could not copy file '/etc/dirsrv/config/certmap.conf to > /etc/dirsrv/slapd-ldaptest1/certmap.conf' > > error :no such file or directory." > > any help much appreciated. Are you attempting to reinstall using a different server user id? If you really want to start over from scratch, I suggest removing old files and directories created by setup: rm -rf /etc/dirsrv/slapd-* /usr/lib/dirsrv/slapd-* `find /var -name slapd-\* -print` then, remove all files in /etc/dirsrv/admin-serv except for httpd.conf, admserv.conf, console.conf, and nss.conf > > Thanks > > Vivek > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Tue Feb 12 18:44:52 2008 From: richard at powerset.com (Richard Hesse) Date: Tue, 12 Feb 2008 10:44:52 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: <47B115DE.9050108@redhat.com> References: <84E2AE771361E9419DD0EFBD31F09C4D4F41EAA89A@EXVMBX015-1.exch015.msoutlookonline.net> <47B115DE.9050108@redhat.com> Message-ID: <84E2AE771361E9419DD0EFBD31F09C4D4F41EAAAAA@EXVMBX015-1.exch015.msoutlookonline.net> There's a load balancer acting as the client to the DS (proxying client requests). I think that's a red herring though. Any search requests sent directly to the DS, bypassing the LB, would fail. I think I even tried requests locally from the server and they still failed. I can't be sure about that last statement, it was a long day. What about the network file descriptor is not connected error? Thanks. -richard -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Monday, February 11, 2008 7:43 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected Richard Hesse wrote: > Started to play with FDS 1.1 for some dogfood testing. After running for 10-15 minutes, the server stopped responding to network requests and went silent. The process was running, the error log was updating with the ldbm event loop, but no socket requests were fulfilled. Checking the access log, I saw this: > > [12/Feb/2008:01:47:58 +0000] conn=71108 op=-1 fd=79 closed error 107 (Transport endpoint is not connected) - Network file descriptor is not connected. > [12/Feb/2008:01:47:59 +0000] conn=71007 op=60 fd=69 closed - B4 > [12/Feb/2008:01:48:00 +0000] conn=71003 op=48 fd=68 closed - B4 > [12/Feb/2008:01:48:01 +0000] conn=71017 op=47 fd=72 closed - B4 > [12/Feb/2008:01:48:06 +0000] conn=71102 op=2 fd=66 closed - B4 > [12/Feb/2008:01:48:07 +0000] conn=71103 op=2 fd=70 closed - B4 > [12/Feb/2008:01:48:07 +0000] conn=71040 op=10 fd=76 closed - B4 > > Any ideas or suggestions on how to approach troubleshooting this issue would be greatly appreciated. > B4 means SLAPD_DISCONNECT_BER_FLUSH - this usually means the client has reset or closed the connection while the server was attempting to send a response. http://www.redhat.com/docs/manuals/dir-server/cli/8.0/Configuration_Command_File_Reference-Access_Log_and_Connection_Code_Reference-Common_Connection_Codes.html Do you have a firewall or some other network device? > Thanks. > > -richard > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From rmeggins at redhat.com Tue Feb 12 20:32:58 2008 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 12 Feb 2008 12:32:58 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: <84E2AE771361E9419DD0EFBD31F09C4D4F41EAAAAA@EXVMBX015-1.exch015.msoutlookonline.net> References: <84E2AE771361E9419DD0EFBD31F09C4D4F41EAA89A@EXVMBX015-1.exch015.msoutlookonline.net> <47B115DE.9050108@redhat.com> <84E2AE771361E9419DD0EFBD31F09C4D4F41EAAAAA@EXVMBX015-1.exch015.msoutlookonline.net> Message-ID: <47B2027A.80101@redhat.com> Richard Hesse wrote: > There's a load balancer acting as the client to the DS (proxying client requests). I think that's a red herring though. Any search requests sent directly to the DS, bypassing the LB, would fail. I think I even tried requests locally from the server and they still failed. I can't be sure about that last statement, it was a long day. > What are all of these closed connections from? e.g. conn=71007, conn=71003, etc.? Are they from the load balancer? I'm not really sure how to proceed to diagnose this from the directory server because events like these usually indicate something is happening at the TCP/IP layer. I would be really interested to see if you continued to have problems if you shut off the load balancer completely and just contacted the directory server via the loopback interface. > What about the network file descriptor is not connected error? > It's similar to the B4 - it means there was a problem with the connection to the client. > Thanks. > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson > Sent: Monday, February 11, 2008 7:43 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected > > Richard Hesse wrote: > >> Started to play with FDS 1.1 for some dogfood testing. After running for 10-15 minutes, the server stopped responding to network requests and went silent. The process was running, the error log was updating with the ldbm event loop, but no socket requests were fulfilled. Checking the access log, I saw this: >> >> [12/Feb/2008:01:47:58 +0000] conn=71108 op=-1 fd=79 closed error 107 (Transport endpoint is not connected) - Network file descriptor is not connected. >> [12/Feb/2008:01:47:59 +0000] conn=71007 op=60 fd=69 closed - B4 >> [12/Feb/2008:01:48:00 +0000] conn=71003 op=48 fd=68 closed - B4 >> [12/Feb/2008:01:48:01 +0000] conn=71017 op=47 fd=72 closed - B4 >> [12/Feb/2008:01:48:06 +0000] conn=71102 op=2 fd=66 closed - B4 >> [12/Feb/2008:01:48:07 +0000] conn=71103 op=2 fd=70 closed - B4 >> [12/Feb/2008:01:48:07 +0000] conn=71040 op=10 fd=76 closed - B4 >> >> Any ideas or suggestions on how to approach troubleshooting this issue would be greatly appreciated. >> >> > B4 means SLAPD_DISCONNECT_BER_FLUSH - this usually means the client has reset or closed the connection while the server was attempting to send a response. > > http://www.redhat.com/docs/manuals/dir-server/cli/8.0/Configuration_Command_File_Reference-Access_Log_and_Connection_Code_Reference-Common_Connection_Codes.html > > Do you have a firewall or some other network device? > >> Thanks. >> >> -richard >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From cychau at gmail.com Wed Feb 13 04:50:56 2008 From: cychau at gmail.com (CheeYang Chau) Date: Wed, 13 Feb 2008 12:50:56 +0800 Subject: [Fedora-directory-users] Windows Contacts didn't show my photo Message-ID: Hi, I have successfully setup my LDAP server and I may use the Windows Contacts to show most information except photo. Any ideas? Please advice Here is my LDIF: dn: uid=ccy,ou=account,dc=estream,dc=com,dc=my objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: sambaSamAccount objectClass: shadowAccount objectClass: top cn: Chau Chee Yang gidNumber: 500 homeDirectory: /home/ccy sambaSID: S-1-5-21-2664205919-2749296363-849768485-2000 sn: Chau uid: ccy uidNumber: 500 displayName: Chau Chee Yang facsimileTelephoneNumber: 03.3341.2909 gecos: System User givenName: Chee Yang homePhone: 03.3341.5050 homePostalAddress: 62, Leboh Pulau Pinang-3,$Kaw-18 Off Jalan Meru jpegPhoto:: /9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsU FRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5Ojf/2wBDAQoKCg0MDRoPDxo 3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf/wA ARCAB8AF0DASIAAhEBAxEB/8QAHAAAAQUBAQEAAAAAAAAAAAAABgECBAUHAwAI/8QAOBAAAgEDA wIDBQYFBAMAAAAAAQIDAAQRBRIhMUEGE1EUImFxgQcjMpGhsRVCweHwM2Jy0VKC8f/EABgBAAMB AQAAAAAAAAAAAAAAAAACAwEE/8QAIBEAAgMAAwACAwAAAAAAAAAAAAECAxESITFBYQQTUf/aAAw DAQACEQMRAD8APh9a8AMU8rgUzkCsGPEc0vUUoyeuKTODWAex1OKaOvSujduaZigBRz1pOK8M0o 4oATivU8LuGaaeBQA00x41fG9VOPUZrpTW+VaA/dkc9aaevrSpk9Qc0o64rAEBIHSlwSeBk/Cqn XfEunaOrLLIJLgDiFOTn4ntWZ6v4u1DU5z5khigHSKIkL9fX61Kdqj52Vrpcvo1efUrKB2Wa6iQ qMtlhxT7K+tb/PskySEcnac1hOo3dxLa+Wm4SzsFjwfU1o/gqwk022SKCR/MIBdurH61B3zS0q6 I+B2FGKQrnpVdqr+w2hkV/vCAFxxyT1/epVk8s1qZoiJgACFJ5+NPH8lPpom6XmpkpRt7U11yc1 COsWqzpBKxErnCqBk/2qcGV+VIPw9KtCyE/GTlCUfUc8YNOAx/en0pUYGaohTkOuAa9cQtJBKsT +XIyELJjO044P0p64zmnqRnHasA+ftW9rh1Sa3vSfaIXKSAnOT6/HPX61WzyMvXoT1ox+07TWsv E8l1t+6u0WQH4gbT+36ihC+jzDkdCK5XFJ4dsZatJun6laWMwuJYZLifJEca493jqc/PFaP4J12 31BGnC7fLB3IwGQazfStKi1XSgqPsuY5WVzjO4EDANEPhjRn0y4O6U5Y4ZR0YUs1Wo/YLlJ/Qe+ ILlpp1jjYGMruqbot21vao4Qlc4I9ai3GltcRCdFYjZnb6gdR+9CninUtThiFrpzm2DLu8wEAtg r7pJBx1J/8AWoxrc5GtpROn2nyPZalp2p2TMvn5jYDjB/zBq6h1qVBHdRsCGCllPfIFDHi2a5m8 G2g1F0knj1BVt7gJsMybTkkeo7kcdDUrSpPPsoww/FGAR8f8FLdGUWv6ilWSj2aPYXcV7bLNERz +IZ6GpWPlQR4enl00+dKx8onaVP8AMKOIilxGJE6Gu6i79kcfpxXV8JdeEUg5H711BA7c00OpfA ropDZ2irEij8W6JH4h0mS3KgXCZeBz2b0+R/69KxDULeZGS1dMSh9hBOMHOK+jAMdBQJ9oUWh6X o93FtQalqEiug6uxDhiR6KMGllDWUhPAV8HWK29pMdp8zzMYx8P70aaXplst3H7fcRq7nPlZ94d 6j+HrSGzsPbnw26BXGefeK8msn1DUbo6/dPPvaUuxD7vypIUKUtkNK5pYj6ahEEtsjW7ZVBt6VD uNDtp/I3Qq2w4AxQL9j+p/wARupreKS5dY0bz0lBKKR+FlPrnjFaD4j1J9I0iSeBQ0zNsjz0BPf 8ASi2tKWi1zeYjNPtIX+I69aaXCyRW1hGGc4wFLfD14p+l2yvGiRriNMAZ69qqbt5hcSS3W5p7h /NZ2HLDp/3RNpe2OwWQcsx2geprmmtZ1J8YkTxDP5dusSjuoAHck/5+dHumWps7NInfc3U0PaZ4 fa7u0vb5vu45N6x/+RHT9f6UVhcDAroorx8jnts1cSF5fPFOwUJx3pwYdPWlCjOe1XIka+vhZWN xdTfggjaRvkBmsC1LxJd6ne3UlxKmZDukXcBnPChc88Z6D51qf2o6k1tonsUP47rIfBxhB2+pwP zrItS0/NujW1o0ty0gKyhj7oxnGOlCa3sGmaNoDXeo+DrRrRN7gNGy5xwGIoLvdKcXx9qjuYXDA M5gbaOe5xWh+BbKfTfD8EE/82ZAu0gru5waKIJGLYYA47kA066Yu6cfs0jS3tGj2gMxLF2YlpCf 5iTyaIdR02TVbiHzFxaoM4boT64pbK3fzUlZiEHUVJ1S8n/hk7WMDSzsPLgjBwWY/HsB1z8KWce XoRlgF6roUWuQT3NowSaOZkjToNi+7t+uN2fU1N0TSVhtIVuFbMY/CRirPSdLm0uwaO8kVriRtx wc9uTUhpR8u1TdcW9HVkswdxwqjAA6UhyCcEikGOxrouMdOaqhCGACCBgeg709lZApYHDChW7vb qAkq5yfWrmy8Q2Q0YzXzHYByF5Ib0FTUkx2mgD8eyG81ySAEkR7UVR6/wD00628Jyx6BLEpU3kj AqT0UZq40iziv5ZNRuo90ryl1J6Dmrt22qCOgODWQWrQm8eIpbbUksbtNP1F0hnYfdOeFmHfB9R 3H9KIEj2tGVOSeePSqfWdPtdWtntbyPcmcqRwVPqD2NCkdp4qsLy8is9RJtEQSpJMdx2BhuUk8j C7jn/b8aslpLcNjjfcioGAB4GTU+2hUEODkKCq/Xqf2/Ksy8LW3inWRZX9/KbW3lu2nfcuxjAu0 oirzw3OT6AdcnOqRABAOlDBFbqsIEyXAHO3YT8M5/rUHYDye9Xl4AbWTjPu5qlXGcH6fGlGFRQP ypfj601wVQnHQ8ilV8jitAGdQtlZTgc4oTuoN10sO47WkAIHTJooN15sixkjk9qg6wqvNarEgX7 5WOBUJR5eFlLC2tIVggSKMYVRgU5zsBL/AIf2pqPyOabdSnyyqnFWSInKVGxlTwP1roujQatdR2 tw0yxS27xlonK8Mrgg/McgnOMfGuEkjm1cxr74U4A7mg7RtZu7DWra/YtLJHJ7wY/iB4Yfl+wpo oVmzTxurxrGuAo4A6CrSPhRnrVek2+Qs/Cg/nU0TL0BrGahbj/Qf/iaoA/bj50QScxN/wATQ4Fw xPY1nyN8HTd6nNeHGc1z6oQnPfB7U6NlUEMMfH1rTDOtPnJvYiT3xz8qvhGJJMsobC8fOg6ykb2 2Ef7x+9GCZZ8ZI+VTj4NP06sGSIYGWxnFcNr4zIafdyummO6HDhThu9U/h/Ubm7gcXDB9jYBxVB S4jYJwec1A0bwxPc+KRdyweZZebJKxIGwDHujrknJ6Y7Z5zVivOcjoaJPDp2WbuvXfitXQMswsb Db0Kiq1NQWK52MwK+o7Vz1K4kDsgbCnr8agywI1vuOc+70OKGYGFpKJoQwOaprqFoZHRvmD8DUr QGPs7L2B4pmtcTIR3X+tZ8mkAcH3T25rxfB6fpXpBtCkdSKjiRsfU8UAf//Z loginShell: /bin/bash mail: ccy at sql.com.my postalAddress: 32A, 1st Floor, Jalan Tiara 4,$Bandar Baru Klang postalCode: 41150 sambaAcctFlags: [U] sambaHomePath: \\DEER\ccy sambaKickoffTime: 2147483647 sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx sambaLogoffTime: 2147483647 sambaLogonTime: 0 sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX sambaPrimaryGroupSID: XXXXXXXXXXXXXXXXXXXXXXXXXXX sambaPwdCanChange: 0 sambaPwdLastSet: 1202742110 sambaPwdMustChange: 9842655710 shadowLastChange: 13920 shadowMax: 99999 st: Selangor telephoneNumber: 03.3341.6909 title: Programmer -- Best regards, Chau Chee Yang E Stream Software Sdn Bhd URL: www.sql.com.my SQL Financial Accounting -------------- next part -------------- An HTML attachment was scrubbed... URL: From iferreir at personal.com.py Wed Feb 13 20:50:45 2008 From: iferreir at personal.com.py (Ivan Ferreira) Date: Wed, 13 Feb 2008 17:50:45 -0300 Subject: UNCLASSIFIED - RE: [Fedora-directory-users] FDS Sudo Management In-Reply-To: <7F6B06837A5DBD49AC6E1650EFF5490601C64C28@auk52177.ukr.astrium.corp> Message-ID: I use ldap with SUDO en FDS. What is the error you get when you try to create the entry? Have you restarted your FDS after adding the schema file? Have you modified the schema file to match the FDS requirements? Here is my schema file: 98sudo.ldif dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 XORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' ) Also I use ldapadmin.exe with sudo plugin to manage the entries. Is recommended. Sample entry: # solarisbin, sudoers, sis.personal.net.py dn: cn=solarisbin,ou=sudoers,dc=xx,dc=xx,dc=xx,dc=xx sudoCommand: /usr/bin/ls sudoCommand: /usr/bin/cp sudoCommand: /usr/bin/mkdir sudoCommand: /usr/bin/chmod sudoCommand: /usr/bin/chown sudoCommand: /usr/bin/gzip sudoCommand: /usr/bin/kill sudoCommand: /usr/bin/mv objectClass: top objectClass: sudoRole cn: solarisbin sudoHost: ALL sudoUser: user1 sudoUser: user2 sudoUser: user3 sudoUser: user4 sudoUser: user5 sudoUser: user6 sudoUser: user7 sudoRunAs: root Para "Jared B. Griffith" , "HAWKER, Dan 2 "General discussion list for the (external)" Fedora Directory server fedora-directory-users-b cc ounces at redhat.com Asunto 11/02/2008 12:59 p.m. UNCLASSIFIED - RE: [Fedora-directory-users] FDS Sudo Management Clasificaci?n Por favor, responda a Uso Interno "General discussion list for the Fedora Directory server project." Has anyone managed sudoers via FDS here? I have been trying to create LDAP entries as mentioned here: http://www.gratisoft.us/sudo/readme_ldap.html Which FDS will not allow me to do, even though the schemas for SUDO are in the server. Is there a walkthrough, or is there anyone that is managing SUDO via FDS here successfully? -- Hi Jared, Am using FDS and SUDO quite successfully here. Was a bit odd to setup (mostly due to some older clients we have here, and the effort in consolidating the sudoers files to LDAP), but was well worth the effort. Have just uploaded my notes about it to my external note wiki. Bit rough around the edges, but I think its mostly there so may be of help to get you started. (http://danwiki.wessexmc.org.uk/wiki/index.php/SUDOFDS) HTH Dan -- Dan Hawker Linux System Administrator Astrium http://www.astrium.eads.net -- This email (including any attachments) may contain confidential and/or privileged information or information otherwise protected from disclosure. If you are not the intended recipient, please notify the sender immediately, do not copy this message or any attachments and do not use it for any purpose or disclose its content to any person, but delete this message and any attachments from your system. Astrium disclaims any and all liability if this email transmission was virus corrupted, altered or falsified. --------------------------------------------------------------------- Astrium Limited, Registered in England and Wales No. 2449259 REGISTERED OFFICE:- Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users ======================================================================================== AVISO LEGAL: Esta informaci?n es privada y confidencial y est? dirigida ?nicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha informaci?n por favor elimine el mensaje. La distribuci?n o copia de este mensaje est? estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de informaci?n y no debe ser considerada como propuesta, aceptaci?n ni como una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de e-mails no garantiza que el correo electr?nico sea seguro o libre de error. Por consiguiente, no manifestamos que esta informaci?n sea completa o precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. From AOas at redbrickhealth.com Wed Feb 13 22:28:39 2008 From: AOas at redbrickhealth.com (Aaron Oas) Date: Wed, 13 Feb 2008 16:28:39 -0600 Subject: [Fedora-directory-users] RHDS and winsync... how to sync disablement of users Message-ID: I have a Win2003 AD server and a RHDS 8.0 server, with a windows sync agreement between them. The SSL, win sync agreement and the password sync are all working fine. Our intent is to do core user management from one place: AD, and then have various apps and linux hosts using the RHDS server as needed. One of the key user management functions is disabling an account when the person leaves. We don't want to delete accounts, because you lose some ability to trace ownership after the fact etc. Using the "disable account" option in AD does not carry over, since AD just stores that flag in a bitmask type of attribute (userAccountControl), and winsync does not map that attribute (not surprisingly since the attribute is ugly). Expiring the account in AD also doesn't work. It seems to map improperly in the winsync mapping: the time value that ends up on the RHDS side is translated wildy inaccurately in the RHDS console (hundreds of years off). I am looking at writing a perl daemon to watch AD, pull the "user disabled" value from the userAccountControl attributes of all the users in AD, then map that to the nsaccountlock attribute in RHDS. This includes resulting woes of: do I try to track changes and see which side made the change first (i.e. AD -> DS versus DS -> AD)? Or do I just take the "easy" way out and assume AD is right, etc. etc. Is there any better way to sync the disabling of accounts between AD and RHDS/FDS? Aaron Oas From vaddarapu at gmail.com Thu Feb 14 01:29:30 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Thu, 14 Feb 2008 12:29:30 +1100 Subject: [Fedora-directory-users] restart dirsrv after SSL script run Message-ID: Hi, I run the SSL script setupssl2.sh and after i restarted the dirsrv. I am getting this following error message "root at ldap-test1 admin-serv]# service dirsrv start Starting dirsrv: ldap-test1...[14/Feb/2008:22:47:52 +1100] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.) [14/Feb/2008:22:47:52 +1100] - ERROR: SSL Initialization Failed. [FAILED] *** Warning: 1 instance(s) failed to start" I can able to restart dirsrv-admin without any problem.I believe both should be running to get into console and web inteface. Any ideas and suggestions appreciated. Thanks Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: From howard at cohtech.com Thu Feb 14 11:15:04 2008 From: howard at cohtech.com (Howard Wilkinson) Date: Thu, 14 Feb 2008 11:15:04 +0000 Subject: [Fedora-directory-users] Setting up Multiple Directory Servers - in a multi-master mesh. Having problems with admin server. Message-ID: <47B422B8.1070400@cohtech.com> We are configuring a new site which has a pair of Master servers and 2 "slave" servers. We have followed the following sequence of steps but have fallen at the last fence in getting all of the servers registered with admin servers. Install fresh copies of fedora-ds* 1.1 packages. Run setup-ds-admin.pl on the primary master (primary because it is the first one) Setup SSL access to server Create ROOTDNs. Populate server with initial data. Run setup-ds.pl on the secondary master and the 2 slaves. Setup SSL access on these servers Create ROOTDNs Initiate multi-master replication for all roots from primary master to secondary master. Initiate ordinary replication from the primary master to each slave. Initiate ordinary replication from the secondary master to each slave. We are replicating o=NetscapeRoot as well as all of our Roots. The servers are setup using this inf file. [General] FullMachineName=${HOSTNAMEFQDN} SuiteSpotUserID=${LDAPUID} SuiteSpotGroup=${LDAPGID} ServerRoot=/usr/lib/fedora-ds AdminDomain=${MASTERDOMAIN} ConfigDirectoryAdminID=admin ConfigDirectoryAdminPwd=${ADMINPASSWD} ConfigDirectoryLdapURL=ldap://${MASTERHOSTFQDN}:${LDAPPORT}/o=NetscapeRoot UserDirectoryAdminID=admin UserDirectoryAdminPwd=${ADMINPASSWD} UserDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/${MASTERDN} #CACertificateURL= [slapd] SlapdConfigForMC=${SlapdConfigForMC} # Set to 1 on Master, 0 on all others SecurityOn=No UseExistingMC=${UseExistingMC} # Set to 0 on Master, 1 on all others UseExistingUG=0 ServerPort=${LDAPPORT} ServerIdentifier=${HOSTNAME} Suffix=dc=${MASTERDN} RootDN=cn=Directory Manager AddSampleEntries=No InstallLdifFile=none AddOrgEntries=No DisableSchemaChecking=No RootDNPwd=${DIRMANPASSWD} start_server=1 install_full_schema=1 [admin] SysUser=${LDAPUID} Port=${ADMINPORT} ServerIpAddress=* ServerAdminID=admin ServerAdminPwd=${ADMINPASSWD} ApacheDir=/usr/sbin/ ApacheRoot=/etc/httpd I then run up fedora-idm-console on the master. We can see the master server in the console but cannot see any of the others! What have we missed? What do we need to do to get this running and then switch each server over to using its local admin server (with replicated data from the master) Note we cannot get "register-ds-admin.pl" to do anything in this environment a sit just keeps asking for the server name and any input results in it asking again for the server name. Regards, Howard. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Thu Feb 14 12:39:29 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Thu, 14 Feb 2008 18:09:29 +0530 Subject: [Fedora-directory-users] getent passwd not working??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207BE13B1@in-ex004.groupinfra.com> Hi, Sometimes when I run # getent passwd then it shows me the list of LDAP user including zsingh ( Added user) but #getent passwd zsingh don't show any output. Any idea why it behave so??? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From stpierre at NebrWesleyan.edu Thu Feb 14 14:53:29 2008 From: stpierre at NebrWesleyan.edu (Chris St. Pierre) Date: Thu, 14 Feb 2008 08:53:29 -0600 (CST) Subject: [Fedora-directory-users] Fedora DS in a Xen DomU? Message-ID: I've been reading some things lately -- see, for instance, http://lists.xensource.com/archives/html/xen-users/2006-05/msg00853.html -- that suggests that running Fedora DS (or OpenLDAP, or, theoretically, any Berkeley-DB-reliant app) in a Xen DomU might not be the best idea. The thread mentioned above has a few people claiming it works fine for them, but both are at _very_ small sites. Can anyone either corroborate or debunk these claims? Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University From rmeggins at redhat.com Thu Feb 14 17:50:14 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 14 Feb 2008 10:50:14 -0700 Subject: [Fedora-directory-users] restart dirsrv after SSL script run In-Reply-To: References: Message-ID: <47B47F56.4080606@redhat.com> Anand Vaddarapu wrote: > Hi, > > I run the SSL script setupssl2.sh and after i restarted the dirsrv. I > am getting this following error message > > > "root at ldap-test1 admin-serv]# service dirsrv start > Starting dirsrv: > > ldap-test1...[14/Feb/2008:22:47:52 +1100] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.) > [14/Feb/2008:22:47:52 +1100] - ERROR: SSL Initialization Failed. > > [FAILED] > *** Warning: 1 instance(s) failed to start" ls -al /etc/dirsrv/slapd-ldap-test1 grep nsslapd-localuser /etc/dirsrv/slapd-ldap-test1/dse.ldif > > > I can able to restart dirsrv-admin without any problem.I believe both should be running to get into console and web inteface. > > > Any ideas and suggestions appreciated. > > Thanks > Vivek > > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Feb 14 17:52:21 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 14 Feb 2008 10:52:21 -0700 Subject: [Fedora-directory-users] Setting up Multiple Directory Servers - in a multi-master mesh. Having problems with admin server. In-Reply-To: <47B422B8.1070400@cohtech.com> References: <47B422B8.1070400@cohtech.com> Message-ID: <47B47FD5.8060101@redhat.com> Howard Wilkinson wrote: > We are configuring a new site which has a pair of Master servers and 2 > "slave" servers. We have followed the following sequence of steps but > have fallen at the last fence in getting all of the servers registered > with admin servers. > > Install fresh copies of fedora-ds* 1.1 packages. > Run setup-ds-admin.pl on the primary master (primary because it is > the first one) > Setup SSL access to server > Create ROOTDNs. > Populate server with initial data. > > Run setup-ds.pl on the secondary master and the 2 slaves. > Why did you run setup-ds.pl instead of setup-ds-admin.pl? > > Setup SSL access on these servers > Create ROOTDNs > Initiate multi-master replication for all roots from primary > master to secondary master. > Initiate ordinary replication from the primary master to each slave. > Initiate ordinary replication from the secondary master to each slave. > > > We are replicating o=NetscapeRoot as well as all of our Roots. > > The servers are setup using this inf file. > > [General] > > FullMachineName=${HOSTNAMEFQDN} > > SuiteSpotUserID=${LDAPUID} > > SuiteSpotGroup=${LDAPGID} > > ServerRoot=/usr/lib/fedora-ds > > AdminDomain=${MASTERDOMAIN} > > ConfigDirectoryAdminID=admin > > ConfigDirectoryAdminPwd=${ADMINPASSWD} > > ConfigDirectoryLdapURL=ldap://${MASTERHOSTFQDN}:${LDAPPORT}/o=NetscapeRoot > > UserDirectoryAdminID=admin > > UserDirectoryAdminPwd=${ADMINPASSWD} > > UserDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/${MASTERDN} > > #CACertificateURL= > > [slapd] > > SlapdConfigForMC=${SlapdConfigForMC} # Set to 1 on Master, 0 on all others > > SecurityOn=No > > UseExistingMC=${UseExistingMC} # Set to 0 on Master, 1 on all others > > UseExistingUG=0 > > ServerPort=${LDAPPORT} > > ServerIdentifier=${HOSTNAME} > > Suffix=dc=${MASTERDN} > > RootDN=cn=Directory Manager > > AddSampleEntries=No > > InstallLdifFile=none > > AddOrgEntries=No > > DisableSchemaChecking=No > > RootDNPwd=${DIRMANPASSWD} > > start_server=1 > > install_full_schema=1 > > [admin] > > SysUser=${LDAPUID} > > Port=${ADMINPORT} > > ServerIpAddress=* > > ServerAdminID=admin > > ServerAdminPwd=${ADMINPASSWD} > > ApacheDir=/usr/sbin/ > > ApacheRoot=/etc/httpd > > > I then run up fedora-idm-console on the master. We can see the master > server in the console but cannot see any of the others! Not surprising since setup-ds.pl doesn't do any console/admin server registration. > > What have we missed? What do we need to do to get this running and > then switch each server over to using its local admin server (with > replicated data from the master) > > Note we cannot get "register-ds-admin.pl" to do anything in this > environment a sit just keeps asking for the server name and any input > results in it asking again for the server name. register-ds-admin.pl should work - can you provide more details? Script output? > > Regards, Howard. > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Thu Feb 14 19:21:40 2008 From: richard at powerset.com (Richard Hesse) Date: Thu, 14 Feb 2008 11:21:40 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: <47B2027A.80101@redhat.com> Message-ID: Actually, it ends up that debug logging was putting too much disk load on the server and the process fell behind/stopped servicing socket requests. Thanks for your help Richard. -richard On 2/12/08 12:32 PM, "Richard Megginson" wrote: Richard Hesse wrote: > There's a load balancer acting as the client to the DS (proxying client requests). I think that's a red herring though. Any search requests sent directly to the DS, bypassing the LB, would fail. I think I even tried requests locally from the server and they still failed. I can't be sure about that last statement, it was a long day. > What are all of these closed connections from? e.g. conn=71007, conn=71003, etc.? Are they from the load balancer? I'm not really sure how to proceed to diagnose this from the directory server because events like these usually indicate something is happening at the TCP/IP layer. I would be really interested to see if you continued to have problems if you shut off the load balancer completely and just contacted the directory server via the loopback interface. > What about the network file descriptor is not connected error? > It's similar to the B4 - it means there was a problem with the connection to the client. > Thanks. > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson > Sent: Monday, February 11, 2008 7:43 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected > > Richard Hesse wrote: > >> Started to play with FDS 1.1 for some dogfood testing. After running for 10-15 minutes, the server stopped responding to network requests and went silent. The process was running, the error log was updating with the ldbm event loop, but no socket requests were fulfilled. Checking the access log, I saw this: >> >> [12/Feb/2008:01:47:58 +0000] conn=71108 op=-1 fd=79 closed error 107 (Transport endpoint is not connected) - Network file descriptor is not connected. >> [12/Feb/2008:01:47:59 +0000] conn=71007 op=60 fd=69 closed - B4 >> [12/Feb/2008:01:48:00 +0000] conn=71003 op=48 fd=68 closed - B4 >> [12/Feb/2008:01:48:01 +0000] conn=71017 op=47 fd=72 closed - B4 >> [12/Feb/2008:01:48:06 +0000] conn=71102 op=2 fd=66 closed - B4 >> [12/Feb/2008:01:48:07 +0000] conn=71103 op=2 fd=70 closed - B4 >> [12/Feb/2008:01:48:07 +0000] conn=71040 op=10 fd=76 closed - B4 >> >> Any ideas or suggestions on how to approach troubleshooting this issue would be greatly appreciated. >> >> > B4 means SLAPD_DISCONNECT_BER_FLUSH - this usually means the client has reset or closed the connection while the server was attempting to send a response. > > http://www.redhat.com/docs/manuals/dir-server/cli/8.0/Configuration_Command_File_Reference-Access_Log_and_Connection_Code_Reference-Common_Connection_Codes.html > > Do you have a firewall or some other network device? > >> Thanks. >> >> -richard >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iferreir at personal.com.py Thu Feb 14 19:26:44 2008 From: iferreir at personal.com.py (Ivan Ferreira) Date: Thu, 14 Feb 2008 16:26:44 -0300 Subject: [Fedora-directory-users] getent passwd not working??? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB207BE13B1@in-ex004.groupinfra.com> Message-ID: Sometimes, the name server chache daemon can cause some problems. Try disabling the name server chache daemon on the client. service nscd stop chkconfig nscd off On solaris, disable the name-service-cache service svcadm disable name-service-cache Para "Singh Raina, Ajeet" cc Asunto Enviado por: [Fedora-directory-users] getent fedora-directory-users-b passwd not working??? ounces at redhat.com Clasificaci?n Uso Interno 14/02/2008 09:39 a.m. Por favor, responda a "General discussion list for the Fedora Directory server project." Hi, Sometimes when I run # getent passwd then it shows me the list of LDAP user including zsingh ( Added user) but #getent passwd zsingh don?t show any output. Any idea why it behave so??? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.-- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users ======================================================================================== AVISO LEGAL: Esta informaci?n es privada y confidencial y est? dirigida ?nicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha informaci?n por favor elimine el mensaje. La distribuci?n o copia de este mensaje est? estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de informaci?n y no debe ser considerada como propuesta, aceptaci?n ni como una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de e-mails no garantiza que el correo electr?nico sea seguro o libre de error. Por consiguiente, no manifestamos que esta informaci?n sea completa o precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. From iferreir at personal.com.py Thu Feb 14 19:32:23 2008 From: iferreir at personal.com.py (Ivan Ferreira) Date: Thu, 14 Feb 2008 16:32:23 -0300 Subject: [Fedora-directory-users] RHDS and winsync... how to sync disablement of users In-Reply-To: Message-ID: Maybe if you create a script that modifies both directories at the same time can help. For example, on Windows you can run: dsmod user -disabled yes You can modify the user attributes in FDS with ldapmodify. There is also ldapmodify.exe than can run on Windows. http://www.novell.com/coolsolutions/feature/5993.html Para "Aaron Oas" cc Asunto Enviado por: [Fedora-directory-users] RHDS fedora-directory-users-b and winsync... how to sync ounces at redhat.com disablement of users Clasificaci?n 13/02/2008 07:28 p.m. Uso Interno Por favor, responda a "General discussion list for the Fedora Directory server project." I have a Win2003 AD server and a RHDS 8.0 server, with a windows sync agreement between them. The SSL, win sync agreement and the password sync are all working fine. Our intent is to do core user management from one place: AD, and then have various apps and linux hosts using the RHDS server as needed. One of the key user management functions is disabling an account when the person leaves. We don't want to delete accounts, because you lose some ability to trace ownership after the fact etc. Using the "disable account" option in AD does not carry over, since AD just stores that flag in a bitmask type of attribute (userAccountControl), and winsync does not map that attribute (not surprisingly since the attribute is ugly). Expiring the account in AD also doesn't work. It seems to map improperly in the winsync mapping: the time value that ends up on the RHDS side is translated wildy inaccurately in the RHDS console (hundreds of years off). I am looking at writing a perl daemon to watch AD, pull the "user disabled" value from the userAccountControl attributes of all the users in AD, then map that to the nsaccountlock attribute in RHDS. This includes resulting woes of: do I try to track changes and see which side made the change first (i.e. AD -> DS versus DS -> AD)? Or do I just take the "easy" way out and assume AD is right, etc. etc. Is there any better way to sync the disabling of accounts between AD and RHDS/FDS? Aaron Oas -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users ======================================================================================== AVISO LEGAL: Esta informaci?n es privada y confidencial y est? dirigida ?nicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha informaci?n por favor elimine el mensaje. La distribuci?n o copia de este mensaje est? estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de informaci?n y no debe ser considerada como propuesta, aceptaci?n ni como una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de e-mails no garantiza que el correo electr?nico sea seguro o libre de error. Por consiguiente, no manifestamos que esta informaci?n sea completa o precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. From ajeet.singh.raina at logicacmg.com Fri Feb 15 06:31:09 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Fri, 15 Feb 2008 12:01:09 +0530 Subject: [Fedora-directory-users] 'mailHost' not allowed during the NIS Migration ???? Message-ID: <0139539A634FD04A99C9B8880AB70CB207BE1ACD@in-ex004.groupinfra.com> I migrated my # ypcat passwd > /tmp/passwd.ldif through the perl script and I had few entry of the same as below pasted: dn: uid=apache,ou=People,dc=im,dc=logica,dc=com uid: apache cn: Apache sn: Apache mail: apache at logica.com mailRoutingAddress: apache at mail.logica.com mailHost: mail.logica.com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}!! shadowLastChange: 13801 shadowMax: 99999 shadowWarning: 7 loginShell: /sbin/nologin uidNumber: 48 gidNumber: 48 homeDirectory: /var/www gecos: Apache When I am trying to import into the databases it is throwing error as below: uid=apache,ou=People,dc=im,dc=logica,dc=com: Error adding object 'dn: uid=apache,ou=People,dc=im,dc=logica,dc=com'. The error sent by the server was 'Object class violation. attribute "mailHost" not allowed '. The object is: LDAPEntry: uid=apache,ou=People,dc=im,dc=logica,dc=com; LDAPAttributeSet: LDAPAttribute {type='sn', values='Apache'} LDAPAttribute {type='loginshell', values='/sbin/nologin'} LDAPAttribute {type='userpassword', values='{crypt}!!'} LDAPAttribute {type='gidnumber', values='48'} LDAPAttribute {type='uidnumber', values='48'} LDAPAttribute {type='mail', values='apache at logica.com'} LDAPAttribute {type='shadowmax', values='99999'} LDAPAttribute {type='objectclass', values='person,organizationalPerson,inetOrgPerson,posixAccount,top,shado wAccount'} LDAPAttribute {type='uid', values='apache'} LDAPAttribute {type='gecos', values='Apache'} LDAPAttribute {type='shadowlastchange', values='13801'} LDAPAttribute {type='mailhost', values='mail.logica.com'} LDAPAttribute {type='mailroutingaddress', values='apache at mail.logica.com'} LDAPAttribute {type='cn', values='Apache'} LDAPAttribute {type='homedirectory', values='/var/www'} LDAPAttribute {type='shadowwarning', values='7'}. Now when I am deleting these lines: mail: apache at logica.com mailRoutingAddress: apache at mail.logica.com It seems to work. Any idea how I should configure my DS to stop these errors. Pls Help This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From oeufdure at gmail.com Fri Feb 15 06:41:50 2008 From: oeufdure at gmail.com (Fabrice Durand) Date: Fri, 15 Feb 2008 07:41:50 +0100 Subject: [Fedora-directory-users] 'mailHost' not allowed during the NIS Migration ???? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB207BE1ACD@in-ex004.groupinfra.com> References: <0139539A634FD04A99C9B8880AB70CB207BE1ACD@in-ex004.groupinfra.com> Message-ID: <146df21c0802142241g27efe77cub6592553a30e193c@mail.gmail.com> If you try to add with objectClass: mailrecipient , does it work ? dn: uid=apache,ou=People,dc=im,dc=logica,dc=com uid: apache cn: Apache sn: Apache mail: apache at logica.com mailRoutingAddress: apache at mail.logica.com mailHost: mail.logica.com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: mailrecipient userPassword: {crypt}!! shadowLastChange: 13801 shadowMax: 99999 shadowWarning: 7 loginShell: /sbin/nologin uidNumber: 48 gidNumber: 48 homeDirectory: /var/www gecos: Apache Fabrice 2008/2/15, Singh Raina, Ajeet : > > I migrated my # ypcat passwd > /tmp/passwd.ldif through the perl script > and I had few entry of the same as below pasted: > > > > dn: uid=apache,ou=People,dc=im,dc=logica,dc=com > > uid: apache > > cn: Apache > > sn: Apache > > mail: apache at logica.com > > mailRoutingAddress: apache at mail.logica.com > > mailHost: mail.logica.com > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: top > > objectClass: shadowAccount > > userPassword: {crypt}!! > > shadowLastChange: 13801 > > shadowMax: 99999 > > shadowWarning: 7 > > loginShell: /sbin/nologin > > uidNumber: 48 > > gidNumber: 48 > > homeDirectory: /var/www > > gecos: Apache > > > > > > When I am trying to import into the databases it is throwing error as > below: > > > > uid=apache,ou=People,dc=im,dc=logica,dc=com: Error adding object 'dn: > uid=apache,ou=People,dc=im,dc=logica,dc=com'. The error sent by the server > was 'Object class violation. attribute "mailHost" not allowed > > '. The object is: LDAPEntry: uid=apache,ou=People,dc=im,dc=logica,dc=com; > LDAPAttributeSet: LDAPAttribute {type='sn', values='Apache'} LDAPAttribute > {type='loginshell', values='/sbin/nologin'} LDAPAttribute > {type='userpassword', values='{crypt}!!'} LDAPAttribute {type='gidnumber', > values='48'} LDAPAttribute {type='uidnumber', values='48'} LDAPAttribute > {type='mail', values='apache at logica.com'} LDAPAttribute {type='shadowmax', > values='99999'} LDAPAttribute {type='objectclass', > values='person,organizationalPerson,inetOrgPerson,posixAccount,top,shadowAccount'} > LDAPAttribute {type='uid', values='apache'} LDAPAttribute {type='gecos', > values='Apache'} LDAPAttribute {type='shadowlastchange', values='13801'} > LDAPAttribute {type='mailhost', values='mail.logica.com'} LDAPAttribute > {type='mailroutingaddress', values='apache at mail.logica.com'} LDAPAttribute > {type='cn', values='Apache'} LDAPAttribute {type='homedirectory', > values='/var/www'} LDAPAttribute {type='shadowwarning', values='7'}. > > > > > > Now when I am deleting these lines: > > > > mail: apache at logica.com > > mailRoutingAddress: apache at mail.logica.com > > > > > > It seems to work. > > > > Any idea how I should configure my DS to stop these errors. > > > > > > Pls Help > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be copied, > disclosed to, retained or used by, any other party. If you are not an > intended recipient then please promptly delete this e-mail and any > attachment and all copies and inform the sender. Thank you. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Fri Feb 15 07:06:44 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Fri, 15 Feb 2008 12:36:44 +0530 Subject: [Fedora-directory-users] 'mailHost' not allowed during the NIS Migration ???? Message-ID: <0139539A634FD04A99C9B8880AB70CB207C18821@in-ex004.groupinfra.com> Its Working.... One more thing to ask you. I missed to add one entry related to krbName and its throwing error as: dn: uid=apache,ou=People,dc=im,dc=logica,dc=com uid: apache cn: Apache sn: Apache mail: apache at logica.com mailRoutingAddress: apache at mail.logica.com mailHost: mail.logica.com objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject objectClass: shadowAccount userPassword: {crypt}!! shadowLastChange: 13801 shadowMax: 99999 shadowWarning: 7 krbName: apache at LOGICA.COM loginShell: /sbin/nologin uidNumber: 48 gidNumber: 48 homeDirectory: /var/www gecos: Apache And the error: uid=apache,ou=People,dc=im,dc=logica,dc=com: Error adding object 'dn: uid=apache,ou=People,dc=im,dc=logica,dc=com'. The error sent by the server was 'Object class violation. unknown object class "kerberosSecurityObject" '. The object is: LDAPEntry: uid=apache,ou=People,dc=im,dc=logica,dc=com; LDAPAttributeSet: LDAPAttribute {type='sn', values='Apache'} LDAPAttribute {type='loginshell', values='/sbin/nologin'} LDAPAttribute {type='userpassword', values='{crypt}!!'} LDAPAttribute {type='gidnumber', values='48'} LDAPAttribute {type='uidnumber', values='48'} LDAPAttribute {type='mail', values='apache at logica.com'} LDAPAttribute {type='krbname', values='apache at LOGICA.COM'} LDAPAttribute {type='shadowmax', values='99999'} LDAPAttribute {type='objectclass', values='inetLocalMailRecipient,person,organizationalPerson,inetOrgPerson ,posixAccount,top,kerberosSecurityObject,shadowAccount,mailRecipient'} LDAPAttribute {type='uid', values='apache'} LDAPAttribute {type='gecos', values='Apache'} LDAPAttribute {type='shadowlastchange', values='13801'} LDAPAttribute {type='mailhost', values='mail.logica.com'} LDAPAttribute {type='mailroutingaddress', values='apache at mail.logica.com'} LDAPAttribute {type='cn', values='Apache'} LDAPAttribute {type='homedirectory', values='/var/www'} LDAPAttribute {type='shadowwarning', values='7'}. How Can I get it work? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From oeufdure at gmail.com Fri Feb 15 07:24:23 2008 From: oeufdure at gmail.com (Fabrice Durand) Date: Fri, 15 Feb 2008 08:24:23 +0100 Subject: [Fedora-directory-users] 'mailHost' not allowed during the NIS Migration ???? In-Reply-To: <0139539A634FD04A99C9B8880AB70CB207C18821@in-ex004.groupinfra.com> References: <0139539A634FD04A99C9B8880AB70CB207C18821@in-ex004.groupinfra.com> Message-ID: <146df21c0802142324o26300faetf433a90251f5fd2@mail.gmail.com> It seem that objectClass : KerberosSecuriyObject is'nt support in fedora directory server. Fabrice 2008/2/15, Singh Raina, Ajeet : > > Its Working?. > > > > One more thing to ask you. > > > > I missed to add one entry related to krbName and its throwing error as: > > > > dn: uid=apache,ou=People,dc=im,dc=logica,dc=com > > uid: apache > > cn: Apache > > sn: Apache > > mail: apache at logica.com > > mailRoutingAddress: apache at mail.logica.com > > mailHost: mail.logica.com > > objectClass: inetLocalMailRecipient > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: top > > objectClass: kerberosSecurityObject > > objectClass: shadowAccount > > userPassword: {crypt}!! > > shadowLastChange: 13801 > > shadowMax: 99999 > > shadowWarning: 7 > > krbName: apache at LOGICA.COM > > loginShell: /sbin/nologin > > uidNumber: 48 > > gidNumber: 48 > > homeDirectory: /var/www > > gecos: Apache > > > > And the error: > > > > uid=apache,ou=People,dc=im,dc=logica,dc=com: Error adding object 'dn: > uid=apache,ou=People,dc=im,dc=logica,dc=com'. The error sent by the server > was 'Object class violation. unknown object class "kerberosSecurityObject" > > '. The object is: LDAPEntry: uid=apache,ou=People,dc=im,dc=logica,dc=com; > LDAPAttributeSet: LDAPAttribute {type='sn', values='Apache'} LDAPAttribute > {type='loginshell', values='/sbin/nologin'} LDAPAttribute > {type='userpassword', values='{crypt}!!'} LDAPAttribute {type='gidnumber', > values='48'} LDAPAttribute {type='uidnumber', values='48'} LDAPAttribute > {type='mail', values='apache at logica.com'} LDAPAttribute {type='krbname', > values='apache at LOGICA.COM'} LDAPAttribute {type='shadowmax', > values='99999'} LDAPAttribute {type='objectclass', > values='inetLocalMailRecipient,person,organizationalPerson,inetOrgPerson,posixAccount,top,kerberosSecurityObject,shadowAccount,mailRecipient'} > LDAPAttribute {type='uid', values='apache'} LDAPAttribute {type='gecos', > values='Apache'} LDAPAttribute {type='shadowlastchange', values='13801'} > LDAPAttribute {type='mailhost', values='mail.logica.com'} LDAPAttribute > {type='mailroutingaddress', values='apache at mail.logica.com'} LDAPAttribute > {type='cn', values='Apache'} LDAPAttribute {type='homedirectory', > values='/var/www'} LDAPAttribute {type='shadowwarning', values='7'}. > > > > > > How Can I get it work? > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be copied, > disclosed to, retained or used by, any other party. If you are not an > intended recipient then please promptly delete this e-mail and any > attachment and all copies and inform the sender. Thank you. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Fri Feb 15 14:38:32 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Fri, 15 Feb 2008 20:08:32 +0530 Subject: [Fedora-directory-users] Attributes for ACLs??? Message-ID: <0139539A634FD04A99C9B8880AB70CB207C192E1@in-ex004.groupinfra.com> Can anyone tel me what really Targets column under ACLs setting means? It shows lots of options like nsmsgConfigversion, changeType,ipNetworkNumber,nsmdsFolderurl etc etc ... What type of ACIs we can set for Group and People??? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From edlinuxguru at gmail.com Fri Feb 15 15:59:10 2008 From: edlinuxguru at gmail.com (Eddie C) Date: Fri, 15 Feb 2008 10:59:10 -0500 Subject: [Fedora-directory-users] Fedora DS in a Xen DomU? In-Reply-To: References: Message-ID: Sure I can give it a go. I am running fedora directory server inside a VMware host. It works well. I think the main bullet point of Virtualization is that reasourse hungry processes are not going to function well in any emulated environment. E.G. if your server is pegged 100% CPU with high disk IO it is going to be even worse on a machine with 3-4 other systems. I think it is ideal for emulation. Especially small ones. I think somewhere on the internet there is a vmware FDS guest you can just load up and play with. On Thu, Feb 14, 2008 at 9:53 AM, Chris St. Pierre wrote: > I've been reading some things lately -- see, for instance, > http://lists.xensource.com/archives/html/xen-users/2006-05/msg00853.html > -- that suggests that running Fedora DS (or OpenLDAP, or, > theoretically, any Berkeley-DB-reliant app) in a Xen DomU might not be > the best idea. The thread mentioned above has a few people claiming > it works fine for them, but both are at _very_ small sites. Can > anyone either corroborate or debunk these claims? Thanks! > > Chris St. Pierre > Unix Systems Administrator > Nebraska Wesleyan University > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From beyonddc.storage at gmail.com Fri Feb 15 16:26:28 2008 From: beyonddc.storage at gmail.com (Chun Tat David Chu) Date: Fri, 15 Feb 2008 11:26:28 -0500 Subject: [Fedora-directory-users] Question about making ldapmodify to be silent Message-ID: <20e4c38c0802150826q1d7a2ab4mb1dbe257f411ad08@mail.gmail.com> Hello! I'm currently running an older version of Fedora Directory Server 1.0.2. I need to import a bunch of ldif files via ldapmodify. I was wondering if there's anyway to make ldapmodify to be silent instead of echoing every add entry. I tried to pass in "-q" instructed from the "RH DS 7.1 Configuration, Command and File Reference" manual, but it complained that it is not a valid option. I also tried to look into man page but no luck. Any help would be appreciated Thanks!! - dc -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Feb 15 16:42:10 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 15 Feb 2008 09:42:10 -0700 Subject: [Fedora-directory-users] Question about making ldapmodify to be silent In-Reply-To: <20e4c38c0802150826q1d7a2ab4mb1dbe257f411ad08@mail.gmail.com> References: <20e4c38c0802150826q1d7a2ab4mb1dbe257f411ad08@mail.gmail.com> Message-ID: <47B5C0E2.70209@redhat.com> Chun Tat David Chu wrote: > Hello! > > I'm currently running an older version of Fedora Directory Server 1.0.2. > > I need to import a bunch of ldif files via ldapmodify. > > I was wondering if there's anyway to make ldapmodify to be silent > instead of echoing every add entry. > > I tried to pass in "-q" instructed from the "RH DS 7.1 Configuration, > Command and File Reference" manual, but it complained that it is not a > valid option. Were you using /usr/bin/ldapmodify or /opt/fedora-ds/shared/bin/ldapmodify? > > I also tried to look into man page but no luck. There's unfortunately no man page for /opt/fedora-ds/shared/bin/ldapmodify > > Any help would be appreciated > > Thanks!! > > - dc > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From beyonddc.storage at gmail.com Fri Feb 15 16:51:35 2008 From: beyonddc.storage at gmail.com (Chun Tat David Chu) Date: Fri, 15 Feb 2008 11:51:35 -0500 Subject: [Fedora-directory-users] Question about making ldapmodify to be silent In-Reply-To: <47B5C0E2.70209@redhat.com> References: <20e4c38c0802150826q1d7a2ab4mb1dbe257f411ad08@mail.gmail.com> <47B5C0E2.70209@redhat.com> Message-ID: <20e4c38c0802150851u2ef36cc3u37e184bc4735686a@mail.gmail.com> Rich, You're absolutely correct. I been running the ldapmodify from /usr/bin It is now working! Thanks! - dc On Fri, Feb 15, 2008 at 11:42 AM, Rich Megginson wrote: > Chun Tat David Chu wrote: > > Hello! > > > > I'm currently running an older version of Fedora Directory Server 1.0.2. > > > > I need to import a bunch of ldif files via ldapmodify. > > > > I was wondering if there's anyway to make ldapmodify to be silent > > instead of echoing every add entry. > > > > I tried to pass in "-q" instructed from the "RH DS 7.1 Configuration, > > Command and File Reference" manual, but it complained that it is not a > > valid option. > Were you using /usr/bin/ldapmodify or > /opt/fedora-ds/shared/bin/ldapmodify? > > > > I also tried to look into man page but no luck. > There's unfortunately no man page for /opt/fedora-ds/shared/bin/ldapmodify > > > > Any help would be appreciated > > > > Thanks!! > > > > - dc > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From prjctgeek at gmail.com Fri Feb 15 19:50:48 2008 From: prjctgeek at gmail.com (Doug Chapman) Date: Fri, 15 Feb 2008 11:50:48 -0800 Subject: [Fedora-directory-users] Multiple masters and Round Robin DNS Message-ID: After setting up 2 servers with multi-master replication, I added them both to a DNS record so users will go to either server. Both servers are replicating the NetscapeRoot DB to each other. I made a schema change to one and restarted it- only to see it hang. I waited some 15minutes, and then discovered with netstat that it had a bunch of open ldap connections to itself, which weren't timing out or going away. After I removed the IP from DNS (disabled round robin dns) for the server I was trying to shutdown , the server shutdown right away. I'm guessing somewhere there's a configuration that needs to be pointed to the other master server? How are others doing load balancing/fail over ? tia -------------- next part -------------- An HTML attachment was scrubbed... URL: From iferreir at personal.com.py Fri Feb 15 19:59:21 2008 From: iferreir at personal.com.py (Ivan Ferreira) Date: Fri, 15 Feb 2008 16:59:21 -0300 Subject: [Fedora-directory-users] Multiple masters and Round Robin DNS In-Reply-To: Message-ID: Failover is done through the client configuration file, as you can define multiple ldap servers. How did you configured your Resource Records? Try adding one for each hostname->ip, and another for DNS round robin. You may have some problems with certificates if you use SSL. Para fedora-directory-users at redhat.co m "Doug Chapman" cc Enviado por: Asunto fedora-directory-users-b [Fedora-directory-users] ounces at redhat.com Multiple masters and Round Robin DNS 15/02/2008 04:50 p.m. Clasificaci?n Uso Interno Por favor, responda a "General discussion list for the Fedora Directory server project." After setting up 2 servers with multi-master replication, I added them both to a DNS record so users will go to either server. Both servers are replicating the NetscapeRoot DB to each other. I made a schema change to one and restarted it- only to see it hang. I waited some 15minutes, and then discovered with netstat that it had a bunch of open ldap connections to itself, which weren't timing out or going away. After I removed the IP from DNS (disabled round robin dns) for the server I was trying to shutdown , the server shutdown right away. I'm guessing somewhere there's a configuration that needs to be pointed to the other master server? How are others doing load balancing/fail over ? tia-- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users ======================================================================================== AVISO LEGAL: Esta informaci?n es privada y confidencial y est? dirigida ?nicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha informaci?n por favor elimine el mensaje. La distribuci?n o copia de este mensaje est? estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de informaci?n y no debe ser considerada como propuesta, aceptaci?n ni como una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de e-mails no garantiza que el correo electr?nico sea seguro o libre de error. Por consiguiente, no manifestamos que esta informaci?n sea completa o precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. From edlinuxguru at gmail.com Fri Feb 15 19:57:17 2008 From: edlinuxguru at gmail.com (Eddie C) Date: Fri, 15 Feb 2008 14:57:17 -0500 Subject: [Fedora-directory-users] Multiple masters and Round Robin DNS In-Reply-To: References: Message-ID: I am fairly sure you can not replicate the Netscape Root DB. It has information inside it that is specific to the installation of that server. I would suggest you create another tree for your data and replicate that. On Fri, Feb 15, 2008 at 2:50 PM, Doug Chapman wrote: > After setting up 2 servers with multi-master replication, I added them both > to a DNS record so users will go to either server. > > Both servers are replicating the NetscapeRoot DB to each other. I made a > schema change to one and restarted it- only to see it hang. I waited some > 15minutes, and then discovered with netstat that it had a bunch of open ldap > connections to itself, which weren't timing out or going away. > > After I removed the IP from DNS (disabled round robin dns) for the server I > was trying to shutdown , the server shutdown right away. > > I'm guessing somewhere there's a configuration that needs to be pointed to > the other master server? > > How are others doing load balancing/fail over ? > > > tia > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From richard at powerset.com Fri Feb 15 20:04:30 2008 From: richard at powerset.com (Richard Hesse) Date: Fri, 15 Feb 2008 12:04:30 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: Message-ID: Eh sorry about this but it appears that my original hunch was correct. The 1.1 DS instance did indeed hang again recently. I was able to check a localhost query and that failed, too. So the problem definitely appears to be a hang in the FDS code somewhere. The question is, how do I go about debugging this? Strace doesn't show much at all. Enabling debug trace logging kills the server. Any ideas? Thanks. -richard On 2/14/08 11:21 AM, "Richard Hesse" wrote: Actually, it ends up that debug logging was putting too much disk load on the server and the process fell behind/stopped servicing socket requests. Thanks for your help Richard. -richard On 2/12/08 12:32 PM, "Richard Megginson" wrote: Richard Hesse wrote: > There's a load balancer acting as the client to the DS (proxying client requests). I think that's a red herring though. Any search requests sent directly to the DS, bypassing the LB, would fail. I think I even tried requests locally from the server and they still failed. I can't be sure about that last statement, it was a long day. > What are all of these closed connections from? e.g. conn=71007, conn=71003, etc.? Are they from the load balancer? I'm not really sure how to proceed to diagnose this from the directory server because events like these usually indicate something is happening at the TCP/IP layer. I would be really interested to see if you continued to have problems if you shut off the load balancer completely and just contacted the directory server via the loopback interface. > What about the network file descriptor is not connected error? > It's similar to the B4 - it means there was a problem with the connection to the client. > Thanks. > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson > Sent: Monday, February 11, 2008 7:43 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected > > Richard Hesse wrote: > >> Started to play with FDS 1.1 for some dogfood testing. After running for 10-15 minutes, the server stopped responding to network requests and went silent. The process was running, the error log was updating with the ldbm event loop, but no socket requests were fulfilled. Checking the access log, I saw this: >> >> [12/Feb/2008:01:47:58 +0000] conn=71108 op=-1 fd=79 closed error 107 (Transport endpoint is not connected) - Network file descriptor is not connected. >> [12/Feb/2008:01:47:59 +0000] conn=71007 op=60 fd=69 closed - B4 >> [12/Feb/2008:01:48:00 +0000] conn=71003 op=48 fd=68 closed - B4 >> [12/Feb/2008:01:48:01 +0000] conn=71017 op=47 fd=72 closed - B4 >> [12/Feb/2008:01:48:06 +0000] conn=71102 op=2 fd=66 closed - B4 >> [12/Feb/2008:01:48:07 +0000] conn=71103 op=2 fd=70 closed - B4 >> [12/Feb/2008:01:48:07 +0000] conn=71040 op=10 fd=76 closed - B4 >> >> Any ideas or suggestions on how to approach troubleshooting this issue would be greatly appreciated. >> >> > B4 means SLAPD_DISCONNECT_BER_FLUSH - this usually means the client has reset or closed the connection while the server was attempting to send a response. > > http://www.redhat.com/docs/manuals/dir-server/cli/8.0/Configuration_Command_File_Reference-Access_Log_and_Connection_Code_Reference-Common_Connection_Codes.html > > Do you have a firewall or some other network device? > >> Thanks. >> >> -richard >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iferreir at personal.com.py Fri Feb 15 20:12:32 2008 From: iferreir at personal.com.py (Ivan Ferreira) Date: Fri, 15 Feb 2008 17:12:32 -0300 Subject: [Fedora-directory-users] Multiple masters and Round Robin DNS In-Reply-To: Message-ID: You can replicate o=netscaperoot. Managing Console Failover If you have a multi-master installation with o=NetscapeRoot replicated between your two suppliers, server1 and server2, you can modify the Console on the second server (server2) so that it uses server2?s instance instead of server1?s. (By default, writes with server2?s Console would be made to server1 then replicated over.) Para "General discussion list for the Fedora Directory server "Eddie C" project." fedora-directory-users-b cc ounces at redhat.com Asunto 15/02/2008 04:57 p.m. Re: [Fedora-directory-users] Multiple masters and Round Robin DNS Clasificaci?n Por favor, responda a Uso Interno "General discussion list for the Fedora Directory server project." I am fairly sure you can not replicate the Netscape Root DB. It has information inside it that is specific to the installation of that server. I would suggest you create another tree for your data and replicate that. On Fri, Feb 15, 2008 at 2:50 PM, Doug Chapman wrote: > After setting up 2 servers with multi-master replication, I added them both > to a DNS record so users will go to either server. > > Both servers are replicating the NetscapeRoot DB to each other. I made a > schema change to one and restarted it- only to see it hang. I waited some > 15minutes, and then discovered with netstat that it had a bunch of open ldap > connections to itself, which weren't timing out or going away. > > After I removed the IP from DNS (disabled round robin dns) for the server I > was trying to shutdown , the server shutdown right away. > > I'm guessing somewhere there's a configuration that needs to be pointed to > the other master server? > > How are others doing load balancing/fail over ? > > > tia > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users ======================================================================================== AVISO LEGAL: Esta informaci?n es privada y confidencial y est? dirigida ?nicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha informaci?n por favor elimine el mensaje. La distribuci?n o copia de este mensaje est? estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de informaci?n y no debe ser considerada como propuesta, aceptaci?n ni como una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de e-mails no garantiza que el correo electr?nico sea seguro o libre de error. Por consiguiente, no manifestamos que esta informaci?n sea completa o precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. From rmeggins at redhat.com Fri Feb 15 20:13:12 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 15 Feb 2008 13:13:12 -0700 Subject: [Fedora-directory-users] Multiple masters and Round Robin DNS In-Reply-To: References: Message-ID: <47B5F258.3020204@redhat.com> Ivan Ferreira wrote: > You can replicate o=netscaperoot. > > > Managing Console Failover > If you have a multi-master installation with o=NetscapeRoot replicated > between > your two suppliers, server1 and server2, you can modify the Console on the > second server (server2) so that it uses server2?s instance instead of > server1?s. (By > default, writes with server2?s Console would be made to server1 then > replicated > over.) > See http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html That's "ADS" meaning "A Directory Server" not "Active Directory Server" :P > > > > > > > Para > "General discussion list for the > Fedora Directory server > "Eddie C" project." > Enviado por: om> > fedora-directory-users-b cc > ounces at redhat.com > Asunto > 15/02/2008 04:57 p.m. Re: [Fedora-directory-users] > Multiple masters and Round Robin > DNS > Clasificaci?n > Por favor, responda a Uso Interno > "General discussion list > for the Fedora Directory > server project." > redhat.com> > > > > > > > I am fairly sure you can not replicate the Netscape Root DB. It has > information inside it that is specific to the installation of that > server. I would suggest you create another tree for your data and > replicate that. > > On Fri, Feb 15, 2008 at 2:50 PM, Doug Chapman wrote: > >> After setting up 2 servers with multi-master replication, I added them >> > both > >> to a DNS record so users will go to either server. >> >> Both servers are replicating the NetscapeRoot DB to each other. I made a >> schema change to one and restarted it- only to see it hang. I waited >> > some > >> 15minutes, and then discovered with netstat that it had a bunch of open >> > ldap > >> connections to itself, which weren't timing out or going away. >> >> After I removed the IP from DNS (disabled round robin dns) for the server >> > I > >> was trying to shutdown , the server shutdown right away. >> >> I'm guessing somewhere there's a configuration that needs to be pointed >> > to > >> the other master server? >> >> How are others doing load balancing/fail over ? >> >> >> tia >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ======================================================================================== > AVISO LEGAL: Esta informaci?n es privada y confidencial y est? dirigida > ?nicamente a su destinatario. Si usted no es el destinatario original de > este mensaje y por este medio pudo acceder a dicha informaci?n por favor > elimine el mensaje. La distribuci?n o copia de este mensaje est? > estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de > informaci?n y no debe ser considerada como propuesta, aceptaci?n ni como > una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de > e-mails no garantiza que el correo electr?nico sea seguro o libre de error. > Por consiguiente, no manifestamos que esta informaci?n sea completa o > precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso. > > This information is private and confidential and intended for the > recipient only. If you are not the intended recipient of this message you > are hereby notified that any review, dissemination, distribution or > copying of this message is strictly prohibited. This communication is for > information purposes only and shall not be regarded neither as a proposal, > acceptance nor as a statement of will or official statement from NUCLEO > S.A. . Email transmission cannot be guaranteed to be secure or error-free. > Therefore, we do not represent that this information is complete or > accurate and it should not be relied upon as such. All information is > subject to change without notice. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Feb 15 20:23:01 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 15 Feb 2008 13:23:01 -0700 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: References: Message-ID: <47B5F4A5.10700@redhat.com> Richard Hesse wrote: > Eh sorry about this but it appears that my original hunch was correct. > The 1.1 DS instance did indeed hang again recently. I was able to > check a localhost query and that failed, too. So the problem > definitely appears to be a hang in the FDS code somewhere. The > question is, how do I go about debugging this? Strace doesn?t show > much at all. Enabling debug trace logging kills the server. Any ideas? > Thanks. What sort of application(s) are you using to generate a load against the directory server? What does logconv.pl /var/log/dirsrv/slapd-instance/access say? If TRACE level logging is too expensive, you might try 8 Connection management http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Fri Feb 15 20:38:42 2008 From: richard at powerset.com (Richard Hesse) Date: Fri, 15 Feb 2008 12:38:42 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: <47B5F4A5.10700@redhat.com> Message-ID: Thanks Richard, I?ll give connection management a whirl. Here?s the log parser output (nice util btw): ----------- Access Log Output ------------ Restarts: 0 Total Connections: 4820 Peak Concurrent Connections: 19 Total Operations: 18017 Total Results: 18129 Overall Performance: 100.0% Searches: 9960 Modifications: 6 Adds: 0 Deletes: 0 Mod RDNs: 0 Persistent Searches: 0 Internal Operations: 0 Entry Operations: 0 Extended Operations: 3224 Abandoned Requests: 0 Smart Referrals Received: 0 VLV Operations: 0 VLV Unindexed Searches: 0 SORT Operations: 0 SSL Connections: 1613 Entire Search Base Queries: 820 Unindexed Searches: 0 FDs Taken: 4828 FDs Returned: 4817 Highest FD Taken: 109 Broken Pipes: 0 Connections Reset By Peer: 0 Resource Unavailable: 17 - 17 (T1) Idle Timeout Exceeded Binds: 4827 Unbinds: 65 LDAP v2 Binds: 0 LDAP v3 Binds: 4827 SSL Client Binds: 0 Failed SSL Client Binds: 0 SASL Binds: 0 Directory Manager Binds: 0 Anonymous Binds: 4813 Other Binds: 14 On 2/15/08 12:23 PM, "Rich Megginson" wrote: > Richard Hesse wrote: >> Eh sorry about this but it appears that my original hunch was correct. >> The 1.1 DS instance did indeed hang again recently. I was able to >> check a localhost query and that failed, too. So the problem >> definitely appears to be a hang in the FDS code somewhere. The >> question is, how do I go about debugging this? Strace doesn?t show >> much at all. Enabling debug trace logging kills the server. Any ideas? >> Thanks. > What sort of application(s) are you using to generate a load against the > directory server? > > What does logconv.pl /var/log/dirsrv/slapd-instance/access say? > > If TRACE level logging is too expensive, you might try 8 Connection > management > http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting > > From rmeggins at redhat.com Fri Feb 15 20:53:04 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 15 Feb 2008 13:53:04 -0700 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: References: Message-ID: <47B5FBB0.2010101@redhat.com> Richard Hesse wrote: > Thanks Richard, I?ll give connection management a whirl. > What is the application which is generating this load? > Here?s the log parser output (nice util btw): > > ----------- Access Log Output ------------ > > Restarts: 0 > > Total Connections: 4820 > Peak Concurrent Connections: 19 > Total Operations: 18017 > Total Results: 18129 > Overall Performance: 100.0% > > Searches: 9960 > Modifications: 6 > Adds: 0 > Deletes: 0 > Mod RDNs: 0 > > Persistent Searches: 0 > Internal Operations: 0 > Entry Operations: 0 > Extended Operations: 3224 > Abandoned Requests: 0 > Smart Referrals Received: 0 > > VLV Operations: 0 > VLV Unindexed Searches: 0 > SORT Operations: 0 > SSL Connections: 1613 > > Entire Search Base Queries: 820 > Unindexed Searches: 0 > > FDs Taken: 4828 > FDs Returned: 4817 > Highest FD Taken: 109 > > Broken Pipes: 0 > Connections Reset By Peer: 0 > Resource Unavailable: 17 > - 17 (T1) Idle Timeout Exceeded > > Binds: 4827 > Unbinds: 65 > > LDAP v2 Binds: 0 > LDAP v3 Binds: 4827 > SSL Client Binds: 0 > Failed SSL Client Binds: 0 > SASL Binds: 0 > > Directory Manager Binds: 0 > Anonymous Binds: 4813 > Other Binds: 14 > > > > On 2/15/08 12:23 PM, "Rich Megginson" wrote: > > >> Richard Hesse wrote: >> >>> Eh sorry about this but it appears that my original hunch was correct. >>> The 1.1 DS instance did indeed hang again recently. I was able to >>> check a localhost query and that failed, too. So the problem >>> definitely appears to be a hang in the FDS code somewhere. The >>> question is, how do I go about debugging this? Strace doesn?t show >>> much at all. Enabling debug trace logging kills the server. Any ideas? >>> Thanks. >>> >> What sort of application(s) are you using to generate a load against the >> directory server? >> >> What does logconv.pl /var/log/dirsrv/slapd-instance/access say? >> >> If TRACE level logging is too expensive, you might try 8 Connection >> management >> http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting >> >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Fri Feb 15 21:59:52 2008 From: richard at powerset.com (Richard Hesse) Date: Fri, 15 Feb 2008 13:59:52 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: <47B5FBB0.2010101@redhat.com> Message-ID: nsswitch posix users/groups, ssh, sudo, puppet (config management), and internally written applications. -richard On 2/15/08 12:53 PM, "Rich Megginson" wrote: > What is the application which is generating this load? From rmeggins at redhat.com Fri Feb 15 22:11:47 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 15 Feb 2008 15:11:47 -0700 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: References: Message-ID: <47B60E23.5060802@redhat.com> Richard Hesse wrote: > nsswitch posix users/groups, Are you using nscd? > ssh, sudo, puppet (config management), and > internally written applications. > > -richard > > On 2/15/08 12:53 PM, "Rich Megginson" wrote: > > >> What is the application which is generating this load? >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Fri Feb 15 22:50:02 2008 From: richard at powerset.com (Richard Hesse) Date: Fri, 15 Feb 2008 14:50:02 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: <47B60E23.5060802@redhat.com> Message-ID: Yes, every host (except the ldap hosts) runs nscd. The ldap servers are not configured to use directory data for anything. -richard On 2/15/08 2:11 PM, "Rich Megginson" wrote: > Richard Hesse wrote: >> nsswitch posix users/groups, > Are you using nscd? >> ssh, sudo, puppet (config management), and >> internally written applications. >> >> -richard >> >> On 2/15/08 12:53 PM, "Rich Megginson" wrote: >> >> >>> What is the application which is generating this load? >>> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > From ipvx.low at gmail.com Mon Feb 18 03:07:34 2008 From: ipvx.low at gmail.com (Low Kian Seong) Date: Mon, 18 Feb 2008 11:07:34 +0800 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server Message-ID: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> Dear all, I have installed fedora directory server version : fedora-ds-1.0.4-1.RHEL4. This ldap server integrates with postfix and our radius server. My problem is when I check the access log I see this error .[18/Feb/2008:11:04:51 +0800] conn=72887 op=-1 fd=593 closed error 11 (Resource temporarily unavailable) - T1 [18/Feb/2008:11:04:54 +0800] conn=72898 op=-1 fd=666 closed error 11 (Resource temporarily unavailable) - T1 [18/Feb/2008:11:05:22 +0800] conn=72895 op=-1 fd=605 closed error 11 (Resource temporarily unavailable) - T1 occuring again and again very frequently. I have already tuned the server according to the tuning guide on fedora directory server site. This is my sysctl.conf : # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 net.ipv4.ip_local_port_range = 1024 65000 fs.file-max = 128000 net.ipv4.tcp_keepalive_time = 300 Am I missing something that I haven't done ? From satish at suburbia.org.au Mon Feb 18 04:08:04 2008 From: satish at suburbia.org.au (Satish Chetty) Date: Sun, 17 Feb 2008 20:08:04 -0800 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> Message-ID: <47B904A4.9010705@suburbia.org.au> Low, What is the load on the system? Also, when you see this error, does the LDAP respond to any ldap queries (getent or ladpsearch)? -Satish. Low Kian Seong wrote: > Dear all, > > I have installed fedora directory server version : > fedora-ds-1.0.4-1.RHEL4. This ldap server integrates with postfix and > our radius server. My problem is when I check the access log I see > this error > > .[18/Feb/2008:11:04:51 +0800] conn=72887 op=-1 fd=593 closed error 11 > (Resource temporarily unavailable) - T1 > [18/Feb/2008:11:04:54 +0800] conn=72898 op=-1 fd=666 closed error 11 > (Resource temporarily unavailable) - T1 > [18/Feb/2008:11:05:22 +0800] conn=72895 op=-1 fd=605 closed error 11 > (Resource temporarily unavailable) - T1 > > occuring again and again very frequently. I have already tuned the > server according to the tuning guide on fedora directory server site. > This is my sysctl.conf : > > > # Kernel sysctl configuration file for Red Hat Linux > # > # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > # sysctl.conf(5) for more details. > > # Controls IP packet forwarding > net.ipv4.ip_forward = 0 > > # Controls source route verification > net.ipv4.conf.default.rp_filter = 1 > > # Do not accept source routing > net.ipv4.conf.default.accept_source_route = 0 > > # Controls the System Request debugging functionality of the kernel > kernel.sysrq = 0 > > # Controls whether core dumps will append the PID to the core filename. > # Useful for debugging multi-threaded applications. > kernel.core_uses_pid = 1 > net.ipv4.ip_local_port_range = 1024 65000 > fs.file-max = 128000 > net.ipv4.tcp_keepalive_time = 300 > > Am I missing something that I haven't done ? > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From ajeet.singh.raina at logicacmg.com Mon Feb 18 05:22:11 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 18 Feb 2008 10:52:11 +0530 Subject: [Fedora-directory-users] ACI for Netgroup????? Message-ID: <0139539A634FD04A99C9B8880AB70CB207C5D609@in-ex004.groupinfra.com> My Senior system Admin who has left the organization has NIS configured with /etc/netgroups file. All I can see he has all together 11 entries as netgroups as: ------------------------------------------------------------------------ - File : /etc/netgroups ------------------------------------------------------------------------ - 24 homegrp grp1 homegrp2 25 26 grp1 (bl015470, ,goeast), (bl025470, ,goeast) 27 #homegrp2 bl065470 bl035470 28 29 linux lynx_bm lynx_psa lynx_uic lynx_uone lynx_omg lynx_desk 30 unix (bl015470, ,goeast) (bl025470, ,goeast) (bl035470, ,goeast) (bl 065470, ,goeast) (bl312470, ,goeast) (blrccase, ,goeast) (arsenic, ,goeast) (nio bids, ,goeast) (ogygia, ,goeast) (bl49acls, ,goeast) (bl46acls, ,goeast) (agnes, , goeast) (bl43acls, ,goeast) 31 sun (laurel, ,goeast) (u1-sb01, ,goeast) (BLVM04, ,goeast) (BLVM07, ,goeast) (BLVM08, ,goeast) (BLVM09, ,goeast) (STAMFORD, ,goeast) 32 33 lynx_bm (BL21DL385, ,goeast) 34 lynx_psa (Linuxdev106, ,goeast) (BL48DL385, ,goeast) 35 lynx_uic (bl01ln-dev, ,goeast) (bl02ln-bld, ,goeast) 36 lynx_uone (BLVM01, ,goeast) (BLVM02, ,goeast) (BLVM03, ,goeast) ( BLVM05, ,goeast) (BLVM06, ,goeast) (ccase-u1, ,goeast) 37 lynx_omg (BL14DL385, ,goeast) 38 lynx_desk (agile8, ,goeast) --------------------------------------------------------------- All I did is tried running the migration script simply and imported it to the Fedora DS Database. The excerpt of the ldif file is : ------------------------------------------------------------------------ -- File : netgroup.ldif ------------------------------------------------------------------------ -- dn: cn=homegrp,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: homegrp memberNisNetgroup: grp1 memberNisNetgroup: homegrp2 dn: cn=grp1,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: grp1 nisNetgroupTriple: (bl015470, nisNetgroupTriple: (bl025470, memberNisNetgroup: ,goeast) memberNisNetgroup: ,goeast), dn: cn=linux,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: linux memberNisNetgroup: lynx_bm memberNisNetgroup: lynx_desk memberNisNetgroup: lynx_omg memberNisNetgroup: lynx_psa memberNisNetgroup: lynx_uic memberNisNetgroup: lynx_uone dn: cn=unix,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: unix nisNetgroupTriple: (agnes, nisNetgroupTriple: (arsenic, nisNetgroupTriple: (bl015470, nisNetgroupTriple: (bl025470, nisNetgroupTriple: (bl035470, nisNetgroupTriple: (bl065470, nisNetgroupTriple: (bl312470, nisNetgroupTriple: (bl43acls, nisNetgroupTriple: (bl46acls, nisNetgroupTriple: (bl49acls, nisNetgroupTriple: (blrccase, nisNetgroupTriple: (niobids, memberNisNetgroup: , memberNisNetgroup: ,goeast) memberNisNetgroup: goeast) dn: cn=sun,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: sun nisNetgroupTriple: (BLVM04, nisNetgroupTriple: (BLVM07, nisNetgroupTriple: (BLVM08, nisNetgroupTriple: (BLVM09, nisNetgroupTriple: (STAMFORD, nisNetgroupTriple: (laurel, nisNetgroupTriple: (u1-sb01, memberNisNetgroup: ,goeast) dn: cn=lynx_bm,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: lynx_bm nisNetgroupTriple: (BL21DL385, memberNisNetgroup: ,goeast) dn: cn=lynx_psa,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: lynx_psa nisNetgroupTriple: (BL48DL385, nisNetgroupTriple: (Linuxdev106, memberNisNetgroup: ,goeast) dn: cn=lynx_uic,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: lynx_uic nisNetgroupTriple: (bl01ln-dev, nisNetgroupTriple: (bl02ln-bld, memberNisNetgroup: ,goeast) dn: cn=lynx_uone,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top ------------------------------------------------------- I changed the ou=NetGoup to ou=netgroups as my Directory Server > Directory Tab > im > netgroups folder was there.(Will NetGroup will work?I don't think so) I imported it to fedora DS and it showed no error in that process. The getent netgroup is also working. Can you help me Now How can I create ACL...Say I have one project named lynx_uone and all I want not to let it to access the other projects.Pls Help me in this regard. Will it work? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Mon Feb 18 06:50:24 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 18 Feb 2008 12:20:24 +0530 Subject: [Fedora-directory-users] RE: ACI for Netgroup????? Message-ID: <0139539A634FD04A99C9B8880AB70CB207C5D849@in-ex004.groupinfra.com> Further to this , What I attempted is I added a netgroup entry like the same: dn: cn=QAUsers,ou=Netgroup,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: QAUsers nisNetgroupTriple: (,bobby,im.logica.com) nisNetgroupTriple: (,joey,im.logica.com) description: All QA users in my organization Next, I created another netgroup QASytsems like this : dn: cn=QASystems,ou=Netgroup,dc=example,dc=com objectClass: nisNetgroup objectClass: top cn: QASystems nisNetgroupTriple: (pem,,im.logica.com) nisNetgroupTriple: (pemy,,im.logica.com) description: All QA systems on our network The above example I took from the same link http://directory.fedoraproject.org/wiki/Howto:Netgroups but couldn't understand further about setting up access.conf..Is this for client or server?Confused !!! I tried this too. Ok...Say, I created a user skour and set up acls on QASystems : ------------------------------------------------------------------------ --------------------------------------- (targetattr = "*") (target = "ldap:///cn=QASystems,ou=netgroups,dc=im,dc=logica,dc=com") (version 3.0;acl "No Access to skour";deny (all)(userdn = "ldap:///uid=skour,ou=People,dc=im,dc=logica,dc=com") and (ip="10.14.242.93");) It should work Right. But when I am trying loggig from 10.14.242.93 system as skour and password it is allowing to login. Any idea why its not working?? ________________________________ From: Singh Raina, Ajeet Sent: Monday, February 18, 2008 10:52 AM To: 'fedora-directory-users at redhat.com' Subject: ACI for Netgroup????? My Senior system Admin who has left the organization has NIS configured with /etc/netgroups file. All I can see he has all together 11 entries as netgroups as: ------------------------------------------------------------------------ - File : /etc/netgroups ------------------------------------------------------------------------ - 24 homegrp grp1 homegrp2 25 26 grp1 (bl015470, ,goeast), (bl025470, ,goeast) 27 #homegrp2 bl065470 bl035470 28 29 linux lynx_bm lynx_psa lynx_uic lynx_uone lynx_omg lynx_desk 30 unix (bl015470, ,goeast) (bl025470, ,goeast) (bl035470, ,goeast) (bl 065470, ,goeast) (bl312470, ,goeast) (blrccase, ,goeast) (arsenic, ,goeast) (nio bids, ,goeast) (ogygia, ,goeast) (bl49acls, ,goeast) (bl46acls, ,goeast) (agnes, , goeast) (bl43acls, ,goeast) 31 sun (laurel, ,goeast) (u1-sb01, ,goeast) (BLVM04, ,goeast) (BLVM07, ,goeast) (BLVM08, ,goeast) (BLVM09, ,goeast) (STAMFORD, ,goeast) 32 33 lynx_bm (BL21DL385, ,goeast) 34 lynx_psa (Linuxdev106, ,goeast) (BL48DL385, ,goeast) 35 lynx_uic (bl01ln-dev, ,goeast) (bl02ln-bld, ,goeast) 36 lynx_uone (BLVM01, ,goeast) (BLVM02, ,goeast) (BLVM03, ,goeast) ( BLVM05, ,goeast) (BLVM06, ,goeast) (ccase-u1, ,goeast) 37 lynx_omg (BL14DL385, ,goeast) 38 lynx_desk (agile8, ,goeast) --------------------------------------------------------------- All I did is tried running the migration script simply and imported it to the Fedora DS Database. The excerpt of the ldif file is : ------------------------------------------------------------------------ -- File : netgroup.ldif ------------------------------------------------------------------------ -- dn: cn=homegrp,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: homegrp memberNisNetgroup: grp1 memberNisNetgroup: homegrp2 dn: cn=grp1,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: grp1 nisNetgroupTriple: (bl015470, nisNetgroupTriple: (bl025470, memberNisNetgroup: ,goeast) memberNisNetgroup: ,goeast), dn: cn=linux,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: linux memberNisNetgroup: lynx_bm memberNisNetgroup: lynx_desk memberNisNetgroup: lynx_omg memberNisNetgroup: lynx_psa memberNisNetgroup: lynx_uic memberNisNetgroup: lynx_uone dn: cn=unix,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: unix nisNetgroupTriple: (agnes, nisNetgroupTriple: (arsenic, nisNetgroupTriple: (bl015470, nisNetgroupTriple: (bl025470, nisNetgroupTriple: (bl035470, nisNetgroupTriple: (bl065470, nisNetgroupTriple: (bl312470, nisNetgroupTriple: (bl43acls, nisNetgroupTriple: (bl46acls, nisNetgroupTriple: (bl49acls, nisNetgroupTriple: (blrccase, nisNetgroupTriple: (niobids, memberNisNetgroup: , memberNisNetgroup: ,goeast) memberNisNetgroup: goeast) dn: cn=sun,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: sun nisNetgroupTriple: (BLVM04, nisNetgroupTriple: (BLVM07, nisNetgroupTriple: (BLVM08, nisNetgroupTriple: (BLVM09, nisNetgroupTriple: (STAMFORD, nisNetgroupTriple: (laurel, nisNetgroupTriple: (u1-sb01, memberNisNetgroup: ,goeast) dn: cn=lynx_bm,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: lynx_bm nisNetgroupTriple: (BL21DL385, memberNisNetgroup: ,goeast) dn: cn=lynx_psa,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: lynx_psa nisNetgroupTriple: (BL48DL385, nisNetgroupTriple: (Linuxdev106, memberNisNetgroup: ,goeast) dn: cn=lynx_uic,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: lynx_uic nisNetgroupTriple: (bl01ln-dev, nisNetgroupTriple: (bl02ln-bld, memberNisNetgroup: ,goeast) dn: cn=lynx_uone,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top ------------------------------------------------------- I changed the ou=NetGoup to ou=netgroups as my Directory Server > Directory Tab > im > netgroups folder was there.(Will NetGroup will work?I don't think so) I imported it to fedora DS and it showed no error in that process. The getent netgroup is also working. Can you help me Now How can I create ACL...Say I have one project named lynx_uone and all I want not to let it to access the other projects.Pls Help me in this regard. Will it work? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ipvx.low at gmail.com Mon Feb 18 06:51:00 2008 From: ipvx.low at gmail.com (Low Kian Seong) Date: Mon, 18 Feb 2008 14:51:00 +0800 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <47B904A4.9010705@suburbia.org.au> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> Message-ID: <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> This is running on a rhel4 and during this time it doesn't respond to ldap queries. On Feb 18, 2008 12:08 PM, Satish Chetty wrote: > Low, > What is the load on the system? Also, when you see this error, does the > LDAP respond to any ldap queries (getent or ladpsearch)? > > -Satish. > > > Low Kian Seong wrote: > > Dear all, > > > > I have installed fedora directory server version : > > fedora-ds-1.0.4-1.RHEL4. This ldap server integrates with postfix and > > our radius server. My problem is when I check the access log I see > > this error > > > > .[18/Feb/2008:11:04:51 +0800] conn=72887 op=-1 fd=593 closed error 11 > > (Resource temporarily unavailable) - T1 > > [18/Feb/2008:11:04:54 +0800] conn=72898 op=-1 fd=666 closed error 11 > > (Resource temporarily unavailable) - T1 > > [18/Feb/2008:11:05:22 +0800] conn=72895 op=-1 fd=605 closed error 11 > > (Resource temporarily unavailable) - T1 > > > > occuring again and again very frequently. I have already tuned the > > server according to the tuning guide on fedora directory server site. > > This is my sysctl.conf : > > > > > > # Kernel sysctl configuration file for Red Hat Linux > > # > > # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > > # sysctl.conf(5) for more details. > > > > # Controls IP packet forwarding > > net.ipv4.ip_forward = 0 > > > > # Controls source route verification > > net.ipv4.conf.default.rp_filter = 1 > > > > # Do not accept source routing > > net.ipv4.conf.default.accept_source_route = 0 > > > > # Controls the System Request debugging functionality of the kernel > > kernel.sysrq = 0 > > > > # Controls whether core dumps will append the PID to the core filename. > > # Useful for debugging multi-threaded applications. > > kernel.core_uses_pid = 1 > > net.ipv4.ip_local_port_range = 1024 65000 > > fs.file-max = 128000 > > net.ipv4.tcp_keepalive_time = 300 > > > > Am I missing something that I haven't done ? > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > From howard at cohtech.com Mon Feb 18 10:43:14 2008 From: howard at cohtech.com (Howard Wilkinson) Date: Mon, 18 Feb 2008 10:43:14 +0000 Subject: [Fedora-directory-users] Setting up Multiple Directory Servers - in a multi-master mesh. Having problems with admin server. In-Reply-To: <47B47FD5.8060101@redhat.com> References: <47B422B8.1070400@cohtech.com> <47B47FD5.8060101@redhat.com> Message-ID: <47B96142.3090506@cohtech.com> Rich Megginson wrote: > Howard Wilkinson wrote: >> We are configuring a new site which has a pair of Master servers and >> 2 "slave" servers. We have followed the following sequence of steps >> but have fallen at the last fence in getting all of the servers >> registered with admin servers. >> >> Install fresh copies of fedora-ds* 1.1 packages. >> Run setup-ds-admin.pl on the primary master (primary because it is >> the first one) >> Setup SSL access to server >> Create ROOTDNs. >> Populate server with initial data. >> >> Run setup-ds.pl on the secondary master and the 2 slaves. >> > Why did you run setup-ds.pl instead of setup-ds-admin.pl? >> >> Setup SSL access on these servers >> Create ROOTDNs >> Initiate multi-master replication for all roots from primary >> master to secondary master. >> Initiate ordinary replication from the primary master to each slave. >> Initiate ordinary replication from the secondary master to each >> slave. >> >> >> We are replicating o=NetscapeRoot as well as all of our Roots. >> >> The servers are setup using this inf file. >> >> [General] >> >> FullMachineName=${HOSTNAMEFQDN} >> >> SuiteSpotUserID=${LDAPUID} >> >> SuiteSpotGroup=${LDAPGID} >> >> ServerRoot=/usr/lib/fedora-ds >> >> AdminDomain=${MASTERDOMAIN} >> >> ConfigDirectoryAdminID=admin >> >> ConfigDirectoryAdminPwd=${ADMINPASSWD} >> >> >> ConfigDirectoryLdapURL=ldap://${MASTERHOSTFQDN}:${LDAPPORT}/o=NetscapeRoot >> >> >> UserDirectoryAdminID=admin >> >> UserDirectoryAdminPwd=${ADMINPASSWD} >> >> UserDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/${MASTERDN} >> >> #CACertificateURL= >> >> [slapd] >> >> SlapdConfigForMC=${SlapdConfigForMC} # Set to 1 on Master, 0 on >> all others >> >> SecurityOn=No >> >> UseExistingMC=${UseExistingMC} # Set to 0 on Master, 1 on all others >> >> UseExistingUG=0 >> >> ServerPort=${LDAPPORT} >> >> ServerIdentifier=${HOSTNAME} >> >> Suffix=dc=${MASTERDN} >> >> RootDN=cn=Directory Manager >> >> AddSampleEntries=No >> >> InstallLdifFile=none >> >> AddOrgEntries=No >> >> DisableSchemaChecking=No >> >> RootDNPwd=${DIRMANPASSWD} >> >> start_server=1 >> >> install_full_schema=1 >> >> [admin] >> >> SysUser=${LDAPUID} >> >> Port=${ADMINPORT} >> >> ServerIpAddress=* >> >> ServerAdminID=admin >> >> ServerAdminPwd=${ADMINPASSWD} >> >> ApacheDir=/usr/sbin/ >> >> ApacheRoot=/etc/httpd >> >> >> I then run up fedora-idm-console on the master. We can see the master >> server in the console but cannot see any of the others! > Not surprising since setup-ds.pl doesn't do any console/admin server > registration. Tried with setup-ds-admin.pl instead but still not working! What settings do I need in the inf file for the second and subsequent servers? >> >> What have we missed? What do we need to do to get this running and >> then switch each server over to using its local admin server (with >> replicated data from the master) >> >> Note we cannot get "register-ds-admin.pl" to do anything in this >> environment a sit just keeps asking for the server name and any input >> results in it asking again for the server name. > register-ds-admin.pl should work - can you provide more details? > Script output? On the master it never gets past asking for the password for the administrator. On the other hosts it will not accept any directory server name i.e. second prompt just cycles - but this may be an artifact of the failure of setup-ds-admin to register the server correctly anyway as we may have wrong settings in the inf file! >> >> Regards, Howard. >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Mon Feb 18 11:23:52 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 18 Feb 2008 16:53:52 +0530 Subject: [Fedora-directory-users] About Netgroup?? Message-ID: <0139539A634FD04A99C9B8880AB70CB207C5E004@in-ex004.groupinfra.com> Hi Rich, I have followed the doc Howto: Netgroup and just for testing created netgroup.ldif for two entries: dn: cn=QASystems,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: QASystems nisNetgroupTriple: (BL60ACLS,,im.logica.com) nisNetgroupTriple: (pem,,im.logica.com) dn: cn=QAUsers,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: QAUsers nisNetgroupTriple: (,bobby,im.logica.com) nisNetgroupTriple: (,joey,,im.logica.com) I did imported into Fedora DS.Now I have few queries. 1. Joey and Bobby : Should I have to create these users ? 2. Are these LDAP users which author is talking about? 3. When I click on netgroup in console it shows no users (same as ou=People).I can only browse through #getent netgroup QAUSers and it works then only. 4. I followed access.netgroup.conf entry as : + : @QaUsers@@QASystems: 10. But Wonder what is this all about Pls Help me with this. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Mon Feb 18 11:33:42 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Mon, 18 Feb 2008 17:03:42 +0530 Subject: [Fedora-directory-users] About Netgroup?? Message-ID: <0139539A634FD04A99C9B8880AB70CB207C5E05D@in-ex004.groupinfra.com> Sorry...This query is for all not only for Rich Thanks This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajeet.singh.raina at logicacmg.com Tue Feb 19 12:28:19 2008 From: ajeet.singh.raina at logicacmg.com (Singh Raina, Ajeet) Date: Tue, 19 Feb 2008 17:58:19 +0530 Subject: [Fedora-directory-users] Group ACLs?? Message-ID: <0139539A634FD04A99C9B8880AB70CB207C90085@in-ex004.groupinfra.com> Hi Guys, I have been playing around with Netgroup ACL but went into confusion.All I need now is Setting Up ACI for Groups. I Have 2 Groups - buildadm and agiledev. Around 50 users are in agiledev and 30 in buildadm.Now I tried to create the following ACL on buildadm through Fedora DS Console as: (targetattr = "*") (target = "ldap:///cn=buildadm,ou=Groups,dc=im,dc=logica,dc=com") (version 3.0;acl "";deny (all)(groupdn = "ldap:///cn=agiledev,ou=Groups,dc=im,dc=logica,dc=com") and (ip="10.14.242.*");) All it means is no user from Agiledev /IP address: 10.14.242.93 is allowed to login or access to Buildadm. Right ? Does it mean that? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Feb 19 18:04:37 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 19 Feb 2008 11:04:37 -0700 Subject: [Fedora-directory-users] Setting up Multiple Directory Servers - in a multi-master mesh. Having problems with admin server. In-Reply-To: <47B96142.3090506@cohtech.com> References: <47B422B8.1070400@cohtech.com> <47B47FD5.8060101@redhat.com> <47B96142.3090506@cohtech.com> Message-ID: <47BB1A35.6030402@redhat.com> Howard Wilkinson wrote: > Rich Megginson wrote: >> Howard Wilkinson wrote: >>> We are configuring a new site which has a pair of Master servers and >>> 2 "slave" servers. We have followed the following sequence of steps >>> but have fallen at the last fence in getting all of the servers >>> registered with admin servers. >>> >>> Install fresh copies of fedora-ds* 1.1 packages. >>> Run setup-ds-admin.pl on the primary master (primary because it is >>> the first one) >>> Setup SSL access to server >>> Create ROOTDNs. >>> Populate server with initial data. >>> >>> Run setup-ds.pl on the secondary master and the 2 slaves. >>> >> Why did you run setup-ds.pl instead of setup-ds-admin.pl? >>> >>> Setup SSL access on these servers >>> Create ROOTDNs >>> Initiate multi-master replication for all roots from primary >>> master to secondary master. >>> Initiate ordinary replication from the primary master to each >>> slave. >>> Initiate ordinary replication from the secondary master to each >>> slave. >>> >>> >>> We are replicating o=NetscapeRoot as well as all of our Roots. >>> >>> The servers are setup using this inf file. >>> >>> [General] >>> >>> FullMachineName=${HOSTNAMEFQDN} >>> >>> SuiteSpotUserID=${LDAPUID} >>> >>> SuiteSpotGroup=${LDAPGID} >>> >>> ServerRoot=/usr/lib/fedora-ds >>> >>> AdminDomain=${MASTERDOMAIN} >>> >>> ConfigDirectoryAdminID=admin >>> >>> ConfigDirectoryAdminPwd=${ADMINPASSWD} >>> >>> >>> ConfigDirectoryLdapURL=ldap://${MASTERHOSTFQDN}:${LDAPPORT}/o=NetscapeRoot >>> >>> >>> UserDirectoryAdminID=admin >>> >>> UserDirectoryAdminPwd=${ADMINPASSWD} >>> >>> UserDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/${MASTERDN} >>> >>> #CACertificateURL= >>> >>> [slapd] >>> >>> SlapdConfigForMC=${SlapdConfigForMC} # Set to 1 on Master, 0 on >>> all others >>> >>> SecurityOn=No >>> >>> UseExistingMC=${UseExistingMC} # Set to 0 on Master, 1 on all >>> others >>> >>> UseExistingUG=0 >>> >>> ServerPort=${LDAPPORT} >>> >>> ServerIdentifier=${HOSTNAME} >>> >>> Suffix=dc=${MASTERDN} >>> >>> RootDN=cn=Directory Manager >>> >>> AddSampleEntries=No >>> >>> InstallLdifFile=none >>> >>> AddOrgEntries=No >>> >>> DisableSchemaChecking=No >>> >>> RootDNPwd=${DIRMANPASSWD} >>> >>> start_server=1 >>> >>> install_full_schema=1 >>> >>> [admin] >>> >>> SysUser=${LDAPUID} >>> >>> Port=${ADMINPORT} >>> >>> ServerIpAddress=* >>> >>> ServerAdminID=admin >>> >>> ServerAdminPwd=${ADMINPASSWD} >>> >>> ApacheDir=/usr/sbin/ >>> >>> ApacheRoot=/etc/httpd >>> >>> >>> I then run up fedora-idm-console on the master. We can see the >>> master server in the console but cannot see any of the others! >> Not surprising since setup-ds.pl doesn't do any console/admin server >> registration. > Tried with setup-ds-admin.pl instead but still not working! What do you mean by not working? Does it hang? Give errors? Simply not do what you want it to? Note that if you ran setup-ds.pl before, it will have already created the directory server you wanted to create with setup-ds-admin.pl - setup-ds-admin.pl will only create additional directory server instances, not reregister/reconfigure existing ones. > What settings do I need in the inf file for the second and subsequent > servers? You at least need a new server identifier and a new port to create an additional instance on the same machine that already has a directory server instance. >>> >>> What have we missed? What do we need to do to get this running and >>> then switch each server over to using its local admin server (with >>> replicated data from the master) >>> >>> Note we cannot get "register-ds-admin.pl" to do anything in this >>> environment a sit just keeps asking for the server name and any >>> input results in it asking again for the server name. >> register-ds-admin.pl should work - can you provide more details? >> Script output? > On the master it never gets past asking for the password for the > administrator. > On the other hosts it will not accept any directory server name i.e. > second prompt just cycles - but this may be an artifact of the failure > of setup-ds-admin to register the server correctly anyway as we may > have wrong settings in the inf file! I'm just not sure what's going on. You're having multiple problems that may be due to DNS/NIS configuration or old files left around from previous incomplete installs or ??? If you can, I suggest you start over from scratch - yum erase svrcore idm-console-framework then rm -rf /etc/dirsrv /usr/lib/dirsrv rm -rf `find /var -name dirsrv -print` Then reinstall and use setup-ds-admin.pl for your primary machine with your configuration DS then subsequent installs on other machines. >>> >>> Regards, Howard. >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Feb 19 18:20:30 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 19 Feb 2008 11:20:30 -0700 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> Message-ID: <47BB1DEE.7010807@redhat.com> Low Kian Seong wrote: > This is running on a rhel4 and during this time it doesn't respond to > ldap queries. > run /opt/fedora-ds/bin/slapd/admin/bin/logconf.pl /opt/fedora-ds/slapd-yourinstance/logs/access > On Feb 18, 2008 12:08 PM, Satish Chetty wrote: > >> Low, >> What is the load on the system? Also, when you see this error, does the >> LDAP respond to any ldap queries (getent or ladpsearch)? >> >> -Satish. >> >> >> Low Kian Seong wrote: >> >>> Dear all, >>> >>> I have installed fedora directory server version : >>> fedora-ds-1.0.4-1.RHEL4. This ldap server integrates with postfix and >>> our radius server. My problem is when I check the access log I see >>> this error >>> >>> .[18/Feb/2008:11:04:51 +0800] conn=72887 op=-1 fd=593 closed error 11 >>> (Resource temporarily unavailable) - T1 >>> [18/Feb/2008:11:04:54 +0800] conn=72898 op=-1 fd=666 closed error 11 >>> (Resource temporarily unavailable) - T1 >>> [18/Feb/2008:11:05:22 +0800] conn=72895 op=-1 fd=605 closed error 11 >>> (Resource temporarily unavailable) - T1 >>> >>> occuring again and again very frequently. I have already tuned the >>> server according to the tuning guide on fedora directory server site. >>> This is my sysctl.conf : >>> >>> >>> # Kernel sysctl configuration file for Red Hat Linux >>> # >>> # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and >>> # sysctl.conf(5) for more details. >>> >>> # Controls IP packet forwarding >>> net.ipv4.ip_forward = 0 >>> >>> # Controls source route verification >>> net.ipv4.conf.default.rp_filter = 1 >>> >>> # Do not accept source routing >>> net.ipv4.conf.default.accept_source_route = 0 >>> >>> # Controls the System Request debugging functionality of the kernel >>> kernel.sysrq = 0 >>> >>> # Controls whether core dumps will append the PID to the core filename. >>> # Useful for debugging multi-threaded applications. >>> kernel.core_uses_pid = 1 >>> net.ipv4.ip_local_port_range = 1024 65000 >>> fs.file-max = 128000 >>> net.ipv4.tcp_keepalive_time = 300 >>> >>> Am I missing something that I haven't done ? >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Feb 19 18:23:19 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 19 Feb 2008 11:23:19 -0700 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: References: Message-ID: <47BB1E97.5050003@redhat.com> Richard Hesse wrote: > Yes, every host (except the ldap hosts) runs nscd. The ldap servers are not > configured to use directory data for anything. > I just don't know. I've not seen this before. I suppose you could try checking your kernel TCP/IP settings, and increasing the number of file descriptors used - http://directory.fedoraproject.org/wiki/Performance_Tuning > -richard > > > On 2/15/08 2:11 PM, "Rich Megginson" wrote: > > >> Richard Hesse wrote: >> >>> nsswitch posix users/groups, >>> >> Are you using nscd? >> >>> ssh, sudo, puppet (config management), and >>> internally written applications. >>> >>> -richard >>> >>> On 2/15/08 12:53 PM, "Rich Megginson" wrote: >>> >>> >>> >>>> What is the application which is generating this load? >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Tue Feb 19 23:02:04 2008 From: richard at powerset.com (Richard Hesse) Date: Tue, 19 Feb 2008 15:02:04 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: <47BB1E97.5050003@redhat.com> Message-ID: Not much new to report. The server hung again and the only thing in the error log with connection tracing is this: [18/Feb/2008:13:14:03 +0000] - PR_Write(41818752) Netscape Portable Runtime error -5961 (TCP connection reset by peer.) [18/Feb/2008:13:14:03 +0000] - ber_flush failed, error 104 (Connection reset by peer) Which doesn't look like much. As for network tuning, it's already been done. Max descriptors is set to 32768. Are there any gdb commands I can run while the server is in a hung state? I'm going to try running strace while the process is working, and hope for a hang. Maybe that will give us some more info. -richard On 2/19/08 10:23 AM, "Rich Megginson" wrote: > Richard Hesse wrote: >> Yes, every host (except the ldap hosts) runs nscd. The ldap servers are not >> configured to use directory data for anything. >> > I just don't know. I've not seen this before. I suppose you could try > checking your kernel TCP/IP settings, and increasing the number of file > descriptors used - > http://directory.fedoraproject.org/wiki/Performance_Tuning >> -richard >> >> >> On 2/15/08 2:11 PM, "Rich Megginson" wrote: >> >> >>> Richard Hesse wrote: >>> >>>> nsswitch posix users/groups, >>>> >>> Are you using nscd? >>> >>>> ssh, sudo, puppet (config management), and >>>> internally written applications. >>>> >>>> -richard >>>> >>>> On 2/15/08 12:53 PM, "Rich Megginson" wrote: >>>> >>>> >>>> >>>>> What is the application which is generating this load? >>>>> >>>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > From Ryan.Braun at ec.gc.ca Tue Feb 19 22:32:02 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Tue, 19 Feb 2008 22:32:02 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question Message-ID: <200802192232.02999.Ryan.Braun@ec.gc.ca> I've been working a little bit towards setting up a build environment for fds in debian. I've never actually built anything this complex, and in general my compiling experience is somewhat lacking. I'm trying to follow the write up at http://directory.fedoraproject.org/wiki/Building . Which states you have to build the mozilla components first. Here's where it gets interesting. nspr and nss are already installed on the systems by default. ii libnspr4-0d 1.8.0.15~pre080131b-0etch1 NetScape Portable Runtime Library ii libnspr4-dev 1.8.0.15~pre080131b-0etch1 Development files for the NetScape Portable ii libnss3-0d 1.8.0.15~pre080131b-0etch1 Network Security Service libraries ii libnss3-0d-dbg 1.8.0.15~pre080131b-0etch1 Development files for the Network Security S ii libnss3-dev 1.8.0.15~pre080131b-0etch1 Development files for the Network Security S ii libnss3-tools 1.8.0.15~pre080131b-0etch1 Network Security Service tools But they have a goofy version number dictated by the xulrunner package. http://packages.debian.org/source/etch/xulrunner ywgbuild:/usr/src/dsbuild/meta/ds# pkg-config --modversion xulrunner-nss 1.8.0.13pre ywgbuild:/usr/src/dsbuild/meta/ds# pkg-config --modversion xulrunner-nspr 4.6.7 Now, I'm not sure why nspr is reporting it's true version number, while nss is reporting the 1.8.0 version when it should be something like 3.10 or 3.11. And, I've been digging on the debian packages listings trying to figure out just which version nss is. Any idea how to pull the version number right out of the shared lib? Anyhow I moved on to try and build the next component, svrcore. I had to do some fudging with pkg-config (ln -s xulrunner-nspr.pc nspr.pc and ln -s xulrunner-nss.pc nss.pc) in order for svrcore's configure to work (prolly a RH vs debian package naming issue). So I ./configure --prefix=/opt/svrcore and it makes and make install's ok. I add /opt/svrcore/lib to ld.so.conf, and run ldconfig. ywgbuild:/opt/svrcore# strings /etc/ld.so.cache |grep svrcore libsvrcore.so.0 /opt/svrcore/lib/libsvrcore.so.0 libsvrcore.so /opt/svrcore/lib/libsvrcore.so ywgbuild:/opt/svrcore# pkg-config --modversion svrcore 4.0.4 Next on the list is the mozldap library ywgbuild:/usr/src/mozldap-6.0.5/mozilla/directory/c-sdk# ./configure --enable-clu --with-sasl --with-svrcore --enable-optimize --disable-debug --prefix=/opt/mozldap works ok. But then make throws this gcc -o ntuserpin.o -c -pipe -ansi -Wall -pthread -O2 -fPIC -UDEBUG -DNDEBUG=1 -DXP_UNIX=1 -D_POSIX_SOURCE=1 -D_BSD_SOURCE=1 -D_SVID_SOURCE=1 -D_LARGEFILE64_SOURCE=1 -DHAVE_FCNTL_FILE_LOCKING=1 -DLINUX=1 -Dlinux=1 -Di386=1 -DHAVE_LCHOWN=1 -DHAVE_STRERROR=1 -DHAVE_GETADDRINFO=1 -DHAVE_GETNAMEINFO=1 -DHAVE_SASL=1 -DHAVE_SASL_OPTIONS=1 -DLDAP_SASLIO_HOOKS=1 -D_REENTRANT=1 -DNET_SSL -DNO_LIBLCACHE -DLDAP_REFERRALS -DNS_DOMESTIC -DLINUX2_0 -DLINUX1_2 -DLINUX2_1 -DLDAP_TOOL_ARGPIN -DLDAP_TOOL_PKCS11 -DFORCE_PR_LOG -D_PR_PTHREADS -UHAVE_CVAR_BUILT_ON_SEM -I/usr/include/nss -I/usr/include/nspr -I/usr/include/nspr -I/usr/include/sasl -I../../../../../dist/public/ldap -I../../../ldap/include -I/opt/svrcore/include -I/usr/include/nspr -I/usr/include/nss ntuserpin.c c++ -o bin/ldapdelete ldapdelete.o common.o convutf8.o fileurl.o ldaptool-sasl.o argpin.o ntuserpin.o -L../../../../../dist/./lib -lssldap60 -lprldap60 -lldap60 -lldif60 -L../../../../../dist/lib -lsvrcore -lssl3 -lnss3 -lsoftokn3 -L/usr/lib -lplds4 -lplc4 -lnspr4 -lpthread -ldl -lplc4 -lplds4 -lnspr4 -lsasl2 -ldl -lresolv -lpthread /usr/bin/ld: cannot find -lsvrcore collect2: ld returned 1 exit status make[2]: *** [bin/ldapdelete] Error 1 ywgbuild:/tmp# strace -o out ld -l svrcore ld: cannot find -lsvrcore ywgbuild:/tmp# grep open out open("/etc/ld.so.cache", O_RDONLY) = 3 open("/usr/lib/libbfd-2.17.so", O_RDONLY) = 3 open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 open("a.out", O_RDWR|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 3 open("/usr/bin/../lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/bin/../lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/i486-linux-gnu/lib32/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/i486-linux-gnu/lib32/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/local/lib32/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/local/lib32/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/lib32/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/lib32/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib32/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib32/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/i486-linux-gnu/lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/i486-linux-gnu/lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/local/lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/local/lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/share/locale/locale.alias", O_RDONLY) = 4 open("/usr/share/locale/en_CA/LC_MESSAGES/ld.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/ld.mo", O_RDONLY) = -1 ENOENT (No such file or directory) So I'm not sure why ld doesn't want to look in /opt/svrcore/lib for the libsvrcore shared libs. it just looks in the default spots according to strace. Did I mess up somewhere? As a quick fix I just symlinked /opt/svrcore/lib/libsvrcore.(a|so) to /usr/lib and it built. mozldap doesn't make install apparently, but creates a dist directory symlinking all the built apps and libs. So I just copied /usr/src/mozldap-6.0.5/mozilla/dist to /opt/mozldap copying the files rather then preserving the symlinks. add /opt/mozldap/lib to ld.so.conf && ldconfig ywgbuild:/opt/mozldap/bin# strings /etc/ld.so.cache |grep mozldap /opt/mozldap/lib/libssldap60.so /opt/mozldap/lib/libprldap60.so /opt/mozldap/lib/libldif60.so /opt/mozldap/lib/libldap60.so So those libs look to be installed ok. I then hacked up a fedora mozldap.pc (the make process didn't generate one, but the mozldap.pc.in file is there..) ywgbuild:/tmp/usr/lib/pkgconfig# cat mozldap.pc prefix=/opt/mozldap exec_prefix=${prefix} libdir=${prefix}/lib includedir=${prefix}/include bindir=${prefix}/bin major=6 minor=0 submin=5 libsuffix=60 Name: mozldap Description: Mozilla LDAP C SDK Version: 6.0.5 Requires: nspr >= 4.6 , nss >= 1.8.0.13pre Libs: -lssldap60 -lprldap60 -lldap60 Cflags: -I${includedir} But again I end up in a spot where ld can't find the libs I just installed. So I symlynk'd everything in /opt/mozldap/lib to /usr/lib/ Then ld -lssldap60 -lprldap60 -lldap60 wouldn't complain about not being able to find the libs anymore. Now for perl-ldap export LDAPSDKINCDIR="/opt/mozldap/include" export LDAPSDKDIR="/opt/mozldap" export LDAPSDKLIBDIR="/opt/mozldap/lib" export NSPRINCDIR="/usr/include/nspr" export NSPRLIBDIR="/usr/lib" export NSSLIBDIR="/usr/lib" make would puke complaining about missing ldap-standard.h ln -s /opt/mozldap/public/ldap/ldap-standard.h /opt/mozldap/include/ldap-standard.h ywgbuild:/usr/src/perl-mozldap-1.5.2# make cc -c -I/opt/mozldap/include -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.5\" -DXS_VERSION=\"1.5\" -fPIC "-I/usr/lib/perl/5.8/CORE" -DUSE_SSL API.c Running Mkbootstrap for Mozilla::LDAP::API () chmod 644 API.bs rm -f blib/arch/auto/Mozilla/LDAP/API/API.so LD_RUN_PATH="/opt/mozldap/lib" LD_RUN_PATH=/opt/mozldap/lib cc -shared -L/usr/local/lib API.o -o blib/arch/auto/Mozilla/LDAP/API/API.so \ -L/opt/mozldap/lib -lssldap60 -lprldap60 -lldap60 -L/usr/lib -lssl3 -lnss3 -L/usr/lib -lplc4 -lnspr4 \ chmod 755 blib/arch/auto/Mozilla/LDAP/API/API.so cp API.bs blib/arch/auto/Mozilla/LDAP/API/API.bs chmod 644 blib/arch/auto/Mozilla/LDAP/API/API.bs Manifying blib/man3/Mozilla::LDAP::Conn.3pm Manifying blib/man3/Mozilla::LDAP::Utils.3pm Manifying blib/man3/Mozilla::LDAP::Entry.3pm Manifying blib/man3/Mozilla::LDAP::LDIF.3pm Manifying blib/man3/Mozilla::LDAP::API.3pm So where I'm at now, using sysyem nspr and nss, built mozldap and installed to /opt/mozldap, built svrcore and installed to /opt/svrcore and built perl-ldap, not installing it anywhere. So I figured I would give the newer dsbuild a shot at building the directory server. And it cranks away for a while then comes back with a message complaining about ldap agent and snmp. I initiated dsbuild with just a make command with no options. Here are the snmp packages installed ywgbuild:/usr/src/dsbuild/meta/ds# dpkg -l|grep snmp ii libsnmp-base 5.2.3-7etch2 NET SNMP (Simple Network Management Protocol ii libsnmp-perl 5.2.3-7etch2 NET SNMP (Simple Network Management Protocol ii libsnmp9 5.2.3-7etch2 NET SNMP (Simple Network Management Protocol ii libsnmp9-dev 5.2.3-7etch2 NET SNMP (Simple Network Management Protocol I've sent the last portion of the build process to pastebin if you want to have a look at http://www.pastebin.org/20301 but the guts of the issue is this 3]: Entering directory `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' /bin/sh ./libtool --tag=CC --mode=link gcc -g -o ldap-agent-bin ldap/servers/snmp/ldap_agent_bin-main.o ldap/servers/snmp/ldap_agent_bin-ldap-agent.o ldap/servers/slapd/ldap_agent_bin-agtmmap.o -lssldap60 -lprldap60 -lldap60 -lldif60 -lsasl2 -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib -lnetsnmpmibs -lnetsnmpagent -lnetsnmphelpers -lnetsnmp -lm -ldl -lsensors -lwrap -lwrap gcc -g -o ldap-agent-bin ldap/servers/snmp/ldap_agent_bin-main.o ldap/servers/snmp/ldap_agent_bin-ldap-agent.o ldap/servers/slapd/ldap_agent_bin-agtmmap.o -lssldap60 -lprldap60 -lldap60 -lldif60 /usr/lib/libsasl2.so -lresolv -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib /usr/lib/libnetsnmpmibs.so /usr/lib/libnetsnmpagent.so /usr/lib/libnetsnmphelpers.so /usr/lib/libnetsnmp.so -lcrypto -lm -ldl -lsensors -lwrap ldap/servers/snmp/ldap_agent_bin-ldap-agent.o: In function `init_ldap_agent': ldap/servers/snmp/ldap-agent.c:98: undefined reference to `CONTAINER_INSERT' collect2: ld returned 1 exit status make[3]: *** [ldap-agent-bin] Error 1 make[3]: Leaving directory `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' make[2]: *** [all] Error 2 make[2]: Leaving directory `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' make[1]: *** [build-work/fedora-ds-base-1.1.0/Makefile] Error 2 make[1]: Leaving directory `/usr/src/dsbuild/ds/ldapserver' make: *** [dep-../../ds/ldapserver] Error 2 make[ Any ideas? Ryan Braun Informatics Operations Aviation and Defence Services Division Chief Information Officer Branch, Environment Canada CIV: (204) 833-2500x2824 CSN: 257-2824 FAX: (204) 833-2524 E-Mail: Ryan.Braun at ec.gc.ca From rmeggins at redhat.com Wed Feb 20 00:04:18 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 19 Feb 2008 17:04:18 -0700 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: References: Message-ID: <47BB6E82.3050204@redhat.com> Richard Hesse wrote: > Not much new to report. The server hung again and the only thing in the > error log with connection tracing is this: > > [18/Feb/2008:13:14:03 +0000] - PR_Write(41818752) Netscape Portable Runtime > error -5961 (TCP connection reset by peer.) > [18/Feb/2008:13:14:03 +0000] - ber_flush failed, error 104 (Connection reset > by peer) > > Which doesn't look like much. Well, it tells me that the server was attempting to write to a socket, and got an error. -5961 is PR_CONNECT_RESET_ERROR which can occur if the system call returns either EPIPE or ECONNRESET. And error 104 is indeed ECONNRESET. /usr/include/asm-generic/errno.h:#define ECONNRESET 104 /* Connection reset by peer */ AFAICT, this can happen if the client shuts down the socket (for any number of reasons) but the server is still attempting to send data. In this case, the client will respond with a TCP RST. I'm not sure how or why this could happen. I'm open to other causes for ECONNRESET. What would be really, really interesting is if we could narrow this down to a particular client application and run ethereal on the connection. Are you using SSL? > As for network tuning, it's already been done. > > Max descriptors is set to 32768. > > Are there any gdb commands I can run while the server is in a hung state? > Sure. For whatever the cause of the ECONNRESET, it should not cause the server to hang, and it would be interesting to find out what it's doing. You'll have to install the fedora-ds-base-debuginfo package. Attach to the process - gdb /usr/sbin/ns-slapd Then, dump the thread stacks - (gdb) thread apply all bt If you want the output to go to a file, redirect gdb logging to a file first before doing the thread apply e.g. (gdb) set logging on (gdb) set logging file stack.txt > I'm going to try running strace while the process is working, and hope for a > hang. Maybe that will give us some more info. > > -richard > > On 2/19/08 10:23 AM, "Rich Megginson" wrote: > > >> Richard Hesse wrote: >> >>> Yes, every host (except the ldap hosts) runs nscd. The ldap servers are not >>> configured to use directory data for anything. >>> >>> >> I just don't know. I've not seen this before. I suppose you could try >> checking your kernel TCP/IP settings, and increasing the number of file >> descriptors used - >> http://directory.fedoraproject.org/wiki/Performance_Tuning >> >>> -richard >>> >>> >>> On 2/15/08 2:11 PM, "Rich Megginson" wrote: >>> >>> >>> >>>> Richard Hesse wrote: >>>> >>>> >>>>> nsswitch posix users/groups, >>>>> >>>>> >>>> Are you using nscd? >>>> >>>> >>>>> ssh, sudo, puppet (config management), and >>>>> internally written applications. >>>>> >>>>> -richard >>>>> >>>>> On 2/15/08 12:53 PM, "Rich Megginson" wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> What is the application which is generating this load? >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Feb 20 00:50:16 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 19 Feb 2008 17:50:16 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802192232.02999.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> Message-ID: <47BB7948.4050903@redhat.com> Ryan Braun wrote: > I've been working a little bit towards setting up a build environment for fds > in debian. > I've never actually built anything this complex, and in general > my compiling experience is somewhat lacking. I'm trying to follow the write > up at http://directory.fedoraproject.org/wiki/Building . Which states you > have to build the mozilla components first. Here's where it gets > interesting. > > nspr and nss are already installed on the systems by default. > > ii libnspr4-0d 1.8.0.15~pre080131b-0etch1 > NetScape Portable Runtime Library > ii libnspr4-dev 1.8.0.15~pre080131b-0etch1 > Development files for the NetScape Portable > ii libnss3-0d 1.8.0.15~pre080131b-0etch1 > Network Security Service libraries > ii libnss3-0d-dbg 1.8.0.15~pre080131b-0etch1 > Development files for the Network Security S > ii libnss3-dev 1.8.0.15~pre080131b-0etch1 > Development files for the Network Security S > ii libnss3-tools 1.8.0.15~pre080131b-0etch1 > Network Security Service tools > > > But they have a goofy version number dictated by the xulrunner package. > > http://packages.debian.org/source/etch/xulrunner > > ywgbuild:/usr/src/dsbuild/meta/ds# pkg-config --modversion xulrunner-nss > 1.8.0.13pre > ywgbuild:/usr/src/dsbuild/meta/ds# pkg-config --modversion xulrunner-nspr > 4.6.7 > > Now, I'm not sure why nspr is reporting it's true version number, while nss > is reporting the 1.8.0 version when it should be something like 3.10 or 3.11. > Because the debian etch nspr and nss are not "true" standalone NSPR and NSS packages - they are designed to work with xulrunner. This is similar to the situation in RHEL4 and older Fedora when nspr and nss were "provided" by firefox, but not really useful for building other apps to use them. > And, I've been digging on the debian packages listings trying to figure out > just which version nss is. Any idea how to pull the version number right out > of the shared lib? I'm not sure, but it looks to be a fairly recent NSS so that's ok. > Anyhow I moved on to try and build the next component, > svrcore. > > I had to do some fudging with pkg-config (ln -s xulrunner-nspr.pc nspr.pc and > ln -s xulrunner-nss.pc nss.pc) in order for svrcore's configure to work > (prolly a RH vs debian package naming issue). > The package for nspr should be called "nspr" (the real name) or "libnspr4" (the name of the package in debian). "xulrunner-nspr" is simply wrong. At any rate, you don't have to jump through these hoops with ln -s. You can just use svrcore/configure --with-nspr-inc=/usr/include/nspr --with-nss-inc=/usr/include/nss I don't think you will have to use --with-nspr-lib and --with-nss-lib since it should just find them in /usr/lib. Use svrcore/configure --help to see all of the available options. > So I ./configure --prefix=/opt/svrcore and it makes and make install's ok. > I add /opt/svrcore/lib to ld.so.conf, and run ldconfig. > > ywgbuild:/opt/svrcore# strings /etc/ld.so.cache |grep svrcore > libsvrcore.so.0 > /opt/svrcore/lib/libsvrcore.so.0 > libsvrcore.so > /opt/svrcore/lib/libsvrcore.so > ywgbuild:/opt/svrcore# pkg-config --modversion svrcore > 4.0.4 > > Next on the list is the mozldap library > > ywgbuild:/usr/src/mozldap-6.0.5/mozilla/directory/c-sdk# ./configure --enable-clu --with-sasl --with-svrcore --enable-optimize --disable-debug --prefix=/opt/mozldap > works ok. > But then make throws this > > gcc -o > ntuserpin.o -c -pipe -ansi -Wall -pthread -O2 -fPIC -UDEBUG -DNDEBUG=1 -DXP_UNIX=1 -D_POSIX_SOURCE=1 -D_BSD_SOURCE=1 -D_SVID_SOURCE=1 -D_LARGEFILE64_SOURCE=1 -DHAVE_FCNTL_FILE_LOCKING=1 -DLINUX=1 -Dlinux=1 -Di386=1 -DHAVE_LCHOWN=1 -DHAVE_STRERROR=1 -DHAVE_GETADDRINFO=1 -DHAVE_GETNAMEINFO=1 -DHAVE_SASL=1 -DHAVE_SASL_OPTIONS=1 -DLDAP_SASLIO_HOOKS=1 -D_REENTRANT=1 -DNET_SSL -DNO_LIBLCACHE -DLDAP_REFERRALS -DNS_DOMESTIC -DLINUX2_0 -DLINUX1_2 -DLINUX2_1 -DLDAP_TOOL_ARGPIN -DLDAP_TOOL_PKCS11 -DFORCE_PR_LOG -D_PR_PTHREADS -UHAVE_CVAR_BUILT_ON_SEM -I/usr/include/nss -I/usr/include/nspr -I/usr/include/nspr -I/usr/include/sasl -I../../../../../dist/public/ldap -I../../../ldap/include -I/opt/svrcore/include -I/usr/include/nspr -I/usr/include/nss > ntuserpin.c > c++ -o bin/ldapdelete ldapdelete.o common.o convutf8.o fileurl.o > ldaptool-sasl.o argpin.o > ntuserpin.o -L../../../../../dist/./lib -lssldap60 -lprldap60 -lldap60 -lldif60 -L../../../../../dist/lib -lsvrcore -lssl3 -lnss3 -lsoftokn3 -L/usr/lib -lplds4 -lplc4 -lnspr4 -lpthread -ldl -lplc4 -lplds4 -lnspr4 -lsasl2 -ldl -lresolv -lpthread > /usr/bin/ld: cannot find -lsvrcore > collect2: ld returned 1 exit status > make[2]: *** [bin/ldapdelete] Error 1 > > ywgbuild:/tmp# strace -o out ld -l svrcore > ld: cannot find -lsvrcore > ywgbuild:/tmp# grep open out > open("/etc/ld.so.cache", O_RDONLY) = 3 > open("/usr/lib/libbfd-2.17.so", O_RDONLY) = 3 > open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3 > open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 > open("a.out", O_RDWR|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 3 > open("/usr/bin/../lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No > such file or directory) > open("/usr/bin/../lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No > such file or directory) > open("/usr/i486-linux-gnu/lib32/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 > ENOENT (No such file or directory) > open("/usr/i486-linux-gnu/lib32/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 > ENOENT (No such file or directory) > open("/usr/local/lib32/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No > such file or directory) > open("/usr/local/lib32/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No > such file or directory) > open("/lib32/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file > or directory) > open("/lib32/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or > directory) > open("/usr/lib32/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such > file or directory) > open("/usr/lib32/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such > file or directory) > open("/usr/i486-linux-gnu/lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 > ENOENT (No such file or directory) > open("/usr/i486-linux-gnu/lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT > (No such file or directory) > open("/usr/local/lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No > such file or directory) > open("/usr/local/lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such > file or directory) > open("/lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or > directory) > open("/lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or > directory) > open("/usr/lib/libsvrcore.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file > or directory) > open("/usr/lib/libsvrcore.a", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file > or directory) > open("/usr/share/locale/locale.alias", O_RDONLY) = 4 > open("/usr/share/locale/en_CA/LC_MESSAGES/ld.mo", O_RDONLY) = -1 ENOENT (No > such file or directory) > open("/usr/share/locale/en/LC_MESSAGES/ld.mo", O_RDONLY) = -1 ENOENT (No such > file or directory) > > > So I'm not sure why ld doesn't want to look in /opt/svrcore/lib for the > libsvrcore shared libs. it just looks in the default spots according to > strace. Did I mess up somewhere? > > As a quick fix I just symlinked /opt/svrcore/lib/libsvrcore.(a|so) to /usr/lib > and it built. > Again, you don't have to do this, you can build mozldap with --with-svrcore=/opt/svrcore > mozldap doesn't make install apparently, but creates a dist directory > Take a look at dsbuild - dsbuild/ds/mozldap > symlinking all the built apps and libs. So I just > copied /usr/src/mozldap-6.0.5/mozilla/dist to /opt/mozldap copying the files > rather then preserving the symlinks. > > add /opt/mozldap/lib to ld.so.conf && ldconfig > ywgbuild:/opt/mozldap/bin# strings /etc/ld.so.cache |grep mozldap > /opt/mozldap/lib/libssldap60.so > /opt/mozldap/lib/libprldap60.so > /opt/mozldap/lib/libldif60.so > /opt/mozldap/lib/libldap60.so > > So those libs look to be installed ok. > > I then hacked up a fedora mozldap.pc (the make process didn't generate one, > but the mozldap.pc.in file is there..) > ywgbuild:/tmp/usr/lib/pkgconfig# cat mozldap.pc > prefix=/opt/mozldap > exec_prefix=${prefix} > libdir=${prefix}/lib > includedir=${prefix}/include > bindir=${prefix}/bin > major=6 > minor=0 > submin=5 > libsuffix=60 > > Name: mozldap > Description: Mozilla LDAP C SDK > Version: 6.0.5 > Requires: nspr >= 4.6 , nss >= 1.8.0.13pre > Libs: -lssldap60 -lprldap60 -lldap60 > Cflags: -I${includedir} > > But again I end up in a spot where ld can't find the libs I just installed. > So I symlynk'd everything in /opt/mozldap/lib to /usr/lib/ > Then ld -lssldap60 -lprldap60 -lldap60 wouldn't complain about not being able > to find the libs anymore. > > Now for perl-ldap > > export LDAPSDKINCDIR="/opt/mozldap/include" > export LDAPSDKDIR="/opt/mozldap" > export LDAPSDKLIBDIR="/opt/mozldap/lib" > export NSPRINCDIR="/usr/include/nspr" > export NSPRLIBDIR="/usr/lib" > export NSSLIBDIR="/usr/lib" > > make would puke complaining about missing ldap-standard.h > See how dsbuild/ds/perldap/Makefile does it. > ln -s /opt/mozldap/public/ldap/ldap-standard.h /opt/mozldap/include/ldap-standard.h > > ywgbuild:/usr/src/perl-mozldap-1.5.2# make > cc -c -I/opt/mozldap/include -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.5\" -DXS_VERSION=\"1.5\" -fPIC "-I/usr/lib/perl/5.8/CORE" -DUSE_SSL > API.c > Running Mkbootstrap for Mozilla::LDAP::API () > chmod 644 API.bs > rm -f blib/arch/auto/Mozilla/LDAP/API/API.so > LD_RUN_PATH="/opt/mozldap/lib" LD_RUN_PATH=/opt/mozldap/lib > cc -shared -L/usr/local/lib API.o -o blib/arch/auto/Mozilla/LDAP/API/API.so > \ > -L/opt/mozldap/lib -lssldap60 -lprldap60 -lldap60 -L/usr/lib -lssl3 -lnss3 -L/usr/lib -lplc4 -lnspr4 > \ > > chmod 755 blib/arch/auto/Mozilla/LDAP/API/API.so > cp API.bs blib/arch/auto/Mozilla/LDAP/API/API.bs > chmod 644 blib/arch/auto/Mozilla/LDAP/API/API.bs > Manifying blib/man3/Mozilla::LDAP::Conn.3pm > Manifying blib/man3/Mozilla::LDAP::Utils.3pm > Manifying blib/man3/Mozilla::LDAP::Entry.3pm > Manifying blib/man3/Mozilla::LDAP::LDIF.3pm > Manifying blib/man3/Mozilla::LDAP::API.3pm > > So where I'm at now, using sysyem nspr and nss, built mozldap and installed > to /opt/mozldap, built svrcore and installed to /opt/svrcore and built > perl-ldap, not installing it anywhere. > > So I figured I would give the newer dsbuild a shot at building the directory > server. And it cranks away for a while then comes back with a message > complaining about ldap agent and snmp. I initiated dsbuild with just a make > command with no options. > You should have used SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 by default, it will attempt to build and install into /opt/fedora-ds > Here are the snmp packages installed > ywgbuild:/usr/src/dsbuild/meta/ds# dpkg -l|grep snmp > ii libsnmp-base 5.2.3-7etch2 > NET SNMP (Simple Network Management Protocol > ii libsnmp-perl 5.2.3-7etch2 > NET SNMP (Simple Network Management Protocol > ii libsnmp9 5.2.3-7etch2 > NET SNMP (Simple Network Management Protocol > ii libsnmp9-dev 5.2.3-7etch2 > NET SNMP (Simple Network Management Protocol > > I've sent the last portion of the build process to pastebin if you want to > have a look at > > http://www.pastebin.org/20301 > > but the guts of the issue is this > > 3]: Entering directory > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > /bin/sh ./libtool --tag=CC --mode=link gcc -g -o ldap-agent-bin > ldap/servers/snmp/ldap_agent_bin-main.o > ldap/servers/snmp/ldap_agent_bin-ldap-agent.o > ldap/servers/slapd/ldap_agent_bin-agtmmap.o -lssldap60 -lprldap60 -lldap60 -lldif60 -lsasl2 -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib -lnetsnmpmibs -lnetsnmpagent -lnetsnmphelpers -lnetsnmp -lm -ldl -lsensors -lwrap -lwrap > gcc -g -o ldap-agent-bin ldap/servers/snmp/ldap_agent_bin-main.o > ldap/servers/snmp/ldap_agent_bin-ldap-agent.o > ldap/servers/slapd/ldap_agent_bin-agtmmap.o -lssldap60 -lprldap60 -lldap60 -lldif60 /usr/lib/libsasl2.so -lresolv -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib /usr/lib/libnetsnmpmibs.so /usr/lib/libnetsnmpagent.so /usr/lib/libnetsnmphelpers.so /usr/lib/libnetsnmp.so -lcrypto -lm -ldl -lsensors -lwrap > ldap/servers/snmp/ldap_agent_bin-ldap-agent.o: In function `init_ldap_agent': > ldap/servers/snmp/ldap-agent.c:98: undefined reference to `CONTAINER_INSERT' > collect2: ld returned 1 exit status > make[3]: *** [ldap-agent-bin] Error 1 > make[3]: Leaving directory > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > make[2]: *** [all] Error 2 > make[2]: Leaving directory > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > make[1]: *** [build-work/fedora-ds-base-1.1.0/Makefile] Error 2 > make[1]: Leaving directory `/usr/src/dsbuild/ds/ldapserver' > make: *** [dep-../../ds/ldapserver] Error 2 > make[ > > Any ideas? > Looks like perhaps NETSNMP_USE_INLINE is not defined for some reason - it expects CONTAINER_INSERT to be defined inline, but it's not, and not defined in any libraries either. Looks like on debian it expects you to define NETSNMP_USE_INLINE=1 explicitly even though it looks as though it was built that way. On RHEL/Fedora, it looks like the NETSNMP_USE_INLINE is implicit. > Ryan Braun > Informatics Operations > Aviation and Defence Services Division > Chief Information Officer Branch, Environment Canada > CIV: (204) 833-2500x2824 CSN: 257-2824 FAX: (204) 833-2524 > E-Mail: Ryan.Braun at ec.gc.ca > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ipvx.low at gmail.com Wed Feb 20 04:20:36 2008 From: ipvx.low at gmail.com (Low Kian Seong) Date: Wed, 20 Feb 2008 12:20:36 +0800 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <47BB1DEE.7010807@redhat.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> <47BB1DEE.7010807@redhat.com> Message-ID: <7cea65400802192020o32915bddyee33df6cea0bee3e@mail.gmail.com> this is what i got Access Log Analyzer 6.0 Command : logconv.pl /opt/fedora-ds/slapd-ldap1/logs/access Processing 1 Access Log(s)... Filename Total Lines Lines processed --------------------------------------------------------------- /opt/fedora-ds/slapd-ldap1/logs/access 162024 162024 ----------- Access Log Output ------------ Restarts: 0 Total Connections: 20511 Peak Concurrent Connections: 278 Total Operations: 57545 Total Results: 57600 Overall Performance: 100.0% Searches: 33737 Modifications: 2 Adds: 0 Deletes: 0 Mod RDNs: 0 6.x Stats Persistent Searches: 0 Internal Operations: 0 Entry Operations: 0 Extended Operations: 0 Abandoned Requests: 0 Smart Referrals Received: 0 VLV Operations: 3 VLV Unindexed Searches: 1 SORT Operations: 41 SSL Connections: 0 Entire Search Base Queries: 20 Unindexed Searches: 43 FDs Taken: 20511 FDs Returned: 20277 Highest FD Taken: 1404 Broken Pipes: 0 Connections Reset By Peer: 0 Resource Unavailable: 2743 - 2743 (T1) Idle Timeout Exceeded Binds: 23806 Unbinds: 6044 LDAP v2 Binds: 711 LDAP v3 Binds: 23095 SSL Client Binds: 0 Failed SSL Client Binds: 0 SASL Binds: 0 Directory Manager Binds: 13372 Anonymous Binds: 2670 Other Binds: 7764 On Feb 20, 2008 2:20 AM, Rich Megginson wrote: > Low Kian Seong wrote: > > This is running on a rhel4 and during this time it doesn't respond to > > ldap queries. > > > run /opt/fedora-ds/bin/slapd/admin/bin/logconf.pl > /opt/fedora-ds/slapd-yourinstance/logs/access > > > On Feb 18, 2008 12:08 PM, Satish Chetty wrote: > > > >> Low, > >> What is the load on the system? Also, when you see this error, does the > >> LDAP respond to any ldap queries (getent or ladpsearch)? > >> > >> -Satish. > >> > >> > >> Low Kian Seong wrote: > >> > >>> Dear all, > >>> > >>> I have installed fedora directory server version : > >>> fedora-ds-1.0.4-1.RHEL4. This ldap server integrates with postfix and > >>> our radius server. My problem is when I check the access log I see > >>> this error > >>> > >>> .[18/Feb/2008:11:04:51 +0800] conn=72887 op=-1 fd=593 closed error 11 > >>> (Resource temporarily unavailable) - T1 > >>> [18/Feb/2008:11:04:54 +0800] conn=72898 op=-1 fd=666 closed error 11 > >>> (Resource temporarily unavailable) - T1 > >>> [18/Feb/2008:11:05:22 +0800] conn=72895 op=-1 fd=605 closed error 11 > >>> (Resource temporarily unavailable) - T1 > >>> > >>> occuring again and again very frequently. I have already tuned the > >>> server according to the tuning guide on fedora directory server site. > >>> This is my sysctl.conf : > >>> > >>> > >>> # Kernel sysctl configuration file for Red Hat Linux > >>> # > >>> # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > >>> # sysctl.conf(5) for more details. > >>> > >>> # Controls IP packet forwarding > >>> net.ipv4.ip_forward = 0 > >>> > >>> # Controls source route verification > >>> net.ipv4.conf.default.rp_filter = 1 > >>> > >>> # Do not accept source routing > >>> net.ipv4.conf.default.accept_source_route = 0 > >>> > >>> # Controls the System Request debugging functionality of the kernel > >>> kernel.sysrq = 0 > >>> > >>> # Controls whether core dumps will append the PID to the core filename. > >>> # Useful for debugging multi-threaded applications. > >>> kernel.core_uses_pid = 1 > >>> net.ipv4.ip_local_port_range = 1024 65000 > >>> fs.file-max = 128000 > >>> net.ipv4.tcp_keepalive_time = 300 > >>> > >>> Am I missing something that I haven't done ? > >>> > >>> -- > >>> Fedora-directory-users mailing list > >>> Fedora-directory-users at redhat.com > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >>> > >> -- > >> Fedora-directory-users mailing list > >> Fedora-directory-users at redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > >> > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From howard at cohtech.com Wed Feb 20 09:57:50 2008 From: howard at cohtech.com (Howard Wilkinson) Date: Wed, 20 Feb 2008 09:57:50 +0000 Subject: [Fedora-directory-users] Setting up Multiple Directory Servers - in a multi-master mesh. Having problems with admin server. In-Reply-To: <47BB1A35.6030402@redhat.com> References: <47B422B8.1070400@cohtech.com> <47B47FD5.8060101@redhat.com> <47B96142.3090506@cohtech.com> <47BB1A35.6030402@redhat.com> Message-ID: <47BBF99E.8060606@cohtech.com> Richard et al, I have obviously confused you on this so to start again! I have four machines on which I am installing directory server version 1.1. I have automated the install so that I start with a virgin install every time - erase the packages and delete all of the files left lying around and then reinstall the packages. I want to set up the four machines in a fault-tolerant fashion. So I have an initial master, a secondary on a separate machine, and 2 consumers on the other machines. I can setup the servers on each machine with their own admin server and can gt the SSL working and have modified the mmr script and can get all other server to replicate. Master and Secondary in multi-master mode, consumers fed from master and secondary. What I want to achieve is to have all of the servers sharing the o=NetscapeRoot paritition (i.e. all having an admin server but all having the same configuration for the admin server). Now this means that they need to be in a mesh multi-master - OK I can set that up but I can't get the servers to register cleanly with the individual admin servers on each of the machines. I understood that register-ds-admin.pl was the answer but the more I look at this it seems to only manage multiple instances on one machine. So how do I do this. If I replicate the o=NetscapeRoot with each server registered to its own admin-server. Then the admin-servers only have one server registered and it seems to be the master (but that may be timing). If I try to register the secondary and consumers with the master admin-server then nothing happens. SO I am missing a trick. I have the following silent set up file I use to configure each server. [General] FullMachineName=${HOSTNAMEFQDN} SuiteSpotUserID=${LDAPUID} SuiteSpotGroup=${LDAPGID} ServerRoot=/usr/lib/fedora-ds AdminDomain=${MASTERDOMAIN} ConfigDirectoryAdminID=admin ConfigDirectoryAdminPwd=${ADMINPASSWD} ConfigDirectoryLdapURL=${ConfigDirectoryLdapURL} UserDirectoryAdminID=admin UserDirectoryAdminPwd=${ADMINPASSWD} UserDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/${MASTERDN} #CACertificateURL= [slapd] SlapdConfigForMC=${SlapdConfigForMC} SecurityOn=No UseExistingMC=${UseExistingMC} UseExistingUG=0 ServerPort=${LDAPPORT} ServerIdentifier=${HOSTNAME} Suffix=dc=${MASTERDN} RootDN=cn=Directory Manager AddSampleEntries=No InstallLdifFile=none AddOrgEntries=No DisableSchemaChecking=No RootDNPwd=${DIRMANPASSWD} start_server=1 install_full_schema=1 [admin] SysUser=${LDAPUID} Port=${ADMINPORT} ServerIpAddress=* ServerAdminID=admin ServerAdminPwd=${ADMINPASSWD} ApacheDir=/usr/sbin/ ApacheRoot=/etc/httpd I set SlapdConfigForMC=1 UseExistingMC=0 ConfigDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/o=NetscapeRoot for the first case of installing each server locally and change to SlapdConfigForMC=1 UseExistingMC=1 ConfigDirectoryLdapURL=ldap://${MASTERHOSTFQDN}:${LDAPPORT}/o=NetscapeRoot for the second case where I have tried to get all registered with one admin server. But no luck. Help! -------------- next part -------------- An HTML attachment was scrubbed... URL: From Ryan.Braun at ec.gc.ca Wed Feb 20 17:24:29 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Wed, 20 Feb 2008 17:24:29 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a =?iso-8859-15?q?failed=09build?= question In-Reply-To: <47BB7948.4050903@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <47BB7948.4050903@redhat.com> Message-ID: <200802201724.29380.Ryan.Braun@ec.gc.ca> On Wednesday 20 February 2008 12:50 am, Rich Megginson wrote: > > Now, I'm not sure why nspr is reporting it's true version number, while > > nss is reporting the 1.8.0 version when it should be something like 3.10 > > or 3.11. > > Because the debian etch nspr and nss are not "true" standalone NSPR and > NSS packages - they are designed to work with xulrunner. This is > similar to the situation in RHEL4 and older Fedora when nspr and nss > were "provided" by firefox, but not really useful for building other > apps to use them. > > > And, I've been digging on the debian packages listings trying to figure > > out just which version nss is. Any idea how to pull the version number > > right out of the shared lib? > > I'm not sure, but it looks to be a fairly recent NSS so that's ok. This is good news. > > > Anyhow I moved on to try and build the next component, > > svrcore. > > > > I had to do some fudging with pkg-config (ln -s xulrunner-nspr.pc nspr.pc > > and ln -s xulrunner-nss.pc nss.pc) in order for svrcore's configure to > > work (prolly a RH vs debian package naming issue). > > The package for nspr should be called "nspr" (the real name) or > "libnspr4" (the name of the package in debian). "xulrunner-nspr" is > simply wrong. > > At any rate, you don't have to jump through these hoops with ln -s. You > can just use > svrcore/configure --with-nspr-inc=/usr/include/nspr > --with-nss-inc=/usr/include/nss > I don't think you will have to use --with-nspr-lib and --with-nss-lib > since it should just find them in /usr/lib. > > Use svrcore/configure --help to see all of the available options. When I try to recreate the build I'll definitely try this. > You should have used SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 > by default, it will attempt to build and install into /opt/fedora-ds I'll try having dsbuild create those packages next time. > > > Here are the snmp packages installed > > ywgbuild:/usr/src/dsbuild/meta/ds# dpkg -l|grep snmp > > ii libsnmp-base 5.2.3-7etch2 > > NET SNMP (Simple Network Management Protocol > > ii libsnmp-perl 5.2.3-7etch2 > > NET SNMP (Simple Network Management Protocol > > ii libsnmp9 5.2.3-7etch2 > > NET SNMP (Simple Network Management Protocol > > ii libsnmp9-dev 5.2.3-7etch2 > > NET SNMP (Simple Network Management Protocol > > > > I've sent the last portion of the build process to pastebin if you want > > to have a look at > > > > http://www.pastebin.org/20301 > > > > but the guts of the issue is this > > > > 3]: Entering directory > > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > > /bin/sh ./libtool --tag=CC --mode=link gcc -g -o ldap-agent-bin > > ldap/servers/snmp/ldap_agent_bin-main.o > > ldap/servers/snmp/ldap_agent_bin-ldap-agent.o > > ldap/servers/slapd/ldap_agent_bin-agtmmap.o -lssldap60 -lprldap60 > > -lldap60 -lldif60 -lsasl2 -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 > > -L/usr/lib -lnetsnmpmibs -lnetsnmpagent -lnetsnmphelpers -lnetsnmp -lm > > -ldl -lsensors -lwrap -lwrap gcc -g -o ldap-agent-bin > > ldap/servers/snmp/ldap_agent_bin-main.o > > ldap/servers/snmp/ldap_agent_bin-ldap-agent.o > > ldap/servers/slapd/ldap_agent_bin-agtmmap.o -lssldap60 -lprldap60 > > -lldap60 -lldif60 /usr/lib/libsasl2.so -lresolv -lssl3 -lnss3 -lsoftokn3 > > -lplc4 -lplds4 -lnspr4 -L/usr/lib /usr/lib/libnetsnmpmibs.so > > /usr/lib/libnetsnmpagent.so /usr/lib/libnetsnmphelpers.so > > /usr/lib/libnetsnmp.so -lcrypto -lm -ldl -lsensors -lwrap > > ldap/servers/snmp/ldap_agent_bin-ldap-agent.o: In function > > `init_ldap_agent': ldap/servers/snmp/ldap-agent.c:98: undefined reference > > to `CONTAINER_INSERT' collect2: ld returned 1 exit status > > make[3]: *** [ldap-agent-bin] Error 1 > > make[3]: Leaving directory > > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > > make[2]: *** [all] Error 2 > > make[2]: Leaving directory > > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > > make[1]: *** [build-work/fedora-ds-base-1.1.0/Makefile] Error 2 > > make[1]: Leaving directory `/usr/src/dsbuild/ds/ldapserver' > > make: *** [dep-../../ds/ldapserver] Error 2 > > make[ > > > > Any ideas? > > Looks like perhaps NETSNMP_USE_INLINE is not defined for some reason - > it expects CONTAINER_INSERT to be defined inline, but it's not, and not > defined in any libraries either. Looks like on debian it expects you to > define NETSNMP_USE_INLINE=1 explicitly even though it looks as though it > was built that way. On RHEL/Fedora, it looks like the > NETSNMP_USE_INLINE is implicit. Where would I have to define that? I tried adding DS_CONFIGURE_ARGS = NETSNMP_USE_INLINE=1 to ds.conf.mk and that didn't work. Ryan Braun Informatics Operations Aviation and Defence Services Division Chief Information Officer Branch, Environment Canada CIV: (204) 833-2500x2824 CSN: 257-2824 FAX: (204) 833-2524 E-Mail: Ryan.Braun at ec.gc.ca From solarflow99 at gmail.com Wed Feb 20 17:33:31 2008 From: solarflow99 at gmail.com (solarflow99) Date: Wed, 20 Feb 2008 17:33:31 +0000 Subject: [Fedora-directory-users] new install - howto start using Message-ID: <7020fd000802200933h992f241p79bd26ec15173505@mail.gmail.com> Hi, I have FDS 1.04 on RHEL4 installed and was wondering how to get started using this? The installation is easy, now i'd like to know how to add new users and test things out. The docs and long extensive, I didn't actually see a simple get stared guide. I hope adding new users easier than the openldap way, having to create LDIF files, doing ldapadd, etc. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Feb 20 17:39:01 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 20 Feb 2008 10:39:01 -0700 Subject: [Fedora-directory-users] new install - howto start using In-Reply-To: <7020fd000802200933h992f241p79bd26ec15173505@mail.gmail.com> References: <7020fd000802200933h992f241p79bd26ec15173505@mail.gmail.com> Message-ID: <47BC65B5.6080703@redhat.com> solarflow99 wrote: > Hi, I have FDS 1.04 on RHEL4 installed and was wondering how to get > started using this? The installation is easy, now i'd like to know > how to add new users and test things out. The docs and > long extensive, I didn't actually see a simple get stared guide. I > hope adding new users easier than the openldap way, having to create > LDIF files, doing ldapadd, etc. Use the console. You'll have to have the correct Java installed. If you are a RHEL customer, you should be able to just do up2date java-1.4.2-ibm to get the correct java. This is in the Extras or Supplemental channel. Use java -version to confirm you are using the IBM java and not gcj. Then, cd /opt/fedora-ds ./startconsole Use http://localhost:adminserverport/ for the Admin URL If you don't know what your admin server port is, grep \^Listen admin-serv/config/console.conf > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From solarflow99 at gmail.com Wed Feb 20 17:43:22 2008 From: solarflow99 at gmail.com (solarflow99) Date: Wed, 20 Feb 2008 17:43:22 +0000 Subject: [Fedora-directory-users] new install - howto start using In-Reply-To: <47BC65B5.6080703@redhat.com> References: <7020fd000802200933h992f241p79bd26ec15173505@mail.gmail.com> <47BC65B5.6080703@redhat.com> Message-ID: <7020fd000802200943vc538bdcv8fedc8f6f38c9044@mail.gmail.com> thanks, I got into the console already, and looked around. On 2/20/08, Rich Megginson wrote: > > solarflow99 wrote: > > Hi, I have FDS 1.04 on RHEL4 installed and was wondering how to get > > started using this? The installation is easy, now i'd like to know > > how to add new users and test things out. The docs and > > long extensive, I didn't actually see a simple get stared guide. I > > hope adding new users easier than the openldap way, having to create > > LDIF files, doing ldapadd, etc. > Use the console. You'll have to have the correct Java installed. If > you are a RHEL customer, you should be able to just do > up2date java-1.4.2-ibm > to get the correct java. This is in the Extras or Supplemental > channel. Use > java -version > to confirm you are using the IBM java and not gcj. > > Then, > cd /opt/fedora-ds > ./startconsole > > Use http://localhost:adminserverport/ for the Admin URL > If you don't know what your admin server port is, grep \^Listen > admin-serv/config/console.conf > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Feb 20 17:46:55 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 20 Feb 2008 10:46:55 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802201724.29380.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <47BB7948.4050903@redhat.com> <200802201724.29380.Ryan.Braun@ec.gc.ca> Message-ID: <47BC678F.40700@redhat.com> Ryan Braun wrote: > >> >> Use svrcore/configure --help to see all of the available options. >> > > When I try to recreate the build I'll definitely try this. > I'm hoping that we can get dsbuild to the point where it will hide this stuff and "just work". > > > >> You should have used SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 >> by default, it will attempt to build and install into /opt/fedora-ds >> > > I'll try having dsbuild create those packages next time. > BTW, thanks for going through this process, and I apologize that I haven't had time to properly document how to use dsbuild. Would you be able to document what you've found, perhaps in the wiki on the Debian/Ubuntu page? If not, then just keep the emails coming. > >>> Here are the snmp packages installed >>> ywgbuild:/usr/src/dsbuild/meta/ds# dpkg -l|grep snmp >>> ii libsnmp-base 5.2.3-7etch2 >>> NET SNMP (Simple Network Management Protocol >>> ii libsnmp-perl 5.2.3-7etch2 >>> NET SNMP (Simple Network Management Protocol >>> ii libsnmp9 5.2.3-7etch2 >>> NET SNMP (Simple Network Management Protocol >>> ii libsnmp9-dev 5.2.3-7etch2 >>> NET SNMP (Simple Network Management Protocol >>> >>> I've sent the last portion of the build process to pastebin if you want >>> to have a look at >>> >>> http://www.pastebin.org/20301 >>> >>> but the guts of the issue is this >>> >>> 3]: Entering directory >>> `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' >>> /bin/sh ./libtool --tag=CC --mode=link gcc -g -o ldap-agent-bin >>> ldap/servers/snmp/ldap_agent_bin-main.o >>> ldap/servers/snmp/ldap_agent_bin-ldap-agent.o >>> ldap/servers/slapd/ldap_agent_bin-agtmmap.o -lssldap60 -lprldap60 >>> -lldap60 -lldif60 -lsasl2 -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 >>> -L/usr/lib -lnetsnmpmibs -lnetsnmpagent -lnetsnmphelpers -lnetsnmp -lm >>> -ldl -lsensors -lwrap -lwrap gcc -g -o ldap-agent-bin >>> ldap/servers/snmp/ldap_agent_bin-main.o >>> ldap/servers/snmp/ldap_agent_bin-ldap-agent.o >>> ldap/servers/slapd/ldap_agent_bin-agtmmap.o -lssldap60 -lprldap60 >>> -lldap60 -lldif60 /usr/lib/libsasl2.so -lresolv -lssl3 -lnss3 -lsoftokn3 >>> -lplc4 -lplds4 -lnspr4 -L/usr/lib /usr/lib/libnetsnmpmibs.so >>> /usr/lib/libnetsnmpagent.so /usr/lib/libnetsnmphelpers.so >>> /usr/lib/libnetsnmp.so -lcrypto -lm -ldl -lsensors -lwrap >>> ldap/servers/snmp/ldap_agent_bin-ldap-agent.o: In function >>> `init_ldap_agent': ldap/servers/snmp/ldap-agent.c:98: undefined reference >>> to `CONTAINER_INSERT' collect2: ld returned 1 exit status >>> make[3]: *** [ldap-agent-bin] Error 1 >>> make[3]: Leaving directory >>> `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' >>> make[2]: *** [all] Error 2 >>> make[2]: Leaving directory >>> `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' >>> make[1]: *** [build-work/fedora-ds-base-1.1.0/Makefile] Error 2 >>> make[1]: Leaving directory `/usr/src/dsbuild/ds/ldapserver' >>> make: *** [dep-../../ds/ldapserver] Error 2 >>> make[ >>> >>> Any ideas? >>> >> Looks like perhaps NETSNMP_USE_INLINE is not defined for some reason - >> it expects CONTAINER_INSERT to be defined inline, but it's not, and not >> defined in any libraries either. Looks like on debian it expects you to >> define NETSNMP_USE_INLINE=1 explicitly even though it looks as though it >> was built that way. On RHEL/Fedora, it looks like the >> NETSNMP_USE_INLINE is implicit. >> > > Where would I have to define that? I tried adding > > DS_CONFIGURE_ARGS = NETSNMP_USE_INLINE=1 > Try adding DS_CONFIGURE_ENV += CPPFLAGS=-DNETSNMP_USE_INLINE=1 to somewhere around line 21 of dsbuild/ds/Makefile I think the proper solution will be to modify the ldapserver code to allow for net-snmp specific compiler and linker flags. But this will at least make the definition as localized as possible. > to ds.conf.mk and that didn't work. > > Ryan Braun > Informatics Operations > Aviation and Defence Services Division > Chief Information Officer Branch, Environment Canada > CIV: (204) 833-2500x2824 CSN: 257-2824 FAX: (204) 833-2524 > E-Mail: Ryan.Braun at ec.gc.ca > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Feb 20 17:48:29 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 20 Feb 2008 10:48:29 -0700 Subject: [Fedora-directory-users] new install - howto start using In-Reply-To: <7020fd000802200943vc538bdcv8fedc8f6f38c9044@mail.gmail.com> References: <7020fd000802200933h992f241p79bd26ec15173505@mail.gmail.com> <47BC65B5.6080703@redhat.com> <7020fd000802200943vc538bdcv8fedc8f6f38c9044@mail.gmail.com> Message-ID: <47BC67ED.6090409@redhat.com> solarflow99 wrote: > thanks, I got into the console already, and looked around. Go to the Users&Groups tab. I think 1.0.4 has a bug in that it uses o=NetscapeRoot for the default Users&Groups container. If you go into one of the menus, you can Edit Directory and set it to your real suffix e.g. dc=yourdomain,dc=com > > > > On 2/20/08, *Rich Megginson* > wrote: > > solarflow99 wrote: > > Hi, I have FDS 1.04 on RHEL4 installed and was wondering how to get > > started using this? The installation is easy, now i'd like to know > > how to add new users and test things out. The docs and > > long extensive, I didn't actually see a simple get stared guide. I > > hope adding new users easier than the openldap way, having to create > > LDIF files, doing ldapadd, etc. > Use the console. You'll have to have the correct Java installed. If > you are a RHEL customer, you should be able to just do > up2date java-1.4.2-ibm > to get the correct java. This is in the Extras or Supplemental > channel. Use > java -version > to confirm you are using the IBM java and not gcj. > > Then, > cd /opt/fedora-ds > ./startconsole > > Use http://localhost:adminserverport/ for the Admin URL > If you don't know what your admin server port is, grep \^Listen > admin-serv/config/console.conf > > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From Ryan.Braun at ec.gc.ca Wed Feb 20 18:14:19 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Wed, 20 Feb 2008 18:14:19 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47BC678F.40700@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802201724.29380.Ryan.Braun@ec.gc.ca> <47BC678F.40700@redhat.com> Message-ID: <200802201814.19735.Ryan.Braun@ec.gc.ca> On Wednesday 20 February 2008 5:46 pm, Rich Megginson wrote: > Ryan Braun wrote: > > > > > >> Use svrcore/configure --help to see all of the available options. > > > > When I try to recreate the build I'll definitely try this. > > I'm hoping that we can get dsbuild to the point where it will hide this > stuff and "just work". I just tried it starting from scratch and it built svrcore, perl-ldap and mozldap for me without a hitch. Well aside from me not having the required -dev packages on this box I tried the last attempt :) > > >> You should have used SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 > >> by default, it will attempt to build and install into /opt/fedora-ds > > > > I'll try having dsbuild create those packages next time. > > BTW, thanks for going through this process, and I apologize that I > haven't had time to properly document how to use dsbuild. Would you be > able to document what you've found, perhaps in the wiki on the > Debian/Ubuntu page? If not, then just keep the emails coming. Once I get it built and working I'd be more then happy to whip up a debian page on the wiki. I'm trying to keep some detailed notes on the process so I should have something to add to the page. > >> Looks like perhaps NETSNMP_USE_INLINE is not defined for some reason - > >> it expects CONTAINER_INSERT to be defined inline, but it's not, and not > >> defined in any libraries either. Looks like on debian it expects you to > >> define NETSNMP_USE_INLINE=1 explicitly even though it looks as though it > >> was built that way. On RHEL/Fedora, it looks like the > >> NETSNMP_USE_INLINE is implicit. > > > > Where would I have to define that? I tried adding > > > > DS_CONFIGURE_ARGS = NETSNMP_USE_INLINE=1 > > Try adding > DS_CONFIGURE_ENV += CPPFLAGS=-DNETSNMP_USE_INLINE=1 > to somewhere around line 21 of dsbuild/ds/Makefile > > I think the proper solution will be to modify the ldapserver code to > allow for net-snmp specific compiler and linker flags. But this will at > least make the definition as localized as possible. > I added that line to /usr/src/dsbuild/ds/ldapserver/Makefile. Which is what I *think* you meant. I then tried to start the dsbuild process over having dsbuild handle svrcore, perl/mozldap and it errors at the same point again. But I could have added that line to the wrong file :) infinity:/usr/src/dsbuild/meta/ds# make SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 [===== NOW BUILDING: ds-1.1.0 =====] [fetch] complete for ds. [checksum] complete for ds. [extract] complete for ds. [patch] complete for ds. ==> Building ds/svrcore as a dependency ==> Building ds/mozldap as a dependency ==> Building ds/perldap as a dependency ==> Building ds/ldapserver as a dependency cat: /etc/redhat-release: No such file or directory make[1]: Entering directory `/usr/src/dsbuild/ds/ldapserver' [===== NOW BUILDING: fedora-ds-base-1.1.0 =====] [fetch] complete for fedora-ds-base. [checksum] complete for fedora-ds-base. [extract] complete for fedora-ds-base. [patch] complete for fedora-ds-base. [configure] complete for fedora-ds-base. ==> Running make in work/fedora-ds-base-1.1.0 make[2]: Entering directory `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' make all-am make[3]: Entering directory `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' /bin/sh ./libtool --tag=CC --mode=link gcc -g -o ldap-agent-bin ldap/servers/snmp/ldap_agent_bin-main.o ldap/servers/snmp/ldap_agent_bin-ldap-agent.o ldap/servers/slapd/ldap_agent_bin-agtmmap.o -L/opt/dirsrv/lib -lssldap60 -lprldap60 -lldap60 -lldif60 -lsasl2 -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib -lnetsnmpmibs -lnetsnmpagent -lnetsnmphelpers -lnetsnmp -lm -ldl -lsensors -lwrap -lwrap gcc -g -o ldap-agent-bin ldap/servers/snmp/ldap_agent_bin-main.o ldap/servers/snmp/ldap_agent_bin-ldap-agent.o ldap/servers/slapd/ldap_agent_bin-agtmmap.o -L/opt/dirsrv/lib -lssldap60 -lprldap60 -lldap60 -lldif60 /usr/lib/libsasl2.so -lresolv -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib /usr/lib/libnetsnmpmibs.so /usr/lib/libnetsnmpagent.so /usr/lib/libnetsnmphelpers.so /usr/lib/libnetsnmp.so -lcrypto -lm -ldl -lsensors -lwrap ldap/servers/snmp/ldap_agent_bin-ldap-agent.o: In function `init_ldap_agent': ldap/servers/snmp/ldap-agent.c:98: undefined reference to `CONTAINER_INSERT' collect2: ld returned 1 exit status make[3]: *** [ldap-agent-bin] Error 1 make[3]: Leaving directory `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' make[2]: *** [all] Error 2 make[2]: Leaving directory `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' make[1]: *** [build-work/fedora-ds-base-1.1.0/Makefile] Error 2 make[1]: Leaving directory `/usr/src/dsbuild/ds/ldapserver' make: *** [dep-../../ds/ldapserver] Error 2 From rmeggins at redhat.com Wed Feb 20 18:16:59 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 20 Feb 2008 11:16:59 -0700 Subject: [Fedora-directory-users] Setting up Multiple Directory Servers - in a multi-master mesh. Having problems with admin server. In-Reply-To: <47BBF99E.8060606@cohtech.com> References: <47B422B8.1070400@cohtech.com> <47B47FD5.8060101@redhat.com> <47B96142.3090506@cohtech.com> <47BB1A35.6030402@redhat.com> <47BBF99E.8060606@cohtech.com> Message-ID: <47BC6E9B.7020206@redhat.com> Howard Wilkinson wrote: > Richard et al, > > I have obviously confused you on this so to start again! > > I have four machines on which I am installing directory server version > 1.1. > > I have automated the install so that I start with a virgin install > every time - erase the packages and delete all of the files left lying > around and then reinstall the packages. > > I want to set up the four machines in a fault-tolerant fashion. So I > have an initial master, a secondary on a separate machine, and 2 > consumers on the other machines. > > I can setup the servers on each machine with their own admin server > and can gt the SSL working and have modified the mmr script and can > get all other server to replicate. Master and Secondary in > multi-master mode, consumers fed from master and secondary. > > What I want to achieve is to have all of the servers sharing the > o=NetscapeRoot paritition (i.e. all having an admin server but all > having the same configuration for the admin server). Now this means > that they need to be in a mesh multi-master - OK I can set that up but > I can't get the servers to register cleanly with the individual admin > servers on each of the machines. Ok. I understand. First, you have to follow these guidelines - http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html Next, it sounds like you are running into this bug - https://bugzilla.redhat.com/show_bug.cgi?id=431103 > > I understood that register-ds-admin.pl was the answer but the more I > look at this it seems to only manage multiple instances on one > machine. So how do I do this. > > If I replicate the o=NetscapeRoot with each server registered to its > own admin-server. Then the admin-servers only have one server > registered and it seems to be the master (but that may be timing). If > I try to register the secondary and consumers with the master > admin-server then nothing happens. SO I am missing a trick. > > I have the following silent set up file I use to configure each server. > > [General] > FullMachineName=${HOSTNAMEFQDN} > SuiteSpotUserID=${LDAPUID} > SuiteSpotGroup=${LDAPGID} > ServerRoot=/usr/lib/fedora-ds > AdminDomain=${MASTERDOMAIN} > ConfigDirectoryAdminID=admin > ConfigDirectoryAdminPwd=${ADMINPASSWD} > ConfigDirectoryLdapURL=${ConfigDirectoryLdapURL} > UserDirectoryAdminID=admin > UserDirectoryAdminPwd=${ADMINPASSWD} > UserDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/${MASTERDN} > #CACertificateURL= > > [slapd] > SlapdConfigForMC=${SlapdConfigForMC} > SecurityOn=No > UseExistingMC=${UseExistingMC} > UseExistingUG=0 > ServerPort=${LDAPPORT} > ServerIdentifier=${HOSTNAME} > Suffix=dc=${MASTERDN} > RootDN=cn=Directory Manager > AddSampleEntries=No > InstallLdifFile=none > AddOrgEntries=No > DisableSchemaChecking=No > RootDNPwd=${DIRMANPASSWD} > start_server=1 > install_full_schema=1 > > [admin] > SysUser=${LDAPUID} > Port=${ADMINPORT} > ServerIpAddress=* > ServerAdminID=admin > ServerAdminPwd=${ADMINPASSWD} > ApacheDir=/usr/sbin/ > ApacheRoot=/etc/httpd > > I set > > SlapdConfigForMC=1 > UseExistingMC=0 > ConfigDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/o=NetscapeRoot > > for the first case of installing each server locally and change to > > SlapdConfigForMC=1 > UseExistingMC=1 > ConfigDirectoryLdapURL=ldap://${MASTERHOSTFQDN}:${LDAPPORT}/o=NetscapeRoot > > for the second case where I have tried to get all registered with one > admin server. But no luck. > > Help! > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Feb 20 18:22:05 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 20 Feb 2008 11:22:05 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802201814.19735.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802201724.29380.Ryan.Braun@ec.gc.ca> <47BC678F.40700@redhat.com> <200802201814.19735.Ryan.Braun@ec.gc.ca> Message-ID: <47BC6FCD.1040801@redhat.com> Ryan Braun wrote: > > > Once I get it built and working I'd be more then happy to whip up a debian > page on the wiki. I'm trying to keep some detailed notes on the process so I > should have something to add to the page. > Thanks! > >>>> Looks like perhaps NETSNMP_USE_INLINE is not defined for some reason - >>>> it expects CONTAINER_INSERT to be defined inline, but it's not, and not >>>> defined in any libraries either. Looks like on debian it expects you to >>>> define NETSNMP_USE_INLINE=1 explicitly even though it looks as though it >>>> was built that way. On RHEL/Fedora, it looks like the >>>> NETSNMP_USE_INLINE is implicit. >>>> >>> Where would I have to define that? I tried adding >>> >>> DS_CONFIGURE_ARGS = NETSNMP_USE_INLINE=1 >>> >> Try adding >> DS_CONFIGURE_ENV += CPPFLAGS=-DNETSNMP_USE_INLINE=1 >> to somewhere around line 21 of dsbuild/ds/Makefile >> >> I think the proper solution will be to modify the ldapserver code to >> allow for net-snmp specific compiler and linker flags. But this will at >> least make the definition as localized as possible. >> >> > > I added that line to /usr/src/dsbuild/ds/ldapserver/Makefile. Which is what I > *think* you meant. Yes, that's what I meant :-) > I then tried to start the dsbuild process over having > dsbuild handle svrcore, perl/mozldap and it errors at the same point again. > Ok. You'll have to remove the cookies and the code to force it to start over again from the configure stage: rm -rf dsbuild/ds/ldapserver/work dsbuild/ds/ldapserver/cookies Then do make -C dsbuild/meta/ds SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 again. > But I could have added that line to the wrong file :) > > infinity:/usr/src/dsbuild/meta/ds# make SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 > PERLDAP_SOURCE=1 > [===== NOW BUILDING: ds-1.1.0 =====] > [fetch] complete for ds. > [checksum] complete for ds. > [extract] complete for ds. > [patch] complete for ds. > ==> Building ds/svrcore as a dependency > ==> Building ds/mozldap as a dependency > ==> Building ds/perldap as a dependency > ==> Building ds/ldapserver as a dependency > cat: /etc/redhat-release: No such file or directory > make[1]: Entering directory `/usr/src/dsbuild/ds/ldapserver' > [===== NOW BUILDING: fedora-ds-base-1.1.0 =====] > [fetch] complete for fedora-ds-base. > [checksum] complete for fedora-ds-base. > [extract] complete for fedora-ds-base. > [patch] complete for fedora-ds-base. > [configure] complete for fedora-ds-base. > ==> Running make in work/fedora-ds-base-1.1.0 > make[2]: Entering directory > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > make all-am > make[3]: Entering directory > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > /bin/sh ./libtool --tag=CC --mode=link gcc -g -o ldap-agent-bin > ldap/servers/snmp/ldap_agent_bin-main.o > ldap/servers/snmp/ldap_agent_bin-ldap-agent.o > ldap/servers/slapd/ldap_agent_bin-agtmmap.o -L/opt/dirsrv/lib -lssldap60 -lprldap60 -lldap60 -lldif60 -lsasl2 -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib -lnetsnmpmibs -lnetsnmpagent -lnetsnmphelpers -lnetsnmp -lm -ldl -lsensors -lwrap -lwrap > gcc -g -o ldap-agent-bin ldap/servers/snmp/ldap_agent_bin-main.o > ldap/servers/snmp/ldap_agent_bin-ldap-agent.o > ldap/servers/slapd/ldap_agent_bin-agtmmap.o -L/opt/dirsrv/lib -lssldap60 -lprldap60 -lldap60 -lldif60 /usr/lib/libsasl2.so -lresolv -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib /usr/lib/libnetsnmpmibs.so /usr/lib/libnetsnmpagent.so /usr/lib/libnetsnmphelpers.so /usr/lib/libnetsnmp.so -lcrypto -lm -ldl -lsensors -lwrap > ldap/servers/snmp/ldap_agent_bin-ldap-agent.o: In function `init_ldap_agent': > ldap/servers/snmp/ldap-agent.c:98: undefined reference to `CONTAINER_INSERT' > collect2: ld returned 1 exit status > make[3]: *** [ldap-agent-bin] Error 1 > make[3]: Leaving directory > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > make[2]: *** [all] Error 2 > make[2]: Leaving directory > `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' > make[1]: *** [build-work/fedora-ds-base-1.1.0/Makefile] Error 2 > make[1]: Leaving directory `/usr/src/dsbuild/ds/ldapserver' > make: *** [dep-../../ds/ldapserver] Error 2 > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From Ryan.Braun at ec.gc.ca Wed Feb 20 19:01:44 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Wed, 20 Feb 2008 19:01:44 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47BC6FCD.1040801@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802201814.19735.Ryan.Braun@ec.gc.ca> <47BC6FCD.1040801@redhat.com> Message-ID: <200802201901.44887.Ryan.Braun@ec.gc.ca> On Wednesday 20 February 2008 6:22 pm, Rich Megginson wrote: > >>> Where would I have to define that? I tried adding > >>> > >>> DS_CONFIGURE_ARGS = NETSNMP_USE_INLINE=1 > >> > >> Try adding > >> DS_CONFIGURE_ENV += CPPFLAGS=-DNETSNMP_USE_INLINE=1 > >> to somewhere around line 21 of dsbuild/ds/Makefile > >> > >> I think the proper solution will be to modify the ldapserver code to > >> allow for net-snmp specific compiler and linker flags. But this will at > >> least make the definition as localized as possible. > > > > I added that line to /usr/src/dsbuild/ds/ldapserver/Makefile. Which is > > what I *think* you meant. > > Yes, that's what I meant :-) > > > I then tried to start the dsbuild process over having > > dsbuild handle svrcore, perl/mozldap and it errors at the same point > > again. > > Ok. You'll have to remove the cookies and the code to force it to start > over again from the configure stage: > rm -rf dsbuild/ds/ldapserver/work dsbuild/ds/ldapserver/cookies > Then do > make -C dsbuild/meta/ds SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 > PERLDAP_SOURCE=1 > again. > It looks like it bails with the same error. I'll try building the snmp source for giggles, but we'll see what to try next to fix the original issue. Here is /usr/src/dsbuild/ds/ldapserver/Makefile {{{ include ../../objdirname.mk GARNAME = fedora-ds-base GARVERSION = 1.1.0 CATEGORIES = ds PATCHFILES = PKGDIR = $(ABS_GARDIR)/$(CATEGORIES)/ldapserver/work/pkg ifdef USE_CVS CVSMODULES = ldapserver else DISTFILES = $(GARNAME)-$(GARVERSION).tar.bz2 endif LIBDEPS = DESCRIPTION = Fedora Directory Server (base) CONFIGURE_ARGS = $(DS_CONFIGURE_ARGS) --enable-bundle DS_CONFIGURE_ENV += CPPFLAGS=-DNETSNMP_USE_INLINE=1 CONFIGURE_SCRIPTS = $(WORKSRC)/configure BUILD_SCRIPTS = $(WORKSRC)/Makefile INSTALL_SCRIPTS = $(WORKSRC)/Makefile ifdef USE_CVS post-extract: extract-cvs endif # this is our "custom" patch target ifdef MYPATCH post-patch: cat $(addprefix download/,$(MYPATCH)) | ( cd work/$(GARNAME)-$(GARVERSION) ; patch -p1 ) $(MAKECOOKIE) endif include ../../gar.conf.mk include ../category.mk }}} and the tail end of the build. /bin/sh ./libtool --tag=CC --mode=link gcc -g -o infadd-bin ldap/servers/slapd/tools/rsearch/infadd_bin-addthread.o ldap/servers/slapd/tools/rsearch/infadd_bin-infadd.o ldap/servers/slapd/tools/rsearch/infadd_bin-nametable.o -lplc4 -lplds4 -lnspr4 -lssl3 -lnss3 -lsoftokn3 -L/opt/dirsrv/lib -lssldap60 -lprldap60 -lldap60 -lldif60 -lsasl2 gcc -g -o infadd-bin ldap/servers/slapd/tools/rsearch/infadd_bin-addthread.o ldap/servers/slapd/tools/rsearch/infadd_bin-infadd.o ldap/servers/slapd/tools/rsearch/infadd_bin-nametable.o -lplc4 -lplds4 -lnspr4 -lssl3 -lnss3 -lsoftokn3 -L/opt/dirsrv/lib -lssldap60 -lprldap60 -lldap60 -lldif60 /usr/lib/libsasl2.so -ldl -lresolv if gcc -DHAVE_CONFIG_H -I. -I. -I. -DBUILD_NUM=\"2008.051.1835\" -I./ldap/include -I./ldap/servers/slapd -I./include -I. -DLOCALSTATEDIR="\"/opt/dirsrv/var\"" -DSYSCONFDIR="\"/opt/dirsrv/etc\"" -DLIBDIR="\"/opt/dirsrv/lib\"" -DBINDIR="\"/opt/dirsrv/bin\"" -DDATADIR="\"/opt/dirsrv/share\"" -DDOCDIR="\"\"" -DSBINDIR="\"/opt/dirsrv/sbin\"" -DPLUGINDIR="\"/opt/dirsrv/lib/dirsrv/plugins\"" -DTEMPLATEDIR="\"/opt/dirsrv/share/dirsrv/data\"" -I/usr/include -I/opt/dirsrv/include -I/usr/include/nss -I/usr/include/nspr -I/usr/include/nspr -g -MT ldap/servers/snmp/ldap_agent_bin-main.o -MD -MP -MF "ldap/servers/snmp/.deps/ldap_agent_bin-main.Tpo" -c -o ldap/servers/snmp/ldap_agent_bin-main.o `test -f 'ldap/servers/snmp/main.c' || echo './'`ldap/servers/snmp/main.c; \ then mv -f "ldap/servers/snmp/.deps/ldap_agent_bin-main.Tpo" "ldap/servers/snmp/.deps/ldap_agent_bin-main.Po"; else rm -f "ldap/servers/snmp/.deps/ldap_agent_bin-main.Tpo"; exit 1; fi In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/main.c:49: ./config.h:295:1: warning: "PACKAGE_BUGREPORT" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/main.c:49: /usr/include/net-snmp/net-snmp-config.h:946:1: warning: this is the location of the previous definition In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/main.c:49: ./config.h:298:1: warning: "PACKAGE_NAME" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/main.c:49: /usr/include/net-snmp/net-snmp-config.h:949:1: warning: this is the location of the previous definition In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/main.c:49: ./config.h:301:1: warning: "PACKAGE_STRING" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/main.c:49: /usr/include/net-snmp/net-snmp-config.h:952:1: warning: this is the location of the previous definition In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/main.c:49: ./config.h:304:1: warning: "PACKAGE_TARNAME" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/main.c:49: /usr/include/net-snmp/net-snmp-config.h:955:1: warning: this is the location of the previous definition In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/main.c:49: ./config.h:307:1: warning: "PACKAGE_VERSION" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/main.c:49: /usr/include/net-snmp/net-snmp-config.h:958:1: warning: this is the location of the previous definition if gcc -DHAVE_CONFIG_H -I. -I. -I. -DBUILD_NUM=\"2008.051.1835\" -I./ldap/include -I./ldap/servers/slapd -I./include -I. -DLOCALSTATEDIR="\"/opt/dirsrv/var\"" -DSYSCONFDIR="\"/opt/dirsrv/etc\"" -DLIBDIR="\"/opt/dirsrv/lib\"" -DBINDIR="\"/opt/dirsrv/bin\"" -DDATADIR="\"/opt/dirsrv/share\"" -DDOCDIR="\"\"" -DSBINDIR="\"/opt/dirsrv/sbin\"" -DPLUGINDIR="\"/opt/dirsrv/lib/dirsrv/plugins\"" -DTEMPLATEDIR="\"/opt/dirsrv/share/dirsrv/data\"" -I/usr/include -I/opt/dirsrv/include -I/usr/include/nss -I/usr/include/nspr -I/usr/include/nspr -g -MT ldap/servers/snmp/ldap_agent_bin-ldap-agent.o -MD -MP -MF "ldap/servers/snmp/.deps/ldap_agent_bin-ldap-agent.Tpo" -c -o ldap/servers/snmp/ldap_agent_bin-ldap-agent.o `test -f 'ldap/servers/snmp/ldap-agent.c' || echo './'`ldap/servers/snmp/ldap-agent.c; \ then mv -f "ldap/servers/snmp/.deps/ldap_agent_bin-ldap-agent.Tpo" "ldap/servers/snmp/.deps/ldap_agent_bin-ldap-agent.Po"; else rm -f "ldap/servers/snmp/.deps/ldap_agent_bin-ldap-agent.Tpo"; exit 1; fi In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/ldap-agent.c:45: ./config.h:295:1: warning: "PACKAGE_BUGREPORT" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/ldap-agent.c:45: /usr/include/net-snmp/net-snmp-config.h:946:1: warning: this is the location of the previous definition In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/ldap-agent.c:45: ./config.h:298:1: warning: "PACKAGE_NAME" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/ldap-agent.c:45: /usr/include/net-snmp/net-snmp-config.h:949:1: warning: this is the location of the previous definition In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/ldap-agent.c:45: ./config.h:301:1: warning: "PACKAGE_STRING" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/ldap-agent.c:45: /usr/include/net-snmp/net-snmp-config.h:952:1: warning: this is the location of the previous definition In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/ldap-agent.c:45: ./config.h:304:1: warning: "PACKAGE_TARNAME" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/ldap-agent.c:45: /usr/include/net-snmp/net-snmp-config.h:955:1: warning: this is the location of the previous definition In file included from ldap/servers/snmp/../slapd/agtmmap.h:40, from ldap/servers/snmp/ldap-agent.h:56, from ldap/servers/snmp/ldap-agent.c:45: ./config.h:307:1: warning: "PACKAGE_VERSION" redefined In file included from ldap/servers/snmp/ldap-agent.h:50, from ldap/servers/snmp/ldap-agent.c:45: /usr/include/net-snmp/net-snmp-config.h:958:1: warning: this is the location of the previous definition if gcc -DHAVE_CONFIG_H -I. -I. -I. -DBUILD_NUM=\"2008.051.1835\" -I./ldap/include -I./ldap/servers/slapd -I./include -I. -DLOCALSTATEDIR="\"/opt/dirsrv/var\"" -DSYSCONFDIR="\"/opt/dirsrv/etc\"" -DLIBDIR="\"/opt/dirsrv/lib\"" -DBINDIR="\"/opt/dirsrv/bin\"" -DDATADIR="\"/opt/dirsrv/share\"" -DDOCDIR="\"\"" -DSBINDIR="\"/opt/dirsrv/sbin\"" -DPLUGINDIR="\"/opt/dirsrv/lib/dirsrv/plugins\"" -DTEMPLATEDIR="\"/opt/dirsrv/share/dirsrv/data\"" -I/usr/include -I/opt/dirsrv/include -I/usr/include/nss -I/usr/include/nspr -I/usr/include/nspr -g -MT ldap/servers/slapd/ldap_agent_bin-agtmmap.o -MD -MP -MF "ldap/servers/slapd/.deps/ldap_agent_bin-agtmmap.Tpo" -c -o ldap/servers/slapd/ldap_agent_bin-agtmmap.o `test -f 'ldap/servers/slapd/agtmmap.c' || echo './'`ldap/servers/slapd/agtmmap.c; \ then mv -f "ldap/servers/slapd/.deps/ldap_agent_bin-agtmmap.Tpo" "ldap/servers/slapd/.deps/ldap_agent_bin-agtmmap.Po"; else rm -f "ldap/servers/slapd/.deps/ldap_agent_bin-agtmmap.Tpo"; exit 1; fi /bin/sh ./libtool --tag=CC --mode=link gcc -g -o ldap-agent-bin ldap/servers/snmp/ldap_agent_bin-main.o ldap/servers/snmp/ldap_agent_bin-ldap-agent.o ldap/servers/slapd/ldap_agent_bin-agtmmap.o -L/opt/dirsrv/lib -lssldap60 -lprldap60 -lldap60 -lldif60 -lsasl2 -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib -lnetsnmpmibs -lnetsnmpagent -lnetsnmphelpers -lnetsnmp -lm -ldl -lsensors -lwrap -lwrap gcc -g -o ldap-agent-bin ldap/servers/snmp/ldap_agent_bin-main.o ldap/servers/snmp/ldap_agent_bin-ldap-agent.o ldap/servers/slapd/ldap_agent_bin-agtmmap.o -L/opt/dirsrv/lib -lssldap60 -lprldap60 -lldap60 -lldif60 /usr/lib/libsasl2.so -lresolv -lssl3 -lnss3 -lsoftokn3 -lplc4 -lplds4 -lnspr4 -L/usr/lib /usr/lib/libnetsnmpmibs.so /usr/lib/libnetsnmpagent.so /usr/lib/libnetsnmphelpers.so /usr/lib/libnetsnmp.so -lcrypto -lm -ldl -lsensors -lwrap ldap/servers/snmp/ldap_agent_bin-ldap-agent.o: In function `init_ldap_agent': ldap/servers/snmp/ldap-agent.c:98: undefined reference to `CONTAINER_INSERT' collect2: ld returned 1 exit status make[3]: *** [ldap-agent-bin] Error 1 make[3]: Leaving directory `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' make[2]: *** [all] Error 2 make[2]: Leaving directory `/usr/src/dsbuild/ds/ldapserver/work/fedora-ds-base-1.1.0' make[1]: *** [build-work/fedora-ds-base-1.1.0/Makefile] Error 2 make[1]: Leaving directory `/usr/src/dsbuild/ds/ldapserver' make: *** [dep-../../ds/ldapserver] Error 2 make: Leaving directory `/usr/src/dsbuild/meta/ds' From rmeggins at redhat.com Wed Feb 20 21:05:40 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 20 Feb 2008 14:05:40 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802201901.44887.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802201814.19735.Ryan.Braun@ec.gc.ca> <47BC6FCD.1040801@redhat.com> <200802201901.44887.Ryan.Braun@ec.gc.ca> Message-ID: <47BC9624.8080808@redhat.com> Ryan Braun wrote: > On Wednesday 20 February 2008 6:22 pm, Rich Megginson wrote: > >>>>> Where would I have to define that? I tried adding >>>>> >>>>> DS_CONFIGURE_ARGS = NETSNMP_USE_INLINE=1 >>>>> >>>> Try adding >>>> DS_CONFIGURE_ENV += CPPFLAGS=-DNETSNMP_USE_INLINE=1 >>>> to somewhere around line 21 of dsbuild/ds/Makefile >>>> >>>> I think the proper solution will be to modify the ldapserver code to >>>> allow for net-snmp specific compiler and linker flags. But this will at >>>> least make the definition as localized as possible. >>>> >>> I added that line to /usr/src/dsbuild/ds/ldapserver/Makefile. Which is >>> what I *think* you meant. >>> >> Yes, that's what I meant :-) >> >> >>> I then tried to start the dsbuild process over having >>> dsbuild handle svrcore, perl/mozldap and it errors at the same point >>> again. >>> >> Ok. You'll have to remove the cookies and the code to force it to start >> over again from the configure stage: >> rm -rf dsbuild/ds/ldapserver/work dsbuild/ds/ldapserver/cookies >> Then do >> make -C dsbuild/meta/ds SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 >> PERLDAP_SOURCE=1 >> again. >> >> > > It looks like it bails with the same error. I'll try building the snmp source > for giggles, but we'll see what to try next to fix the original issue. > > Here is /usr/src/dsbuild/ds/ldapserver/Makefile > > {{{ > include ../../objdirname.mk > > GARNAME = fedora-ds-base > GARVERSION = 1.1.0 > CATEGORIES = ds > PATCHFILES = > > PKGDIR = $(ABS_GARDIR)/$(CATEGORIES)/ldapserver/work/pkg > > ifdef USE_CVS > CVSMODULES = ldapserver > else > DISTFILES = $(GARNAME)-$(GARVERSION).tar.bz2 > endif > > LIBDEPS = > > DESCRIPTION = Fedora Directory Server (base) > > CONFIGURE_ARGS = $(DS_CONFIGURE_ARGS) --enable-bundle > DS_CONFIGURE_ENV += CPPFLAGS=-DNETSNMP_USE_INLINE=1 > Try CONFIGURE_ENV instead of DS_CONFIGURE_ENV - then remove work and cookies and try again -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From Ryan.Braun at ec.gc.ca Wed Feb 20 21:57:41 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Wed, 20 Feb 2008 21:57:41 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47BC9624.8080808@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802201901.44887.Ryan.Braun@ec.gc.ca> <47BC9624.8080808@redhat.com> Message-ID: <200802202157.41430.Ryan.Braun@ec.gc.ca> On Wednesday 20 February 2008 9:05 pm, Rich Megginson wrote: > > CONFIGURE_ARGS = $(DS_CONFIGURE_ARGS) --enable-bundle > > DS_CONFIGURE_ENV += CPPFLAGS=-DNETSNMP_USE_INLINE=1 > > Try CONFIGURE_ENV instead of DS_CONFIGURE_ENV - then remove work and > cookies and try again Ok, that worked. the ldapserver finished building. Next stop on the bug the the bug bashing train. make[2]: *** [http//directory.fedoraproject.org/sources/ldapjdk.jar] Error 1 make[2]: Leaving directory `/usr/src/dsbuild/ds/ldapjdk' ==> Trying http//directory.fedoraproject.org/download/ldapjdk.jar make[2]: Entering directory `/usr/src/dsbuild/ds/ldapjdk' --15:41:29-- http://directory.fedoraproject.org/download/ldapjdk.jar => `download/ldapjdk.jar' Resolving xxxproxy.xxx.ec.gc.ca... Connecting to xxxproxy.xxx.ec.gc.ca||:8080... connected. Proxy request sent, awaiting response... 200 OK Length: 264,659 (258K) [application/x-java-archive] 100%[===============================================================================================================================================================================================>] 264,659 150.17K/s 15:41:31 (149.65 KB/s) - `download/ldapjdk.jar' saved [264659/264659] make[2]: Leaving directory `/usr/src/dsbuild/ds/ldapjdk' [fetch] complete for ldapjdk. install -d cookies ==> Running checksum on ldapjdk.jar 200020a78145bda8401b71cd08c7756c download/ldapjdk.jar file ldapjdk.jar passes checksum test! [checksum] complete for ldapjdk. install -d work [extract] complete for ldapjdk. install -d work/ldapjdk-4.17 [patch] complete for ldapjdk. [configure] complete for ldapjdk. [build] complete for ldapjdk. mkdir -p cookies/. && date >> cookies/install-custom [install] complete for ldapjdk. make[1]: Leaving directory `/usr/src/dsbuild/ds/ldapjdk' ==> Building ds/jss as a dependency make: *** ../../ds/jss: No such file or directory. Stop. make: *** [dep-../../ds/jss] Error 2 ywgbuild:/usr/src/dsbuild/meta/ds# Sure enough, there is no /usr/src/dsbuild/ds/jss directory. If I go ahead and create the directory it still fails. I guess it's looking for more then just a directory ==> Building ds/jss as a dependency make[1]: Entering directory `/usr/src/dsbuild/ds/jss' make[1]: *** No rule to make target `install'. Stop. make[1]: Leaving directory `/usr/src/dsbuild/ds/jss' make: *** [dep-../../ds/jss] Error 2 Thanks for all the help Rich. Ryan Braun Informatics Operations Aviation and Defence Services Division Chief Information Officer Branch, Environment Canada CIV: (204) 833-2500x2824 CSN: 257-2824 FAX: (204) 833-2524 E-Mail: Ryan.Braun at ec.gc.ca From rmeggins at redhat.com Wed Feb 20 22:18:47 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 20 Feb 2008 15:18:47 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802202157.41430.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802201901.44887.Ryan.Braun@ec.gc.ca> <47BC9624.8080808@redhat.com> <200802202157.41430.Ryan.Braun@ec.gc.ca> Message-ID: <47BCA747.4010003@redhat.com> Ryan Braun wrote: > On Wednesday 20 February 2008 9:05 pm, Rich Megginson wrote: > >>> CONFIGURE_ARGS = $(DS_CONFIGURE_ARGS) --enable-bundle >>> DS_CONFIGURE_ENV += CPPFLAGS=-DNETSNMP_USE_INLINE=1 >>> >> Try CONFIGURE_ENV instead of DS_CONFIGURE_ENV - then remove work and >> cookies and try again >> > > Ok, that worked. the ldapserver finished building. Next stop on the bug the > the bug bashing train. > > > make[2]: *** [http//directory.fedoraproject.org/sources/ldapjdk.jar] Error 1 > make[2]: Leaving directory `/usr/src/dsbuild/ds/ldapjdk' > ==> Trying http//directory.fedoraproject.org/download/ldapjdk.jar > make[2]: Entering directory `/usr/src/dsbuild/ds/ldapjdk' > --15:41:29-- http://directory.fedoraproject.org/download/ldapjdk.jar > => `download/ldapjdk.jar' > Resolving xxxproxy.xxx.ec.gc.ca... > Connecting to xxxproxy.xxx.ec.gc.ca||:8080... connected. > Proxy request sent, awaiting response... 200 OK > Length: 264,659 (258K) [application/x-java-archive] > > 100%[===============================================================================================================================================================================================>] > 264,659 150.17K/s > > 15:41:31 (149.65 KB/s) - `download/ldapjdk.jar' saved [264659/264659] > > make[2]: Leaving directory `/usr/src/dsbuild/ds/ldapjdk' > [fetch] complete for ldapjdk. > install -d cookies > ==> Running checksum on ldapjdk.jar > 200020a78145bda8401b71cd08c7756c download/ldapjdk.jar > file ldapjdk.jar passes checksum test! > [checksum] complete for ldapjdk. > install -d work > [extract] complete for ldapjdk. > install -d work/ldapjdk-4.17 > [patch] complete for ldapjdk. > [configure] complete for ldapjdk. > [build] complete for ldapjdk. > mkdir -p cookies/. && date >> cookies/install-custom > [install] complete for ldapjdk. > make[1]: Leaving directory `/usr/src/dsbuild/ds/ldapjdk' > ==> Building ds/jss as a dependency > make: *** ../../ds/jss: No such file or directory. Stop. > make: *** [dep-../../ds/jss] Error 2 > ywgbuild:/usr/src/dsbuild/meta/ds# > > Sure enough, there is no /usr/src/dsbuild/ds/jss directory. > > If I go ahead and create the directory it still fails. I guess it's looking > for more then just a directory > > ==> Building ds/jss as a dependency > make[1]: Entering directory `/usr/src/dsbuild/ds/jss' > make[1]: *** No rule to make target `install'. Stop. > make[1]: Leaving directory `/usr/src/dsbuild/ds/jss' > make: *** [dep-../../ds/jss] Error 2 > > > Thanks for all the help Rich. > You're now past the point where I gave up :P But you now should have the core directory server. What's left is the console and the admin server components. You can build the admin server stuff with make ... BUILD_DS_ADMIN=1 ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 ADMINSERVER_SOURCE=1 The java components will be more tricky. For ldapjdk, it would be nice to be able to build from source in dsbuild, but the jar file is cross platform and stable. JSS is different because it has some JNI code and should be compiled. There are binaries available from ftp.mozilla.org but I don't know how well they will work. None of the other java components listed at http://directory.fedoraproject.org/wiki/Source and http://directory.fedoraproject.org/wiki/BuildingConsole have been rolled into dsbuild. > Ryan Braun > Informatics Operations > Aviation and Defence Services Division > Chief Information Officer Branch, Environment Canada > CIV: (204) 833-2500x2824 CSN: 257-2824 FAX: (204) 833-2524 > E-Mail: Ryan.Braun at ec.gc.ca > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From richard at powerset.com Wed Feb 20 23:17:37 2008 From: richard at powerset.com (Richard Hesse) Date: Wed, 20 Feb 2008 15:17:37 -0800 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: <47BB6E82.3050204@redhat.com> Message-ID: Yeah, we?re using SSL and TLS so ethereal/tcpdump isn?t going to yield much info. The process hung again and strace didn?t provide too much information other than this: futex(0x20b9260, FUTEX_WAIT, 2, NULL) Would that give you a place to start looking? -richard On 2/19/08 4:04 PM, "Rich Megginson" wrote: > Richard Hesse wrote: >> Not much new to report. The server hung again and the only thing in the >> error log with connection tracing is this: >> >> [18/Feb/2008:13:14:03 +0000] - PR_Write(41818752) Netscape Portable Runtime >> error -5961 (TCP connection reset by peer.) >> [18/Feb/2008:13:14:03 +0000] - ber_flush failed, error 104 (Connection reset >> by peer) >> >> Which doesn't look like much. > Well, it tells me that the server was attempting to write to a socket, > and got an error. -5961 is PR_CONNECT_RESET_ERROR which can occur if > the system call returns either EPIPE or ECONNRESET. And error 104 is > indeed ECONNRESET. > /usr/include/asm-generic/errno.h:#define ECONNRESET 104 > /* Connection reset by peer */ > > AFAICT, this can happen if the client shuts down the socket (for any > number of reasons) but the server is still attempting to send data. In > this case, the client will respond with a TCP RST. I'm not sure how or > why this could happen. I'm open to other causes for ECONNRESET. > What would be really, really interesting is if we could narrow this down > to a particular client application and run ethereal on the connection. > > Are you using SSL? >> As for network tuning, it's already been done. >> >> Max descriptors is set to 32768. >> >> Are there any gdb commands I can run while the server is in a hung state? >> > Sure. For whatever the cause of the ECONNRESET, it should not cause the > server to hang, and it would be interesting to find out what it's > doing. You'll have to install the fedora-ds-base-debuginfo package. > Attach to the process - gdb /usr/sbin/ns-slapd > Then, dump the thread stacks - > > (gdb) thread apply all bt > > If you want the output to go to a file, redirect gdb logging to a file > first before doing the thread apply e.g. > > (gdb) set logging on > (gdb) set logging file stack.txt > > >> I'm going to try running strace while the process is working, and hope for a >> hang. Maybe that will give us some more info. >> >> -richard >> >> On 2/19/08 10:23 AM, "Rich Megginson" wrote: >> >> >>> Richard Hesse wrote: >>> >>>> Yes, every host (except the ldap hosts) runs nscd. The ldap servers are not >>>> configured to use directory data for anything. >>>> >>>> >>> I just don't know. I've not seen this before. I suppose you could try >>> checking your kernel TCP/IP settings, and increasing the number of file >>> descriptors used - >>> http://directory.fedoraproject.org/wiki/Performance_Tuning >>> >>>> -richard >>>> >>>> >>>> On 2/15/08 2:11 PM, "Rich Megginson" wrote: >>>> >>>> >>>> >>>>> Richard Hesse wrote: >>>>> >>>>> >>>>>> nsswitch posix users/groups, >>>>>> >>>>>> >>>>> Are you using nscd? >>>>> >>>>> >>>>>> ssh, sudo, puppet (config management), and >>>>>> internally written applications. >>>>>> >>>>>> -richard >>>>>> >>>>>> On 2/15/08 12:53 PM, "Rich Megginson" wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> What is the application which is generating this load? >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > From rmeggins at redhat.com Wed Feb 20 23:39:27 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 20 Feb 2008 16:39:27 -0700 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: References: Message-ID: <47BCBA2F.2080803@redhat.com> Richard Hesse wrote: > Yeah, we?re using SSL and TLS so ethereal/tcpdump isn?t going to yield much > info. It would give us the TCP/IP protocol data, so we could see what clients and servers are sending the FIN and RST. It's not so much the LDAP data I care about, although ssltap might be useful for that. > The process hung again and strace didn?t provide too much information > other than this: > > futex(0x20b9260, FUTEX_WAIT, 2, NULL) > > Would that give you a place to start looking? > That does suggest a possible deadlock. > -richard > > > On 2/19/08 4:04 PM, "Rich Megginson" wrote: > > >> Richard Hesse wrote: >> >>> Not much new to report. The server hung again and the only thing in the >>> error log with connection tracing is this: >>> >>> [18/Feb/2008:13:14:03 +0000] - PR_Write(41818752) Netscape Portable Runtime >>> error -5961 (TCP connection reset by peer.) >>> [18/Feb/2008:13:14:03 +0000] - ber_flush failed, error 104 (Connection reset >>> by peer) >>> >>> Which doesn't look like much. >>> >> Well, it tells me that the server was attempting to write to a socket, >> and got an error. -5961 is PR_CONNECT_RESET_ERROR which can occur if >> the system call returns either EPIPE or ECONNRESET. And error 104 is >> indeed ECONNRESET. >> /usr/include/asm-generic/errno.h:#define ECONNRESET 104 >> /* Connection reset by peer */ >> >> AFAICT, this can happen if the client shuts down the socket (for any >> number of reasons) but the server is still attempting to send data. In >> this case, the client will respond with a TCP RST. I'm not sure how or >> why this could happen. I'm open to other causes for ECONNRESET. >> What would be really, really interesting is if we could narrow this down >> to a particular client application and run ethereal on the connection. >> >> Are you using SSL? >> >>> As for network tuning, it's already been done. >>> >>> Max descriptors is set to 32768. >>> >>> Are there any gdb commands I can run while the server is in a hung state? >>> >>> >> Sure. For whatever the cause of the ECONNRESET, it should not cause the >> server to hang, and it would be interesting to find out what it's >> doing. You'll have to install the fedora-ds-base-debuginfo package. >> Attach to the process - gdb /usr/sbin/ns-slapd >> Then, dump the thread stacks - >> >> (gdb) thread apply all bt >> >> If you want the output to go to a file, redirect gdb logging to a file >> first before doing the thread apply e.g. >> >> (gdb) set logging on >> (gdb) set logging file stack.txt >> >> >> >>> I'm going to try running strace while the process is working, and hope for a >>> hang. Maybe that will give us some more info. >>> >>> -richard >>> >>> On 2/19/08 10:23 AM, "Rich Megginson" wrote: >>> >>> >>> >>>> Richard Hesse wrote: >>>> >>>> >>>>> Yes, every host (except the ldap hosts) runs nscd. The ldap servers are not >>>>> configured to use directory data for anything. >>>>> >>>>> >>>>> >>>> I just don't know. I've not seen this before. I suppose you could try >>>> checking your kernel TCP/IP settings, and increasing the number of file >>>> descriptors used - >>>> http://directory.fedoraproject.org/wiki/Performance_Tuning >>>> >>>> >>>>> -richard >>>>> >>>>> >>>>> On 2/15/08 2:11 PM, "Rich Megginson" wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> Richard Hesse wrote: >>>>>> >>>>>> >>>>>> >>>>>>> nsswitch posix users/groups, >>>>>>> >>>>>>> >>>>>>> >>>>>> Are you using nscd? >>>>>> >>>>>> >>>>>> >>>>>>> ssh, sudo, puppet (config management), and >>>>>>> internally written applications. >>>>>>> >>>>>>> -richard >>>>>>> >>>>>>> On 2/15/08 12:53 PM, "Rich Megginson" wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> What is the application which is generating this load? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From solarflow99 at gmail.com Thu Feb 21 10:52:48 2008 From: solarflow99 at gmail.com (solarflow99) Date: Thu, 21 Feb 2008 10:52:48 +0000 Subject: [Fedora-directory-users] new install - howto start using In-Reply-To: <47BC67ED.6090409@redhat.com> References: <7020fd000802200933h992f241p79bd26ec15173505@mail.gmail.com> <47BC65B5.6080703@redhat.com> <7020fd000802200943vc538bdcv8fedc8f6f38c9044@mail.gmail.com> <47BC67ED.6090409@redhat.com> Message-ID: <7020fd000802210252u54fa3a0bo4db5a518319cc7ac@mail.gmail.com> I created a user, but I don't see it from the directory server tab under netscaperoot or my suffix. I can only guess what I should be doing to try using it, the install guide seems to assume you either know what you're doing already or have existing LDAP users to migrate. I wish there was a get started guide, any ideas how to get going? Thanks, On 2/20/08, Rich Megginson wrote: > > solarflow99 wrote: > > thanks, I got into the console already, and looked around. > Go to the Users&Groups tab. I think 1.0.4 has a bug in that it uses > o=NetscapeRoot for the default Users&Groups container. If you go into > one of the menus, you can Edit Directory and set it to your real suffix > e.g. dc=yourdomain,dc=com > > > > > > > > On 2/20/08, *Rich Megginson* > > wrote: > > > > solarflow99 wrote: > > > Hi, I have FDS 1.04 on RHEL4 installed and was wondering how to > get > > > started using this? The installation is easy, now i'd like to > know > > > how to add new users and test things out. The docs and > > > long extensive, I didn't actually see a simple get stared > guide. I > > > hope adding new users easier than the openldap way, having to > create > > > LDIF files, doing ldapadd, etc. > > Use the console. You'll have to have the correct Java > installed. If > > you are a RHEL customer, you should be able to just do > > up2date java-1.4.2-ibm > > to get the correct java. This is in the Extras or Supplemental > > channel. Use > > java -version > > to confirm you are using the IBM java and not gcj. > > > > Then, > > cd /opt/fedora-ds > > ./startconsole > > > > Use http://localhost:adminserverport/ for the Admin URL > > If you don't know what your admin server port is, grep \^Listen > > admin-serv/config/console.conf > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From millerc at amerch.com Thu Feb 21 00:27:18 2008 From: millerc at amerch.com (Chase Miller) Date: Wed, 20 Feb 2008 18:27:18 -0600 Subject: [Fedora-directory-users] Fedora Console wont' start... Message-ID: <49b0cbd70802201627p373bb562ne3486552a3ecd389@mail.gmail.com> I have installed two fedora-ds on LINUX 5.1 One works great, the second one, the console won't start. Any ideas? -- Chase Miller millerc at amerch.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Feb 21 15:12:32 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 21 Feb 2008 08:12:32 -0700 Subject: [Fedora-directory-users] Fedora Console wont' start... In-Reply-To: <49b0cbd70802201627p373bb562ne3486552a3ecd389@mail.gmail.com> References: <49b0cbd70802201627p373bb562ne3486552a3ecd389@mail.gmail.com> Message-ID: <47BD94E0.60803@redhat.com> Chase Miller wrote: > I have installed two fedora-ds on LINUX 5.1 > One works great, the second one, the console won't start. Any ideas? Fedora DS 1.0.4 or 1.1? If the former, /opt/fedora-ds/startconsole -D 9 if the latter, /usr/bin/fedora-idm-console -D 9 > > -- > Chase Miller > millerc at amerch.com > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Feb 21 15:13:28 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 21 Feb 2008 08:13:28 -0700 Subject: [Fedora-directory-users] new install - howto start using In-Reply-To: <7020fd000802210252u54fa3a0bo4db5a518319cc7ac@mail.gmail.com> References: <7020fd000802200933h992f241p79bd26ec15173505@mail.gmail.com> <47BC65B5.6080703@redhat.com> <7020fd000802200943vc538bdcv8fedc8f6f38c9044@mail.gmail.com> <47BC67ED.6090409@redhat.com> <7020fd000802210252u54fa3a0bo4db5a518319cc7ac@mail.gmail.com> Message-ID: <47BD9518.8090906@redhat.com> solarflow99 wrote: > I created a user, Where? In the Users&Groups tab in the main console window? > but I don't see it from the directory server tab under netscaperoot or > my suffix. Where? In the directory server console Directory tab browser window? > I can only guess what I should be doing to try using it, the install > guide seems to assume you either know what you're doing already or > have existing LDAP users to migrate. I wish there was a get started > guide, any ideas how to get going? > > Thanks, > > > > > On 2/20/08, *Rich Megginson* > wrote: > > solarflow99 wrote: > > thanks, I got into the console already, and looked around. > Go to the Users&Groups tab. I think 1.0.4 has a bug in that it uses > o=NetscapeRoot for the default Users&Groups container. If you go into > one of the menus, you can Edit Directory and set it to your real > suffix > e.g. dc=yourdomain,dc=com > > > > > > > > On 2/20/08, *Rich Megginson* > > >> wrote: > > > > solarflow99 wrote: > > > Hi, I have FDS 1.04 on RHEL4 installed and was wondering > how to get > > > started using this? The installation is easy, now i'd > like to know > > > how to add new users and test things out. The docs and > > > long extensive, I didn't actually see a simple get stared > guide. I > > > hope adding new users easier than the openldap way, having > to create > > > LDIF files, doing ldapadd, etc. > > Use the console. You'll have to have the correct Java > installed. If > > you are a RHEL customer, you should be able to just do > > up2date java-1.4.2-ibm > > to get the correct java. This is in the Extras or Supplemental > > channel. Use > > java -version > > to confirm you are using the IBM java and not gcj. > > > > Then, > > cd /opt/fedora-ds > > ./startconsole > > > > Use http://localhost:adminserverport/ for the Admin URL > > If you don't know what your admin server port is, grep \^Listen > > admin-serv/config/console.conf > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From vaddarapu at gmail.com Fri Feb 22 06:14:51 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Fri, 22 Feb 2008 17:14:51 +1100 Subject: [Fedora-directory-users] Console issue Message-ID: Hi, After i enabled ssl in admin server i restarted the dirsrv-admin. Then i try to access the console i am getting the following error message " cannot logon because of an incorrect User ID, Incorrect password or Directory problem. java.io.InterruptedIOException: HTTP response timeout" But i can get to web interface URL and can login without any problem. Thanks in Advance. Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: From howard at cohtech.com Fri Feb 22 12:00:43 2008 From: howard at cohtech.com (Howard Wilkinson) Date: Fri, 22 Feb 2008 12:00:43 +0000 Subject: [Fedora-directory-users] Setting up Multiple Directory Servers - in a multi-master mesh. Having problems with admin server. In-Reply-To: <47BC6E9B.7020206@redhat.com> References: <47B422B8.1070400@cohtech.com> <47B47FD5.8060101@redhat.com> <47B96142.3090506@cohtech.com> <47BB1A35.6030402@redhat.com> <47BBF99E.8060606@cohtech.com> <47BC6E9B.7020206@redhat.com> Message-ID: <47BEB96B.8070202@cohtech.com> Rich Megginson wrote: > Howard Wilkinson wrote: >> Richard et al, >> >> I have obviously confused you on this so to start again! >> >> I have four machines on which I am installing directory server >> version 1.1. >> >> I have automated the install so that I start with a virgin install >> every time - erase the packages and delete all of the files left >> lying around and then reinstall the packages. >> >> I want to set up the four machines in a fault-tolerant fashion. So I >> have an initial master, a secondary on a separate machine, and 2 >> consumers on the other machines. >> >> I can setup the servers on each machine with their own admin server >> and can gt the SSL working and have modified the mmr script and can >> get all other server to replicate. Master and Secondary in >> multi-master mode, consumers fed from master and secondary. >> >> What I want to achieve is to have all of the servers sharing the >> o=NetscapeRoot paritition (i.e. all having an admin server but all >> having the same configuration for the admin server). Now this means >> that they need to be in a mesh multi-master - OK I can set that up >> but I can't get the servers to register cleanly with the individual >> admin servers on each of the machines. > Ok. I understand. First, you have to follow these guidelines - > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html > > > Next, it sounds like you are running into this bug - > https://bugzilla.redhat.com/show_bug.cgi?id=431103 Have followed these instructions, with the fixes from the patch and we are further along! I now have all servers registered on the master server and can see them from there as expected. I now face an issue with "register-ds-admin.pl" when I run it in the secondary server I get the following output. If you have such Directory Server, type the full path that stores the configuration file. If you don't, type return. [configuration directory path or return]: ============================================================================== Candidate servers to register: /etc/dirsrv/slapd-backus ============================================================================== Do you want to use this server as Configuration Directory Server? Directory server identifier: backus ============================================================================== Do you want to use this server as Configuration Directory Server? Directory server identifier: and this justs keeps cycling asking the same question. If I run on one of the consumers the behaviour is different but still no very useful. I get a bit further but it refuses to recognise the admin password. Do you want to use this server as Configuration Directory Server? Directory server identifier: barnacle ============================================================================== Cleaning up old Config DS: ============================================================================== Please input the password for the Administrator User uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot: Error: failed to clean up the configuration info from the old Configuration Directory Server . ============================================================================== Please input the password for the Administrator User uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot: I get the same behaviour if I run on the Master server. Any suggestions? ............. -------------- next part -------------- An HTML attachment was scrubbed... URL: From solarflow99 at gmail.com Fri Feb 22 15:40:50 2008 From: solarflow99 at gmail.com (solarflow99) Date: Fri, 22 Feb 2008 15:40:50 +0000 Subject: [Fedora-directory-users] new install - howto start using In-Reply-To: <47BD9518.8090906@redhat.com> References: <7020fd000802200933h992f241p79bd26ec15173505@mail.gmail.com> <47BC65B5.6080703@redhat.com> <7020fd000802200943vc538bdcv8fedc8f6f38c9044@mail.gmail.com> <47BC67ED.6090409@redhat.com> <7020fd000802210252u54fa3a0bo4db5a518319cc7ac@mail.gmail.com> <47BD9518.8090906@redhat.com> Message-ID: <7020fd000802220740y74f8d4cbo6218bdeb39e78eae@mail.gmail.com> On 2/21/08, Rich Megginson wrote: > solarflow99 wrote: > > I created a user, > Where? In the Users&Groups tab in the main console window? ya, and after a created a user, next time I restarted it was gone. > but I don't see it from the directory server tab under netscaperoot or > > my suffix. > Where? In the directory server console Directory tab browser window? ya. I was wondering which version would be best to use then, how about 1.1? I'll be reinstalling again anyways, so i'll try again. Thanks, > > I can only guess what I should be doing to try using it, the install > > guide seems to assume you either know what you're doing already or > > have existing LDAP users to migrate. I wish there was a get started > > guide, any ideas how to get going? > > > > Thanks, > > > > > > > > > > On 2/20/08, *Rich Megginson* > > wrote: > > > > solarflow99 wrote: > > > thanks, I got into the console already, and looked around. > > Go to the Users&Groups tab. I think 1.0.4 has a bug in that it uses > > o=NetscapeRoot for the default Users&Groups container. If you go > into > > one of the menus, you can Edit Directory and set it to your real > > suffix > > e.g. dc=yourdomain,dc=com > > > > > > > > > > > > On 2/20/08, *Rich Megginson* > > > > >> wrote: > > > > > > solarflow99 wrote: > > > > Hi, I have FDS 1.04 on RHEL4 installed and was wondering > > how to get > > > > started using this? The installation is easy, now i'd > > like to know > > > > how to add new users and test things out. The docs and > > > > long extensive, I didn't actually see a simple get stared > > guide. I > > > > hope adding new users easier than the openldap way, having > > to create > > > > LDIF files, doing ldapadd, etc. > > > Use the console. You'll have to have the correct Java > > installed. If > > > you are a RHEL customer, you should be able to just do > > > up2date java-1.4.2-ibm > > > to get the correct java. This is in the Extras or > Supplemental > > > channel. Use > > > java -version > > > to confirm you are using the IBM java and not gcj. > > > > > > Then, > > > cd /opt/fedora-ds > > > ./startconsole > > > > > > Use http://localhost:adminserverport/ for the Admin URL > > > If you don't know what your admin server port is, grep > \^Listen > > > admin-serv/config/console.conf > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Feb 22 15:55:19 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 22 Feb 2008 08:55:19 -0700 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: Message-ID: <47BEF067.8060503@redhat.com> Anand Vaddarapu wrote: > Hi, > > > After i enabled ssl in admin server i restarted the dirsrv-admin. Then > i try to access the console i am getting the following error message > " cannot logon because of an incorrect User ID, Incorrect password or > Directory problem. java.io.InterruptedIOException: HTTP response timeout" You must use https for the admin server url. Admin server cannot listen for both SSL and non-SSL connections, unlike the directory server. > > > But i can get to web interface URL and can login without any problem. Using http or https? > > > Thanks in Advance. > > Vivek > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From Ryan.Braun at ec.gc.ca Fri Feb 22 17:33:01 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Fri, 22 Feb 2008 17:33:01 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47BCA747.4010003@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802202157.41430.Ryan.Braun@ec.gc.ca> <47BCA747.4010003@redhat.com> Message-ID: <200802221733.01739.Ryan.Braun@ec.gc.ca> On Wednesday 20 February 2008 10:18 pm, Rich Megginson wrote: > > Sure enough, there is no /usr/src/dsbuild/ds/jss directory. > > > > If I go ahead and create the directory it still fails. I guess it's > > looking for more then just a directory > > > > ==> Building ds/jss as a dependency > > make[1]: Entering directory `/usr/src/dsbuild/ds/jss' > > make[1]: *** No rule to make target `install'. Stop. > > make[1]: Leaving directory `/usr/src/dsbuild/ds/jss' > > make: *** [dep-../../ds/jss] Error 2 > > > > > > Thanks for all the help Rich. > > You're now past the point where I gave up :P But you now should have > the core directory server. What's left is the console and the admin > server components. > > You can build the admin server stuff with > make ... BUILD_DS_ADMIN=1 ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 > ADMINSERVER_SOURCE=1 > > The java components will be more tricky. > > For ldapjdk, it would be nice to be able to build from source in > dsbuild, but the jar file is cross platform and stable. > > JSS is different because it has some JNI code and should be compiled. > There are binaries available from ftp.mozilla.org but I don't know how > well they will work. > > None of the other java components listed at > http://directory.fedoraproject.org/wiki/Source and > http://directory.fedoraproject.org/wiki/BuildingConsole have been rolled > into dsbuild. Ok java components we'll come back to later, I'm having trouble building mod_nss now. infinity:/usr/src/dsbuild/meta/ds# make BUILD_DS_ADMIN=1 ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 ADMINSERVER_SOURCE=1 SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 [===== NOW BUILDING: ds-1.1.0 =====] [fetch] complete for ds. [checksum] complete for ds. [extract] complete for ds. [patch] complete for ds. ==> Building ds/svrcore as a dependency ==> Building ds/mozldap as a dependency ==> Building ds/perldap as a dependency ==> Building ds/ldapserver as a dependency ==> Building ds/adminutil as a dependency ==> Building ds/mod_nss as a dependency cat: /etc/redhat-release: No such file or directory make[1]: Entering directory `/usr/src/dsbuild/ds/mod_nss' [===== NOW BUILDING: mod_nss-1.0.7 =====] [fetch] complete for mod_nss. [checksum] complete for mod_nss. [extract] complete for mod_nss. [patch] complete for mod_nss. [configure] complete for mod_nss. ==> Running make in work/mod_nss-1.0.7 make[2]: Entering directory `/usr/src/dsbuild/ds/mod_nss/work/mod_nss-1.0.7' source='mod_nss.c' object='mod_nss.lo' libtool=yes \ depfile='.deps/mod_nss.Plo' tmpdepfile='.deps/mod_nss.TPlo' \ depmode=gcc3 /bin/sh ./depcomp \ /bin/sh ./libtool --mode=compile gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" -DVERSION=\"1.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -I. -I. -I/usr/include/apache2 -I/usr/include/nspr -I/usr/include/nss -I/usr/include/nspr -I/usr/include/apr-1.0 -g -c -o mod_nss.lo `test -f 'mod_nss.c' || echo './'`mod_nss.c gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"mod_nss\" -DVERSION=\"1.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -I. -I. -I/usr/include/apache2 -I/usr/include/nspr -I/usr/include/nss -I/usr/include/nspr -I/usr/include/apr-1.0 -g -c mod_nss.c -MT mod_nss.lo -MD -MP -MF .deps/mod_nss.TPlo -fPIC -DPIC -o .libs/mod_nss.o In file included from /usr/include/apache2/ap_config.h:25, from /usr/include/apache2/httpd.h:43, from mod_nss.h:20, from mod_nss.c:16: /usr/include/apr-1.0/apr.h:270: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'apr_off_t' In file included from /usr/include/apr-1.0/apr_file_io.h:29, from /usr/include/apr-1.0/apr_network_io.h:26, from /usr/include/apache2/httpd.h:53, from mod_nss.h:20, from mod_nss.c:16: /usr/include/apr-1.0/apr_file_info.h:210: error: expected specifier-qualifier-list before 'apr_off_t' In file included from /usr/include/apr-1.0/apr_network_io.h:26, from /usr/include/apache2/httpd.h:53, from mod_nss.h:20, from mod_nss.c:16: /usr/include/apr-1.0/apr_file_io.h:548: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_file_io.h:740: error: expected declaration specifiers or '...' before 'apr_off_t' In file included from /usr/include/apache2/httpd.h:53, from mod_nss.h:20, from mod_nss.c:16: /usr/include/apr-1.0/apr_network_io.h:545: error: expected declaration specifiers or '...' before 'apr_off_t' In file included from /usr/include/apr-1.0/apr_buckets.h:32, from /usr/include/apache2/httpd.h:54, from mod_nss.h:20, from mod_nss.c:16: /usr/include/apr-1.0/apr_mmap.h:134: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_mmap.h:161: error: expected declaration specifiers or '...' before 'apr_off_t' In file included from /usr/include/apache2/httpd.h:54, from mod_nss.h:20, from mod_nss.c:16: /usr/include/apr-1.0/apr_buckets.h:242: error: expected specifier-qualifier-list before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:706: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:718: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:754: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:890: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:891: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:1168: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:1367: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:1381: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:1431: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_buckets.h:1447: error: expected declaration specifiers or '...' before 'apr_off_t' In file included from mod_nss.h:20, from mod_nss.c:16: /usr/include/apache2/httpd.h:826: error: expected specifier-qualifier-list before 'apr_off_t' In file included from /usr/include/apache2/http_core.h:32, from mod_nss.h:22, from mod_nss.c:16: /usr/include/apache2/util_filter.h:142: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apache2/util_filter.h:299: error: expected declaration specifiers or '...' before 'apr_off_t' In file included from mod_nss.h:22, from mod_nss.c:16: /usr/include/apache2/http_core.h:229: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'ap_get_limit_req_body' /usr/include/apache2/http_core.h:672: error: expected declaration specifiers or '...' before 'apr_off_t' In file included from mod_nss.h:27, from mod_nss.c:16: /usr/include/apache2/http_protocol.h:111: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apache2/http_protocol.h:203: error: expected declaration specifiers or '...' before 'apr_off_t' In file included from /usr/include/apache2/mpm.h:26, from mod_nss.h:30, from mod_nss.c:16: /usr/include/apache2/scoreboard.h:116: error: expected specifier-qualifier-list before 'apr_off_t' In file included from mod_nss.h:32, from mod_nss.c:16: /usr/include/apr-1.0/apr_strings.h:297: error: expected declaration specifiers or '...' before 'apr_off_t' /usr/include/apr-1.0/apr_strings.h:313: error: expected ')' before '*' token /usr/include/apr-1.0/apr_strings.h:349: error: expected ')' before 'size' make[2]: *** [mod_nss.lo] Error 1 make[2]: Leaving directory `/usr/src/dsbuild/ds/mod_nss/work/mod_nss-1.0.7' make[1]: *** [build-work/mod_nss-1.0.7/Makefile] Error 2 make[1]: Leaving directory `/usr/src/dsbuild/ds/mod_nss' make: *** [dep-../../ds/mod_nss] Error 2 infinity:/usr/src/dsbuild/meta/ds# From rmeggins at redhat.com Fri Feb 22 20:42:20 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 22 Feb 2008 13:42:20 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802221733.01739.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802202157.41430.Ryan.Braun@ec.gc.ca> <47BCA747.4010003@redhat.com> <200802221733.01739.Ryan.Braun@ec.gc.ca> Message-ID: <47BF33AC.1010007@redhat.com> Ryan Braun wrote: > On Wednesday 20 February 2008 10:18 pm, Rich Megginson wrote: > >>> Sure enough, there is no /usr/src/dsbuild/ds/jss directory. >>> >>> If I go ahead and create the directory it still fails. I guess it's >>> looking for more then just a directory >>> >>> ==> Building ds/jss as a dependency >>> make[1]: Entering directory `/usr/src/dsbuild/ds/jss' >>> make[1]: *** No rule to make target `install'. Stop. >>> make[1]: Leaving directory `/usr/src/dsbuild/ds/jss' >>> make: *** [dep-../../ds/jss] Error 2 >>> >>> >>> Thanks for all the help Rich. >>> >> You're now past the point where I gave up :P But you now should have >> the core directory server. What's left is the console and the admin >> server components. >> >> You can build the admin server stuff with >> make ... BUILD_DS_ADMIN=1 ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 >> ADMINSERVER_SOURCE=1 >> >> The java components will be more tricky. >> >> For ldapjdk, it would be nice to be able to build from source in >> dsbuild, but the jar file is cross platform and stable. >> >> JSS is different because it has some JNI code and should be compiled. >> There are binaries available from ftp.mozilla.org but I don't know how >> well they will work. >> >> None of the other java components listed at >> http://directory.fedoraproject.org/wiki/Source and >> http://directory.fedoraproject.org/wiki/BuildingConsole have been rolled >> into dsbuild. >> > > Ok java components we'll come back to later, I'm having trouble building > mod_nss now. > > infinity:/usr/src/dsbuild/meta/ds# make BUILD_DS_ADMIN=1 ADMINUTIL_SOURCE=1 > MOD_NSS_SOURCE=1 ADMINSERVER_SOURCE=1 SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 > PERLDAP_SOURCE=1 > Add APXS=/usr/bin/apxs2 HTTPD=/usr/sbin/apache2 Make sure you have the apache2-mpm-worker and apache2-threaded-dev packages installed. > [===== NOW BUILDING: ds-1.1.0 =====] > [fetch] complete for ds. > [checksum] complete for ds. > [extract] complete for ds. > [patch] complete for ds. > ==> Building ds/svrcore as a dependency > ==> Building ds/mozldap as a dependency > ==> Building ds/perldap as a dependency > ==> Building ds/ldapserver as a dependency > ==> Building ds/adminutil as a dependency > ==> Building ds/mod_nss as a dependency > cat: /etc/redhat-release: No such file or directory > make[1]: Entering directory `/usr/src/dsbuild/ds/mod_nss' > [===== NOW BUILDING: mod_nss-1.0.7 =====] > > make[2]: *** [mod_nss.lo] Error 1 > make[2]: Leaving directory `/usr/src/dsbuild/ds/mod_nss/work/mod_nss-1.0.7' > make[1]: *** [build-work/mod_nss-1.0.7/Makefile] Error 2 > make[1]: Leaving directory `/usr/src/dsbuild/ds/mod_nss' > make: *** [dep-../../ds/mod_nss] Error 2 > infinity:/usr/src/dsbuild/meta/ds# > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Feb 22 20:52:03 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 22 Feb 2008 13:52:03 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47BF33AC.1010007@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802202157.41430.Ryan.Braun@ec.gc.ca> <47BCA747.4010003@redhat.com> <200802221733.01739.Ryan.Braun@ec.gc.ca> <47BF33AC.1010007@redhat.com> Message-ID: <47BF35F3.2050503@redhat.com> Rich Megginson wrote: > Ryan Braun wrote: >> On Wednesday 20 February 2008 10:18 pm, Rich Megginson wrote: >> >>>> Sure enough, there is no /usr/src/dsbuild/ds/jss directory. >>>> >>>> If I go ahead and create the directory it still fails. I guess it's >>>> looking for more then just a directory >>>> >>>> ==> Building ds/jss as a dependency >>>> make[1]: Entering directory `/usr/src/dsbuild/ds/jss' >>>> make[1]: *** No rule to make target `install'. Stop. >>>> make[1]: Leaving directory `/usr/src/dsbuild/ds/jss' >>>> make: *** [dep-../../ds/jss] Error 2 >>>> >>>> >>>> Thanks for all the help Rich. >>>> >>> You're now past the point where I gave up :P But you now should have >>> the core directory server. What's left is the console and the admin >>> server components. >>> >>> You can build the admin server stuff with >>> make ... BUILD_DS_ADMIN=1 ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 >>> ADMINSERVER_SOURCE=1 >>> >>> The java components will be more tricky. >>> >>> For ldapjdk, it would be nice to be able to build from source in >>> dsbuild, but the jar file is cross platform and stable. >>> >>> JSS is different because it has some JNI code and should be compiled. >>> There are binaries available from ftp.mozilla.org but I don't know how >>> well they will work. >>> >>> None of the other java components listed at >>> http://directory.fedoraproject.org/wiki/Source and >>> http://directory.fedoraproject.org/wiki/BuildingConsole have been >>> rolled >>> into dsbuild. >>> >> >> Ok java components we'll come back to later, I'm having trouble >> building mod_nss now. >> >> infinity:/usr/src/dsbuild/meta/ds# make BUILD_DS_ADMIN=1 >> ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 ADMINSERVER_SOURCE=1 >> SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 >> > Add APXS=/usr/bin/apxs2 HTTPD=/usr/sbin/apache2 > > Make sure you have the apache2-mpm-worker and apache2-threaded-dev > packages installed. One more thing - after you finish building, you'll have to comment out the following line in your $PREFIX/etc/dirsrv/admin-serv/httpd.conf: LoadModule log_config_module ...... Then you should be able to run $PREFIX/sbin/setup-ds-admin.pl. I was, and both directory server and admin server are running. >> [===== NOW BUILDING: ds-1.1.0 =====] >> [fetch] complete for ds. >> [checksum] complete for ds. >> [extract] complete for ds. >> [patch] complete for ds. >> ==> Building ds/svrcore as a dependency >> ==> Building ds/mozldap as a dependency >> ==> Building ds/perldap as a dependency >> ==> Building ds/ldapserver as a dependency >> ==> Building ds/adminutil as a dependency >> ==> Building ds/mod_nss as a dependency >> cat: /etc/redhat-release: No such file or directory >> make[1]: Entering directory `/usr/src/dsbuild/ds/mod_nss' >> [===== NOW BUILDING: mod_nss-1.0.7 =====] >> > > >> make[2]: *** [mod_nss.lo] Error 1 >> make[2]: Leaving directory >> `/usr/src/dsbuild/ds/mod_nss/work/mod_nss-1.0.7' >> make[1]: *** [build-work/mod_nss-1.0.7/Makefile] Error 2 >> make[1]: Leaving directory `/usr/src/dsbuild/ds/mod_nss' >> make: *** [dep-../../ds/mod_nss] Error 2 >> infinity:/usr/src/dsbuild/meta/ds# >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From vaddarapu at gmail.com Fri Feb 22 22:03:25 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Fri, 22 Feb 2008 14:03:25 -0800 Subject: [Fedora-directory-users] Console issue In-Reply-To: <47BEF067.8060503@redhat.com> References: <47BEF067.8060503@redhat.com> Message-ID: Hi Rich, I can get to web interface with https. I am also using https url to run console. but i am receiving error message " cannot logon because of an incorrect User ID, Incorrect password or Directory problem. java.io.InterruptedIOException: HTTP response timeout" any suggestions. thanks Vivek On Fri, Feb 22, 2008 at 7:55 AM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi, > > > > > > After i enabled ssl in admin server i restarted the dirsrv-admin. Then > > i try to access the console i am getting the following error message > > " cannot logon because of an incorrect User ID, Incorrect password or > > Directory problem. java.io.InterruptedIOException: HTTP response > timeout" > You must use https for the admin server url. Admin server cannot listen > for both SSL and non-SSL connections, unlike the directory server. > > > > > > But i can get to web interface URL and can login without any problem. > Using http or https? > > > > > > Thanks in Advance. > > > > Vivek > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Feb 22 22:06:40 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 22 Feb 2008 15:06:40 -0700 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: <47BEF067.8060503@redhat.com> Message-ID: <47BF4770.2010901@redhat.com> Anand Vaddarapu wrote: > Hi Rich, > > I can get to web interface with https. > I am also using https url to run console. but i am receiving error > message > > " cannot logon because of an incorrect User ID, Incorrect password or > Directory problem. java.io.InterruptedIOException: HTTP response > timeout" java -version fedora-idm-console -D 9 > > any suggestions. > thanks > Vivek > On Fri, Feb 22, 2008 at 7:55 AM, Rich Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi, > > > > > > After i enabled ssl in admin server i restarted the > dirsrv-admin. Then > > i try to access the console i am getting the following error message > > " cannot logon because of an incorrect User ID, Incorrect > password or > > Directory problem. java.io.InterruptedIOException: HTTP response > timeout" > You must use https for the admin server url. Admin server cannot > listen > for both SSL and non-SSL connections, unlike the directory server. > > > > > > But i can get to web interface URL and can login without any > problem. > Using http or https? > > > > > > Thanks in Advance. > > > > Vivek > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From orion at cora.nwra.com Fri Feb 22 23:29:57 2008 From: orion at cora.nwra.com (Orion Poplawski) Date: Fri, 22 Feb 2008 16:29:57 -0700 Subject: [Fedora-directory-users] fedora-idm-console Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException Message-ID: <47BF5AF5.8000209@cora.nwra.com> This is with FDS 1.1 on CentOS 5 with Sun's java. I'm no longer able to open the "Manage certificates" task in the management console for my directory server. I get the following exception. This worked a couple of weeks ago when I fist set up the server, so I'm not sure what would have changed. Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException at com.netscape.management.client.security.CertificateDialog.(Unknown Source) at com.netscape.management.client.security.CertificateDialog.(Unknown Source) at com.netscape.admin.dirserv.task.KeyCert.run(Unknown Source) at com.netscape.management.client.TaskModel.actionObjectRun(Unknown Source) at com.netscape.management.client.TaskPage$TaskList$ButtonMouseListener.mouseClicked(Unknown Source) at java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:253) at java.awt.Component.processMouseEvent(Component.java:6041) at javax.swing.JComponent.processMouseEvent(JComponent.java:3265) at java.awt.Component.processEvent(Component.java:5803) at java.awt.Container.processEvent(Container.java:2058) at java.awt.Component.dispatchEventImpl(Component.java:4410) at java.awt.Container.dispatchEventImpl(Container.java:2116) at java.awt.Component.dispatchEvent(Component.java:4240) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4322) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3995) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3916) at java.awt.Container.dispatchEventImpl(Container.java:2102) at java.awt.Window.dispatchEventImpl(Window.java:2429) at java.awt.Component.dispatchEvent(Component.java:4240) at java.awt.EventQueue.dispatchEvent(EventQueue.java:599) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:273) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:183) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:173) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:168) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:160) at java.awt.EventDispatchThread.run(EventDispatchThread.java:121) I've put a copy of the -D 9 output here: http://www.cora.nwra.com/~orion/fedora/console.log Any help would be greatly appreciated. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion at cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com From rmeggins at redhat.com Sat Feb 23 00:04:30 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 22 Feb 2008 17:04:30 -0700 Subject: [Fedora-directory-users] fedora-idm-console Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException In-Reply-To: <47BF5AF5.8000209@cora.nwra.com> References: <47BF5AF5.8000209@cora.nwra.com> Message-ID: <47BF630E.10804@redhat.com> Orion Poplawski wrote: > This is with FDS 1.1 on CentOS 5 with Sun's java. I'm no longer able > to open the "Manage certificates" task in the management console for > my directory server. I get the following exception. This worked a > couple of weeks ago when I fist set up the server, so I'm not sure > what would have changed. > > Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException > at > com.netscape.management.client.security.CertificateDialog.(Unknown > Source) > at > com.netscape.management.client.security.CertificateDialog.(Unknown > Source) > at com.netscape.admin.dirserv.task.KeyCert.run(Unknown Source) > at > com.netscape.management.client.TaskModel.actionObjectRun(Unknown Source) > at > com.netscape.management.client.TaskPage$TaskList$ButtonMouseListener.mouseClicked(Unknown > Source) > at > java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:253) > at java.awt.Component.processMouseEvent(Component.java:6041) > at javax.swing.JComponent.processMouseEvent(JComponent.java:3265) > at java.awt.Component.processEvent(Component.java:5803) > at java.awt.Container.processEvent(Container.java:2058) > at java.awt.Component.dispatchEventImpl(Component.java:4410) > at java.awt.Container.dispatchEventImpl(Container.java:2116) > at java.awt.Component.dispatchEvent(Component.java:4240) > at > java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4322) > at > java.awt.LightweightDispatcher.processMouseEvent(Container.java:3995) > at > java.awt.LightweightDispatcher.dispatchEvent(Container.java:3916) > at java.awt.Container.dispatchEventImpl(Container.java:2102) > at java.awt.Window.dispatchEventImpl(Window.java:2429) > at java.awt.Component.dispatchEvent(Component.java:4240) > at java.awt.EventQueue.dispatchEvent(EventQueue.java:599) > at > java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:273) > > at > java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:183) > > at > java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:173) > > at > java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:168) > at > java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:160) > at java.awt.EventDispatchThread.run(EventDispatchThread.java:121) > > > I've put a copy of the -D 9 output here: > > http://www.cora.nwra.com/~orion/fedora/console.log > > Any help would be greatly appreciated. > > Looks like a problem on the admin server side - check your admin server access and error logs. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From orion at cora.nwra.com Sat Feb 23 00:40:22 2008 From: orion at cora.nwra.com (orion at cora.nwra.com) Date: Fri, 22 Feb 2008 17:40:22 -0700 (MST) Subject: [Fedora-directory-users] fedora-idm-console Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException In-Reply-To: <47BF630E.10804@redhat.com> References: <47BF5AF5.8000209@cora.nwra.com> <47BF630E.10804@redhat.com> Message-ID: <3783.71.208.66.222.1203727222.squirrel@www.cora.nwra.com> > Looks like a problem on the admin server side - check your admin server > access and error logs. Looks like this is probably the issue: [Fri Feb 22 15:33:11 2008] [notice] [client 192.168.0.8] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.0.8 But I really don't know why it wouldn't be able to resolve. # host 192.168.0.8 8.0.168.192.in-addr.arpa domain name pointer earth.cora.nwra.com. From rmeggins at redhat.com Sat Feb 23 00:49:00 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 22 Feb 2008 17:49:00 -0700 Subject: [Fedora-directory-users] fedora-idm-console Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException In-Reply-To: <3783.71.208.66.222.1203727222.squirrel@www.cora.nwra.com> References: <47BF5AF5.8000209@cora.nwra.com> <47BF630E.10804@redhat.com> <3783.71.208.66.222.1203727222.squirrel@www.cora.nwra.com> Message-ID: <47BF6D7C.5010105@redhat.com> orion at cora.nwra.com wrote: >> Looks like a problem on the admin server side - check your admin server >> access and error logs. >> > > Looks like this is probably the issue: > > [Fri Feb 22 15:33:11 2008] [notice] [client 192.168.0.8] > admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.0.8 > > But I really don't know why it wouldn't be able to resolve. > > # host 192.168.0.8 > 8.0.168.192.in-addr.arpa domain name pointer earth.cora.nwra.com. > No, that's just a [notice] - that's benign. Anything else in the error log? In the access log, do you see 500 or 404 or 403 or other HTTP error status codes (i.e. anything other than 200)? > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From playactor at gmail.com Sat Feb 23 02:25:13 2008 From: playactor at gmail.com (Eric Brown) Date: Fri, 22 Feb 2008 20:25:13 -0600 Subject: [Fedora-directory-users] Building the 1.0.4 directory and the console with dsbuild Message-ID: I am trying to build fds 1.0.4 with the admin console, and have run into a problem. I can build the directory server just fine, but the java components are giving me trouble. I get the following error when I attempt to build the whole thing. [erbrow at zed ds]$ pwd /home/erbrow/dsbuild-fds104/meta/ds [erbrow at zed ds]$ make [===== NOW BUILDING: ds-1.0.4 =====] [fetch] complete for ds. [checksum] complete for ds. [extract] complete for ds. [patch] complete for ds. ==> Building ds/mozilla as a dependency ==> Building ds/icu as a dependency ==> Building ds/adminutil as a dependency ==> Building ds/setuputil as a dependency ==> Building ds/mod_nss as a dependency ==> Building ds/mod_admserv as a dependency ==> Building ds/mod_restartd as a dependency ==> Building ds/console as a dependency make[1]: Entering directory `/home/erbrow/dsbuild-fds104/ds/console' [===== NOW BUILDING: fedora-console-1.0.3 =====] [fetch] complete for fedora-console. [checksum] complete for fedora-console. [extract] complete for fedora-console. [patch] complete for fedora-console. [configure] complete for fedora-console. cd work/fedora-console-1.0.3 && ant -Dimports.file=imports.FC3 package Buildfile: build.xml prepare_imports: prepare_build: import_ldapjdk: import_jss_jar: build: [javac] Compiling 400 source files to /home/erbrow/dsbuild-fds104/ds/console/work/built/classes [javac] java.lang.NullPointerException [javac] at org.eclipse.jdt.internal.compiler.batch.ClasspathJar.isPackage(java.lang.String) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.ClasspathJar.findClass(char[], java.lang.String, java.lang.String) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.FileSystem.findClass(java.lang.String, char[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.FileSystem.findType(char[], char[][]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.lookup.LookupEnvironment.createPackage(char[][]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.lookup.CompilationUnitScope.buildTypeBindings() (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.lookup.LookupEnvironment.buildTypeBindings(org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.Compiler.beginToCompile(org.eclipse.jdt.internal.compiler.env.ICompilationUnit[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.Compiler.compile(org.eclipse.jdt.internal.compiler.env.ICompilationUnit[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.Main.performCompilation() (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.Main.compile(java.lang.String[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at _Jv_CallAnyMethodA(java.lang.Object, java.lang.Class, _Jv_Method, boolean, boolean, java.lang.Class[], jvalue, jvalue, boolean) (/usr/lib/libgcj.so.5.0.0) [javac] at _Jv_CallAnyMethodA(java.lang.Object, java.lang.Class, _Jv_Method, boolean, java.lang.Class[], java.lang.Object[]) (/usr/lib/libgcj.so.5.0.0) [javac] at java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (/usr/lib/libgcj.so.5.0.0) [javac] at com.sun.tools.javac.Main.compile(java.lang.String[]) (Unknown Source) [javac] at com.sun.tools.javac.Main.main(java.lang.String[]) (Unknown Source) BUILD FAILED /home/erbrow/dsbuild-fds104/ds/console/work/fedora-console-1.0.3/build.xml:180: Compile failed; see the compiler error output for details. Installed RPMs apr-0.9.4-24.5.c4.2 jdk-1.5.0_12-fcs ecj-2.1.3-5 ldapsdk-4.17-3jpp From orion at cora.nwra.com Sat Feb 23 05:09:57 2008 From: orion at cora.nwra.com (orion at cora.nwra.com) Date: Fri, 22 Feb 2008 22:09:57 -0700 (MST) Subject: [Fedora-directory-users] fedora-idm-console Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException In-Reply-To: <47BF6D7C.5010105@redhat.com> References: <47BF5AF5.8000209@cora.nwra.com> <47BF630E.10804@redhat.com> <3783.71.208.66.222.1203727222.squirrel@www.cora.nwra.com> <47BF6D7C.5010105@redhat.com> Message-ID: <3446.71.208.66.222.1203743397.squirrel@www.cora.nwra.com> > orion at cora.nwra.com wrote: >>> Looks like a problem on the admin server side - check your admin server >>> access and error logs. >>> >> >> Looks like this is probably the issue: >> >> [Fri Feb 22 15:33:11 2008] [notice] [client 192.168.0.8] >> admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.0.8 >> >> But I really don't know why it wouldn't be able to resolve. >> >> # host 192.168.0.8 >> 8.0.168.192.in-addr.arpa domain name pointer earth.cora.nwra.com. >> > No, that's just a [notice] - that's benign. Anything else in the error > log? In the access log, do you see 500 or 404 or 403 or other HTTP > error status codes (i.e. anything other than 200)? Nothing other than 200's in access. The only messages in error from that time are: [Fri Feb 22 15:32:08 2008] [notice] [client 192.168.0.8] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.0.8 [Fri Feb 22 15:32:08 2008] [notice] [client 192.168.0.8] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Fri Feb 22 15:33:11 2008] [notice] [client 192.168.0.8] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.0.8 [Fri Feb 22 15:33:11 2008] [notice] [client 192.168.0.8] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.0.8 From andrey.ivanov at polytechnique.fr Sat Feb 23 13:12:08 2008 From: andrey.ivanov at polytechnique.fr (Andrey Ivanov) Date: Sat, 23 Feb 2008 14:12:08 +0100 Subject: [Fedora-directory-users] fedora-idm-console Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException In-Reply-To: <47BF5AF5.8000209@cora.nwra.com> References: <47BF5AF5.8000209@cora.nwra.com> Message-ID: <1601b8650802230512v74a2c470ma29111bb9021ab16@mail.gmail.com> Hi, I have exactly the same issue - look at the bug 430499 ( https://bugzilla.redhat.com/show_bug.cgi?id=430499) to see all the debug logs of apache and of the console. The bug appears each time you configure the administration server to use the secure connection to the Directory Server configuration server (the file adm.conf contains ldapurl: ldaps://ldap- model.polytechnique.fr:636/o=NetscapeRoot). If you change the adm.conf (or use the console to do that) to ldapurl: ldap://ldap-model.polytechnique.fr:389/o=NetscapeRoot everything works fine again (no java exception, the certificate window opens correctly). And the bug has nothing to do with java vendor - i have tested it for serveral versions, vendors and OS... So i think that's what you have changed during the last couple of weeks :) 2008/2/23, Orion Poplawski : > > This is with FDS 1.1 on CentOS 5 with Sun's java. I'm no longer able to > open the "Manage certificates" task in the management console for my > directory server. I get the following exception. This worked a couple > of weeks ago when I fist set up the server, so I'm not sure what would > have changed. > > Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException > at > com.netscape.management.client.security.CertificateDialog.(Unknown > Source) > at > com.netscape.management.client.security.CertificateDialog.(Unknown > Source) > at com.netscape.admin.dirserv.task.KeyCert.run(Unknown Source) > at > com.netscape.management.client.TaskModel.actionObjectRun(Unknown Source) > at > > com.netscape.management.client.TaskPage$TaskList$ButtonMouseListener.mouseClicked > (Unknown > Source) > at > java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:253) > at java.awt.Component.processMouseEvent(Component.java:6041) > ... > -- > Orion Poplawski > Technical Manager 303-415-9701 x222 > NWRA/CoRA Division FAX: 303-415-9702 > 3380 Mitchell Lane orion at cora.nwra.com > Boulder, CO 80301 http://www.cora.nwra.com > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From playactor at gmail.com Sat Feb 23 15:54:25 2008 From: playactor at gmail.com (Eric Brown) Date: Sat, 23 Feb 2008 09:54:25 -0600 Subject: [Fedora-directory-users] Building the 1.0.4 directory and the console with dsbuild In-Reply-To: References: Message-ID: I am trying to build fds 1.0.4 with the admin console, and have run into a problem. I can build the directory server just fine, but the java components are giving me trouble. I get the following error when I attempt to build the whole thing. [erbrow at zed ds]$ pwd /home/erbrow/dsbuild-fds104/meta/ds [erbrow at zed ds]$ make [===== NOW BUILDING: ds-1.0.4 =====] [fetch] complete for ds. [checksum] complete for ds. [extract] complete for ds. [patch] complete for ds. ==> Building ds/mozilla as a dependency ==> Building ds/icu as a dependency ==> Building ds/adminutil as a dependency ==> Building ds/setuputil as a dependency ==> Building ds/mod_nss as a dependency ==> Building ds/mod_admserv as a dependency ==> Building ds/mod_restartd as a dependency ==> Building ds/console as a dependency make[1]: Entering directory `/home/erbrow/dsbuild-fds104/ds/console' [===== NOW BUILDING: fedora-console-1.0.3 =====] [fetch] complete for fedora-console. [checksum] complete for fedora-console. [extract] complete for fedora-console. [patch] complete for fedora-console. [configure] complete for fedora-console. cd work/fedora-console-1.0.3 && ant -Dimports.file=imports.FC3 package Buildfile: build.xml prepare_imports: prepare_build: import_ldapjdk: import_jss_jar: build: [javac] Compiling 400 source files to /home/erbrow/dsbuild-fds104/ds/console/work/built/classes [javac] java.lang.NullPointerException [javac] at org.eclipse.jdt.internal.compiler.batch.ClasspathJar.isPackage(java.lang.String) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.ClasspathJar.findClass(char[], java.lang.String, java.lang.String) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.FileSystem.findClass(java.lang.String, char[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.FileSystem.findType(char[], char[][]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.lookup.LookupEnvironment.createPackage(char[][]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.lookup.CompilationUnitScope.buildTypeBindings() (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.lookup.LookupEnvironment.buildTypeBindings(org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.Compiler.beginToCompile(org.eclipse.jdt.internal.compiler.env.ICompilationUnit[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.Compiler.compile(org.eclipse.jdt.internal.compiler.env.ICompilationUnit[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.Main.performCompilation() (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at org.eclipse.jdt.internal.compiler.batch.Main.compile(java.lang.String[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) [javac] at _Jv_CallAnyMethodA(java.lang.Object, java.lang.Class, _Jv_Method, boolean, boolean, java.lang.Class[], jvalue, jvalue, boolean) (/usr/lib/libgcj.so.5.0.0) [javac] at _Jv_CallAnyMethodA(java.lang.Object, java.lang.Class, _Jv_Method, boolean, java.lang.Class[], java.lang.Object[]) (/usr/lib/libgcj.so.5.0.0) [javac] at java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (/usr/lib/libgcj.so.5.0.0) [javac] at com.sun.tools.javac.Main.compile(java.lang.String[]) (Unknown Source) [javac] at com.sun.tools.javac.Main.main(java.lang.String[]) (Unknown Source) BUILD FAILED /home/erbrow/dsbuild-fds104/ds/console/work/fedora-console-1.0.3/build.xml:180: Compile failed; see the compiler error output for details. Installed RPMs apr-0.9.4-24.5.c4.2 jdk-1.5.0_12-fcs ecj-2.1.3-5 ldapsdk-4.17-3jpp From zahra_bahar at ec.iut.ac.ir Sun Feb 24 05:02:03 2008 From: zahra_bahar at ec.iut.ac.ir (Zahra Bahar) Date: Sun, 24 Feb 2008 08:32:03 +0330 (IRST) Subject: [Fedora-directory-users] how many users could fedora- DS support? Message-ID: <33089034.424021203829323024.JavaMail.root@mta.iut.ac.ir> Hi how many users could fedora- DS support when we have one server? with regards From vaddarapu at gmail.com Sun Feb 24 10:18:34 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Sun, 24 Feb 2008 21:18:34 +1100 Subject: [Fedora-directory-users] Console issue In-Reply-To: <47BF4770.2010901@redhat.com> References: <47BEF067.8060503@redhat.com> <47BF4770.2010901@redhat.com> Message-ID: Hi Rich, java -version Java Version "1.6.0_03" Java (TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot (TM) Client VM (build 1.6.0_03-b05, mixed mode, sharinf) fedora-idm-console -D 9 # /usr/bin/fedora-idm-console -D 9 java.util.prefs.userRoot=/root/.fedora-idm-console java.runtime.name=Java(TM) SE Runtime Environment sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 java.vm.version=1.6.0_03-b05 java.vm.vendor=Sun Microsystems Inc. java.vendor.url=http://java.sun.com/ path.separator=: java.vm.name=Java HotSpot(TM) Client VM file.encoding.pkg=sun.io sun.java.launcher=SUN_STANDARD user.country=US sun.os.patch.level=unknown java.vm.specification.name=Java Virtual Machine Specification user.dir=/root java.runtime.version=1.6.0_03-b05 java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed os.arch=i386 java.io.tmpdir=/tmp line.separator= java.vm.specification.vendor=Sun Microsystems Inc. os.name=Linux sun.jnu.encoding=UTF-8 java.library.path=/usr/lib java.specification.name=Java Platform API Specification java.class.version=50.0 sun.management.compiler=HotSpot Client Compiler os.version=2.6.18-53.1.4.el5 user.home=/root user.timezone=Australia/Melbourne java.awt.printerjob=sun.print.PSPrinterJob file.encoding=UTF-8 java.specification.version=1.6 java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar user.name=root java.vm.specification.version=1.0 java.home=/usr/java/jre1.6.0_03 sun.arch.data.model=32 java.util.prefs.systemRoot=/root/.fedora-idm-console user.language=en java.specification.vendor=Sun Microsystems Inc. java.vm.info=mixed mode, sharing java.version=1.6.0_03 java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes java.vendor=Sun Microsystems Inc. file.separator=/ java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi sun.io.unicode.encoding=UnicodeLittle sun.cpu.endian=little sun.desktop=gnome sun.cpu.isalist= Fedora-Management-Console/1.1.0 B2007.354.1015 RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Error.gif RemoteImage: Create RemoteImage cache for loader8222510 RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Inform.gif RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Warn.gif RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Question.gif ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.components.components RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/logo16.gif RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/login.gif ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.util.default ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button width = 72 ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default [root at ldap-test1 ~]# ls anaconda-ks.cfg Desktop PDNS~ test2.txt cert-request-info.txt install.log PDNS~~ text1.txt commands install.log.syslog setupssl2.sh text1.txt~ commands~ PDNS tem vericert [root at ldap-test1 ~]# locate password.conf /etc/dirsrv/admin-serv/password.conf /etc/fedora-ds/slapd-localhost/password.conf [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf cat: /etc/dirsrv/admin-serv/: Is a directory cat: password.conf: No such file or directory [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 [root at ldap-test1 ~]# service dirsrv start Starting dirsrv: ldap-test1...Enter PIN for Internal (Software) Token: [ OK ] [root at ldap-test1 ~]# service dirsrv-admin start Starting dirsrv-admin: Please enter password for "internal" token: [ OK ] [root at ldap-test1 ~]# /usr/bin/fedora-idm-console [root at ldap-test1 ~]# ls anaconda-ks.cfg Desktop PDNS~ test2.txt cert-request-info.txt install.log PDNS~~ text1.txt commands install.log.syslog setupssl2.sh text1.txt~ commands~ PDNS tem vericert You have new mail in /var/spool/mail/root [root at ldap-test1 ~]# cat commands yum erase svrcore idm-console-framework rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv rm -rf `find /var -name dirsrv` rm -rf /etc/dirsrv/slapd-* rm -rf /usr/lib/dirsrv/slapd-* rm -rf `find /var -name slapd-\* -print` certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the server doesn't start. find /etc/dirsrv -name \*.db-------to check certs. certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- you'll have a server certificate with a nickname of Server-Cert. [root at ldap-test1 ~]# locate console.conf /etc/dirsrv/admin-serv/console.conf You have new mail in /var/spool/mail/root [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf You have new mail in /var/spool/mail/root [root at ldap-test1 ~]# [root at ldap-test1 ~]# [root at ldap-test1 ~]# java -version java version "1.6.0_03" Java(TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) [root at ldap-test1 ~]# [root at ldap-test1 ~]# [root at ldap-test1 ~]# Display all 2078 possibilities? (y or n) [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 java.util.prefs.userRoot=/root/.fedora-idm-console java.runtime.name=Java(TM) SE Runtime Environment sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 java.vm.version=1.6.0_03-b05 java.vm.vendor=Sun Microsystems Inc. java.vendor.url=http://java.sun.com/ path.separator=: java.vm.name=Java HotSpot(TM) Client VM file.encoding.pkg=sun.io sun.java.launcher=SUN_STANDARD user.country=US sun.os.patch.level=unknown java.vm.specification.name=Java Virtual Machine Specification user.dir=/root java.runtime.version=1.6.0_03-b05 java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed os.arch=i386 java.io.tmpdir=/tmp line.separator= java.vm.specification.vendor=Sun Microsystems Inc. os.name=Linux sun.jnu.encoding=UTF-8 java.library.path=/usr/lib java.specification.name=Java Platform API Specification java.class.version=50.0 sun.management.compiler=HotSpot Client Compiler os.version=2.6.18-53.1.4.el5 user.home=/root user.timezone=Australia/Melbourne java.awt.printerjob=sun.print.PSPrinterJob file.encoding=UTF-8 java.specification.version=1.6 java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar user.name=root java.vm.specification.version=1.0 java.home=/usr/java/jre1.6.0_03 sun.arch.data.model=32 java.util.prefs.systemRoot=/root/.fedora-idm-console user.language=en java.specification.vendor=Sun Microsystems Inc. java.vm.info=mixed mode, sharing java.version=1.6.0_03 java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes java.vendor=Sun Microsystems Inc. file.separator=/ java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi sun.io.unicode.encoding=UnicodeLittle sun.cpu.endian=little sun.desktop=gnome sun.cpu.isalist= Fedora-Management-Console/1.1.0 B2007.354.1015 RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Error.gif RemoteImage: Create RemoteImage cache for loader8222510 RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Inform.gif RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Warn.gif RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Question.gif ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.components.components RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/logo16.gif RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/login.gif ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.util.default ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button width = 72 ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default [root at ldap-test1 ~]# ls anaconda-ks.cfg Desktop PDNS~ test2.txt cert-request-info.txt install.log PDNS~~ text1.txt commands install.log.syslog setupssl2.sh text1.txt~ commands~ PDNS tem vericert [root at ldap-test1 ~]# locate password.conf /etc/dirsrv/admin-serv/password.conf /etc/fedora-ds/slapd-localhost/password.conf [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf cat: /etc/dirsrv/admin-serv/: Is a directory cat: password.conf: No such file or directory [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 [root at ldap-test1 ~]# service dirsrv start Starting dirsrv: ldap-test1...Enter PIN for Internal (Software) Token: [ OK ] [root at ldap-test1 ~]# service dirsrv-admin start Starting dirsrv-admin: Please enter password for "internal" token: [ OK ] [root at ldap-test1 ~]# /usr/bin/fedora-idm-console [root at ldap-test1 ~]# ls anaconda-ks.cfg Desktop PDNS~ test2.txt cert-request-info.txt install.log PDNS~~ text1.txt commands install.log.syslog setupssl2.sh text1.txt~ commands~ PDNS tem vericert You have new mail in /var/spool/mail/root [root at ldap-test1 ~]# cat commands yum erase svrcore idm-console-framework rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv rm -rf `find /var -name dirsrv` rm -rf /etc/dirsrv/slapd-* rm -rf /usr/lib/dirsrv/slapd-* rm -rf `find /var -name slapd-\* -print` certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the server doesn't start. find /etc/dirsrv -name \*.db-------to check certs. certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- you'll have a server certificate with a nickname of Server-Cert. [root at ldap-test1 ~]# locate console.conf /etc/dirsrv/admin-serv/console.conf You have new mail in /var/spool/mail/root [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf You have new mail in /var/spool/mail/root [root at ldap-test1 ~]# [root at ldap-test1 ~]# [root at ldap-test1 ~]# java -version java version "1.6.0_03" Java(TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) [root at ldap-test1 ~]# [root at ldap-test1 ~]# [root at ldap-test1 ~]# Display all 2078 possibilities? (y or n) [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 java.util.prefs.userRoot=/root/.fedora-idm-console java.runtime.name=Java(TM) SE Runtime Environment sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 java.vm.version=1.6.0_03-b05 java.vm.vendor=Sun Microsystems Inc. java.vendor.url=http://java.sun.com/ path.separator=: java.vm.name=Java HotSpot(TM) Client VM file.encoding.pkg=sun.io sun.java.launcher=SUN_STANDARD user.country=US sun.os.patch.level=unknown java.vm.specification.name=Java Virtual Machine Specification user.dir=/root java.runtime.version=1.6.0_03-b05 java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed os.arch=i386 java.io.tmpdir=/tmp line.separator= java.vm.specification.vendor=Sun Microsystems Inc. os.name=Linux sun.jnu.encoding=UTF-8 java.library.path=/usr/lib java.specification.name=Java Platform API Specification java.class.version=50.0 sun.management.compiler=HotSpot Client Compiler os.version=2.6.18-53.1.4.el5 user.home=/root user.timezone=Australia/Melbourne java.awt.printerjob=sun.print.PSPrinterJob file.encoding=UTF-8 java.specification.version=1.6 java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar user.name=root java.vm.specification.version=1.0 java.home=/usr/java/jre1.6.0_03 sun.arch.data.model=32 java.util.prefs.systemRoot=/root/.fedora-idm-console user.language=en java.specification.vendor=Sun Microsystems Inc. java.vm.info=mixed mode, sharing java.version=1.6.0_03 java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes java.vendor=Sun Microsystems Inc. file.separator=/ java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi sun.io.unicode.encoding=UnicodeLittle sun.cpu.endian=little sun.desktop=gnome sun.cpu.isalist= Fedora-Management-Console/1.1.0 B2007.354.1015 RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Error.gif RemoteImage: Create RemoteImage cache for loader8222510 RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Inform.gif RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Warn.gif RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Question.gif ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.components.components RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/logo16.gif RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/login.gif ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.util.default ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button width = 72 ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default On Sat, Feb 23, 2008 at 9:06 AM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi Rich, > > > > I can get to web interface with https. > > I am also using https url to run console. but i am receiving error > > message > > > > " cannot logon because of an incorrect User ID, Incorrect password or > > Directory problem. java.io.InterruptedIOException: HTTP response > > timeout" > java -version > fedora-idm-console -D 9 > > > > any suggestions. > > thanks > > Vivek > > On Fri, Feb 22, 2008 at 7:55 AM, Rich Megginson > > wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > > > > After i enabled ssl in admin server i restarted the > > dirsrv-admin. Then > > > i try to access the console i am getting the following error > message > > > " cannot logon because of an incorrect User ID, Incorrect > > password or > > > Directory problem. java.io.InterruptedIOException: HTTP response > > timeout" > > You must use https for the admin server url. Admin server cannot > > listen > > for both SSL and non-SSL connections, unlike the directory server. > > > > > > > > > But i can get to web interface URL and can login without any > > problem. > > Using http or https? > > > > > > > > > Thanks in Advance. > > > > > > Vivek > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shivaraj.shivanna at wipro.com Mon Feb 25 11:49:48 2008 From: shivaraj.shivanna at wipro.com (shivaraj.shivanna at wipro.com) Date: Mon, 25 Feb 2008 17:19:48 +0530 Subject: [Fedora-directory-users] How to authenticate fedora-ds Message-ID: Hi, I have installed fedora-ds on fedora-core-6 linux box, and installed fedora-ds through rpm. I need to authenticate the directory server. Using ldapsearch command, Iam able to fetch the data of the users without specifying the password. Help me up in authenticating the Fedora Directory Server. I need to know, how to disable anonymous access and specify authorization. Thanks in advance.... Thanks, Shivaraj -------------- next part -------------- An HTML attachment was scrubbed... URL: From Ryan.Braun at ec.gc.ca Mon Feb 25 15:08:50 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Mon, 25 Feb 2008 15:08:50 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47BF35F3.2050503@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <47BF33AC.1010007@redhat.com> <47BF35F3.2050503@redhat.com> Message-ID: <200802251508.50693.Ryan.Braun@ec.gc.ca> On Friday 22 February 2008 8:52 pm, Rich Megginson wrote: > >>> The java components will be more tricky. > >>> > >>> For ldapjdk, it would be nice to be able to build from source in > >>> dsbuild, but the jar file is cross platform and stable. > >>> > >>> JSS is different because it has some JNI code and should be compiled. > >>> There are binaries available from ftp.mozilla.org but I don't know how > >>> well they will work. > >>> > >>> None of the other java components listed at > >>> http://directory.fedoraproject.org/wiki/Source and > >>> http://directory.fedoraproject.org/wiki/BuildingConsole have been > >>> rolled > >>> into dsbuild. > >> > >> Ok java components we'll come back to later, I'm having trouble > >> building mod_nss now. > >> > >> infinity:/usr/src/dsbuild/meta/ds# make BUILD_DS_ADMIN=1 > >> ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 ADMINSERVER_SOURCE=1 > >> SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 > > > > Add APXS=/usr/bin/apxs2 HTTPD=/usr/sbin/apache2 > > > > Make sure you have the apache2-mpm-worker and apache2-threaded-dev > > packages installed. > > One more thing - after you finish building, you'll have to comment out > the following line in your $PREFIX/etc/dirsrv/admin-serv/httpd.conf: > LoadModule log_config_module ...... > > Then you should be able to run $PREFIX/sbin/setup-ds-admin.pl. I was, > and both directory server and admin server are running. Ok, adding APXS=/usr/bin/apxs2 HTTPD=/usr/sbin/apache2 to both dsbuild/ds/mod_nss/Makefile and dsbuild/adminserver/Makefile worked great. The dsbuild process finishes and appears to have compiled everything. A couple little bugs creeped up during the build. I think it was during the make install of ldapserver. One of the binaries (the first one I guess) was copied to /opt/dirsrv/bin (the bin being a file not a directory) so the /opt/dirsrv/bin directory isn't getting created. Quick fix was just renaming /opt/dirsrv/bin to /opt/dirsrv/bin.something and rerunning make. Executing /opt/dirsrv/bin.something looks like the binary might be ldappasswd? Second, there seems to be a missing library. Starting admin server . . . output: ERROR: ld.so: object '/opt/dirsrv/lib/libssl3.so' from LD_PRELOAD cannot be preloaded: ignored. output: apache2: Syntax error on line 123 of /opt/dirsrv/etc/dirsrv/admin-serv/httpd.conf: module log_config_module is built-in and can't be loaded Could not start the admin server. Error: 256 Failed to create and configure the admin server Exiting . . . I assumed the libssl3.so was supposed to be provided by building nss from source. So I just symlinked the system's libssl3.so provided by libnss3-0d back to /opt/dirsrv/lib/. Admin server seemed to startup fine after that (and fixing the debian httpd module issue). So after all that I have a running slapd now, and the admin server is started. I can connect and bind as Directory Manager and browse the tree using any old ldap client. browsing to localhost:ADMINSRV_PORT works and brings up the web stuff. But when I try to connect to the adminserver using the console from the 1.0.4 directory server install, it will connect but not show any servers in the default view. Not sure if that is a 1.0.4 vs. 1.1.0 version problem, or a build issue with lacking java components. Which leads me to my next question. The java components, are they only required for running the console on your client machines? So building with NOJAVA=1 will provide a fully working adminserver and ldapserver, just no console binaries? To be honest, I haven't really looked into the different post install process' with 1.1.0 since 1.0.4 so the reason I could have missing entries in the console could very well be my own fault :) Also, if I want to fine tune the location of some of directories during build. is it safe to modify the CONFIGURE_ARGS variable in the adminserver and ldapserver's Makefile? I want to put /opt/dirsrv/etc/dirsrv into /etc/dirsrv aswell as /opt/dirsrv/var into /var? Ryan From solarflow99 at gmail.com Mon Feb 25 16:24:09 2008 From: solarflow99 at gmail.com (solarflow99) Date: Mon, 25 Feb 2008 16:24:09 +0000 Subject: [Fedora-directory-users] 1.1 usage problems Message-ID: <7020fd000802250824h785309fl10137eba435628f3@mail.gmail.com> I have RHEL 5.1 with FDS 1.1 installed. I am wondering are there any serious bugs/problems with it? because I can't get the setup-ds.pl to complete properly, I followed the install instructions perfectly without any problems, and now it only gets as far as the Directory Manager password, and exits without even asking me anything else. Directory Manager DN [cn=Directory Manager]: Password: Password (confirm): Your new DS instance 'lumos6' was successfully created. Exiting . . . Log file is '/tmp/setup7esKlB.log' I cannot log in to the console with fedora-idm-console, and the service doesn't seem to be listening on port 9830. The service fails to start: # service dirsrv-admin start Starting dirsrv-admin: grep: /etc/dirsrv/admin-serv/adm.conf: No such file or directory (2)No such file or directory: httpd.worker: could not open error log file /var/log/dirsrv/admin-serv/error. Unable to open logs [FAILED] The logs didn't show any indication of errors, and even if I stop the service, delete the instance directory under /etc/dirserv, and try the setup again, same thing. Anyone else have this problem, or see whats wrong here? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Feb 25 20:23:00 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 13:23:00 -0700 Subject: [Fedora-directory-users] 1.1 usage problems In-Reply-To: <7020fd000802250824h785309fl10137eba435628f3@mail.gmail.com> References: <7020fd000802250824h785309fl10137eba435628f3@mail.gmail.com> Message-ID: <47C323A4.7030104@redhat.com> solarflow99 wrote: > I have RHEL 5.1 with FDS 1.1 installed. I am wondering are there any > serious bugs/problems with it? because I can't get the setup-ds.pl to > complete properly, I followed the install instructions perfectly > without any problems, and now it only gets as far as the Directory > Manager password, and exits without even asking me anything else. > > Directory Manager DN [cn=Directory Manager]: > Password: > Password (confirm): > Your new DS instance 'lumos6' was successfully created. > Exiting . . . > Log file is '/tmp/setup7esKlB.log' > > > I cannot log in to the console with fedora-idm-console, and the > service doesn't seem to be listening on port 9830. The service fails > to start: > > # service dirsrv-admin start > Starting dirsrv-admin: > grep: /etc/dirsrv/admin-serv/adm.conf: No such file or directory > (2)No such file or directory: httpd.worker: could not open error log > file /var/log/dirsrv/admin-serv/error. > Unable to open logs > [FAILED] > > > The logs didn't show any indication of errors, and even if I stop the > service, delete the instance directory under /etc/dirserv, and try the > setup again, same thing. > > > Anyone else have this problem, or see whats wrong here? You should not use setup-ds.pl. You should use setup-ds-admin.pl instead. See - http://www.redhat.com/docs/manuals/dir-server/install/8.0/index.html > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Feb 25 20:32:41 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 13:32:41 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802251508.50693.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <47BF33AC.1010007@redhat.com> <47BF35F3.2050503@redhat.com> <200802251508.50693.Ryan.Braun@ec.gc.ca> Message-ID: <47C325E9.4010600@redhat.com> Ryan Braun wrote: > On Friday 22 February 2008 8:52 pm, Rich Megginson wrote: > >>>>> The java components will be more tricky. >>>>> >>>>> For ldapjdk, it would be nice to be able to build from source in >>>>> dsbuild, but the jar file is cross platform and stable. >>>>> >>>>> JSS is different because it has some JNI code and should be compiled. >>>>> There are binaries available from ftp.mozilla.org but I don't know how >>>>> well they will work. >>>>> >>>>> None of the other java components listed at >>>>> http://directory.fedoraproject.org/wiki/Source and >>>>> http://directory.fedoraproject.org/wiki/BuildingConsole have been >>>>> rolled >>>>> into dsbuild. >>>>> >>>> Ok java components we'll come back to later, I'm having trouble >>>> building mod_nss now. >>>> >>>> infinity:/usr/src/dsbuild/meta/ds# make BUILD_DS_ADMIN=1 >>>> ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 ADMINSERVER_SOURCE=1 >>>> SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 >>>> >>> Add APXS=/usr/bin/apxs2 HTTPD=/usr/sbin/apache2 >>> >>> Make sure you have the apache2-mpm-worker and apache2-threaded-dev >>> packages installed. >>> >> One more thing - after you finish building, you'll have to comment out >> the following line in your $PREFIX/etc/dirsrv/admin-serv/httpd.conf: >> LoadModule log_config_module ...... >> >> Then you should be able to run $PREFIX/sbin/setup-ds-admin.pl. I was, >> and both directory server and admin server are running. >> > > > Ok, adding > > APXS=/usr/bin/apxs2 > HTTPD=/usr/sbin/apache2 > > to both dsbuild/ds/mod_nss/Makefile and dsbuild/adminserver/Makefile worked > great. The dsbuild process finishes and appears to have compiled everything. > > A couple little bugs creeped up during the build. I think it was during the > make install of ldapserver. One of the binaries (the first one I guess) was > copied to /opt/dirsrv/bin (the bin being a file not a directory) so > the /opt/dirsrv/bin directory isn't getting created. Quick fix was just > renaming /opt/dirsrv/bin to /opt/dirsrv/bin.something and rerunning make. > Executing /opt/dirsrv/bin.something looks like the binary might be > ldappasswd? > Probably a bug in ds/mozldap/Makefile in the install section. > Second, there seems to be a missing library. > > Starting admin server . . . > output: ERROR: ld.so: object '/opt/dirsrv/lib/libssl3.so' from LD_PRELOAD > cannot be preloaded: ignored. > output: apache2: Syntax error on line 123 > of /opt/dirsrv/etc/dirsrv/admin-serv/httpd.conf: module log_config_module is > built-in and can't be loaded > Could not start the admin server. Error: 256 > Failed to create and configure the admin server > Exiting . . . > > I assumed the libssl3.so was supposed to be provided by building nss from > source. So I just symlinked the system's libssl3.so provided by libnss3-0d > back to /opt/dirsrv/lib/. Ok. Or just edit the start-ds-admin script. Looks like a bug - it should use the correct path to libssl3.so. But then the NSS devel support in etch is not quite there. > Admin server seemed to startup fine after that > (and fixing the debian httpd module issue). > > So after all that I have a running slapd now, and the admin server is > started. I can connect and bind as Directory Manager and browse the tree > using any old ldap client. browsing to localhost:ADMINSRV_PORT works and > brings up the web stuff. But when I try to connect to the adminserver using > the console from the 1.0.4 directory server install, it will connect but not > show any servers in the default view. Not sure if that is a 1.0.4 vs. 1.1.0 > version problem, or a build issue with lacking java components. > It is the latter. The java components are server version specific - so you need fedora-ds-console 1.1 and fedora-ds-admin-console 1.1 in order to manage the 1.1 versions of their respective servers. > Which leads me to my next question. The java components, are they only > required for running the console on your client machines? So building with > NOJAVA=1 will provide a fully working adminserver and ldapserver, just no > console binaries? > Mostly correct. The only thing is that the way the console works, it downloads the ds and ds-admin jar files from the admin server. However, if you build them on the client machine and install them into $HOME/.fedora-idm-console/jars then the console will just use the local ones. > To be honest, I haven't really looked into the different post install > process' with 1.1.0 since 1.0.4 so the reason I could have missing entries in > the console could very well be my own fault :) > > Also, if I want to fine tune the location of some of directories during > build. is it safe to modify the CONFIGURE_ARGS variable in the adminserver > and ldapserver's Makefile? I want to put /opt/dirsrv/etc/dirsrv > into /etc/dirsrv aswell as /opt/dirsrv/var into /var? > Yes, for those components whose configure respect --sysconfdir and --localstatedir - which means not the mozilla components (mozldap, etc.) but everything else should work just fine. You'll also have to tweak the --prefix argument which is set by default. > Ryan > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Feb 25 20:35:18 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 13:35:18 -0700 Subject: [Fedora-directory-users] How to authenticate fedora-ds In-Reply-To: References: Message-ID: <47C32686.3050401@redhat.com> shivaraj.shivanna at wipro.com wrote: > Hi, > I have installed fedora-ds on fedora-core-6 linux box, and > installed fedora-ds through rpm. > I need to authenticate the directory server. > Using ldapsearch command, Iam able to fetch the data of the users > without specifying the password. > Help me up in authenticating the Fedora Directory Server. > I need to know, how to disable anonymous access and specify > authorization. You cannot completely disable anonymous auth in Fedora DS (this is a roadmap item). You can however prevent anonymous from doing anything once connected. You must remove the default acis which are added during setup. See *http://tinyurl.com/2woyrh* > Thanks in advance.... > > Thanks, > Shivaraj > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Feb 25 20:37:30 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 13:37:30 -0700 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: <47BEF067.8060503@redhat.com> <47BF4770.2010901@redhat.com> Message-ID: <47C3270A.4060301@redhat.com> Anand Vaddarapu wrote: > Hi Rich, > > java -version > > Java Version "1.6.0_03" > Java (TM) SE Runtime Environment (build 1.6.0_03-b05) > Java HotSpot (TM) Client VM (build 1.6.0_03-b05, mixed mode, sharinf) We've never tested with 1.6 - but I don't know if 1.5 would solve your problem. > > > fedora-idm-console -D 9 The output below is truncated. I suggest you use fedora-idm-console -D 9 -f console.log then paste console.log to pastebin.com and paste the link here. > > > # /usr/bin/fedora-idm-console -D 9 > java.util.prefs.userRoot=/root/.fedora-idm-console > java.runtime.name=Java(TM) SE Runtime Environment > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > java.vm.version=1.6.0_03-b05 > java.vm.vendor=Sun Microsystems Inc. > java.vendor.url=http://java.sun.com/ > path.separator=: > java.vm.name=Java HotSpot(TM) Client VM > file.encoding.pkg=sun.io > sun.java.launcher=SUN_STANDARD > > user.country=US > sun.os.patch.level=unknown > java.vm.specification.name=Java Virtual Machine Specification > user.dir=/root > java.runtime.version=1.6.0_03-b05 > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > os.arch=i386 > java.io.tmpdir=/tmp > line.separator= > > java.vm.specification.vendor=Sun Microsystems Inc. > os.name=Linux > sun.jnu.encoding=UTF-8 > java.library.path=/usr/lib > > java.specification.name=Java Platform API Specification > java.class.version=50.0 > sun.management.compiler=HotSpot Client Compiler > os.version=2.6.18-53.1.4.el5 > user.home=/root > user.timezone=Australia/Melbourne > > java.awt.printerjob=sun.print.PSPrinterJob > file.encoding=UTF-8 > java.specification.version=1.6 > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > user.name=root > java.vm.specification.version=1.0 > java.home=/usr/java/jre1.6.0_03 > sun.arch.data.model=32 > java.util.prefs.systemRoot=/root/.fedora-idm-console > user.language=en > > > java.specification.vendor=Sun Microsystems Inc. > > > java.vm.info=mixed mode, sharing > java.version=1.6.0_03 > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > java.vendor=Sun Microsystems Inc. > file.separator=/ > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > sun.io.unicode.encoding=UnicodeLittle > sun.cpu.endian=little > sun.desktop=gnome > sun.cpu.isalist= > > Fedora-Management-Console/1.1.0 B2007.354.1015 > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Error.gif > RemoteImage: Create RemoteImage cache for loader8222510 > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Warn.gif > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Question.gif > ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.components.components > > RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/logo16.gif > RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/login.gif > ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.util.default > > ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button width = 72 > > ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default > [root at ldap-test1 ~]# ls > anaconda-ks.cfg Desktop PDNS~ test2.txt > cert-request-info.txt install.log PDNS~~ text1.txt > > commands install.log.syslog setupssl2.sh text1.txt~ > commands~ PDNS tem vericert > [root at ldap-test1 ~]# locate password.conf > /etc/dirsrv/admin-serv/password.conf > > /etc/fedora-ds/slapd-localhost/password.conf > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > cat: /etc/dirsrv/admin-serv/: Is a directory > cat: password.conf: No such file or directory > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > [root at ldap-test1 ~]# service dirsrv start > Starting dirsrv: > ldap-test1...Enter PIN for Internal (Software) Token: > [ OK ] > > [root at ldap-test1 ~]# service dirsrv-admin start > Starting dirsrv-admin: > Please enter password for "internal" token: > [ OK ] > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > [root at ldap-test1 ~]# ls > anaconda-ks.cfg Desktop PDNS~ test2.txt > cert-request-info.txt install.log PDNS~~ text1.txt > commands install.log.syslog setupssl2.sh text1.txt~ > > commands~ PDNS tem vericert > You have new mail in /var/spool/mail/root > [root at ldap-test1 ~]# cat commands > yum erase svrcore idm-console-framework > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > rm -rf `find /var -name dirsrv` > rm -rf /etc/dirsrv/slapd-* > rm -rf /usr/lib/dirsrv/slapd-* > rm -rf `find /var -name slapd-\* -print` > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the server doesn't start. > > > find /etc/dirsrv -name \*.db-------to check certs. > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > you'll have a server certificate with a nickname of Server-Cert. > [root at ldap-test1 ~]# locate console.conf > > /etc/dirsrv/admin-serv/console.conf > You have new mail in /var/spool/mail/root > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# > [root at ldap-test1 ~]# > [root at ldap-test1 ~]# java -version > java version "1.6.0_03" > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) > > [root at ldap-test1 ~]# > [root at ldap-test1 ~]# > [root at ldap-test1 ~]# > Display all 2078 possibilities? (y or n) > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > java.util.prefs.userRoot=/root/.fedora-idm-console > > java.runtime.name=Java(TM) SE Runtime Environment > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > java.vm.version=1.6.0_03-b05 > java.vm.vendor=Sun Microsystems Inc. > java.vendor.url=http://java.sun.com/ > > path.separator=: > java.vm.name=Java HotSpot(TM) Client VM > file.encoding.pkg=sun.io > sun.java.launcher=SUN_STANDARD > user.country=US > sun.os.patch.level=unknown > java.vm.specification.name=Java Virtual Machine Specification > > user.dir=/root > java.runtime.version=1.6.0_03-b05 > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > os.arch=i386 > java.io.tmpdir=/tmp > line.separator= > > > java.vm.specification.vendor=Sun Microsystems Inc. > os.name=Linux > sun.jnu.encoding=UTF-8 > java.library.path=/usr/lib > java.specification.name=Java Platform API Specification > java.class.version=50.0 > sun.management.compiler=HotSpot Client Compiler > > os.version=2.6.18-53.1.4.el5 > user.home=/root > user.timezone=Australia/Melbourne > java.awt.printerjob=sun.print.PSPrinterJob > file.encoding=UTF-8 > java.specification.version=1.6 > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > user.name=root > java.vm.specification.version=1.0 > java.home=/usr/java/jre1.6.0_03 > sun.arch.data.model=32 > java.util.prefs.systemRoot=/root/.fedora-idm-console > user.language=en > > > java.specification.vendor=Sun Microsystems Inc. > > > java.vm.info=mixed mode, sharing > java.version=1.6.0_03 > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > java.vendor=Sun Microsystems Inc. > file.separator=/ > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > sun.io.unicode.encoding=UnicodeLittle > sun.cpu.endian=little > sun.desktop=gnome > sun.cpu.isalist= > > Fedora-Management-Console/1.1.0 B2007.354.1015 > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Error.gif > RemoteImage: Create RemoteImage cache for loader8222510 > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Warn.gif > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Question.gif > ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.components.components > > RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/logo16.gif > RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/login.gif > ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.util.default > > ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button width = 72 > > ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default > [root at ldap-test1 ~]# ls > anaconda-ks.cfg Desktop PDNS~ test2.txt > cert-request-info.txt install.log PDNS~~ text1.txt > > commands install.log.syslog setupssl2.sh text1.txt~ > commands~ PDNS tem vericert > [root at ldap-test1 ~]# locate password.conf > /etc/dirsrv/admin-serv/password.conf > > /etc/fedora-ds/slapd-localhost/password.conf > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > cat: /etc/dirsrv/admin-serv/: Is a directory > cat: password.conf: No such file or directory > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > [root at ldap-test1 ~]# service dirsrv start > Starting dirsrv: > ldap-test1...Enter PIN for Internal (Software) Token: > [ OK ] > > [root at ldap-test1 ~]# service dirsrv-admin start > Starting dirsrv-admin: > Please enter password for "internal" token: > [ OK ] > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > [root at ldap-test1 ~]# ls > anaconda-ks.cfg Desktop PDNS~ test2.txt > cert-request-info.txt install.log PDNS~~ text1.txt > commands install.log.syslog setupssl2.sh text1.txt~ > > commands~ PDNS tem vericert > You have new mail in /var/spool/mail/root > [root at ldap-test1 ~]# cat commands > yum erase svrcore idm-console-framework > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > rm -rf `find /var -name dirsrv` > rm -rf /etc/dirsrv/slapd-* > rm -rf /usr/lib/dirsrv/slapd-* > rm -rf `find /var -name slapd-\* -print` > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the server doesn't start. > > > find /etc/dirsrv -name \*.db-------to check certs. > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > you'll have a server certificate with a nickname of Server-Cert. > [root at ldap-test1 ~]# locate console.conf > > /etc/dirsrv/admin-serv/console.conf > You have new mail in /var/spool/mail/root > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# > [root at ldap-test1 ~]# > [root at ldap-test1 ~]# java -version > java version "1.6.0_03" > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) > > [root at ldap-test1 ~]# > [root at ldap-test1 ~]# > [root at ldap-test1 ~]# > Display all 2078 possibilities? (y or n) > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > java.util.prefs.userRoot=/root/.fedora-idm-console > > java.runtime.name=Java(TM) SE Runtime Environment > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > java.vm.version=1.6.0_03-b05 > java.vm.vendor=Sun Microsystems Inc. > java.vendor.url=http://java.sun.com/ > > path.separator=: > java.vm.name=Java HotSpot(TM) Client VM > file.encoding.pkg=sun.io > sun.java.launcher=SUN_STANDARD > user.country=US > sun.os.patch.level=unknown > java.vm.specification.name=Java Virtual Machine Specification > > user.dir=/root > java.runtime.version=1.6.0_03-b05 > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > os.arch=i386 > java.io.tmpdir=/tmp > line.separator= > > > java.vm.specification.vendor=Sun Microsystems Inc. > os.name=Linux > sun.jnu.encoding=UTF-8 > java.library.path=/usr/lib > java.specification.name=Java Platform API Specification > java.class.version=50.0 > sun.management.compiler=HotSpot Client Compiler > > os.version=2.6.18-53.1.4.el5 > user.home=/root > user.timezone=Australia/Melbourne > java.awt.printerjob=sun.print.PSPrinterJob > file.encoding=UTF-8 > java.specification.version=1.6 > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > user.name=root > java.vm.specification.version=1.0 > java.home=/usr/java/jre1.6.0_03 > sun.arch.data.model=32 > java.util.prefs.systemRoot=/root/.fedora-idm-console > user.language=en > > > java.specification.vendor=Sun Microsystems Inc. > > > java.vm.info=mixed mode, sharing > java.version=1.6.0_03 > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > java.vendor=Sun Microsystems Inc. > file.separator=/ > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > sun.io.unicode.encoding=UnicodeLittle > sun.cpu.endian=little > sun.desktop=gnome > sun.cpu.isalist= > > Fedora-Management-Console/1.1.0 B2007.354.1015 > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Error.gif > RemoteImage: Create RemoteImage cache for loader8222510 > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Warn.gif > RemoteImage: NOT found in cache loader8222510:com/netscape/management/nmclf/icons/Question.gif > ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.components.components > > RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/logo16.gif > RemoteImage: NOT found in cache loader8222510:com/netscape/management/client/theme/images/login.gif > ResourceSet: NOT found in cache loader8222510:com.netscape.management.client.util.default > > ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button height = 19 > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > > JButtonFactory: button width = 72 > JButtonFactory: button height = 19 > JButtonFactory: button width = 54 > JButtonFactory: button height = 19 > JButtonFactory: button width = 90 > JButtonFactory: button width = 72 > > ResourceSet: found in cache loader8222510:com.netscape.management.client.util.default > > On Sat, Feb 23, 2008 at 9:06 AM, Rich Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi Rich, > > > > I can get to web interface with https. > > I am also using https url to run console. but i am receiving error > > message > > > > " cannot logon because of an incorrect User ID, Incorrect > password or > > Directory problem. java.io.InterruptedIOException: HTTP response > > timeout" > java -version > fedora-idm-console -D 9 > > > > any suggestions. > > thanks > > Vivek > > On Fri, Feb 22, 2008 at 7:55 AM, Rich Megginson > > > >> wrote: > > > > Anand Vaddarapu wrote: > > > Hi, > > > > > > > > > After i enabled ssl in admin server i restarted the > > dirsrv-admin. Then > > > i try to access the console i am getting the following > error message > > > " cannot logon because of an incorrect User ID, Incorrect > > password or > > > Directory problem. java.io.InterruptedIOException: HTTP > response > > timeout" > > You must use https for the admin server url. Admin server > cannot > > listen > > for both SSL and non-SSL connections, unlike the directory > server. > > > > > > > > > But i can get to web interface URL and can login without any > > problem. > > Using http or https? > > > > > > > > > Thanks in Advance. > > > > > > Vivek > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Feb 25 20:38:29 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 13:38:29 -0700 Subject: [Fedora-directory-users] how many users could fedora- DS support? In-Reply-To: <33089034.424021203829323024.JavaMail.root@mta.iut.ac.ir> References: <33089034.424021203829323024.JavaMail.root@mta.iut.ac.ir> Message-ID: <47C32745.7040704@redhat.com> Zahra Bahar wrote: > Hi > how many users could fedora- DS support when we have one server? > 1,564,854 > with regards > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Feb 25 20:40:12 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 13:40:12 -0700 Subject: [Fedora-directory-users] Building the 1.0.4 directory and the console with dsbuild In-Reply-To: References: Message-ID: <47C327AC.4080902@redhat.com> Eric Brown wrote: > I am trying to build fds 1.0.4 with the admin console, and have run > into a problem. > > I can build the directory server just fine, but the java components > are giving me trouble. I get the following error when I attempt to > build the whole thing. > > [erbrow at zed ds]$ pwd > /home/erbrow/dsbuild-fds104/meta/ds > [erbrow at zed ds]$ make > [===== NOW BUILDING: ds-1.0.4 =====] > [fetch] complete for ds. > [checksum] complete for ds. > [extract] complete for ds. > [patch] complete for ds. > ==> Building ds/mozilla as a dependency > ==> Building ds/icu as a dependency > ==> Building ds/adminutil as a dependency > ==> Building ds/setuputil as a dependency > ==> Building ds/mod_nss as a dependency > ==> Building ds/mod_admserv as a dependency > ==> Building ds/mod_restartd as a dependency > ==> Building ds/console as a dependency > make[1]: Entering directory `/home/erbrow/dsbuild-fds104/ds/console' > [===== NOW BUILDING: fedora-console-1.0.3 =====] > [fetch] complete for fedora-console. > [checksum] complete for fedora-console. > [extract] complete for fedora-console. > [patch] complete for fedora-console. > [configure] complete for fedora-console. > cd work/fedora-console-1.0.3 && ant -Dimports.file=imports.FC3 package > > Buildfile: build.xml > > prepare_imports: > > prepare_build: > > import_ldapjdk: > > import_jss_jar: > > build: > [javac] Compiling 400 source files to > /home/erbrow/dsbuild-fds104/ds/console/work/built/classes > [javac] java.lang.NullPointerException > [javac] at > org.eclipse.jdt.internal.compiler.batch.ClasspathJar.isPackage(java.lang.String) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.ClasspathJar.findClass(char[], > java.lang.String, java.lang.String) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.FileSystem.findClass(java.lang.String, > char[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.FileSystem.findType(char[], > char[][]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.lookup.LookupEnvironment.createPackage(char[][]) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.lookup.CompilationUnitScope.buildTypeBindings() > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.lookup.LookupEnvironment.buildTypeBindings(org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.Compiler.beginToCompile(org.eclipse.jdt.internal.compiler.env.ICompilationUnit[]) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.Compiler.compile(org.eclipse.jdt.internal.compiler.env.ICompilationUnit[]) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.Main.performCompilation() > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.Main.compile(java.lang.String[]) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at _Jv_CallAnyMethodA(java.lang.Object, > java.lang.Class, _Jv_Method, boolean, boolean, java.lang.Class[], > jvalue, jvalue, boolean) (/usr/lib/libgcj.so.5.0.0) > [javac] at _Jv_CallAnyMethodA(java.lang.Object, > java.lang.Class, _Jv_Method, boolean, java.lang.Class[], > java.lang.Object[]) (/usr/lib/libgcj.so.5.0.0) > [javac] at java.lang.reflect.Method.invoke(java.lang.Object, > java.lang.Object[]) (/usr/lib/libgcj.so.5.0.0) > [javac] at com.sun.tools.javac.Main.compile(java.lang.String[]) > (Unknown Source) > [javac] at com.sun.tools.javac.Main.main(java.lang.String[]) > (Unknown Source) > > BUILD FAILED > /home/erbrow/dsbuild-fds104/ds/console/work/fedora-console-1.0.3/build.xml:180: > Compile failed; see the compiler error output for details. > > Installed RPMs > apr-0.9.4-24.5.c4.2 > jdk-1.5.0_12-fcs > What is this package? Are you using ibm or sun java? What platform are you on? > ecj-2.1.3-5 > ldapsdk-4.17-3jpp > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From playactor at gmail.com Mon Feb 25 21:33:37 2008 From: playactor at gmail.com (Eric Brown) Date: Mon, 25 Feb 2008 15:33:37 -0600 Subject: [Fedora-directory-users] Building the 1.0.4 directory and the console with dsbuild In-Reply-To: <47C327AC.4080902@redhat.com> References: <47C327AC.4080902@redhat.com> Message-ID: This is the IBM java RPM that I am running on CentOS 4. I discovered that the problem was that someone else had set the JAVA_HOME incorrectly. Once I changed that, the build worked fine. ---------- Forwarded message ---------- From: Rich Megginson Date: Mon, Feb 25, 2008 at 2:40 PM Subject: Re: [Fedora-directory-users] Building the 1.0.4 directory and the console with dsbuild To: "General discussion list for the Fedora Directory server project." Eric Brown wrote: > I am trying to build fds 1.0.4 with the admin console, and have run > into a problem. > > I can build the directory server just fine, but the java components > are giving me trouble. I get the following error when I attempt to > build the whole thing. > > [erbrow at zed ds]$ pwd > /home/erbrow/dsbuild-fds104/meta/ds > [erbrow at zed ds]$ make > [===== NOW BUILDING: ds-1.0.4 =====] > [fetch] complete for ds. > [checksum] complete for ds. > [extract] complete for ds. > [patch] complete for ds. > ==> Building ds/mozilla as a dependency > ==> Building ds/icu as a dependency > ==> Building ds/adminutil as a dependency > ==> Building ds/setuputil as a dependency > ==> Building ds/mod_nss as a dependency > ==> Building ds/mod_admserv as a dependency > ==> Building ds/mod_restartd as a dependency > ==> Building ds/console as a dependency > make[1]: Entering directory `/home/erbrow/dsbuild-fds104/ds/console' > [===== NOW BUILDING: fedora-console-1.0.3 =====] > [fetch] complete for fedora-console. > [checksum] complete for fedora-console. > [extract] complete for fedora-console. > [patch] complete for fedora-console. > [configure] complete for fedora-console. > cd work/fedora-console-1.0.3 && ant -Dimports.file=imports.FC3 package > > Buildfile: build.xml > > prepare_imports: > > prepare_build: > > import_ldapjdk: > > import_jss_jar: > > build: > [javac] Compiling 400 source files to > /home/erbrow/dsbuild-fds104/ds/console/work/built/classes > [javac] java.lang.NullPointerException > [javac] at > org.eclipse.jdt.internal.compiler.batch.ClasspathJar.isPackage(java.lang.String) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.ClasspathJar.findClass(char[], > java.lang.String, java.lang.String) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.FileSystem.findClass(java.lang.String, > char[]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.FileSystem.findType(char[], > char[][]) (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.lookup.LookupEnvironment.createPackage(char[][]) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.lookup.CompilationUnitScope.buildTypeBindings() > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.lookup.LookupEnvironment.buildTypeBindings(org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.Compiler.beginToCompile(org.eclipse.jdt.internal.compiler.env.ICompilationUnit[]) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.Compiler.compile(org.eclipse.jdt.internal.compiler.env.ICompilationUnit[]) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.Main.performCompilation() > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at > org.eclipse.jdt.internal.compiler.batch.Main.compile(java.lang.String[]) > (/usr/lib/lib-org-eclipse-jdt-internal-compiler-2.1.3.so) > [javac] at _Jv_CallAnyMethodA(java.lang.Object, > java.lang.Class, _Jv_Method, boolean, boolean, java.lang.Class[], > jvalue, jvalue, boolean) (/usr/lib/libgcj.so.5.0.0) > [javac] at _Jv_CallAnyMethodA(java.lang.Object, > java.lang.Class, _Jv_Method, boolean, java.lang.Class[], > java.lang.Object[]) (/usr/lib/libgcj.so.5.0.0) > [javac] at java.lang.reflect.Method.invoke(java.lang.Object, > java.lang.Object[]) (/usr/lib/libgcj.so.5.0.0) > [javac] at com.sun.tools.javac.Main.compile(java.lang.String[]) > (Unknown Source) > [javac] at com.sun.tools.javac.Main.main(java.lang.String[]) > (Unknown Source) > > BUILD FAILED > /home/erbrow/dsbuild-fds104/ds/console/work/fedora-console-1.0.3/build.xml:180: > Compile failed; see the compiler error output for details. > > Installed RPMs > apr-0.9.4-24.5.c4.2 > jdk-1.5.0_12-fcs > What is this package? Are you using ibm or sun java? What platform are you on? > ecj-2.1.3-5 > ldapsdk-4.17-3jpp > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: not available URL: From vaddarapu at gmail.com Mon Feb 25 22:07:34 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Tue, 26 Feb 2008 09:07:34 +1100 Subject: [Fedora-directory-users] Console issue In-Reply-To: <47C3270A.4060301@redhat.com> References: <47BEF067.8060503@redhat.com> <47BF4770.2010901@redhat.com> <47C3270A.4060301@redhat.com> Message-ID: Hi, *java -version* java version "1.5.0_12" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04) Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode) *fedora-idm-console -D 9 -f console.log *http://dpaste.com/36801/ Thanks Vivek On Tue, Feb 26, 2008 at 7:37 AM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi Rich, > > > > java -version > > > > Java Version "1.6.0_03" > > Java (TM) SE Runtime Environment (build 1.6.0_03-b05) > > Java HotSpot (TM) Client VM (build 1.6.0_03-b05, mixed mode, sharinf) > We've never tested with 1.6 - but I don't know if 1.5 would solve your > problem. > > > > > > fedora-idm-console -D 9 > The output below is truncated. I suggest you use > fedora-idm-console -D 9 -f console.log > then paste console.log to pastebin.com and paste the link here. > > > > > > # /usr/bin/fedora-idm-console -D 9 > > java.util.prefs.userRoot=/root/.fedora-idm-console > > java.runtime.name=Java(TM) SE Runtime Environment > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > > > java.vm.version=1.6.0_03-b05 > > java.vm.vendor=Sun Microsystems Inc. > > java.vendor.url=http://java.sun.com/ > > path.separator=: > > java.vm.name=Java HotSpot(TM) Client VM > > file.encoding.pkg=sun.io > > sun.java.launcher=SUN_STANDARD > > > > user.country=US > > sun.os.patch.level=unknown > > java.vm.specification.name=Java Virtual Machine Specification > > user.dir=/root > > java.runtime.version=1.6.0_03-b05 > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > os.arch=i386 > > java.io.tmpdir=/tmp > > line.separator= > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > os.name=Linux > > sun.jnu.encoding=UTF-8 > > java.library.path=/usr/lib > > > > java.specification.name=Java Platform API Specification > > java.class.version=50.0 > > sun.management.compiler=HotSpot Client Compiler > > os.version=2.6.18-53.1.4.el5 > > user.home=/root > > user.timezone=Australia/Melbourne > > > > java.awt.printerjob=sun.print.PSPrinterJob > > file.encoding=UTF-8 > > java.specification.version=1.6 > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > user.name=root > > java.vm.specification.version=1.0 > > java.home=/usr/java/jre1.6.0_03 > > sun.arch.data.model=32 > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > user.language=en > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > java.vm.info=mixed mode, sharing > > java.version=1.6.0_03 > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > java.vendor=Sun Microsystems Inc. > > file.separator=/ > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > sun.io.unicode.encoding=UnicodeLittle > > sun.cpu.endian=little > > sun.desktop=gnome > > sun.cpu.isalist= > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > RemoteImage: Create RemoteImage cache for loader8222510 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > ResourceSet: NOT found in cache loader8222510: > com.netscape.management.client.components.components > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/login.gif > > ResourceSet: NOT found in cache loader8222510: > com.netscape.management.client.util.default > > > > ResourceSet: found in cache loader8222510: > com.netscape.management.client.util.default > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button width = 72 > > > > ResourceSet: found in cache loader8222510: > com.netscape.management.client.util.default > > [root at ldap-test1 ~]# ls > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > cert-request-info.txt install.log PDNS~~ text1.txt > > > > commands install.log.syslog setupssl2.sh text1.txt~ > > commands~ PDNS tem vericert > > [root at ldap-test1 ~]# locate password.conf > > /etc/dirsrv/admin-serv/password.conf > > > > /etc/fedora-ds/slapd-localhost/password.conf > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > > cat: /etc/dirsrv/admin-serv/: Is a directory > > cat: password.conf: No such file or directory > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > > [root at ldap-test1 ~]# service dirsrv start > > Starting dirsrv: > > ldap-test1...Enter PIN for Internal (Software) Token: > > [ OK ] > > > > [root at ldap-test1 ~]# service dirsrv-admin start > > Starting dirsrv-admin: > > Please enter password for "internal" token: > > [ OK ] > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > > > [root at ldap-test1 ~]# ls > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > cert-request-info.txt install.log PDNS~~ text1.txt > > commands install.log.syslog setupssl2.sh text1.txt~ > > > > commands~ PDNS tem vericert > > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# cat commands > > yum erase svrcore idm-console-framework > > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > > > rm -rf `find /var -name dirsrv` > > rm -rf /etc/dirsrv/slapd-* > > rm -rf /usr/lib/dirsrv/slapd-* > > rm -rf `find /var -name slapd-\* -print` > > > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the server > doesn't start. > > > > > > find /etc/dirsrv -name \*.db-------to check certs. > > > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > > > you'll have a server certificate with a nickname of Server-Cert. > > [root at ldap-test1 ~]# locate console.conf > > > > /etc/dirsrv/admin-serv/console.conf > > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > You have new mail in /var/spool/mail/root > > > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# java -version > > java version "1.6.0_03" > > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) > > > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > Display all 2078 possibilities? (y or n) > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > > java.runtime.name=Java(TM) SE Runtime Environment > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > java.vm.version=1.6.0_03-b05 > > java.vm.vendor=Sun Microsystems Inc. > > java.vendor.url=http://java.sun.com/ > > > > path.separator=: > > java.vm.name=Java HotSpot(TM) Client VM > > file.encoding.pkg=sun.io > > sun.java.launcher=SUN_STANDARD > > user.country=US > > sun.os.patch.level=unknown > > java.vm.specification.name=Java Virtual Machine Specification > > > > user.dir=/root > > java.runtime.version=1.6.0_03-b05 > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > os.arch=i386 > > java.io.tmpdir=/tmp > > line.separator= > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > os.name=Linux > > sun.jnu.encoding=UTF-8 > > java.library.path=/usr/lib > > java.specification.name=Java Platform API Specification > > java.class.version=50.0 > > sun.management.compiler=HotSpot Client Compiler > > > > os.version=2.6.18-53.1.4.el5 > > user.home=/root > > user.timezone=Australia/Melbourne > > java.awt.printerjob=sun.print.PSPrinterJob > > file.encoding=UTF-8 > > java.specification.version=1.6 > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > user.name=root > > java.vm.specification.version=1.0 > > java.home=/usr/java/jre1.6.0_03 > > sun.arch.data.model=32 > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > user.language=en > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > java.vm.info=mixed mode, sharing > > java.version=1.6.0_03 > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > java.vendor=Sun Microsystems Inc. > > file.separator=/ > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > sun.io.unicode.encoding=UnicodeLittle > > sun.cpu.endian=little > > sun.desktop=gnome > > sun.cpu.isalist= > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > RemoteImage: Create RemoteImage cache for loader8222510 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > ResourceSet: NOT found in cache loader8222510: > com.netscape.management.client.components.components > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/login.gif > > ResourceSet: NOT found in cache loader8222510: > com.netscape.management.client.util.default > > > > ResourceSet: found in cache loader8222510: > com.netscape.management.client.util.default > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button width = 72 > > > > ResourceSet: found in cache loader8222510: > com.netscape.management.client.util.default > > [root at ldap-test1 ~]# ls > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > cert-request-info.txt install.log PDNS~~ text1.txt > > > > commands install.log.syslog setupssl2.sh text1.txt~ > > commands~ PDNS tem vericert > > [root at ldap-test1 ~]# locate password.conf > > /etc/dirsrv/admin-serv/password.conf > > > > /etc/fedora-ds/slapd-localhost/password.conf > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > > cat: /etc/dirsrv/admin-serv/: Is a directory > > cat: password.conf: No such file or directory > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > > [root at ldap-test1 ~]# service dirsrv start > > Starting dirsrv: > > ldap-test1...Enter PIN for Internal (Software) Token: > > [ OK ] > > > > [root at ldap-test1 ~]# service dirsrv-admin start > > Starting dirsrv-admin: > > Please enter password for "internal" token: > > [ OK ] > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > > > [root at ldap-test1 ~]# ls > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > cert-request-info.txt install.log PDNS~~ text1.txt > > commands install.log.syslog setupssl2.sh text1.txt~ > > > > commands~ PDNS tem vericert > > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# cat commands > > yum erase svrcore idm-console-framework > > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > > > rm -rf `find /var -name dirsrv` > > rm -rf /etc/dirsrv/slapd-* > > rm -rf /usr/lib/dirsrv/slapd-* > > rm -rf `find /var -name slapd-\* -print` > > > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the server > doesn't start. > > > > > > find /etc/dirsrv -name \*.db-------to check certs. > > > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > > > you'll have a server certificate with a nickname of Server-Cert. > > [root at ldap-test1 ~]# locate console.conf > > > > /etc/dirsrv/admin-serv/console.conf > > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > You have new mail in /var/spool/mail/root > > > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# java -version > > java version "1.6.0_03" > > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) > > > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > Display all 2078 possibilities? (y or n) > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > > java.runtime.name=Java(TM) SE Runtime Environment > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > java.vm.version=1.6.0_03-b05 > > java.vm.vendor=Sun Microsystems Inc. > > java.vendor.url=http://java.sun.com/ > > > > path.separator=: > > java.vm.name=Java HotSpot(TM) Client VM > > file.encoding.pkg=sun.io > > sun.java.launcher=SUN_STANDARD > > user.country=US > > sun.os.patch.level=unknown > > java.vm.specification.name=Java Virtual Machine Specification > > > > user.dir=/root > > java.runtime.version=1.6.0_03-b05 > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > os.arch=i386 > > java.io.tmpdir=/tmp > > line.separator= > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > os.name=Linux > > sun.jnu.encoding=UTF-8 > > java.library.path=/usr/lib > > java.specification.name=Java Platform API Specification > > java.class.version=50.0 > > sun.management.compiler=HotSpot Client Compiler > > > > os.version=2.6.18-53.1.4.el5 > > user.home=/root > > user.timezone=Australia/Melbourne > > java.awt.printerjob=sun.print.PSPrinterJob > > file.encoding=UTF-8 > > java.specification.version=1.6 > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > user.name=root > > java.vm.specification.version=1.0 > > java.home=/usr/java/jre1.6.0_03 > > sun.arch.data.model=32 > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > user.language=en > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > java.vm.info=mixed mode, sharing > > java.version=1.6.0_03 > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > java.vendor=Sun Microsystems Inc. > > file.separator=/ > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > sun.io.unicode.encoding=UnicodeLittle > > sun.cpu.endian=little > > sun.desktop=gnome > > sun.cpu.isalist= > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > RemoteImage: Create RemoteImage cache for loader8222510 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > ResourceSet: NOT found in cache loader8222510: > com.netscape.management.client.components.components > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/login.gif > > ResourceSet: NOT found in cache loader8222510: > com.netscape.management.client.util.default > > > > ResourceSet: found in cache loader8222510: > com.netscape.management.client.util.default > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button width = 72 > > > > ResourceSet: found in cache loader8222510: > com.netscape.management.client.util.default > > > > On Sat, Feb 23, 2008 at 9:06 AM, Rich Megginson > > wrote: > > > > Anand Vaddarapu wrote: > > > Hi Rich, > > > > > > I can get to web interface with https. > > > I am also using https url to run console. but i am receiving error > > > message > > > > > > " cannot logon because of an incorrect User ID, Incorrect > > password or > > > Directory problem. java.io.InterruptedIOException: HTTP response > > > timeout" > > java -version > > fedora-idm-console -D 9 > > > > > > any suggestions. > > > thanks > > > Vivek > > > On Fri, Feb 22, 2008 at 7:55 AM, Rich Megginson > > > > > >> wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi, > > > > > > > > > > > > After i enabled ssl in admin server i restarted the > > > dirsrv-admin. Then > > > > i try to access the console i am getting the following > > error message > > > > " cannot logon because of an incorrect User ID, Incorrect > > > password or > > > > Directory problem. java.io.InterruptedIOException: HTTP > > response > > > timeout" > > > You must use https for the admin server url. Admin server > > cannot > > > listen > > > for both SSL and non-SSL connections, unlike the directory > > server. > > > > > > > > > > > > But i can get to web interface URL and can login without any > > > problem. > > > Using http or https? > > > > > > > > > > > > Thanks in Advance. > > > > > > > > Vivek > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Feb 25 22:09:47 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 15:09:47 -0700 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: <47BEF067.8060503@redhat.com> <47BF4770.2010901@redhat.com> <47C3270A.4060301@redhat.com> Message-ID: <47C33CAB.9090402@redhat.com> Anand Vaddarapu wrote: > Hi, > > > _java -version_ > java version "1.5.0_12" > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04) > Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode) > > > _fedora-idm-console -D 9 -f console.log > > _http://dpaste.com/36801/ Exception in thread "main" java.awt.HeadlessException: No X11 DISPLAY variable was set, but this program performed an operation which requires it. at java.awt.GraphicsEnvironment.checkHeadless(Unknown Source) > > Thanks > Vivek > > > > On Tue, Feb 26, 2008 at 7:37 AM, Rich Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi Rich, > > > > java -version > > > > Java Version "1.6.0_03" > > Java (TM) SE Runtime Environment (build 1.6.0_03-b05) > > Java HotSpot (TM) Client VM (build 1.6.0_03-b05, mixed mode, > sharinf) > We've never tested with 1.6 - but I don't know if 1.5 would solve your > problem. > > > > > > fedora-idm-console -D 9 > The output below is truncated. I suggest you use > fedora-idm-console -D 9 -f console.log > then paste console.log to pastebin.com and > paste the link here. > > > > > > # /usr/bin/fedora-idm-console -D 9 > > java.util.prefs.userRoot=/root/.fedora-idm-console > > java.runtime.name=Java(TM) SE Runtime Environment > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > > > java.vm.version=1.6.0_03-b05 > > java.vm.vendor=Sun Microsystems Inc. > > java.vendor.url=http://java.sun.com/ > > path.separator=: > > java.vm.name=Java HotSpot(TM) Client VM > > file.encoding.pkg=sun.io > > sun.java.launcher=SUN_STANDARD > > > > user.country=US > > sun.os.patch.level=unknown > > java.vm.specification.name=Java Virtual Machine Specification > > user.dir=/root > > java.runtime.version=1.6.0_03-b05 > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > os.arch=i386 > > java.io.tmpdir=/tmp > > line.separator= > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > os.name=Linux > > sun.jnu.encoding=UTF-8 > > java.library.path=/usr/lib > > > > java.specification.name=Java Platform API Specification > > java.class.version=50.0 > > sun.management.compiler=HotSpot Client Compiler > > os.version=2.6.18-53.1.4.el5 > > user.home=/root > > user.timezone=Australia/Melbourne > > > > java.awt.printerjob=sun.print.PSPrinterJob > > file.encoding=UTF-8 > > java.specification.version=1.6 > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > user.name=root > > java.vm.specification.version=1.0 > > java.home=/usr/java/jre1.6.0_03 > > sun.arch.data.model=32 > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > user.language=en > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > java.vm.info=mixed mode, sharing > > java.version=1.6.0_03 > > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > java.vendor=Sun Microsystems Inc. > > file.separator=/ > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > sun.io.unicode.encoding=UnicodeLittle > > sun.cpu.endian=little > > sun.desktop=gnome > > sun.cpu.isalist= > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > RemoteImage: Create RemoteImage cache for loader8222510 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > ResourceSet: NOT found in cache > loader8222510:com.netscape.management.client.components.components > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/login.gif > > ResourceSet: NOT found in cache > loader8222510:com.netscape.management.client.util.default > > > > ResourceSet: found in cache > loader8222510:com.netscape.management.client.util.default > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button width = 72 > > > > ResourceSet: found in cache > loader8222510:com.netscape.management.client.util.default > > [root at ldap-test1 ~]# ls > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > cert-request-info.txt install.log PDNS~~ text1.txt > > > > commands install.log.syslog setupssl2.sh text1.txt~ > > commands~ PDNS tem vericert > > [root at ldap-test1 ~]# locate password.conf > > /etc/dirsrv/admin-serv/password.conf > > > > /etc/fedora-ds/slapd-localhost/password.conf > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > > cat: /etc/dirsrv/admin-serv/: Is a directory > > cat: password.conf: No such file or directory > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > > [root at ldap-test1 ~]# service dirsrv start > > Starting dirsrv: > > ldap-test1...Enter PIN for Internal (Software) Token: > > [ OK ] > > > > [root at ldap-test1 ~]# service dirsrv-admin start > > Starting dirsrv-admin: > > Please enter password for "internal" token: > > [ OK ] > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > > > [root at ldap-test1 ~]# ls > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > cert-request-info.txt install.log PDNS~~ text1.txt > > commands install.log.syslog setupssl2.sh text1.txt~ > > > > commands~ PDNS tem vericert > > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# cat commands > > yum erase svrcore idm-console-framework > > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > > > rm -rf `find /var -name dirsrv` > > rm -rf /etc/dirsrv/slapd-* > > rm -rf /usr/lib/dirsrv/slapd-* > > rm -rf `find /var -name slapd-\* -print` > > > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the > server doesn't start. > > > > > > find /etc/dirsrv -name \*.db-------to check certs. > > > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > > > you'll have a server certificate with a nickname of Server-Cert. > > [root at ldap-test1 ~]# locate console.conf > > > > /etc/dirsrv/admin-serv/console.conf > > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > You have new mail in /var/spool/mail/root > > > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# java -version > > java version "1.6.0_03" > > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) > > > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > Display all 2078 possibilities? (y or n) > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > > java.runtime.name=Java(TM) SE Runtime Environment > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > java.vm.version=1.6.0_03-b05 > > java.vm.vendor=Sun Microsystems Inc. > > java.vendor.url=http://java.sun.com/ > > > > path.separator=: > > java.vm.name=Java HotSpot(TM) Client VM > > file.encoding.pkg=sun.io > > sun.java.launcher=SUN_STANDARD > > user.country=US > > sun.os.patch.level=unknown > > java.vm.specification.name=Java Virtual Machine Specification > > > > user.dir=/root > > java.runtime.version=1.6.0_03-b05 > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > os.arch=i386 > > java.io.tmpdir=/tmp > > line.separator= > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > os.name=Linux > > sun.jnu.encoding=UTF-8 > > java.library.path=/usr/lib > > java.specification.name=Java Platform API Specification > > java.class.version=50.0 > > sun.management.compiler=HotSpot Client Compiler > > > > os.version=2.6.18-53.1.4.el5 > > user.home=/root > > user.timezone=Australia/Melbourne > > java.awt.printerjob=sun.print.PSPrinterJob > > file.encoding=UTF-8 > > java.specification.version=1.6 > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > user.name=root > > java.vm.specification.version=1.0 > > java.home=/usr/java/jre1.6.0_03 > > sun.arch.data.model=32 > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > user.language=en > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > java.vm.info=mixed mode, sharing > > java.version=1.6.0_03 > > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > java.vendor=Sun Microsystems Inc. > > file.separator=/ > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > sun.io.unicode.encoding=UnicodeLittle > > sun.cpu.endian=little > > sun.desktop=gnome > > sun.cpu.isalist= > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > RemoteImage: Create RemoteImage cache for loader8222510 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > ResourceSet: NOT found in cache > loader8222510:com.netscape.management.client.components.components > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/login.gif > > ResourceSet: NOT found in cache > loader8222510:com.netscape.management.client.util.default > > > > ResourceSet: found in cache > loader8222510:com.netscape.management.client.util.default > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button width = 72 > > > > ResourceSet: found in cache > loader8222510:com.netscape.management.client.util.default > > [root at ldap-test1 ~]# ls > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > cert-request-info.txt install.log PDNS~~ text1.txt > > > > commands install.log.syslog setupssl2.sh text1.txt~ > > commands~ PDNS tem vericert > > [root at ldap-test1 ~]# locate password.conf > > /etc/dirsrv/admin-serv/password.conf > > > > /etc/fedora-ds/slapd-localhost/password.conf > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > > cat: /etc/dirsrv/admin-serv/: Is a directory > > cat: password.conf: No such file or directory > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > > [root at ldap-test1 ~]# service dirsrv start > > Starting dirsrv: > > ldap-test1...Enter PIN for Internal (Software) Token: > > [ OK ] > > > > [root at ldap-test1 ~]# service dirsrv-admin start > > Starting dirsrv-admin: > > Please enter password for "internal" token: > > [ OK ] > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > > > [root at ldap-test1 ~]# ls > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > cert-request-info.txt install.log PDNS~~ text1.txt > > commands install.log.syslog setupssl2.sh text1.txt~ > > > > commands~ PDNS tem vericert > > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# cat commands > > yum erase svrcore idm-console-framework > > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > > > rm -rf `find /var -name dirsrv` > > rm -rf /etc/dirsrv/slapd-* > > rm -rf /usr/lib/dirsrv/slapd-* > > rm -rf `find /var -name slapd-\* -print` > > > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the > server doesn't start. > > > > > > find /etc/dirsrv -name \*.db-------to check certs. > > > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > > > you'll have a server certificate with a nickname of Server-Cert. > > [root at ldap-test1 ~]# locate console.conf > > > > /etc/dirsrv/admin-serv/console.conf > > You have new mail in /var/spool/mail/root > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > You have new mail in /var/spool/mail/root > > > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# java -version > > java version "1.6.0_03" > > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) > > > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > [root at ldap-test1 ~]# > > Display all 2078 possibilities? (y or n) > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > > java.runtime.name=Java(TM) SE Runtime Environment > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > java.vm.version=1.6.0_03-b05 > > java.vm.vendor=Sun Microsystems Inc. > > java.vendor.url=http://java.sun.com/ > > > > path.separator=: > > java.vm.name=Java HotSpot(TM) Client VM > > file.encoding.pkg=sun.io > > sun.java.launcher=SUN_STANDARD > > user.country=US > > sun.os.patch.level=unknown > > java.vm.specification.name=Java Virtual Machine Specification > > > > user.dir=/root > > java.runtime.version=1.6.0_03-b05 > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > os.arch=i386 > > java.io.tmpdir=/tmp > > line.separator= > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > os.name=Linux > > sun.jnu.encoding=UTF-8 > > java.library.path=/usr/lib > > java.specification.name=Java Platform API Specification > > java.class.version=50.0 > > sun.management.compiler=HotSpot Client Compiler > > > > os.version=2.6.18-53.1.4.el5 > > user.home=/root > > user.timezone=Australia/Melbourne > > java.awt.printerjob=sun.print.PSPrinterJob > > file.encoding=UTF-8 > > java.specification.version=1.6 > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > user.name=root > > java.vm.specification.version=1.0 > > java.home=/usr/java/jre1.6.0_03 > > sun.arch.data.model=32 > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > user.language=en > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > java.vm.info=mixed mode, sharing > > java.version=1.6.0_03 > > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > java.vendor=Sun Microsystems Inc. > > file.separator=/ > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > sun.io.unicode.encoding=UnicodeLittle > > sun.cpu.endian=little > > sun.desktop=gnome > > sun.cpu.isalist= > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > RemoteImage: Create RemoteImage cache for loader8222510 > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > ResourceSet: NOT found in cache > loader8222510:com.netscape.management.client.components.components > > > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > RemoteImage: NOT found in cache > loader8222510:com/netscape/management/client/theme/images/login.gif > > ResourceSet: NOT found in cache > loader8222510:com.netscape.management.client.util.default > > > > ResourceSet: found in cache > loader8222510:com.netscape.management.client.util.default > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > > > JButtonFactory: button width = 72 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 54 > > JButtonFactory: button height = 19 > > JButtonFactory: button width = 90 > > JButtonFactory: button width = 72 > > > > ResourceSet: found in cache > loader8222510:com.netscape.management.client.util.default > > > > On Sat, Feb 23, 2008 at 9:06 AM, Rich Megginson > > > >> wrote: > > > > Anand Vaddarapu wrote: > > > Hi Rich, > > > > > > I can get to web interface with https. > > > I am also using https url to run console. but i am > receiving error > > > message > > > > > > " cannot logon because of an incorrect User ID, Incorrect > > password or > > > Directory problem. java.io.InterruptedIOException: HTTP > response > > > timeout" > > java -version > > fedora-idm-console -D 9 > > > > > > any suggestions. > > > thanks > > > Vivek > > > On Fri, Feb 22, 2008 at 7:55 AM, Rich Megginson > > > > > > > > >>> wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi, > > > > > > > > > > > > After i enabled ssl in admin server i restarted the > > > dirsrv-admin. Then > > > > i try to access the console i am getting the following > > error message > > > > " cannot logon because of an incorrect User ID, > Incorrect > > > password or > > > > Directory problem. java.io.InterruptedIOException: HTTP > > response > > > timeout" > > > You must use https for the admin server url. Admin server > > cannot > > > listen > > > for both SSL and non-SSL connections, unlike the directory > > server. > > > > > > > > > > > > But i can get to web interface URL and can login > without any > > > problem. > > > Using http or https? > > > > > > > > > > > > Thanks in Advance. > > > > > > > > Vivek > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From orion at cora.nwra.com Mon Feb 25 22:50:42 2008 From: orion at cora.nwra.com (Orion Poplawski) Date: Mon, 25 Feb 2008 15:50:42 -0700 Subject: [Fedora-directory-users] fedora-idm-console Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException In-Reply-To: <1601b8650802230512v74a2c470ma29111bb9021ab16@mail.gmail.com> References: <47BF5AF5.8000209@cora.nwra.com> <1601b8650802230512v74a2c470ma29111bb9021ab16@mail.gmail.com> Message-ID: <47C34642.1050504@cora.nwra.com> Andrey Ivanov wrote: > Hi, > > I have exactly the same issue - look at the bug 430499 > (https://bugzilla.redhat.com/show_bug.cgi?id=430499) to see all the debug logs > of apache and of the console. > > The bug appears each time you configure the administration server to use the > secure connection to the Directory Server configuration server (the file > adm.conf contains ldapurl: > ldaps://ldap-model.polytechnique.fr:636/o=NetscapeRoot > ). > > If you change the adm.conf (or use the console to do that) to ldapurl: > ldap://ldap-model.polytechnique.fr:389/o=NetscapeRoot > everything works fine again > (no java exception, the certificate window opens correctly). > > And the bug has nothing to do with java vendor - i have tested it for serveral > versions, vendors and OS... > > So i think that's what you have changed during the last couple of weeks :) Yup, I had check "Use SSL in Console" under encryption in the directory server config. Unchecking it allows it to work again. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion at cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com From vaddarapu at gmail.com Tue Feb 26 00:43:10 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Tue, 26 Feb 2008 11:43:10 +1100 Subject: [Fedora-directory-users] Console issue In-Reply-To: <47C33CAB.9090402@redhat.com> References: <47BEF067.8060503@redhat.com> <47BF4770.2010901@redhat.com> <47C3270A.4060301@redhat.com> <47C33CAB.9090402@redhat.com> Message-ID: Hi, If i turn off SSl Engine i can able to access the console from anywhere using fedora IDM console. If i turn on i can not. is that following error causing the problem? "Exception in thread "main" java.awt.HeadlessException: No X11 DISPLAY variable was set, but this program performed an operation which requires it. at java.awt.GraphicsEnvironment > > .checkHeadless(Unknown Source)" if so if i turn off SSL engine and run fedora-idm-console -D 9 -f console1.log. still i can see same line in console1.log file. Thanks Vivek On Tue, Feb 26, 2008 at 9:09 AM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi, > > > > > > _java -version_ > > java version "1.5.0_12" > > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04) > > Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode) > > > > > > _fedora-idm-console -D 9 -f console.log > > > > _http://dpaste.com/36801/ > > Exception in thread "main" java.awt.HeadlessException: > No X11 DISPLAY variable was set, but this program performed an operation > which requires it. > at java.awt.GraphicsEnvironment.checkHeadless(Unknown Source) > > > > > Thanks > > Vivek > > > > > > > > On Tue, Feb 26, 2008 at 7:37 AM, Rich Megginson > > wrote: > > > > Anand Vaddarapu wrote: > > > Hi Rich, > > > > > > java -version > > > > > > Java Version "1.6.0_03" > > > Java (TM) SE Runtime Environment (build 1.6.0_03-b05) > > > Java HotSpot (TM) Client VM (build 1.6.0_03-b05, mixed mode, > > sharinf) > > We've never tested with 1.6 - but I don't know if 1.5 would solve > your > > problem. > > > > > > > > > fedora-idm-console -D 9 > > The output below is truncated. I suggest you use > > fedora-idm-console -D 9 -f console.log > > then paste console.log to pastebin.com and > > paste the link here. > > > > > > > > > # /usr/bin/fedora-idm-console -D 9 > > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > java.runtime.name=Java(TM) SE Runtime Environment > > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > > > > > java.vm.version=1.6.0_03-b05 > > > java.vm.vendor=Sun Microsystems Inc. > > > java.vendor.url=http://java.sun.com/ > > > path.separator=: > > > java.vm.name=Java HotSpot(TM) Client VM > > > file.encoding.pkg=sun.io > > > sun.java.launcher=SUN_STANDARD > > > > > > user.country=US > > > sun.os.patch.level=unknown > > > java.vm.specification.name=Java Virtual Machine Specification > > > user.dir=/root > > > java.runtime.version=1.6.0_03-b05 > > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > > > > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > > os.arch=i386 > > > java.io.tmpdir=/tmp > > > line.separator= > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > > os.name=Linux > > > sun.jnu.encoding=UTF-8 > > > java.library.path=/usr/lib > > > > > > java.specification.name=Java Platform API Specification > > > java.class.version=50.0 > > > sun.management.compiler=HotSpot Client Compiler > > > os.version=2.6.18-53.1.4.el5 > > > user.home=/root > > > user.timezone=Australia/Melbourne > > > > > > java.awt.printerjob=sun.print.PSPrinterJob > > > file.encoding=UTF-8 > > > java.specification.version=1.6 > > > > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > > > user.name=root > > > java.vm.specification.version=1.0 > > > java.home=/usr/java/jre1.6.0_03 > > > sun.arch.data.model=32 > > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > > user.language=en > > > > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > > > > java.vm.info=mixed mode, sharing > > > java.version=1.6.0_03 > > > > > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > > > java.vendor=Sun Microsystems Inc. > > > file.separator=/ > > > > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > > sun.io.unicode.encoding=UnicodeLittle > > > sun.cpu.endian=little > > > sun.desktop=gnome > > > sun.cpu.isalist= > > > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > > RemoteImage: Create RemoteImage cache for loader8222510 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > > ResourceSet: NOT found in cache > > loader8222510:com.netscape.management.client.components.components > > > > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/client/theme/images/login.gif > > > ResourceSet: NOT found in cache > > loader8222510:com.netscape.management.client.util.default > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button width = 72 > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > [root at ldap-test1 ~]# ls > > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > > cert-request-info.txt install.log PDNS~~ text1.txt > > > > > > commands install.log.syslog setupssl2.sh > text1.txt~ > > > commands~ PDNS tem vericert > > > [root at ldap-test1 ~]# locate password.conf > > > /etc/dirsrv/admin-serv/password.conf > > > > > > /etc/fedora-ds/slapd-localhost/password.conf > > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > > > cat: /etc/dirsrv/admin-serv/: Is a directory > > > cat: password.conf: No such file or directory > > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > > > > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > > > [root at ldap-test1 ~]# service dirsrv start > > > Starting dirsrv: > > > ldap-test1...Enter PIN for Internal (Software) Token: > > > [ OK > ] > > > > > > [root at ldap-test1 ~]# service dirsrv-admin start > > > Starting dirsrv-admin: > > > Please enter password for "internal" token: > > > [ OK > ] > > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > > > > > [root at ldap-test1 ~]# ls > > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > > cert-request-info.txt install.log PDNS~~ text1.txt > > > commands install.log.syslog setupssl2.sh > text1.txt~ > > > > > > commands~ PDNS tem vericert > > > You have new mail in /var/spool/mail/root > > > [root at ldap-test1 ~]# cat commands > > > yum erase svrcore idm-console-framework > > > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > > > > > rm -rf `find /var -name dirsrv` > > > rm -rf /etc/dirsrv/slapd-* > > > rm -rf /usr/lib/dirsrv/slapd-* > > > rm -rf `find /var -name slapd-\* -print` > > > > > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the > > server doesn't start. > > > > > > > > > find /etc/dirsrv -name \*.db-------to check certs. > > > > > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > > > > > you'll have a server certificate with a nickname of Server-Cert. > > > [root at ldap-test1 ~]# locate console.conf > > > > > > /etc/dirsrv/admin-serv/console.conf > > > You have new mail in /var/spool/mail/root > > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > > You have new mail in /var/spool/mail/root > > > > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# java -version > > > java version "1.6.0_03" > > > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > > > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, > sharing) > > > > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > Display all 2078 possibilities? (y or n) > > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > > > > java.runtime.name=Java(TM) SE Runtime Environment > > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > > java.vm.version=1.6.0_03-b05 > > > java.vm.vendor=Sun Microsystems Inc. > > > java.vendor.url=http://java.sun.com/ > > > > > > path.separator=: > > > java.vm.name=Java HotSpot(TM) Client VM > > > file.encoding.pkg=sun.io > > > sun.java.launcher=SUN_STANDARD > > > user.country=US > > > sun.os.patch.level=unknown > > > java.vm.specification.name=Java Virtual Machine Specification > > > > > > user.dir=/root > > > java.runtime.version=1.6.0_03-b05 > > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > > os.arch=i386 > > > java.io.tmpdir=/tmp > > > line.separator= > > > > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > > os.name=Linux > > > sun.jnu.encoding=UTF-8 > > > java.library.path=/usr/lib > > > java.specification.name=Java Platform API Specification > > > java.class.version=50.0 > > > sun.management.compiler=HotSpot Client Compiler > > > > > > os.version=2.6.18-53.1.4.el5 > > > user.home=/root > > > user.timezone=Australia/Melbourne > > > java.awt.printerjob=sun.print.PSPrinterJob > > > file.encoding=UTF-8 > > > java.specification.version=1.6 > > > > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > > > user.name=root > > > java.vm.specification.version=1.0 > > > java.home=/usr/java/jre1.6.0_03 > > > sun.arch.data.model=32 > > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > > user.language=en > > > > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > > > > java.vm.info=mixed mode, sharing > > > java.version=1.6.0_03 > > > > > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > > > java.vendor=Sun Microsystems Inc. > > > file.separator=/ > > > > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > > sun.io.unicode.encoding=UnicodeLittle > > > sun.cpu.endian=little > > > sun.desktop=gnome > > > sun.cpu.isalist= > > > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > > RemoteImage: Create RemoteImage cache for loader8222510 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > > ResourceSet: NOT found in cache > > loader8222510:com.netscape.management.client.components.components > > > > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/client/theme/images/login.gif > > > ResourceSet: NOT found in cache > > loader8222510:com.netscape.management.client.util.default > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button width = 72 > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > [root at ldap-test1 ~]# ls > > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > > cert-request-info.txt install.log PDNS~~ text1.txt > > > > > > commands install.log.syslog setupssl2.sh > text1.txt~ > > > commands~ PDNS tem vericert > > > [root at ldap-test1 ~]# locate password.conf > > > /etc/dirsrv/admin-serv/password.conf > > > > > > /etc/fedora-ds/slapd-localhost/password.conf > > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > > > cat: /etc/dirsrv/admin-serv/: Is a directory > > > cat: password.conf: No such file or directory > > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > > > > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > > > [root at ldap-test1 ~]# service dirsrv start > > > Starting dirsrv: > > > ldap-test1...Enter PIN for Internal (Software) Token: > > > [ OK > ] > > > > > > [root at ldap-test1 ~]# service dirsrv-admin start > > > Starting dirsrv-admin: > > > Please enter password for "internal" token: > > > [ OK > ] > > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > > > > > [root at ldap-test1 ~]# ls > > > anaconda-ks.cfg Desktop PDNS~ test2.txt > > > cert-request-info.txt install.log PDNS~~ text1.txt > > > commands install.log.syslog setupssl2.sh > text1.txt~ > > > > > > commands~ PDNS tem vericert > > > You have new mail in /var/spool/mail/root > > > [root at ldap-test1 ~]# cat commands > > > yum erase svrcore idm-console-framework > > > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > > > > > rm -rf `find /var -name dirsrv` > > > rm -rf /etc/dirsrv/slapd-* > > > rm -rf /usr/lib/dirsrv/slapd-* > > > rm -rf `find /var -name slapd-\* -print` > > > > > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain why the > > server doesn't start. > > > > > > > > > find /etc/dirsrv -name \*.db-------to check certs. > > > > > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > > > > > you'll have a server certificate with a nickname of Server-Cert. > > > [root at ldap-test1 ~]# locate console.conf > > > > > > /etc/dirsrv/admin-serv/console.conf > > > You have new mail in /var/spool/mail/root > > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > > You have new mail in /var/spool/mail/root > > > > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# java -version > > > java version "1.6.0_03" > > > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > > > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, > sharing) > > > > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > Display all 2078 possibilities? (y or n) > > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > > > > java.runtime.name=Java(TM) SE Runtime Environment > > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > > java.vm.version=1.6.0_03-b05 > > > java.vm.vendor=Sun Microsystems Inc. > > > java.vendor.url=http://java.sun.com/ > > > > > > path.separator=: > > > java.vm.name=Java HotSpot(TM) Client VM > > > file.encoding.pkg=sun.io > > > sun.java.launcher=SUN_STANDARD > > > user.country=US > > > sun.os.patch.level=unknown > > > java.vm.specification.name=Java Virtual Machine Specification > > > > > > user.dir=/root > > > java.runtime.version=1.6.0_03-b05 > > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > > os.arch=i386 > > > java.io.tmpdir=/tmp > > > line.separator= > > > > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > > os.name=Linux > > > sun.jnu.encoding=UTF-8 > > > java.library.path=/usr/lib > > > java.specification.name=Java Platform API Specification > > > java.class.version=50.0 > > > sun.management.compiler=HotSpot Client Compiler > > > > > > os.version=2.6.18-53.1.4.el5 > > > user.home=/root > > > user.timezone=Australia/Melbourne > > > java.awt.printerjob=sun.print.PSPrinterJob > > > file.encoding=UTF-8 > > > java.specification.version=1.6 > > > > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > > > user.name=root > > > java.vm.specification.version=1.0 > > > java.home=/usr/java/jre1.6.0_03 > > > sun.arch.data.model=32 > > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > > user.language=en > > > > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > > > > java.vm.info=mixed mode, sharing > > > java.version=1.6.0_03 > > > > > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > > > java.vendor=Sun Microsystems Inc. > > > file.separator=/ > > > > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > > sun.io.unicode.encoding=UnicodeLittle > > > sun.cpu.endian=little > > > sun.desktop=gnome > > > sun.cpu.isalist= > > > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > > RemoteImage: Create RemoteImage cache for loader8222510 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > > ResourceSet: NOT found in cache > > loader8222510:com.netscape.management.client.components.components > > > > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/client/theme/images/login.gif > > > ResourceSet: NOT found in cache > > loader8222510:com.netscape.management.client.util.default > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button width = 72 > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > > > > On Sat, Feb 23, 2008 at 9:06 AM, Rich Megginson > > > > > >> wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi Rich, > > > > > > > > I can get to web interface with https. > > > > I am also using https url to run console. but i am > > receiving error > > > > message > > > > > > > > " cannot logon because of an incorrect User ID, Incorrect > > > password or > > > > Directory problem. java.io.InterruptedIOException: HTTP > > response > > > > timeout" > > > java -version > > > fedora-idm-console -D 9 > > > > > > > > any suggestions. > > > > thanks > > > > Vivek > > > > On Fri, Feb 22, 2008 at 7:55 AM, Rich Megginson > > > > > > > > > > > > >>> wrote: > > > > > > > > Anand Vaddarapu wrote: > > > > > Hi, > > > > > > > > > > > > > > > After i enabled ssl in admin server i restarted the > > > > dirsrv-admin. Then > > > > > i try to access the console i am getting the following > > > error message > > > > > " cannot logon because of an incorrect User ID, > > Incorrect > > > > password or > > > > > Directory problem. java.io.InterruptedIOException: > HTTP > > > response > > > > timeout" > > > > You must use https for the admin server url. Admin > server > > > cannot > > > > listen > > > > for both SSL and non-SSL connections, unlike the > directory > > > server. > > > > > > > > > > > > > > > But i can get to web interface URL and can login > > without any > > > > problem. > > > > Using http or https? > > > > > > > > > > > > > > > Thanks in Advance. > > > > > > > > > > Vivek > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > > > > > >> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Feb 26 03:09:20 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 20:09:20 -0700 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: <47BEF067.8060503@redhat.com> <47BF4770.2010901@redhat.com> <47C3270A.4060301@redhat.com> <47C33CAB.9090402@redhat.com> Message-ID: <47C382E0.2060002@redhat.com> Anand Vaddarapu wrote: > Hi, > > If i turn off SSl Engine i can able to access the console from > anywhere using fedora IDM console. If i turn on i can not. When you have SSL Engine on, are you using an admin url of https:? Or are you still using http:? > is that following error causing the problem? > > "Exception in thread "main" java.awt.HeadlessException: > No X11 DISPLAY variable was set, but this program performed an > operation which requires it. > at java.awt.GraphicsEnvironment > > .checkHeadless(Unknown Source)" > > > if so if i turn off SSL engine and run fedora-idm-console -D 9 -f > console1.log. still i can see same line in console1.log file. You still see that same error, but the console works anyway? > > Thanks > Vivek > > > On Tue, Feb 26, 2008 at 9:09 AM, Rich Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi, > > > > > > _java -version_ > > java version "1.5.0_12" > > Java(TM) 2 Runtime Environment, Standard Edition (build > 1.5.0_12-b04) > > Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode) > > > > > > _fedora-idm-console -D 9 -f console.log > > > > _http://dpaste.com/36801/ > > Exception in thread "main" java.awt.HeadlessException: > No X11 DISPLAY variable was set, but this program performed an > operation which requires it. > at java.awt.GraphicsEnvironment.checkHeadless(Unknown Source) > > > > > Thanks > > Vivek > > > > > > > > On Tue, Feb 26, 2008 at 7:37 AM, Rich Megginson > > > >> wrote: > > > > Anand Vaddarapu wrote: > > > Hi Rich, > > > > > > java -version > > > > > > Java Version "1.6.0_03" > > > Java (TM) SE Runtime Environment (build 1.6.0_03-b05) > > > Java HotSpot (TM) Client VM (build 1.6.0_03-b05, mixed mode, > > sharinf) > > We've never tested with 1.6 - but I don't know if 1.5 would > solve your > > problem. > > > > > > > > > fedora-idm-console -D 9 > > The output below is truncated. I suggest you use > > fedora-idm-console -D 9 -f console.log > > then paste console.log to pastebin.com > and > > paste the link here. > > > > > > > > > # /usr/bin/fedora-idm-console -D 9 > > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > java.runtime.name=Java(TM) SE Runtime Environment > > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > > > > > java.vm.version=1.6.0_03-b05 > > > java.vm.vendor=Sun Microsystems Inc. > > > java.vendor.url=http://java.sun.com/ > > > path.separator=: > > > java.vm.name=Java HotSpot(TM) Client VM > > > file.encoding.pkg=sun.io > > > sun.java.launcher=SUN_STANDARD > > > > > > user.country=US > > > sun.os.patch.level=unknown > > > java.vm.specification.name=Java Virtual Machine Specification > > > user.dir=/root > > > java.runtime.version=1.6.0_03-b05 > > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > > > > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > > os.arch=i386 > > > java.io.tmpdir=/tmp > > > line.separator= > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > > os.name=Linux > > > sun.jnu.encoding=UTF-8 > > > java.library.path=/usr/lib > > > > > > java.specification.name=Java Platform API Specification > > > java.class.version=50.0 > > > sun.management.compiler=HotSpot Client Compiler > > > os.version=2.6.18-53.1.4.el5 > > > user.home=/root > > > user.timezone=Australia/Melbourne > > > > > > java.awt.printerjob=sun.print.PSPrinterJob > > > file.encoding=UTF-8 > > > java.specification.version=1.6 > > > > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > > > user.name=root > > > java.vm.specification.version=1.0 > > > java.home=/usr/java/jre1.6.0_03 > > > sun.arch.data.model=32 > > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > > user.language=en > > > > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > > > > java.vm.info=mixed mode, sharing > > > java.version=1.6.0_03 > > > > > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > > > java.vendor=Sun Microsystems Inc. > > > file.separator=/ > > > > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > > sun.io.unicode.encoding=UnicodeLittle > > > sun.cpu.endian=little > > > sun.desktop=gnome > > > sun.cpu.isalist= > > > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > > RemoteImage: Create RemoteImage cache for loader8222510 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > > ResourceSet: NOT found in cache > > > loader8222510:com.netscape.management.client.components.components > > > > > > RemoteImage: NOT found in cache > > > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > > RemoteImage: NOT found in cache > > > loader8222510:com/netscape/management/client/theme/images/login.gif > > > ResourceSet: NOT found in cache > > loader8222510:com.netscape.management.client.util.default > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button width = 72 > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > [root at ldap-test1 ~]# ls > > > anaconda-ks.cfg Desktop PDNS~ > test2.txt > > > cert-request-info.txt install.log PDNS~~ > text1.txt > > > > > > commands install.log.syslog setupssl2.sh > text1.txt~ > > > commands~ PDNS tem > vericert > > > [root at ldap-test1 ~]# locate password.conf > > > /etc/dirsrv/admin-serv/password.conf > > > > > > /etc/fedora-ds/slapd-localhost/password.conf > > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > > > cat: /etc/dirsrv/admin-serv/: Is a directory > > > cat: password.conf: No such file or directory > > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > > > > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > > > [root at ldap-test1 ~]# service dirsrv start > > > Starting dirsrv: > > > ldap-test1...Enter PIN for Internal (Software) Token: > > > > [ OK ] > > > > > > [root at ldap-test1 ~]# service dirsrv-admin start > > > Starting dirsrv-admin: > > > Please enter password for "internal" token: > > > > [ OK ] > > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > > > > > [root at ldap-test1 ~]# ls > > > anaconda-ks.cfg Desktop PDNS~ > test2.txt > > > cert-request-info.txt install.log PDNS~~ > text1.txt > > > commands install.log.syslog setupssl2.sh > text1.txt~ > > > > > > commands~ PDNS tem > vericert > > > You have new mail in /var/spool/mail/root > > > [root at ldap-test1 ~]# cat commands > > > yum erase svrcore idm-console-framework > > > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > > > > > rm -rf `find /var -name dirsrv` > > > rm -rf /etc/dirsrv/slapd-* > > > rm -rf /usr/lib/dirsrv/slapd-* > > > rm -rf `find /var -name slapd-\* -print` > > > > > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain > why the > > server doesn't start. > > > > > > > > > find /etc/dirsrv -name \*.db-------to check certs. > > > > > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > > > > > you'll have a server certificate with a nickname of > Server-Cert. > > > [root at ldap-test1 ~]# locate console.conf > > > > > > /etc/dirsrv/admin-serv/console.conf > > > You have new mail in /var/spool/mail/root > > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > > You have new mail in /var/spool/mail/root > > > > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# java -version > > > java version "1.6.0_03" > > > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > > > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed > mode, sharing) > > > > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > Display all 2078 possibilities? (y or n) > > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > > > > java.runtime.name=Java(TM) SE Runtime Environment > > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > > java.vm.version=1.6.0_03-b05 > > > java.vm.vendor=Sun Microsystems Inc. > > > java.vendor.url=http://java.sun.com/ > > > > > > path.separator=: > > > java.vm.name=Java HotSpot(TM) Client VM > > > file.encoding.pkg=sun.io > > > sun.java.launcher=SUN_STANDARD > > > user.country=US > > > sun.os.patch.level=unknown > > > java.vm.specification.name=Java Virtual Machine Specification > > > > > > user.dir=/root > > > java.runtime.version=1.6.0_03-b05 > > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > > os.arch=i386 > > > java.io.tmpdir=/tmp > > > line.separator= > > > > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > > os.name=Linux > > > sun.jnu.encoding=UTF-8 > > > java.library.path=/usr/lib > > > java.specification.name=Java Platform API Specification > > > java.class.version=50.0 > > > sun.management.compiler=HotSpot Client Compiler > > > > > > os.version=2.6.18-53.1.4.el5 > > > user.home=/root > > > user.timezone=Australia/Melbourne > > > java.awt.printerjob=sun.print.PSPrinterJob > > > file.encoding=UTF-8 > > > java.specification.version=1.6 > > > > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > > > user.name=root > > > java.vm.specification.version=1.0 > > > java.home=/usr/java/jre1.6.0_03 > > > sun.arch.data.model=32 > > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > > user.language=en > > > > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > > > > java.vm.info=mixed mode, sharing > > > java.version=1.6.0_03 > > > > > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > > > java.vendor=Sun Microsystems Inc. > > > file.separator=/ > > > > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > > sun.io.unicode.encoding=UnicodeLittle > > > sun.cpu.endian=little > > > sun.desktop=gnome > > > sun.cpu.isalist= > > > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > > RemoteImage: Create RemoteImage cache for loader8222510 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > > ResourceSet: NOT found in cache > > > loader8222510:com.netscape.management.client.components.components > > > > > > RemoteImage: NOT found in cache > > > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > > RemoteImage: NOT found in cache > > > loader8222510:com/netscape/management/client/theme/images/login.gif > > > ResourceSet: NOT found in cache > > loader8222510:com.netscape.management.client.util.default > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button width = 72 > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > [root at ldap-test1 ~]# ls > > > anaconda-ks.cfg Desktop PDNS~ > test2.txt > > > cert-request-info.txt install.log PDNS~~ > text1.txt > > > > > > commands install.log.syslog setupssl2.sh > text1.txt~ > > > commands~ PDNS tem > vericert > > > [root at ldap-test1 ~]# locate password.conf > > > /etc/dirsrv/admin-serv/password.conf > > > > > > /etc/fedora-ds/slapd-localhost/password.conf > > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/ password.conf > > > cat: /etc/dirsrv/admin-serv/: Is a directory > > > cat: password.conf: No such file or directory > > > [root at ldap-test1 ~]# cat /etc/dirsrv/admin-serv/password.conf > > > > > > internal:3b6f2f6489e9b7a9b696bc3348b7e7d91e2d2199 > > > [root at ldap-test1 ~]# service dirsrv start > > > Starting dirsrv: > > > ldap-test1...Enter PIN for Internal (Software) Token: > > > > [ OK ] > > > > > > [root at ldap-test1 ~]# service dirsrv-admin start > > > Starting dirsrv-admin: > > > Please enter password for "internal" token: > > > > [ OK ] > > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console > > > > > > [root at ldap-test1 ~]# ls > > > anaconda-ks.cfg Desktop PDNS~ > test2.txt > > > cert-request-info.txt install.log PDNS~~ > text1.txt > > > commands install.log.syslog setupssl2.sh > text1.txt~ > > > > > > commands~ PDNS tem > vericert > > > You have new mail in /var/spool/mail/root > > > [root at ldap-test1 ~]# cat commands > > > yum erase svrcore idm-console-framework > > > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/lib64/dirsrv > > > > > > rm -rf `find /var -name dirsrv` > > > rm -rf /etc/dirsrv/slapd-* > > > rm -rf /usr/lib/dirsrv/slapd-* > > > rm -rf `find /var -name slapd-\* -print` > > > > > > certutil -L -d /etc/dirsrv/slapd-YOURINSTANCE --explain > why the > > server doesn't start. > > > > > > > > > find /etc/dirsrv -name \*.db-------to check certs. > > > > > > certutil -L -d /etc/dirsrv/admin-serv -P admin-serv- > > > > > > you'll have a server certificate with a nickname of > Server-Cert. > > > [root at ldap-test1 ~]# locate console.conf > > > > > > /etc/dirsrv/admin-serv/console.conf > > > You have new mail in /var/spool/mail/root > > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > > [root at ldap-test1 ~]# vi /etc/dirsrv/admin-serv/console.conf > > > You have new mail in /var/spool/mail/root > > > > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# java -version > > > java version "1.6.0_03" > > > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > > > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed > mode, sharing) > > > > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > [root at ldap-test1 ~]# > > > Display all 2078 possibilities? (y or n) > > > [root at ldap-test1 ~]# /usr/bin/fedora-idm-console -D 9 > > > java.util.prefs.userRoot=/root/.fedora-idm-console > > > > > > java.runtime.name=Java(TM) SE Runtime Environment > > > sun.boot.library.path=/usr/java/jre1.6.0_03/lib/i386 > > > java.vm.version=1.6.0_03-b05 > > > java.vm.vendor=Sun Microsystems Inc. > > > java.vendor.url=http://java.sun.com/ > > > > > > path.separator=: > > > java.vm.name=Java HotSpot(TM) Client VM > > > file.encoding.pkg=sun.io > > > sun.java.launcher=SUN_STANDARD > > > user.country=US > > > sun.os.patch.level=unknown > > > java.vm.specification.name=Java Virtual Machine Specification > > > > > > user.dir=/root > > > java.runtime.version=1.6.0_03-b05 > > > java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment > > > java.endorsed.dirs=/usr/java/jre1.6.0_03/lib/endorsed > > > os.arch=i386 > > > java.io.tmpdir=/tmp > > > line.separator= > > > > > > > > > java.vm.specification.vendor=Sun Microsystems Inc. > > > os.name=Linux > > > sun.jnu.encoding=UTF-8 > > > java.library.path=/usr/lib > > > java.specification.name=Java Platform API Specification > > > java.class.version=50.0 > > > sun.management.compiler=HotSpot Client Compiler > > > > > > os.version=2.6.18-53.1.4.el5 > > > user.home=/root > > > user.timezone=Australia/Melbourne > > > java.awt.printerjob=sun.print.PSPrinterJob > > > file.encoding=UTF-8 > > > java.specification.version=1.6 > > > > > > java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/fedora-idm-console-1.1.0_en.jar > > > > > > user.name=root > > > java.vm.specification.version=1.0 > > > java.home=/usr/java/jre1.6.0_03 > > > sun.arch.data.model=32 > > > java.util.prefs.systemRoot=/root/.fedora-idm-console > > > user.language=en > > > > > > > > > java.specification.vendor=Sun Microsystems Inc. > > > > > > > > > java.vm.info=mixed mode, sharing > > > java.version=1.6.0_03 > > > > > > java.ext.dirs=/usr/java/jre1.6.0_03/lib/ext:/usr/java/packages/lib/ext > > > > > > > > > > > > sun.boot.class.path=/usr/java/jre1.6.0_03/lib/resources.jar:/usr/java/jre1.6.0_03/lib/rt.jar:/usr/java/jre1.6.0_03/lib/sunrsasign.jar:/usr/java/jre1.6.0_03/lib/jsse.jar:/usr/java/jre1.6.0_03/lib/jce.jar:/usr/java/jre1.6.0_03/lib/charsets.jar:/usr/java/jre1.6.0_03/classes > > > > > > java.vendor=Sun Microsystems Inc. > > > file.separator=/ > > > > > > > > > java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi > > > sun.io.unicode.encoding=UnicodeLittle > > > sun.cpu.endian=little > > > sun.desktop=gnome > > > sun.cpu.isalist= > > > > > > Fedora-Management-Console/1.1.0 B2007.354.1015 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Error.gif > > > RemoteImage: Create RemoteImage cache for loader8222510 > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Inform.gif > > > > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Warn.gif > > > RemoteImage: NOT found in cache > > loader8222510:com/netscape/management/nmclf/icons/Question.gif > > > ResourceSet: NOT found in cache > > > loader8222510:com.netscape.management.client.components.components > > > > > > RemoteImage: NOT found in cache > > > loader8222510:com/netscape/management/client/theme/images/logo16.gif > > > RemoteImage: NOT found in cache > > > loader8222510:com/netscape/management/client/theme/images/login.gif > > > ResourceSet: NOT found in cache > > loader8222510:com.netscape.management.client.util.default > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > > > > JButtonFactory: button width = 72 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 54 > > > JButtonFactory: button height = 19 > > > JButtonFactory: button width = 90 > > > JButtonFactory: button width = 72 > > > > > > ResourceSet: found in cache > > loader8222510:com.netscape.management.client.util.default > > > > > > On Sat, Feb 23, 2008 at 9:06 AM, Rich Megginson > > > > > > > > >>> wrote: > > > > > > Anand Vaddarapu wrote: > > > > Hi Rich, > > > > > > > > I can get to web interface with https. > > > > I am also using https url to run console. but i am > > receiving error > > > > message > > > > > > > > " cannot logon because of an incorrect User ID, > Incorrect > > > password or > > > > Directory problem. java.io.InterruptedIOException: > HTTP > > response > > > > timeout" > > > java -version > > > fedora-idm-console -D 9 > > > > > > > > any suggestions. > > > > thanks > > > > Vivek > > > > On Fri, Feb 22, 2008 at 7:55 AM, Rich Megginson > > > > > > > > >> > > > > > > > > >>>> wrote: > > > > > > > > Anand Vaddarapu wrote: > > > > > Hi, > > > > > > > > > > > > > > > After i enabled ssl in admin server i > restarted the > > > > dirsrv-admin. Then > > > > > i try to access the console i am getting the > following > > > error message > > > > > " cannot logon because of an incorrect User ID, > > Incorrect > > > > password or > > > > > Directory problem. > java.io.InterruptedIOException: HTTP > > > response > > > > timeout" > > > > You must use https for the admin server url. > Admin server > > > cannot > > > > listen > > > > for both SSL and non-SSL connections, unlike the > directory > > > server. > > > > > > > > > > > > > > > But i can get to web interface URL and can login > > without any > > > > problem. > > > > Using http or https? > > > > > > > > > > > > > > > Thanks in Advance. > > > > > > > > > > Vivek > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > > > > > > > > > >>> > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > > > > > > > > > >>> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > > > >> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ipvx.low at gmail.com Tue Feb 26 03:21:10 2008 From: ipvx.low at gmail.com (Low Kian Seong) Date: Tue, 26 Feb 2008 11:21:10 +0800 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <7cea65400802192020o32915bddyee33df6cea0bee3e@mail.gmail.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> <47BB1DEE.7010807@redhat.com> <7cea65400802192020o32915bddyee33df6cea0bee3e@mail.gmail.com> Message-ID: <7cea65400802251921w3fd76b79mf822b96dd08192a8@mail.gmail.com> In order to solve this problem I am looking at upgrading my version of fedora-ds which is : fedora-ds-1.0.4-1.RHEL4 to the latest version which is 1.1. Is there anything I need to look out for in this kind of upgrade ? Thank you in advance. On Wed, Feb 20, 2008 at 12:20 PM, Low Kian Seong wrote: > this is what i got > > > Access Log Analyzer 6.0 > > Command : logconv.pl /opt/fedora-ds/slapd-ldap1/logs/access > > Processing 1 Access Log(s)... > > Filename Total Lines Lines processed > --------------------------------------------------------------- > /opt/fedora-ds/slapd-ldap1/logs/access 162024 162024 > > > ----------- Access Log Output ------------ > > Restarts: 0 > > Total Connections: 20511 > Peak Concurrent Connections: 278 > Total Operations: 57545 > Total Results: 57600 > Overall Performance: 100.0% > > Searches: 33737 > Modifications: 2 > Adds: 0 > Deletes: 0 > Mod RDNs: 0 > > 6.x Stats > Persistent Searches: 0 > Internal Operations: 0 > Entry Operations: 0 > Extended Operations: 0 > Abandoned Requests: 0 > Smart Referrals Received: 0 > > VLV Operations: 3 > VLV Unindexed Searches: 1 > SORT Operations: 41 > SSL Connections: 0 > > Entire Search Base Queries: 20 > Unindexed Searches: 43 > > FDs Taken: 20511 > FDs Returned: 20277 > Highest FD Taken: 1404 > > Broken Pipes: 0 > Connections Reset By Peer: 0 > Resource Unavailable: 2743 > - 2743 (T1) Idle Timeout Exceeded > > Binds: 23806 > Unbinds: 6044 > > LDAP v2 Binds: 711 > LDAP v3 Binds: 23095 > SSL Client Binds: 0 > Failed SSL Client Binds: 0 > SASL Binds: 0 > > Directory Manager Binds: 13372 > Anonymous Binds: 2670 > Other Binds: 7764 > > > > > > On Feb 20, 2008 2:20 AM, Rich Megginson wrote: > > Low Kian Seong wrote: > > > This is running on a rhel4 and during this time it doesn't respond to > > > ldap queries. > > > > > run /opt/fedora-ds/bin/slapd/admin/bin/logconf.pl > > /opt/fedora-ds/slapd-yourinstance/logs/access > > > > > On Feb 18, 2008 12:08 PM, Satish Chetty wrote: > > > > > >> Low, > > >> What is the load on the system? Also, when you see this error, does the > > >> LDAP respond to any ldap queries (getent or ladpsearch)? > > >> > > >> -Satish. > > >> > > >> > > >> Low Kian Seong wrote: > > >> > > >>> Dear all, > > >>> > > >>> I have installed fedora directory server version : > > >>> fedora-ds-1.0.4-1.RHEL4. This ldap server integrates with postfix and > > >>> our radius server. My problem is when I check the access log I see > > >>> this error > > >>> > > >>> .[18/Feb/2008:11:04:51 +0800] conn=72887 op=-1 fd=593 closed error 11 > > >>> (Resource temporarily unavailable) - T1 > > >>> [18/Feb/2008:11:04:54 +0800] conn=72898 op=-1 fd=666 closed error 11 > > >>> (Resource temporarily unavailable) - T1 > > >>> [18/Feb/2008:11:05:22 +0800] conn=72895 op=-1 fd=605 closed error 11 > > >>> (Resource temporarily unavailable) - T1 > > >>> > > >>> occuring again and again very frequently. I have already tuned the > > >>> server according to the tuning guide on fedora directory server site. > > >>> This is my sysctl.conf : > > >>> > > >>> > > >>> # Kernel sysctl configuration file for Red Hat Linux > > >>> # > > >>> # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > > >>> # sysctl.conf(5) for more details. > > >>> > > >>> # Controls IP packet forwarding > > >>> net.ipv4.ip_forward = 0 > > >>> > > >>> # Controls source route verification > > >>> net.ipv4.conf.default.rp_filter = 1 > > >>> > > >>> # Do not accept source routing > > >>> net.ipv4.conf.default.accept_source_route = 0 > > >>> > > >>> # Controls the System Request debugging functionality of the kernel > > >>> kernel.sysrq = 0 > > >>> > > >>> # Controls whether core dumps will append the PID to the core filename. > > >>> # Useful for debugging multi-threaded applications. > > >>> kernel.core_uses_pid = 1 > > >>> net.ipv4.ip_local_port_range = 1024 65000 > > >>> fs.file-max = 128000 > > >>> net.ipv4.tcp_keepalive_time = 300 > > >>> > > >>> Am I missing something that I haven't done ? > > >>> > > >>> -- > > >>> Fedora-directory-users mailing list > > >>> Fedora-directory-users at redhat.com > > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >>> > > >>> > > >> -- > > >> Fedora-directory-users mailing list > > >> Fedora-directory-users at redhat.com > > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >> > > >> > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > From rmeggins at redhat.com Tue Feb 26 03:30:26 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 20:30:26 -0700 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <7cea65400802251921w3fd76b79mf822b96dd08192a8@mail.gmail.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> <47BB1DEE.7010807@redhat.com> <7cea65400802192020o32915bddyee33df6cea0bee3e@mail.gmail.com> <7cea65400802251921w3fd76b79mf822b96dd08192a8@mail.gmail.com> Message-ID: <47C387D2.207@redhat.com> Low Kian Seong wrote: > In order to solve this problem I am looking at upgrading my version of > fedora-ds which is : > > fedora-ds-1.0.4-1.RHEL4 > > to the latest version which is 1.1. > > Is there anything I need to look out for in this kind of upgrade ? > I don't think upgrading will solve your problem. The large number of 2743 (T1) Idle Timeout Exceeded errors is really strange. I think logconv.pl -V /opt/fedora-ds/slapd-ldap1/logs/access may provide more information about those connections. I'd like to see what the etime is for those operations. If those errors really are caused by some application just hanging attempting to read from the directory server, you might be able to increase the ioblocktimeout setting in the server, but that will work only if those operations are hanging. > Thank you in advance. > > > On Wed, Feb 20, 2008 at 12:20 PM, Low Kian Seong wrote: > >> this is what i got >> >> >> Access Log Analyzer 6.0 >> >> Command : logconv.pl /opt/fedora-ds/slapd-ldap1/logs/access >> >> Processing 1 Access Log(s)... >> >> Filename Total Lines Lines processed >> --------------------------------------------------------------- >> /opt/fedora-ds/slapd-ldap1/logs/access 162024 162024 >> >> >> ----------- Access Log Output ------------ >> >> Restarts: 0 >> >> Total Connections: 20511 >> Peak Concurrent Connections: 278 >> Total Operations: 57545 >> Total Results: 57600 >> Overall Performance: 100.0% >> >> Searches: 33737 >> Modifications: 2 >> Adds: 0 >> Deletes: 0 >> Mod RDNs: 0 >> >> 6.x Stats >> Persistent Searches: 0 >> Internal Operations: 0 >> Entry Operations: 0 >> Extended Operations: 0 >> Abandoned Requests: 0 >> Smart Referrals Received: 0 >> >> VLV Operations: 3 >> VLV Unindexed Searches: 1 >> SORT Operations: 41 >> SSL Connections: 0 >> >> Entire Search Base Queries: 20 >> Unindexed Searches: 43 >> >> FDs Taken: 20511 >> FDs Returned: 20277 >> Highest FD Taken: 1404 >> >> Broken Pipes: 0 >> Connections Reset By Peer: 0 >> Resource Unavailable: 2743 >> - 2743 (T1) Idle Timeout Exceeded >> >> Binds: 23806 >> Unbinds: 6044 >> >> LDAP v2 Binds: 711 >> LDAP v3 Binds: 23095 >> SSL Client Binds: 0 >> Failed SSL Client Binds: 0 >> SASL Binds: 0 >> >> Directory Manager Binds: 13372 >> Anonymous Binds: 2670 >> Other Binds: 7764 >> >> >> >> >> >> On Feb 20, 2008 2:20 AM, Rich Megginson wrote: >> > Low Kian Seong wrote: >> > > This is running on a rhel4 and during this time it doesn't respond to >> > > ldap queries. >> > > >> > run /opt/fedora-ds/bin/slapd/admin/bin/logconf.pl >> > /opt/fedora-ds/slapd-yourinstance/logs/access >> > >> > > On Feb 18, 2008 12:08 PM, Satish Chetty wrote: >> > > >> > >> Low, >> > >> What is the load on the system? Also, when you see this error, does the >> > >> LDAP respond to any ldap queries (getent or ladpsearch)? >> > >> >> > >> -Satish. >> > >> >> > >> >> > >> Low Kian Seong wrote: >> > >> >> > >>> Dear all, >> > >>> >> > >>> I have installed fedora directory server version : >> > >>> fedora-ds-1.0.4-1.RHEL4. This ldap server integrates with postfix and >> > >>> our radius server. My problem is when I check the access log I see >> > >>> this error >> > >>> >> > >>> .[18/Feb/2008:11:04:51 +0800] conn=72887 op=-1 fd=593 closed error 11 >> > >>> (Resource temporarily unavailable) - T1 >> > >>> [18/Feb/2008:11:04:54 +0800] conn=72898 op=-1 fd=666 closed error 11 >> > >>> (Resource temporarily unavailable) - T1 >> > >>> [18/Feb/2008:11:05:22 +0800] conn=72895 op=-1 fd=605 closed error 11 >> > >>> (Resource temporarily unavailable) - T1 >> > >>> >> > >>> occuring again and again very frequently. I have already tuned the >> > >>> server according to the tuning guide on fedora directory server site. >> > >>> This is my sysctl.conf : >> > >>> >> > >>> >> > >>> # Kernel sysctl configuration file for Red Hat Linux >> > >>> # >> > >>> # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and >> > >>> # sysctl.conf(5) for more details. >> > >>> >> > >>> # Controls IP packet forwarding >> > >>> net.ipv4.ip_forward = 0 >> > >>> >> > >>> # Controls source route verification >> > >>> net.ipv4.conf.default.rp_filter = 1 >> > >>> >> > >>> # Do not accept source routing >> > >>> net.ipv4.conf.default.accept_source_route = 0 >> > >>> >> > >>> # Controls the System Request debugging functionality of the kernel >> > >>> kernel.sysrq = 0 >> > >>> >> > >>> # Controls whether core dumps will append the PID to the core filename. >> > >>> # Useful for debugging multi-threaded applications. >> > >>> kernel.core_uses_pid = 1 >> > >>> net.ipv4.ip_local_port_range = 1024 65000 >> > >>> fs.file-max = 128000 >> > >>> net.ipv4.tcp_keepalive_time = 300 >> > >>> >> > >>> Am I missing something that I haven't done ? >> > >>> >> > >>> -- >> > >>> Fedora-directory-users mailing list >> > >>> Fedora-directory-users at redhat.com >> > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > >>> >> > >>> >> > >> -- >> > >> Fedora-directory-users mailing list >> > >> Fedora-directory-users at redhat.com >> > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > >> >> > >> >> > > >> > > -- >> > > Fedora-directory-users mailing list >> > > Fedora-directory-users at redhat.com >> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > >> > >> > >> > -- >> > Fedora-directory-users mailing list >> > Fedora-directory-users at redhat.com >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > >> > >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Feb 26 03:31:29 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 25 Feb 2008 20:31:29 -0700 Subject: [Fedora-directory-users] FDS 1.1 Transport endpoint is not connected In-Reply-To: References: Message-ID: <47C38811.9000007@redhat.com> Richard Hesse wrote: > Yeah, we?re using SSL and TLS so ethereal/tcpdump isn?t going to yield much > info. The process hung again and strace didn?t provide too much information > other than this: > > futex(0x20b9260, FUTEX_WAIT, 2, NULL) > > Would that give you a place to start looking? > Try logconv.pl -V /var/log/dirsrv/slapd-instancename/access > -richard > > > On 2/19/08 4:04 PM, "Rich Megginson" wrote: > > >> Richard Hesse wrote: >> >>> Not much new to report. The server hung again and the only thing in the >>> error log with connection tracing is this: >>> >>> [18/Feb/2008:13:14:03 +0000] - PR_Write(41818752) Netscape Portable Runtime >>> error -5961 (TCP connection reset by peer.) >>> [18/Feb/2008:13:14:03 +0000] - ber_flush failed, error 104 (Connection reset >>> by peer) >>> >>> Which doesn't look like much. >>> >> Well, it tells me that the server was attempting to write to a socket, >> and got an error. -5961 is PR_CONNECT_RESET_ERROR which can occur if >> the system call returns either EPIPE or ECONNRESET. And error 104 is >> indeed ECONNRESET. >> /usr/include/asm-generic/errno.h:#define ECONNRESET 104 >> /* Connection reset by peer */ >> >> AFAICT, this can happen if the client shuts down the socket (for any >> number of reasons) but the server is still attempting to send data. In >> this case, the client will respond with a TCP RST. I'm not sure how or >> why this could happen. I'm open to other causes for ECONNRESET. >> What would be really, really interesting is if we could narrow this down >> to a particular client application and run ethereal on the connection. >> >> Are you using SSL? >> >>> As for network tuning, it's already been done. >>> >>> Max descriptors is set to 32768. >>> >>> Are there any gdb commands I can run while the server is in a hung state? >>> >>> >> Sure. For whatever the cause of the ECONNRESET, it should not cause the >> server to hang, and it would be interesting to find out what it's >> doing. You'll have to install the fedora-ds-base-debuginfo package. >> Attach to the process - gdb /usr/sbin/ns-slapd >> Then, dump the thread stacks - >> >> (gdb) thread apply all bt >> >> If you want the output to go to a file, redirect gdb logging to a file >> first before doing the thread apply e.g. >> >> (gdb) set logging on >> (gdb) set logging file stack.txt >> >> >> >>> I'm going to try running strace while the process is working, and hope for a >>> hang. Maybe that will give us some more info. >>> >>> -richard >>> >>> On 2/19/08 10:23 AM, "Rich Megginson" wrote: >>> >>> >>> >>>> Richard Hesse wrote: >>>> >>>> >>>>> Yes, every host (except the ldap hosts) runs nscd. The ldap servers are not >>>>> configured to use directory data for anything. >>>>> >>>>> >>>>> >>>> I just don't know. I've not seen this before. I suppose you could try >>>> checking your kernel TCP/IP settings, and increasing the number of file >>>> descriptors used - >>>> http://directory.fedoraproject.org/wiki/Performance_Tuning >>>> >>>> >>>>> -richard >>>>> >>>>> >>>>> On 2/15/08 2:11 PM, "Rich Megginson" wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> Richard Hesse wrote: >>>>>> >>>>>> >>>>>> >>>>>>> nsswitch posix users/groups, >>>>>>> >>>>>>> >>>>>>> >>>>>> Are you using nscd? >>>>>> >>>>>> >>>>>> >>>>>>> ssh, sudo, puppet (config management), and >>>>>>> internally written applications. >>>>>>> >>>>>>> -richard >>>>>>> >>>>>>> On 2/15/08 12:53 PM, "Rich Megginson" wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> What is the application which is generating this load? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From ipvx.low at gmail.com Tue Feb 26 04:06:06 2008 From: ipvx.low at gmail.com (Low Kian Seong) Date: Tue, 26 Feb 2008 12:06:06 +0800 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <47C387D2.207@redhat.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> <47BB1DEE.7010807@redhat.com> <7cea65400802192020o32915bddyee33df6cea0bee3e@mail.gmail.com> <7cea65400802251921w3fd76b79mf822b96dd08192a8@mail.gmail.com> <47C387D2.207@redhat.com> Message-ID: <7cea65400802252006r2e710562r1390aa84edb81fcf@mail.gmail.com> This is what I found : Access Log Analyzer 6.0 Command : logconv.pl -V /opt/fedora-ds/slapd-ldap1/logs/access Processing 1 Access Log(s)... Filename Total Lines Lines processed --------------------------------------------------------------- /opt/fedora-ds/slapd-ldap1/logs/access 175820 175820 ----------- Access Log Output ------------ Restarts: 0 Total Connections: 19774 Peak Concurrent Connections: 340 Total Operations: 65300 Total Results: 65320 Overall Performance: 100.0% Searches: 38913 Modifications: 13 Adds: 2 Deletes: 0 Mod RDNs: 0 6.x Stats Persistent Searches: 0 Internal Operations: 0 Entry Operations: 0 Extended Operations: 0 Abandoned Requests: 0 Smart Referrals Received: 0 VLV Operations: 0 VLV Unindexed Searches: 0 SORT Operations: 0 SSL Connections: 0 Entire Search Base Queries: 0 Unindexed Searches: 0 FDs Taken: 19774 FDs Returned: 19546 Highest FD Taken: 3348 Broken Pipes: 0 Connections Reset By Peer: 0 Resource Unavailable: 2187 - 2187 (T1) Idle Timeout Exceeded Binds: 26372 Unbinds: 5877 LDAP v2 Binds: 659 LDAP v3 Binds: 25713 SSL Client Binds: 0 Failed SSL Client Binds: 0 SASL Binds: 0 Directory Manager Binds: 12909 Anonymous Binds: 2998 Other Binds: 10465 ----- Connection Latency Details ----- (in seconds) <=1 2 3 4-5 6-10 11-15 >15 -------------------------------------------------------------------------- (# of connections) 9320 255 59 257 1082 129 8444 ----- Current Open Connection IDs ----- 268631 268632 268846 268850 268854 268894 268906 268946 268947 268948 268949 268950 268954 268956 268957 268959 268962 268963 268968 268973 268974 268977 268978 268979 268980 268981 268988 268990 268992 268993 268994 268999 269002 269004 269007 269012 269013 269014 269016 269029 269030 269031 269033 269036 269050 269055 269056 269057 269058 269062 269066 269067 269069 269071 269077 269079 269080 269082 269085 269086 269091 269093 269094 269095 269096 269098 269103 269104 269106 269107 269108 269110 269112 269116 269117 269119 269120 269122 269123 269124 269126 269153 269154 269332 269333 269435 269517 269793 270157 270193 270228 270281 270294 270565 270658 270726 270888 270940 270944 271201 271206 271210 271225 271235 271538 271552 272005 272054 272086 272127 272240 272252 272285 272494 272686 272728 272848 273004 273183 273201 273221 273222 273223 273268 273269 273326 273331 273340 273342 273353 273361 273405 273509 273725 273915 273916 273940 273953 274018 274027 274028 274034 274591 274677 274679 274721 274835 274836 274962 274991 275058 275120 275214 275489 275493 275609 275614 275651 275660 275692 275706 275809 275889 275920 275959 276144 276282 276348 276440 277346 277392 277661 277662 277665 277690 277695 277703 277704 277729 277809 277908 277922 278102 278197 278309 278316 278317 278366 278436 278517 278524 278632 278640 278651 278691 278806 278807 278872 279088 279089 279243 279371 279394 279601 279602 279849 279871 279873 279897 280004 280095 280304 280451 280452 280614 280733 280744 280824 280977 281069 281122 281216 281253 281254 281262 281367 281395 281452 281598 281672 281682 281804 281824 281895 281903 281913 281923 281958 281988 282000 282001 282016 282022 282210 282521 282525 282535 282569 282573 282574 282577 282580 282581 282611 282693 282989 283029 283030 283076 283232 283325 283371 283450 283493 283536 283595 283626 283631 283757 283770 283776 283793 283794 283796 283914 283916 283917 284096 284132 284160 284267 284280 284583 284742 285026 285027 285221 285233 285236 285250 285261 285436 285523 285544 285550 285585 285587 285591 285812 285845 285892 285894 286057 286060 286064 286065 286066 286067 286068 286512 286573 286724 286799 286810 286855 286901 287044 287049 287051 287134 287156 287263 287308 287496 287511 287587 287681 287682 287734 287741 287742 287747 287773 287778 287802 287805 287850 287939 288024 288058 288060 288062 288064 288068 288069 288071 288123 288127 288142 288195 288231 288236 288281 288307 288409 288410 288438 288598 288601 288628 288633 288650 288651 288653 288695 288702 288728 288744 288775 288799 288812 288813 288815 288825 288832 288833 288835 288837 288838 288841 288852 288886 288887 288890 288891 288892 288894 288895 288896 288899 ----- Errors ----- err=0 64083 Successful Operations err=32 1152 No Such Object err=49 85 Invalid Credentials (Bad Password) ----- Top 20 Failed Logins ------ 23 uid=salewati.damit at dss.com.bn,ou=people,ou=email,ou=dss.com.bn ,dc=simpur 9 uid=titi.yusop at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 9 uid=hanafadziliah.halidin at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 9 uid=salenawati,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 6 uid=noorulafiza.ishak at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 3 uid=mashadi.phtengah at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 3 uid=hashimah.mudjono at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 3 uid=pgsuriati.hidup at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 3 uid=ipvx, ou=people, ou=email, ou=simpur.net.bn,dc=simpur 3 uid=dennis.kong at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 3 uid=eng.noc at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 3 uid=hamdilah.kamaluddin at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 1 uid=koala,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 1 uid=teresa,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 1 uid=dorauhudt,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 1 uid=support, ou=people, ou=email, ou=simpur.net.bn,dc=simpur 1 uid=webmaster,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 1 uid=superman,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 1 uid=miles,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 1 uid=mark,ou=people,ou=email,ou=simpur.net.bn,dc=simpur >From the IP address(s) : 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.130 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.2 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.130 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.130 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.130 202.152.94.129 202.152.94.129 202.152.94.130 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.130 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.130 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.130 202.152.94.129 202.152.94.129 202.152.94.2 202.152.94.2 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.130 202.152.94.130 202.152.94.130 202.152.94.1 202.152.94.130 202.152.94.130 202.152.94.130 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.129 202.152.94.1 ----- Total Connection Codes ----- B1 11480 Bad Ber Tag Encountered U1 5877 Cleanly Closed Connections T1 2187 Idle Timeout Exceeded ----- Top 20 Clients ----- Number of Clients: 8 13800 202.152.94.129 8254 - B1 Bad Ber Tag Encountered 3608 - U1 Cleanly Closed Connections 1864 - T1 Idle Timeout Exceeded 4300 202.152.94.130 3178 - B1 Bad Ber Tag Encountered 743 - U1 Cleanly Closed Connections 145 - T1 Idle Timeout Exceeded 678 202.152.94.1 535 - U1 Cleanly Closed Connections 142 - T1 Idle Timeout Exceeded 536 202.152.94.2 536 - U1 Cleanly Closed Connections 214 127.0.0.1 214 - U1 Cleanly Closed Connections 214 202.152.94.33 214 - U1 Cleanly Closed Connections 32 192.168.100.61 30 - T1 Idle Timeout Exceeded * Unknown Host 48 - B1 Bad Ber Tag Encountered 27 - U1 Cleanly Closed Connections 6 - T1 Idle Timeout Exceeded ----- Top 20 Bind DN's ----- Number of Unique Bind DN's: 270 12909 cn=directory manager 2998 Anonymous Binds 1111 cn=admin 1056 uid=dst_noc,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 511 uid=nagios,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 308 uid=delai,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 220 uid=farihana.kayan at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 213 uid=choo,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 206 uid=domainadmin at dst-group.com,ou=dst-group.com,dc=simpur 196 uid=chua at dss.com.bn,ou=people,ou=email,ou=dss.com.bn ,dc=simpur 192 uid=dygmasyanti.mashhor at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 191 uid=nagios, ou=dial up, ou=simpur.net.bn, dc=simpur 140 uid=dstmm.content,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 140 uid=khai,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 132 uid=meleendawaty.saini at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 128 uid=dkhjhnorhartati.phismail at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 110 uid=rosniah.karia at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur 103 uid=bismi,ou=people,ou=email,ou=simpur.net.bn,dc=simpur 100 uid=fizah at dss.com.bn,ou=people,ou=email,ou=dss.com.bn ,dc=simpur 100 uid=mashadi.phtengah at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur ----- Top 20 Search Bases ----- Number of Unique Search Bases: 4 38131 dc=simpur 408 ou=dst-group.com,dc=simpur 354 ou=dial up, ou=simpur.net.bn, dc=simpur 20 root dse ----- Top 20 Search Filters ----- Number of Unique Search Filters: 1629 4904 (&(objectclass=shadowaccount)(uid=vmail)) 2471 (&(objectclass=posixgroup)(memberuid=avs-smtp)) 2471 (&(objectclass=posixaccount)(uid=avs-smtp)) 2132 (&(objectclass=posixgroup)(memberuid=root)) 2132 (&(objectclass=posixaccount)(uid=root)) 2081 (&(objectclass=posixaccount)(uid=postfix)) 2081 (&(objectclass=posixgroup)(memberuid=postfix)) 1699 (uid=root) 1325 (objectclass=*) 1150 (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=dst_noc)) 530 (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=nagios)) 397 (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=noc)) 360 (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=delai)) 231 (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=farihana.kayan at dst-group.com)) 223 (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=choo)) 211 (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=chua at dss.com.bn)) 208 (&(objectclass=posixaccount)(uid=smsgw.smsgw)) 208 (objectclass=posixaccount) 203 (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=dstmm.content)) 203 (uid=domainadmin at dst-group.com) ----- Top 20 Most Frequent etimes ----- 65102 etime=0 158 etime=2 60 etime=1 ----- Top 20 Longest etimes ----- etime=2 158 etime=1 60 etime=0 65102 ----- Top 20 Largest nentries ----- nentries=1281 45 nentries=1279 152 nentries=502 26 nentries=501 3 nentries=500 1 nentries=61 7 nentries=60 1 nentries=56 2 nentries=52 2 nentries=50 2 nentries=39 2 nentries=31 1 nentries=29 2 nentries=28 1 nentries=27 2 nentries=20 208 nentries=17 3 nentries=16 1 nentries=12 3 nentries=11 2 ----- Top 20 Most returned nentries ----- 21625 nentries=0 16760 nentries=1 208 nentries=20 152 nentries=1279 45 nentries=1281 32 nentries=2 26 nentries=502 23 nentries=3 9 nentries=5 7 nentries=61 5 nentries=7 5 nentries=6 5 nentries=8 3 nentries=17 3 nentries=9 3 nentries=12 3 nentries=501 2 nentries=11 2 nentries=29 2 nentries=27 ----- Top 20 Most Requested Attributes ----- 31924 mailMessageStore 21300 userPassword 21097 uid 16193 cn 15982 mailQuotaSize 15962 enableSpamFolder 15962 smsAlertPkg 10348 All Attributes 6944 gidNumber 4904 shadowMax 4904 shadowWarning 4904 shadowInactive 4904 shadowLastChange 4904 shadowFlag 4904 shadowMin 4904 shadowExpire 354 radiusProfile 231 uidNumber 231 gecos 231 homeDirectory ----- Recommendations ----- 1. You have some connections that are are being closed by the idletimeout setting. You may want to increase the idletimeout if it is set low. 2. You have a significant difference between binds and unbinds. You may want to investigate this difference. 3. You have a high number of Directory Manager binds. The Directory Manager account should only be used under certain circumstances. Avoid using this account for client applications. 4. You have more abnormal connection codes than cleanly closed connections. You may want to investigate this difference. Any ideas ? On Tue, Feb 26, 2008 at 11:30 AM, Rich Megginson wrote: > Low Kian Seong wrote: > > In order to solve this problem I am looking at upgrading my version of > > fedora-ds which is : > > > > fedora-ds-1.0.4-1.RHEL4 > > > > to the latest version which is 1.1. > > > > Is there anything I need to look out for in this kind of upgrade ? > > > I don't think upgrading will solve your problem. > > The large number of 2743 (T1) Idle Timeout Exceeded errors is really > strange. I think > logconv.pl -V /opt/fedora-ds/slapd-ldap1/logs/access > may provide more information about those connections. I'd like to see > what the etime is for those operations. If those errors really are > caused by some application just hanging attempting to read from the > directory server, you might be able to increase the ioblocktimeout > setting in the server, but that will work only if those operations are > hanging. > > > > Thank you in advance. > > > > > > On Wed, Feb 20, 2008 at 12:20 PM, Low Kian Seong wrote: > > > >> this is what i got > >> > >> > >> Access Log Analyzer 6.0 > >> > >> Command : logconv.pl /opt/fedora-ds/slapd-ldap1/logs/access > >> > >> Processing 1 Access Log(s)... > >> > >> Filename Total Lines Lines processed > >> --------------------------------------------------------------- > >> /opt/fedora-ds/slapd-ldap1/logs/access 162024 162024 > >> > >> > >> ----------- Access Log Output ------------ > >> > >> Restarts: 0 > >> > >> Total Connections: 20511 > >> Peak Concurrent Connections: 278 > >> Total Operations: 57545 > >> Total Results: 57600 > >> Overall Performance: 100.0% > >> > >> Searches: 33737 > >> Modifications: 2 > >> Adds: 0 > >> Deletes: 0 > >> Mod RDNs: 0 > >> > >> 6.x Stats > >> Persistent Searches: 0 > >> Internal Operations: 0 > >> Entry Operations: 0 > >> Extended Operations: 0 > >> Abandoned Requests: 0 > >> Smart Referrals Received: 0 > >> > >> VLV Operations: 3 > >> VLV Unindexed Searches: 1 > >> SORT Operations: 41 > >> SSL Connections: 0 > >> > >> Entire Search Base Queries: 20 > >> Unindexed Searches: 43 > >> > >> FDs Taken: 20511 > >> FDs Returned: 20277 > >> Highest FD Taken: 1404 > >> > >> Broken Pipes: 0 > >> Connections Reset By Peer: 0 > >> Resource Unavailable: 2743 > >> - 2743 (T1) Idle Timeout Exceeded > >> > >> Binds: 23806 > >> Unbinds: 6044 > >> > >> LDAP v2 Binds: 711 > >> LDAP v3 Binds: 23095 > >> SSL Client Binds: 0 > >> Failed SSL Client Binds: 0 > >> SASL Binds: 0 > >> > >> Directory Manager Binds: 13372 > >> Anonymous Binds: 2670 > >> Other Binds: 7764 > >> > >> > >> > >> > >> > >> On Feb 20, 2008 2:20 AM, Rich Megginson wrote: > >> > Low Kian Seong wrote: > >> > > This is running on a rhel4 and during this time it doesn't respond to > >> > > ldap queries. > >> > > > >> > run /opt/fedora-ds/bin/slapd/admin/bin/logconf.pl > >> > /opt/fedora-ds/slapd-yourinstance/logs/access > >> > > >> > > On Feb 18, 2008 12:08 PM, Satish Chetty wrote: > >> > > > >> > >> Low, > >> > >> What is the load on the system? Also, when you see this error, does the > >> > >> LDAP respond to any ldap queries (getent or ladpsearch)? > >> > >> > >> > >> -Satish. > >> > >> > >> > >> > >> > >> Low Kian Seong wrote: > >> > >> > >> > >>> Dear all, > >> > >>> > >> > >>> I have installed fedora directory server version : > >> > >>> fedora-ds-1.0.4-1.RHEL4. This ldap server integrates with postfix and > >> > >>> our radius server. My problem is when I check the access log I see > >> > >>> this error > >> > >>> > >> > >>> .[18/Feb/2008:11:04:51 +0800] conn=72887 op=-1 fd=593 closed error 11 > >> > >>> (Resource temporarily unavailable) - T1 > >> > >>> [18/Feb/2008:11:04:54 +0800] conn=72898 op=-1 fd=666 closed error 11 > >> > >>> (Resource temporarily unavailable) - T1 > >> > >>> [18/Feb/2008:11:05:22 +0800] conn=72895 op=-1 fd=605 closed error 11 > >> > >>> (Resource temporarily unavailable) - T1 > >> > >>> > >> > >>> occuring again and again very frequently. I have already tuned the > >> > >>> server according to the tuning guide on fedora directory server site. > >> > >>> This is my sysctl.conf : > >> > >>> > >> > >>> > >> > >>> # Kernel sysctl configuration file for Red Hat Linux > >> > >>> # > >> > >>> # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > >> > >>> # sysctl.conf(5) for more details. > >> > >>> > >> > >>> # Controls IP packet forwarding > >> > >>> net.ipv4.ip_forward = 0 > >> > >>> > >> > >>> # Controls source route verification > >> > >>> net.ipv4.conf.default.rp_filter = 1 > >> > >>> > >> > >>> # Do not accept source routing > >> > >>> net.ipv4.conf.default.accept_source_route = 0 > >> > >>> > >> > >>> # Controls the System Request debugging functionality of the kernel > >> > >>> kernel.sysrq = 0 > >> > >>> > >> > >>> # Controls whether core dumps will append the PID to the core filename. > >> > >>> # Useful for debugging multi-threaded applications. > >> > >>> kernel.core_uses_pid = 1 > >> > >>> net.ipv4.ip_local_port_range = 1024 65000 > >> > >>> fs.file-max = 128000 > >> > >>> net.ipv4.tcp_keepalive_time = 300 > >> > >>> > >> > >>> Am I missing something that I haven't done ? > >> > >>> > >> > >>> -- > >> > >>> Fedora-directory-users mailing list > >> > >>> Fedora-directory-users at redhat.com > >> > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > >>> > >> > >>> > >> > >> -- > >> > >> Fedora-directory-users mailing list > >> > >> Fedora-directory-users at redhat.com > >> > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > >> > >> > >> > >> > > > >> > > -- > >> > > Fedora-directory-users mailing list > >> > > Fedora-directory-users at redhat.com > >> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > > > >> > > >> > > >> > -- > >> > Fedora-directory-users mailing list > >> > Fedora-directory-users at redhat.com > >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > > >> > > >> > >> > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From ipvx.low at gmail.com Tue Feb 26 04:10:50 2008 From: ipvx.low at gmail.com (Low Kian Seong) Date: Tue, 26 Feb 2008 12:10:50 +0800 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <7cea65400802252006r2e710562r1390aa84edb81fcf@mail.gmail.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> <47BB1DEE.7010807@redhat.com> <7cea65400802192020o32915bddyee33df6cea0bee3e@mail.gmail.com> <7cea65400802251921w3fd76b79mf822b96dd08192a8@mail.gmail.com> <47C387D2.207@redhat.com> <7cea65400802252006r2e710562r1390aa84edb81fcf@mail.gmail.com> Message-ID: <7cea65400802252010ra41fd5bl311ccd6adde9beb9@mail.gmail.com> Wow ... a bit of ip information there could someone please take out the last email i sent ? How do i request an email be removed ? On Tue, Feb 26, 2008 at 12:06 PM, Low Kian Seong wrote: > This is what I found : > > > > Access Log Analyzer 6.0 > > Command : logconv.pl -V /opt/fedora-ds/slapd-ldap1/logs/access > > > Processing 1 Access Log(s)... > > Filename Total Lines Lines processed > --------------------------------------------------------------- > /opt/fedora-ds/slapd-ldap1/logs/access 175820 175820 > > > > ----------- Access Log Output ------------ > > Restarts: 0 > > Total Connections: 19774 > Peak Concurrent Connections: 340 > Total Operations: 65300 > Total Results: 65320 > Overall Performance: 100.0% > > Searches: 38913 > Modifications: 13 > > Adds: 2 > Deletes: 0 > Mod RDNs: 0 > > 6.x Stats > Persistent Searches: 0 > Internal Operations: 0 > Entry Operations: 0 > Extended Operations: 0 > Abandoned Requests: 0 > Smart Referrals Received: 0 > > VLV Operations: 0 > VLV Unindexed Searches: 0 > SORT Operations: 0 > SSL Connections: 0 > > Entire Search Base Queries: 0 > Unindexed Searches: 0 > > FDs Taken: 19774 > FDs Returned: 19546 > Highest FD Taken: 3348 > > > Broken Pipes: 0 > Connections Reset By Peer: 0 > Resource Unavailable: 2187 > - 2187 (T1) Idle Timeout Exceeded > > Binds: 26372 > Unbinds: 5877 > > LDAP v2 Binds: 659 > LDAP v3 Binds: 25713 > > SSL Client Binds: 0 > Failed SSL Client Binds: 0 > SASL Binds: 0 > > Directory Manager Binds: 12909 > Anonymous Binds: 2998 > Other Binds: 10465 > > ----- Connection Latency Details ----- > > (in seconds) <=1 2 3 4-5 6-10 11-15 >15 > -------------------------------------------------------------------------- > (# of connections) 9320 255 59 257 1082 129 8444 > > ----- Current Open Connection IDs ----- > > 268631 > 268632 > 268846 > 268850 > 268854 > 268894 > 268906 > 268946 > 268947 > 268948 > 268949 > 268950 > 268954 > 268956 > 268957 > 268959 > 268962 > 268963 > 268968 > 268973 > 268974 > 268977 > 268978 > 268979 > 268980 > 268981 > 268988 > 268990 > 268992 > 268993 > 268994 > 268999 > 269002 > 269004 > 269007 > 269012 > 269013 > 269014 > 269016 > 269029 > 269030 > 269031 > 269033 > 269036 > 269050 > 269055 > 269056 > 269057 > 269058 > 269062 > 269066 > 269067 > 269069 > 269071 > 269077 > 269079 > 269080 > 269082 > 269085 > 269086 > 269091 > 269093 > 269094 > 269095 > 269096 > 269098 > 269103 > 269104 > 269106 > 269107 > 269108 > 269110 > 269112 > 269116 > 269117 > 269119 > 269120 > 269122 > 269123 > 269124 > 269126 > 269153 > 269154 > 269332 > 269333 > 269435 > 269517 > 269793 > 270157 > 270193 > 270228 > 270281 > 270294 > 270565 > 270658 > 270726 > 270888 > 270940 > 270944 > 271201 > 271206 > 271210 > 271225 > 271235 > 271538 > 271552 > 272005 > 272054 > 272086 > 272127 > 272240 > 272252 > 272285 > 272494 > 272686 > 272728 > 272848 > 273004 > 273183 > 273201 > 273221 > 273222 > 273223 > 273268 > 273269 > 273326 > 273331 > 273340 > 273342 > 273353 > 273361 > 273405 > 273509 > 273725 > 273915 > 273916 > 273940 > 273953 > 274018 > 274027 > 274028 > 274034 > 274591 > 274677 > 274679 > 274721 > 274835 > 274836 > 274962 > 274991 > 275058 > 275120 > 275214 > 275489 > 275493 > 275609 > 275614 > 275651 > 275660 > 275692 > 275706 > 275809 > 275889 > 275920 > 275959 > 276144 > 276282 > 276348 > 276440 > 277346 > 277392 > 277661 > 277662 > 277665 > 277690 > 277695 > 277703 > 277704 > 277729 > 277809 > 277908 > 277922 > 278102 > 278197 > 278309 > 278316 > 278317 > 278366 > 278436 > 278517 > 278524 > 278632 > 278640 > 278651 > 278691 > 278806 > 278807 > 278872 > 279088 > 279089 > 279243 > 279371 > 279394 > 279601 > 279602 > 279849 > 279871 > 279873 > 279897 > 280004 > 280095 > 280304 > 280451 > 280452 > 280614 > 280733 > 280744 > 280824 > 280977 > 281069 > 281122 > 281216 > 281253 > 281254 > 281262 > 281367 > 281395 > 281452 > 281598 > 281672 > 281682 > 281804 > 281824 > 281895 > 281903 > 281913 > 281923 > 281958 > 281988 > 282000 > 282001 > 282016 > 282022 > 282210 > 282521 > 282525 > 282535 > 282569 > 282573 > 282574 > 282577 > 282580 > 282581 > 282611 > 282693 > 282989 > 283029 > 283030 > 283076 > 283232 > 283325 > 283371 > 283450 > 283493 > 283536 > 283595 > 283626 > 283631 > 283757 > 283770 > 283776 > 283793 > 283794 > 283796 > 283914 > 283916 > 283917 > 284096 > 284132 > 284160 > 284267 > 284280 > 284583 > 284742 > 285026 > 285027 > 285221 > 285233 > 285236 > 285250 > 285261 > 285436 > 285523 > 285544 > 285550 > 285585 > 285587 > 285591 > 285812 > 285845 > 285892 > 285894 > 286057 > 286060 > 286064 > 286065 > 286066 > 286067 > 286068 > 286512 > 286573 > 286724 > 286799 > 286810 > 286855 > 286901 > 287044 > 287049 > 287051 > 287134 > 287156 > 287263 > 287308 > 287496 > 287511 > 287587 > 287681 > 287682 > 287734 > 287741 > 287742 > 287747 > 287773 > 287778 > 287802 > 287805 > 287850 > 287939 > 288024 > 288058 > 288060 > 288062 > 288064 > 288068 > 288069 > 288071 > 288123 > 288127 > 288142 > 288195 > 288231 > 288236 > 288281 > 288307 > 288409 > 288410 > 288438 > 288598 > 288601 > 288628 > 288633 > 288650 > 288651 > 288653 > 288695 > 288702 > 288728 > 288744 > 288775 > 288799 > 288812 > 288813 > 288815 > 288825 > 288832 > 288833 > 288835 > 288837 > 288838 > 288841 > 288852 > 288886 > 288887 > 288890 > 288891 > 288892 > 288894 > 288895 > 288896 > 288899 > > > ----- Errors ----- > > err=0 64083 Successful Operations > err=32 1152 No Such Object > err=49 85 Invalid Credentials (Bad Password) > > ----- Top 20 Failed Logins ------ > > 23 uid=salewati.damit at dss.com.bn,ou=people,ou=email,ou=dss.com.bn > ,dc=simpur > 9 uid=titi.yusop at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 9 uid=hanafadziliah.halidin at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 9 uid=salenawati,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 6 uid=noorulafiza.ishak at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 3 uid=mashadi.phtengah at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 3 uid=hashimah.mudjono at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 3 uid=pgsuriati.hidup at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 3 uid=ipvx, ou=people, ou=email, ou=simpur.net.bn,dc=simpur > 3 uid=dennis.kong at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 3 uid=eng.noc at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 3 uid=hamdilah.kamaluddin at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 1 uid=koala,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 1 uid=teresa,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 1 uid=dorauhudt,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 1 uid=support, ou=people, ou=email, ou=simpur.net.bn,dc=simpur > 1 uid=webmaster,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 1 uid=superman,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 1 uid=miles,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 1 uid=mark,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > > From the IP address(s) : > > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.130 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.2 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.130 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.130 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.130 > 202.152.94.129 > 202.152.94.129 > 202.152.94.130 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.130 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.130 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.130 > 202.152.94.129 > 202.152.94.129 > 202.152.94.2 > 202.152.94.2 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.130 > 202.152.94.130 > 202.152.94.130 > 202.152.94.1 > 202.152.94.130 > 202.152.94.130 > 202.152.94.130 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.129 > 202.152.94.1 > > > ----- Total Connection Codes ----- > > B1 11480 Bad Ber Tag Encountered > U1 5877 Cleanly Closed Connections > T1 2187 Idle Timeout Exceeded > > > ----- Top 20 Clients ----- > > Number of Clients: 8 > > 13800 202.152.94.129 > 8254 - B1 Bad Ber Tag Encountered > 3608 - U1 Cleanly Closed Connections > 1864 - T1 Idle Timeout Exceeded > > 4300 202.152.94.130 > 3178 - B1 Bad Ber Tag Encountered > 743 - U1 Cleanly Closed Connections > 145 - T1 Idle Timeout Exceeded > > 678 202.152.94.1 > 535 - U1 Cleanly Closed Connections > 142 - T1 Idle Timeout Exceeded > > 536 202.152.94.2 > 536 - U1 Cleanly Closed Connections > > 214 127.0.0.1 > 214 - U1 Cleanly Closed Connections > > 214 202.152.94.33 > 214 - U1 Cleanly Closed Connections > > 32 192.168.100.61 > 30 - T1 Idle Timeout Exceeded > > * Unknown Host > 48 - B1 Bad Ber Tag Encountered > 27 - U1 Cleanly Closed Connections > 6 - T1 Idle Timeout Exceeded > > > ----- Top 20 Bind DN's ----- > > Number of Unique Bind DN's: 270 > > 12909 cn=directory manager > 2998 Anonymous Binds > 1111 cn=admin > 1056 uid=dst_noc,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 511 uid=nagios,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 308 uid=delai,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 220 > uid=farihana.kayan at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 213 uid=choo,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 206 uid=domainadmin at dst-group.com,ou=dst-group.com,dc=simpur > 196 uid=chua at dss.com.bn,ou=people,ou=email,ou=dss.com.bn ,dc=simpur > 192 > uid=dygmasyanti.mashhor at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 191 uid=nagios, ou=dial up, ou=simpur.net.bn, dc=simpur > 140 uid=dstmm.content,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 140 uid=khai,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 132 > uid=meleendawaty.saini at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 128 > uid=dkhjhnorhartati.phismail at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 110 > uid=rosniah.karia at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > 103 uid=bismi,ou=people,ou=email,ou=simpur.net.bn,dc=simpur > 100 uid=fizah at dss.com.bn,ou=people,ou=email,ou=dss.com.bn ,dc=simpur > 100 > uid=mashadi.phtengah at dst-group.com,ou=people,ou=email,ou=dst-group.com,dc=simpur > > > ----- Top 20 Search Bases ----- > > Number of Unique Search Bases: 4 > > 38131 dc=simpur > 408 ou=dst-group.com,dc=simpur > 354 ou=dial up, ou=simpur.net.bn, dc=simpur > 20 root dse > > > ----- Top 20 Search Filters ----- > > Number of Unique Search Filters: 1629 > > 4904 (&(objectclass=shadowaccount)(uid=vmail)) > 2471 (&(objectclass=posixgroup)(memberuid=avs-smtp)) > 2471 (&(objectclass=posixaccount)(uid=avs-smtp)) > 2132 (&(objectclass=posixgroup)(memberuid=root)) > 2132 (&(objectclass=posixaccount)(uid=root)) > 2081 (&(objectclass=posixaccount)(uid=postfix)) > 2081 (&(objectclass=posixgroup)(memberuid=postfix)) > 1699 (uid=root) > 1325 (objectclass=*) > 1150 > (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=dst_noc)) > 530 > (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=nagios)) > 397 > (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=noc)) > 360 > (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=delai)) > 231 > (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=farihana.kayan at dst-group.com)) > 223 > (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=choo)) > 211 > (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=chua at dss.com.bn)) > 208 (&(objectclass=posixaccount)(uid=smsgw.smsgw)) > 208 (objectclass=posixaccount) > 203 > (&(objectclass=mailinetorgperson)(accountstatus=active)(uid=dstmm.content)) > 203 (uid=domainadmin at dst-group.com) > > > ----- Top 20 Most Frequent etimes ----- > > 65102 etime=0 > 158 etime=2 > 60 etime=1 > > > ----- Top 20 Longest etimes ----- > > etime=2 158 > etime=1 60 > etime=0 65102 > > > ----- Top 20 Largest nentries ----- > > nentries=1281 45 > nentries=1279 152 > nentries=502 26 > nentries=501 3 > nentries=500 1 > nentries=61 7 > nentries=60 1 > nentries=56 2 > nentries=52 2 > nentries=50 2 > nentries=39 2 > nentries=31 1 > nentries=29 2 > nentries=28 1 > nentries=27 2 > nentries=20 208 > nentries=17 3 > nentries=16 1 > nentries=12 3 > nentries=11 2 > > > ----- Top 20 Most returned nentries ----- > > 21625 nentries=0 > 16760 nentries=1 > 208 nentries=20 > 152 nentries=1279 > 45 nentries=1281 > 32 nentries=2 > 26 nentries=502 > 23 nentries=3 > 9 nentries=5 > 7 nentries=61 > 5 nentries=7 > 5 nentries=6 > 5 nentries=8 > 3 nentries=17 > 3 nentries=9 > 3 nentries=12 > 3 nentries=501 > 2 nentries=11 > 2 nentries=29 > 2 nentries=27 > > > > ----- Top 20 Most Requested Attributes ----- > > 31924 mailMessageStore > 21300 userPassword > 21097 uid > 16193 cn > 15982 mailQuotaSize > 15962 enableSpamFolder > 15962 smsAlertPkg > 10348 All Attributes > 6944 gidNumber > 4904 shadowMax > 4904 shadowWarning > 4904 shadowInactive > 4904 shadowLastChange > 4904 shadowFlag > 4904 shadowMin > 4904 shadowExpire > 354 radiusProfile > 231 uidNumber > 231 gecos > 231 homeDirectory > > > ----- Recommendations ----- > > 1. You have some connections that are are being closed by the > idletimeout setting. You may want to increase the idletimeout if it is > set low. > > 2. You have a significant difference between binds and unbinds. You > may want to investigate this difference. > > 3. You have a high number of Directory Manager binds. The Directory > Manager account should only be used under certain circumstances. > Avoid using this account for client applications. > > 4. You have more abnormal connection codes than cleanly closed > connections. You may want to investigate this difference. > > Any ideas ? > > > > On Tue, Feb 26, 2008 at 11:30 AM, Rich Megginson wrote: > > Low Kian Seong wrote: > > > In order to solve this problem I am looking at upgrading my version of > > > fedora-ds which is : > > > > > > fedora-ds-1.0.4-1.RHEL4 > > > > > > to the latest version which is 1.1. > > > > > > Is there anything I need to look out for in this kind of upgrade ? > > > > > I don't think upgrading will solve your problem. > > > > The large number of 2743 (T1) Idle Timeout Exceeded errors is really > > strange. I think > > logconv.pl -V /opt/fedora-ds/slapd-ldap1/logs/access > > may provide more information about those connections. I'd like to see > > what the etime is for those operations. If those errors really are > > caused by some application just hanging attempting to read from the > > directory server, you might be able to increase the ioblocktimeout > > setting in the server, but that will work only if those operations are > > hanging. > > > > > > > Thank you in advance. > > > > > > > > > On Wed, Feb 20, 2008 at 12:20 PM, Low Kian Seong wrote: > > > > > >> this is what i got > > >> > > >> > > >> Access Log Analyzer 6.0 > > >> > > >> Command : logconv.pl /opt/fedora-ds/slapd-ldap1/logs/access > > >> > > >> Processing 1 Access Log(s)... > > >> > > >> Filename Total Lines Lines processed > > >> --------------------------------------------------------------- > > >> /opt/fedora-ds/slapd-ldap1/logs/access 162024 162024 > > >> > > >> > > >> ----------- Access Log Output ------------ > > >> > > >> Restarts: 0 > > >> > > >> Total Connections: 20511 > > >> Peak Concurrent Connections: 278 > > >> Total Operations: 57545 > > >> Total Results: 57600 > > >> Overall Performance: 100.0% > > >> > > >> Searches: 33737 > > >> Modifications: 2 > > >> Adds: 0 > > >> Deletes: 0 > > >> Mod RDNs: 0 > > >> > > >> 6.x Stats > > >> Persistent Searches: 0 > > >> Internal Operations: 0 > > >> Entry Operations: 0 > > >> Extended Operations: 0 > > >> Abandoned Requests: 0 > > >> Smart Referrals Received: 0 > > >> > > >> VLV Operations: 3 > > >> VLV Unindexed Searches: 1 > > >> SORT Operations: 41 > > >> SSL Connections: 0 > > >> > > >> Entire Search Base Queries: 20 > > >> Unindexed Searches: 43 > > >> > > >> FDs Taken: 20511 > > >> FDs Returned: 20277 > > >> Highest FD Taken: 1404 > > >> > > >> Broken Pipes: 0 > > >> Connections Reset By Peer: 0 > > >> Resource Unavailable: 2743 > > >> - 2743 (T1) Idle Timeout Exceeded > > >> > > >> Binds: 23806 > > >> Unbinds: 6044 > > >> > > >> LDAP v2 Binds: 711 > > >> LDAP v3 Binds: 23095 > > >> SSL Client Binds: 0 > > >> Failed SSL Client Binds: 0 > > >> SASL Binds: 0 > > >> > > >> Directory Manager Binds: 13372 > > >> Anonymous Binds: 2670 > > >> Other Binds: 7764 > > >> > > >> > > >> > > >> > > >> > > >> On Feb 20, 2008 2:20 AM, Rich Megginson wrote: > > >> > Low Kian Seong wrote: > > >> > > This is running on a rhel4 and during this time it doesn't respond to > > >> > > ldap queries. > > >> > > > > >> > run /opt/fedora-ds/bin/slapd/admin/bin/logconf.pl > > >> > /opt/fedora-ds/slapd-yourinstance/logs/access > > >> > > > >> > > On Feb 18, 2008 12:08 PM, Satish Chetty wrote: > > >> > > > > >> > >> Low, > > >> > >> What is the load on the system? Also, when you see this error, does the > > >> > >> LDAP respond to any ldap queries (getent or ladpsearch)? > > >> > >> > > >> > >> -Satish. > > >> > >> > > >> > >> > > >> > >> Low Kian Seong wrote: > > >> > >> > > >> > >>> Dear all, > > >> > >>> > > >> > >>> I have installed fedora directory server version : > > >> > >>> fedora-ds-1.0.4-1.RHEL4. This ldap server integrates with postfix and > > >> > >>> our radius server. My problem is when I check the access log I see > > >> > >>> this error > > >> > >>> > > >> > >>> .[18/Feb/2008:11:04:51 +0800] conn=72887 op=-1 fd=593 closed error 11 > > >> > >>> (Resource temporarily unavailable) - T1 > > >> > >>> [18/Feb/2008:11:04:54 +0800] conn=72898 op=-1 fd=666 closed error 11 > > >> > >>> (Resource temporarily unavailable) - T1 > > >> > >>> [18/Feb/2008:11:05:22 +0800] conn=72895 op=-1 fd=605 closed error 11 > > >> > >>> (Resource temporarily unavailable) - T1 > > >> > >>> > > >> > >>> occuring again and again very frequently. I have already tuned the > > >> > >>> server according to the tuning guide on fedora directory server site. > > >> > >>> This is my sysctl.conf : > > >> > >>> > > >> > >>> > > >> > >>> # Kernel sysctl configuration file for Red Hat Linux > > >> > >>> # > > >> > >>> # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > > >> > >>> # sysctl.conf(5) for more details. > > >> > >>> > > >> > >>> # Controls IP packet forwarding > > >> > >>> net.ipv4.ip_forward = 0 > > >> > >>> > > >> > >>> # Controls source route verification > > >> > >>> net.ipv4.conf.default.rp_filter = 1 > > >> > >>> > > >> > >>> # Do not accept source routing > > >> > >>> net.ipv4.conf.default.accept_source_route = 0 > > >> > >>> > > >> > >>> # Controls the System Request debugging functionality of the kernel > > >> > >>> kernel.sysrq = 0 > > >> > >>> > > >> > >>> # Controls whether core dumps will append the PID to the core filename. > > >> > >>> # Useful for debugging multi-threaded applications. > > >> > >>> kernel.core_uses_pid = 1 > > >> > >>> net.ipv4.ip_local_port_range = 1024 65000 > > >> > >>> fs.file-max = 128000 > > >> > >>> net.ipv4.tcp_keepalive_time = 300 > > >> > >>> > > >> > >>> Am I missing something that I haven't done ? > > >> > >>> > > >> > >>> -- > > >> > >>> Fedora-directory-users mailing list > > >> > >>> Fedora-directory-users at redhat.com > > >> > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >> > >>> > > >> > >>> > > >> > >> -- > > >> > >> Fedora-directory-users mailing list > > >> > >> Fedora-directory-users at redhat.com > > >> > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >> > >> > > >> > >> > > >> > > > > >> > > -- > > >> > > Fedora-directory-users mailing list > > >> > > Fedora-directory-users at redhat.com > > >> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >> > > > > >> > > > >> > > > >> > -- > > >> > Fedora-directory-users mailing list > > >> > Fedora-directory-users at redhat.com > > >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >> > > > >> > > > >> > > >> > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > From zahra_bahar at ec.iut.ac.ir Tue Feb 26 05:02:35 2008 From: zahra_bahar at ec.iut.ac.ir (Zahra Bahar) Date: Tue, 26 Feb 2008 08:32:35 +0330 (IRST) Subject: [Fedora-directory-users] fedora directory server support Message-ID: <9680388.446801204002155491.JavaMail.root@mta.iut.ac.ir> how many entries one fedora-ds server with one database could support? is there any limitation from DS ? From solarflow99 at gmail.com Tue Feb 26 11:13:42 2008 From: solarflow99 at gmail.com (solarflow99) Date: Tue, 26 Feb 2008 11:13:42 +0000 Subject: [Fedora-directory-users] 1.1 usage problems In-Reply-To: <47C323A4.7030104@redhat.com> References: <7020fd000802250824h785309fl10137eba435628f3@mail.gmail.com> <47C323A4.7030104@redhat.com> Message-ID: <7020fd000802260313y1d3560ack7625dd0b4d69fc5b@mail.gmail.com> > You should not use setup-ds.pl. You should use setup-ds-admin.pl > instead. See - > http://www.redhat.com/docs/manuals/dir-server/install/8.0/index.html thanks, I can't believe thats all it was... When using the console, I noticed strange behaviour and java errors, I guess FDS still needs an old version of JRE? The wiki links to 1.4.2, I just wonder why a newer version can't be used? -------------- next part -------------- An HTML attachment was scrubbed... URL: From solarflow99 at gmail.com Tue Feb 26 11:21:56 2008 From: solarflow99 at gmail.com (solarflow99) Date: Tue, 26 Feb 2008 11:21:56 +0000 Subject: [Fedora-directory-users] fedora directory server support In-Reply-To: <9680388.446801204002155491.JavaMail.root@mta.iut.ac.ir> References: <9680388.446801204002155491.JavaMail.root@mta.iut.ac.ir> Message-ID: <7020fd000802260321j7776ce6ei483c0ed9b6177b79@mail.gmail.com> someone else just asked that too, I think its like 1.5 million. On 2/26/08, Zahra Bahar wrote: > > how many entries one fedora-ds server with one database could support? is > there any limitation from DS ? > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bagyi at mail.fmkorhaz.hu Tue Feb 26 12:26:40 2008 From: bagyi at mail.fmkorhaz.hu (Tamas Bagyal) Date: Tue, 26 Feb 2008 13:26:40 +0100 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47C325E9.4010600@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <47BF33AC.1010007@redhat.com> <47BF35F3.2050503@redhat.com> <200802251508.50693.Ryan.Braun@ec.gc.ca> <47C325E9.4010600@redhat.com> Message-ID: <47C40580.7030407@mail.fmkorhaz.hu> hello, I trying follow the compileing procedure, and I have a few succes. I have a fully working ns-slapd, admin-server, but the console work perfect only on windows. On linux the console is started and I can login, but has a few problems. management console looks like ok. ds-console does not show anything in the right plane, task tab is blank. ds-admin console not stop/restart server, configuration is only show the network tab. other tabs are blank. I used for the build: ldapjdk.jar: ftp://ftp.uni-bayreuth.de/pub/linux/arklinux/2006.1/i586/ldapsdk-java-4.17-1ark.i586.rpm jss4.jar: download from anywhere, i can't remember. mod_nss: mod_nss-1.0.7 The rest are original etch packages. How can I produce some log for debugging? (I know nothing almost for java.) thanks, Tamas Bagyal Rich Megginson wrote: > Ryan Braun wrote: >> On Friday 22 February 2008 8:52 pm, Rich Megginson wrote: >> >>>>>> The java components will be more tricky. >>>>>> >>>>>> For ldapjdk, it would be nice to be able to build from source in >>>>>> dsbuild, but the jar file is cross platform and stable. >>>>>> >>>>>> JSS is different because it has some JNI code and should be compiled. >>>>>> There are binaries available from ftp.mozilla.org but I don't know >>>>>> how >>>>>> well they will work. >>>>>> >>>>>> None of the other java components listed at >>>>>> http://directory.fedoraproject.org/wiki/Source and >>>>>> http://directory.fedoraproject.org/wiki/BuildingConsole have been >>>>>> rolled >>>>>> into dsbuild. >>>>>> >>>>> Ok java components we'll come back to later, I'm having trouble >>>>> building mod_nss now. >>>>> >>>>> infinity:/usr/src/dsbuild/meta/ds# make BUILD_DS_ADMIN=1 >>>>> ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 ADMINSERVER_SOURCE=1 >>>>> SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 >>>>> >>>> Add APXS=/usr/bin/apxs2 HTTPD=/usr/sbin/apache2 >>>> >>>> Make sure you have the apache2-mpm-worker and apache2-threaded-dev >>>> packages installed. >>>> >>> One more thing - after you finish building, you'll have to comment out >>> the following line in your $PREFIX/etc/dirsrv/admin-serv/httpd.conf: >>> LoadModule log_config_module ...... >>> >>> Then you should be able to run $PREFIX/sbin/setup-ds-admin.pl. I was, >>> and both directory server and admin server are running. >>> >> >> >> Ok, adding >> APXS=/usr/bin/apxs2 >> HTTPD=/usr/sbin/apache2 >> >> to both dsbuild/ds/mod_nss/Makefile and dsbuild/adminserver/Makefile >> worked great. The dsbuild process finishes and appears to have >> compiled everything. >> >> A couple little bugs creeped up during the build. I think it was >> during the make install of ldapserver. One of the binaries (the first >> one I guess) was copied to /opt/dirsrv/bin (the bin being a file not a >> directory) so the /opt/dirsrv/bin directory isn't getting created. >> Quick fix was just renaming /opt/dirsrv/bin to >> /opt/dirsrv/bin.something and rerunning make. Executing >> /opt/dirsrv/bin.something looks like the binary might be ldappasswd? >> > Probably a bug in ds/mozldap/Makefile in the install section. >> Second, there seems to be a missing library. >> >> Starting admin server . . . >> output: ERROR: ld.so: object '/opt/dirsrv/lib/libssl3.so' from >> LD_PRELOAD cannot be preloaded: ignored. >> output: apache2: Syntax error on line 123 of >> /opt/dirsrv/etc/dirsrv/admin-serv/httpd.conf: module log_config_module >> is built-in and can't be loaded >> Could not start the admin server. Error: 256 >> Failed to create and configure the admin server >> Exiting . . . >> >> I assumed the libssl3.so was supposed to be provided by building nss >> from source. So I just symlinked the system's libssl3.so provided by >> libnss3-0d back to /opt/dirsrv/lib/. > Ok. Or just edit the start-ds-admin script. Looks like a bug - it > should use the correct path to libssl3.so. But then the NSS devel > support in etch is not quite there. >> Admin server seemed to startup fine after that (and fixing the debian >> httpd module issue). >> >> So after all that I have a running slapd now, and the admin server is >> started. I can connect and bind as Directory Manager and browse the >> tree using any old ldap client. browsing to localhost:ADMINSRV_PORT >> works and brings up the web stuff. But when I try to connect to the >> adminserver using the console from the 1.0.4 directory server >> install, it will connect but not show any servers in the default >> view. Not sure if that is a 1.0.4 vs. 1.1.0 version problem, or a >> build issue with lacking java components. > It is the latter. The java components are server version specific - so > you need fedora-ds-console 1.1 and fedora-ds-admin-console 1.1 in order > to manage the 1.1 versions of their respective servers. >> Which leads me to my next question. The java components, are they >> only required for running the console on your client machines? So >> building with NOJAVA=1 will provide a fully working adminserver and >> ldapserver, just no console binaries? >> > Mostly correct. The only thing is that the way the console works, it > downloads the ds and ds-admin jar files from the admin server. However, > if you build them on the client machine and install them into > $HOME/.fedora-idm-console/jars then the console will just use the local > ones. >> To be honest, I haven't really looked into the different post install >> process' with 1.1.0 since 1.0.4 so the reason I could have missing >> entries in the console could very well be my own fault :) >> >> Also, if I want to fine tune the location of some of directories >> during build. is it safe to modify the CONFIGURE_ARGS variable in the >> adminserver and ldapserver's Makefile? I want to put >> /opt/dirsrv/etc/dirsrv into /etc/dirsrv aswell as /opt/dirsrv/var into >> /var? >> > Yes, for those components whose configure respect --sysconfdir and > --localstatedir - which means not the mozilla components (mozldap, etc.) > but everything else should work just fine. You'll also have to tweak > the --prefix argument which is set by default. >> Ryan >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From rmeggins at redhat.com Tue Feb 26 15:36:44 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 08:36:44 -0700 Subject: [Fedora-directory-users] 1.1 usage problems In-Reply-To: <7020fd000802260313y1d3560ack7625dd0b4d69fc5b@mail.gmail.com> References: <7020fd000802250824h785309fl10137eba435628f3@mail.gmail.com> <47C323A4.7030104@redhat.com> <7020fd000802260313y1d3560ack7625dd0b4d69fc5b@mail.gmail.com> Message-ID: <47C4320C.9070104@redhat.com> solarflow99 wrote: > > You should not use setup-ds.pl. You should use setup-ds-admin.pl > instead. See - > http://www.redhat.com/docs/manuals/dir-server/install/8.0/index.html > > > thanks, I can't believe thats all it was... > > When using the console, I noticed strange behaviour and java errors, I > guess FDS still needs an old version of JRE? The wiki links to 1.4.2, > I just wonder why a newer version can't be used? Java 1.5 works fine. What errors are you seeing? > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Feb 26 15:38:11 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 08:38:11 -0700 Subject: [Fedora-directory-users] fedora directory server support In-Reply-To: <9680388.446801204002155491.JavaMail.root@mta.iut.ac.ir> References: <9680388.446801204002155491.JavaMail.root@mta.iut.ac.ir> Message-ID: <47C43263.4060704@redhat.com> Zahra Bahar wrote: > how many entries one fedora-ds server with one database could support? is there any limitation from DS ? > The entry ID is a 32 bit number. I can't remember if it is signed or unsigned, so the maximum number of entries is either 2 billion and change or 4 billion and change. > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Feb 26 15:43:35 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 08:43:35 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47C40580.7030407@mail.fmkorhaz.hu> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <47BF33AC.1010007@redhat.com> <47BF35F3.2050503@redhat.com> <200802251508.50693.Ryan.Braun@ec.gc.ca> <47C325E9.4010600@redhat.com> <47C40580.7030407@mail.fmkorhaz.hu> Message-ID: <47C433A7.6050107@redhat.com> Tamas Bagyal wrote: > hello, > > I trying follow the compileing procedure, and I have a few succes. > I have a fully working ns-slapd, admin-server, but the console work > perfect only on windows. On linux the console is started and I can > login, but has a few problems. > > management console looks like ok. > > ds-console does not show anything in the right plane, task tab is blank. > > ds-admin console not stop/restart server, configuration is only show > the network tab. other tabs are blank. > > I used for the build: > > ldapjdk.jar: > ftp://ftp.uni-bayreuth.de/pub/linux/arklinux/2006.1/i586/ldapsdk-java-4.17-1ark.i586.rpm > > > jss4.jar: > download from anywhere, i can't remember. > > mod_nss: > > mod_nss-1.0.7 > > > The rest are original etch packages. > > How can I produce some log for debugging? (I know nothing almost for > java.) fedora-idm-console -D 9 -f console.log > > thanks, > > Tamas Bagyal > > Rich Megginson wrote: >> Ryan Braun wrote: >>> On Friday 22 February 2008 8:52 pm, Rich Megginson wrote: >>> >>>>>>> The java components will be more tricky. >>>>>>> >>>>>>> For ldapjdk, it would be nice to be able to build from source in >>>>>>> dsbuild, but the jar file is cross platform and stable. >>>>>>> >>>>>>> JSS is different because it has some JNI code and should be >>>>>>> compiled. >>>>>>> There are binaries available from ftp.mozilla.org but I don't >>>>>>> know how >>>>>>> well they will work. >>>>>>> >>>>>>> None of the other java components listed at >>>>>>> http://directory.fedoraproject.org/wiki/Source and >>>>>>> http://directory.fedoraproject.org/wiki/BuildingConsole have been >>>>>>> rolled >>>>>>> into dsbuild. >>>>>>> >>>>>> Ok java components we'll come back to later, I'm having trouble >>>>>> building mod_nss now. >>>>>> >>>>>> infinity:/usr/src/dsbuild/meta/ds# make BUILD_DS_ADMIN=1 >>>>>> ADMINUTIL_SOURCE=1 MOD_NSS_SOURCE=1 ADMINSERVER_SOURCE=1 >>>>>> SVRCORE_SOURCE=1 MOZLDAP_SOURCE=1 PERLDAP_SOURCE=1 >>>>>> >>>>> Add APXS=/usr/bin/apxs2 HTTPD=/usr/sbin/apache2 >>>>> >>>>> Make sure you have the apache2-mpm-worker and apache2-threaded-dev >>>>> packages installed. >>>>> >>>> One more thing - after you finish building, you'll have to comment out >>>> the following line in your $PREFIX/etc/dirsrv/admin-serv/httpd.conf: >>>> LoadModule log_config_module ...... >>>> >>>> Then you should be able to run $PREFIX/sbin/setup-ds-admin.pl. I was, >>>> and both directory server and admin server are running. >>>> >>> >>> >>> Ok, adding >>> APXS=/usr/bin/apxs2 >>> HTTPD=/usr/sbin/apache2 >>> >>> to both dsbuild/ds/mod_nss/Makefile and dsbuild/adminserver/Makefile >>> worked great. The dsbuild process finishes and appears to have >>> compiled everything. >>> >>> A couple little bugs creeped up during the build. I think it was >>> during the make install of ldapserver. One of the binaries (the >>> first one I guess) was copied to /opt/dirsrv/bin (the bin being a >>> file not a directory) so the /opt/dirsrv/bin directory isn't getting >>> created. Quick fix was just renaming /opt/dirsrv/bin to >>> /opt/dirsrv/bin.something and rerunning make. Executing >>> /opt/dirsrv/bin.something looks like the binary might be ldappasswd? >>> >> Probably a bug in ds/mozldap/Makefile in the install section. >>> Second, there seems to be a missing library. >>> >>> Starting admin server . . . >>> output: ERROR: ld.so: object '/opt/dirsrv/lib/libssl3.so' from >>> LD_PRELOAD cannot be preloaded: ignored. >>> output: apache2: Syntax error on line 123 of >>> /opt/dirsrv/etc/dirsrv/admin-serv/httpd.conf: module >>> log_config_module is built-in and can't be loaded >>> Could not start the admin server. Error: 256 >>> Failed to create and configure the admin server >>> Exiting . . . >>> >>> I assumed the libssl3.so was supposed to be provided by building nss >>> from source. So I just symlinked the system's libssl3.so provided >>> by libnss3-0d back to /opt/dirsrv/lib/. >> Ok. Or just edit the start-ds-admin script. Looks like a bug - it >> should use the correct path to libssl3.so. But then the NSS devel >> support in etch is not quite there. >>> Admin server seemed to startup fine after that (and fixing the >>> debian httpd module issue). >>> >>> So after all that I have a running slapd now, and the admin server >>> is started. I can connect and bind as Directory Manager and browse >>> the tree using any old ldap client. browsing to >>> localhost:ADMINSRV_PORT works and brings up the web stuff. But when >>> I try to connect to the adminserver using the console from the 1.0.4 >>> directory server install, it will connect but not show any servers >>> in the default view. Not sure if that is a 1.0.4 vs. 1.1.0 version >>> problem, or a build issue with lacking java components. >> It is the latter. The java components are server version specific - >> so you need fedora-ds-console 1.1 and fedora-ds-admin-console 1.1 in >> order to manage the 1.1 versions of their respective servers. >>> Which leads me to my next question. The java components, are they >>> only required for running the console on your client machines? So >>> building with NOJAVA=1 will provide a fully working adminserver and >>> ldapserver, just no console binaries? >>> >> Mostly correct. The only thing is that the way the console works, it >> downloads the ds and ds-admin jar files from the admin server. >> However, if you build them on the client machine and install them >> into $HOME/.fedora-idm-console/jars then the console will just use >> the local ones. >>> To be honest, I haven't really looked into the different post >>> install process' with 1.1.0 since 1.0.4 so the reason I could have >>> missing entries in the console could very well be my own fault :) >>> >>> Also, if I want to fine tune the location of some of directories >>> during build. is it safe to modify the CONFIGURE_ARGS variable in >>> the adminserver and ldapserver's Makefile? I want to put >>> /opt/dirsrv/etc/dirsrv into /etc/dirsrv aswell as /opt/dirsrv/var >>> into /var? >>> >> Yes, for those components whose configure respect --sysconfdir and >> --localstatedir - which means not the mozilla components (mozldap, >> etc.) but everything else should work just fine. You'll also have to >> tweak the --prefix argument which is set by default. >>> Ryan >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From Ryan.Braun at ec.gc.ca Tue Feb 26 16:24:06 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Tue, 26 Feb 2008 16:24:06 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47C325E9.4010600@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802251508.50693.Ryan.Braun@ec.gc.ca> <47C325E9.4010600@redhat.com> Message-ID: <200802261624.06814.Ryan.Braun@ec.gc.ca> > > A couple little bugs creeped up during the build. I think it was during > > the make install of ldapserver. One of the binaries (the first one I > > guess) was copied to /opt/dirsrv/bin (the bin being a file not a > > directory) so the /opt/dirsrv/bin directory isn't getting created. Quick > > fix was just renaming /opt/dirsrv/bin to /opt/dirsrv/bin.something and > > rerunning make. Executing /opt/dirsrv/bin.something looks like the binary > > might be ldappasswd? > > Probably a bug in ds/mozldap/Makefile in the install section. I had a peek in there, it looks ok, but I'll add a mkdir -p /opt/dirsrv/bin before the copy loop and see if that works next time I build. > > > Second, there seems to be a missing library. > > > > Starting admin server . . . > > output: ERROR: ld.so: object '/opt/dirsrv/lib/libssl3.so' from LD_PRELOAD > > cannot be preloaded: ignored. > > output: apache2: Syntax error on line 123 > > of /opt/dirsrv/etc/dirsrv/admin-serv/httpd.conf: module log_config_module > > is built-in and can't be loaded > > Could not start the admin server. Error: 256 > > Failed to create and configure the admin server > > Exiting . . . > > > > I assumed the libssl3.so was supposed to be provided by building nss from > > source. So I just symlinked the system's libssl3.so provided by > > libnss3-0d back to /opt/dirsrv/lib/. > > Ok. Or just edit the start-ds-admin script. Looks like a bug - it > should use the correct path to libssl3.so. But then the NSS devel > support in etch is not quite there. Gotcha > > Which leads me to my next question. The java components, are they only > > required for running the console on your client machines? So building > > with NOJAVA=1 will provide a fully working adminserver and ldapserver, > > just no console binaries? > > Mostly correct. The only thing is that the way the console works, it > downloads the ds and ds-admin jar files from the admin server. However, > if you build them on the client machine and install them into > $HOME/.fedora-idm-console/jars then the console will just use the local > ones. Ok, well I tried installing the windows console on one of the windows boxes around here (easier then downloading fc isos :) ), fired up the console and am able to connect and it looks like it wants to work, then it reports back that it can't find the jars. So that being said, is there an easy way to use FC jars, or do I need to build them for debian? (I have started trying to build jss but am having some issues) > > > To be honest, I haven't really looked into the different post install > > process' with 1.1.0 since 1.0.4 so the reason I could have missing > > entries in the console could very well be my own fault :) > > > > Also, if I want to fine tune the location of some of directories during > > build. is it safe to modify the CONFIGURE_ARGS variable in the > > adminserver and ldapserver's Makefile? I want to put > > /opt/dirsrv/etc/dirsrv into /etc/dirsrv aswell as /opt/dirsrv/var into > > /var? > > Yes, for those components whose configure respect --sysconfdir and > --localstatedir - which means not the mozilla components (mozldap, etc.) > but everything else should work just fine. You'll also have to tweak > the --prefix argument which is set by default. I'll play around with some options. I've started a wiki page for the debian build. I don't have it linked onto the main page, but you can check it out in recent changes. Ryan From rmeggins at redhat.com Tue Feb 26 17:05:33 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 10:05:33 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802261624.06814.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802251508.50693.Ryan.Braun@ec.gc.ca> <47C325E9.4010600@redhat.com> <200802261624.06814.Ryan.Braun@ec.gc.ca> Message-ID: <47C446DD.8020603@redhat.com> Ryan Braun wrote: > >> Mostly correct. The only thing is that the way the console works, it >> downloads the ds and ds-admin jar files from the admin server. However, >> if you build them on the client machine and install them into >> $HOME/.fedora-idm-console/jars then the console will just use the local >> ones. >> > > Ok, well I tried installing the windows console on one of the windows boxes > around here (easier then downloading fc isos :) ), fired up the console and > am able to connect and it looks like it wants to work, then it reports back > that it can't find the jars. Right. The windows console works the same way - it tries to download the server specific jar files from the admin server via http. > So that being said, is there an easy way to > use FC jars, or do I need to build them for debian? (I have started trying > to build jss but am having some issues) > Yes. Just grab them from /usr/share/dirsrv/html/java. I suggest using tar or another program to preserve the symlinks - but no big deal as the jar files are small if you use cp and get redundant copies. The jar files are platform independent. > >>> To be honest, I haven't really looked into the different post install >>> process' with 1.1.0 since 1.0.4 so the reason I could have missing >>> entries in the console could very well be my own fault :) >>> >>> Also, if I want to fine tune the location of some of directories during >>> build. is it safe to modify the CONFIGURE_ARGS variable in the >>> adminserver and ldapserver's Makefile? I want to put >>> /opt/dirsrv/etc/dirsrv into /etc/dirsrv aswell as /opt/dirsrv/var into >>> /var? >>> >> Yes, for those components whose configure respect --sysconfdir and >> --localstatedir - which means not the mozilla components (mozldap, etc.) >> but everything else should work just fine. You'll also have to tweak >> the --prefix argument which is set by default. >> > > I'll play around with some options. I've started a wiki page for the debian > build. I don't have it linked onto the main page, but you can check it out > in recent changes. > Ok. Thanks! > Ryan > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From solarflow99 at gmail.com Tue Feb 26 17:21:38 2008 From: solarflow99 at gmail.com (solarflow99) Date: Tue, 26 Feb 2008 17:21:38 +0000 Subject: [Fedora-directory-users] 1.1 usage problems In-Reply-To: <47C4320C.9070104@redhat.com> References: <7020fd000802250824h785309fl10137eba435628f3@mail.gmail.com> <47C323A4.7030104@redhat.com> <7020fd000802260313y1d3560ack7625dd0b4d69fc5b@mail.gmail.com> <47C4320C.9070104@redhat.com> Message-ID: <7020fd000802260921r189739c3xce00f803ad404b34@mail.gmail.com> On 2/26/08, Rich Megginson wrote: > > solarflow99 wrote: > > > > You should not use setup-ds.pl. You should use setup-ds-admin.pl > > instead. See - > > http://www.redhat.com/docs/manuals/dir-server/install/8.0/index.html > > > > > > thanks, I can't believe thats all it was... > > > > When using the console, I noticed strange behaviour and java errors, I > > guess FDS still needs an old version of JRE? The wiki links to 1.4.2, > > I just wonder why a newer version can't be used? > Java 1.5 works fine. What errors are you seeing? well, i'm trying to see if I can use the latest JRE from sun's website, or is a certain version required? It almost works with the java that comes in rhel 5.1, it just didnt work correctly. Its too bad the JRE couldn't be included already in rhel 5, I can't see why not, 4 had it in the extras CD. You said you never tested with some recent java versions right? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Feb 26 17:31:26 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 10:31:26 -0700 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <7cea65400802252010ra41fd5bl311ccd6adde9beb9@mail.gmail.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> <47BB1DEE.7010807@redhat.com> <7cea65400802192020o32915bddyee33df6cea0bee3e@mail.gmail.com> <7cea65400802251921w3fd76b79mf822b96dd08192a8@mail.gmail.com> <47C387D2.207@redhat.com> <7cea65400802252006r2e710562r1390aa84edb81fcf@mail.gmail.com> <7cea65400802252010ra41fd5bl311ccd6adde9beb9@mail.gmail.com> Message-ID: <47C44CEE.5080905@redhat.com> Low Kian Seong wrote: > Wow ... a bit of ip information there could someone please take out > the last email i sent ? How do i request an email be removed ? > And in your reply, you copied the entire previous message - I've contacted Red Hat support to remove the messages from the archive. But there is no way to revoke the messages once they are sent. This information is interesting: ----- Total Connection Codes ----- B1 11480 Bad Ber Tag Encountered U1 5877 Cleanly Closed Connections T1 2187 Idle Timeout Exceeded B1 usually means the client just exit()'ed without first calling close() or shutdown() on the TCP/IP socket. Which is fine. It's the T1 which are odd. Of these 2187, 1864 come from the same client: 13800 XXX.XXX.XXX.129 8254 - B1 Bad Ber Tag Encountered 3608 - U1 Cleanly Closed Connections 1864 - T1 Idle Timeout Exceeded Take a look at the access log where you get the T1 error upon disconnect. You want to find out what the conn=XXXXX is. From there, go back in the access log looking for the operations on that connection. What are they? What application are they from? Why is that application opening connections and just leaving them open? If it is a monitoring application like nagios, you will need to increase the idle timeout for that application. You can do this by using a dedicated BIND dn for that application, then you can increase the idle timeout for that user without affecting any of the other users - see http://tinyurl.com/2sy8bl If you have a lot of applications that open connections and leave them open for a long time, you will need to figure out how many file descriptors you need for other clients, and you will need to increase the number of file descriptors available for the directory server as well as the size of the directory server connection table - http://tinyurl.com/35qddb and http://directory.fedoraproject.org/wiki/Performance_Tuning#Linux See http://tinyurl.com/35qddb for real time server connection monitoring information. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Feb 26 17:33:25 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 10:33:25 -0700 Subject: [Fedora-directory-users] 1.1 usage problems In-Reply-To: <7020fd000802260921r189739c3xce00f803ad404b34@mail.gmail.com> References: <7020fd000802250824h785309fl10137eba435628f3@mail.gmail.com> <47C323A4.7030104@redhat.com> <7020fd000802260313y1d3560ack7625dd0b4d69fc5b@mail.gmail.com> <47C4320C.9070104@redhat.com> <7020fd000802260921r189739c3xce00f803ad404b34@mail.gmail.com> Message-ID: <47C44D65.3050302@redhat.com> solarflow99 wrote: > > > On 2/26/08, *Rich Megginson* > wrote: > > solarflow99 wrote: > > > > You should not use setup-ds.pl. You should use > setup-ds-admin.pl > > instead. See - > > > http://www.redhat.com/docs/manuals/dir-server/install/8.0/index.html > > > > > > thanks, I can't believe thats all it was... > > > > When using the console, I noticed strange behaviour and java > errors, I > > guess FDS still needs an old version of JRE? The wiki links to > 1.4.2, > > I just wonder why a newer version can't be used? > Java 1.5 works fine. What errors are you seeing? > > > well, i'm trying to see if I can use the latest JRE from sun's > website, or is a certain version required? It almost works with the > java that comes in rhel 5.1, it just didnt work correctly. Its too > bad the JRE couldn't be included already in rhel 5, I can't see why > not, 4 had it in the extras CD. You said you never tested with some > recent java versions right? If you are a RHEL customer, you can just do yum install java-1.5.0-ibm from the Extras or Supplemental channel. We've tested with 1.4 and 1.5 (ibm) and 1.7.0-icedtea in Fedora 8. We have not tested with 1.6 and I've seen reports of problems with 1.6. > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From vaddarapu at gmail.com Tue Feb 26 21:27:22 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Wed, 27 Feb 2008 08:27:22 +1100 Subject: [Fedora-directory-users] Console issue Message-ID: Hi, when i turn on SSL i use url as a https. (You still see that same error, but the console works anyway?) yes, console works fine when SSL engine turn off Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From vaddarapu at gmail.com Tue Feb 26 21:29:33 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Wed, 27 Feb 2008 08:29:33 +1100 Subject: [Fedora-directory-users] Console issue Message-ID: Hi, when i turn on SSL i use url as a https. (You still see that same error, but the console works anyway?) yes, console works fine when SSL engine turn off. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From Ryan.Braun at ec.gc.ca Tue Feb 26 21:39:16 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Tue, 26 Feb 2008 21:39:16 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47C446DD.8020603@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802261624.06814.Ryan.Braun@ec.gc.ca> <47C446DD.8020603@redhat.com> Message-ID: <200802262139.16676.Ryan.Braun@ec.gc.ca> On Tuesday 26 February 2008 5:05 pm, Rich Megginson wrote: > > So that being said, is there an easy way to > > use FC jars, or do I need to build them for debian? (I have started > > trying to build jss but am having some issues) > > Yes. Just grab them from /usr/share/dirsrv/html/java. I suggest using > tar or another program to preserve the symlinks - but no big deal as the > jar files are small if you use cp and get redundant copies. The jar > files are platform independent. I am getting an error with my built jar files. I connect up fine (bind with cn=Directory Manager). When I start expanding the tree, and click on the + sign next to Server Group. It throws an error Failed to instantiate Server Object for Administration server com.netscape.management.admserv.AdminServer cannot be cast to com.netscape.management.client.topology.IServerObject I click ok, and a slightly different error comes up Failed to instantiate Server Object for Directory Server com.netscape.admin.dirserv.DSAdmin cannot be cast to com.netscape.management.client.topology.IServerObject If I click on the directory server under server group, it says This server component has not been downloaded or it could not be activated. I can see they were downloaded to C:\Documents and Settings\bullpen\.fedora-idm-console\jars. I ran the console with a -D 9 and have the output up on pastbin http://www.pastebin.org/21380 Looks like the errors are around line 475, 860 and 890. I also have the build process I used when making the java components up on pastebin aswell. http://www.pastebin.org/21394 The windows console will work fine if I delete the downloaded jars from windows. And then copy over fc8 supplied jars into /opt/dirsrv/share/dirsrv/html/java ( and symlink them after). So something in the build process is breaking my jars I guess :) Ryan From rmeggins at redhat.com Tue Feb 26 21:54:37 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 14:54:37 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802262139.16676.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802261624.06814.Ryan.Braun@ec.gc.ca> <47C446DD.8020603@redhat.com> <200802262139.16676.Ryan.Braun@ec.gc.ca> Message-ID: <47C48A9D.2030706@redhat.com> Ryan Braun wrote: > On Tuesday 26 February 2008 5:05 pm, Rich Megginson wrote: > >>> So that being said, is there an easy way to >>> use FC jars, or do I need to build them for debian? (I have started >>> trying to build jss but am having some issues) >>> >> Yes. Just grab them from /usr/share/dirsrv/html/java. I suggest using >> tar or another program to preserve the symlinks - but no big deal as the >> jar files are small if you use cp and get redundant copies. The jar >> files are platform independent. >> > > I am getting an error with my built jar files. I connect up fine (bind with > cn=Directory Manager). When I start expanding the tree, and click on the + > sign next to Server Group. It throws an error > > Failed to instantiate Server Object for Administration server > > com.netscape.management.admserv.AdminServer cannot be cast to > com.netscape.management.client.topology.IServerObject > > I click ok, and a slightly different error comes up > > Failed to instantiate Server Object for Directory Server > > com.netscape.admin.dirserv.DSAdmin cannot be cast to > com.netscape.management.client.topology.IServerObject > > If I click on the directory server under server group, it says This server > component has not been downloaded or it could not be activated. I can see > they were downloaded to C:\Documents and > Settings\bullpen\.fedora-idm-console\jars. > > I ran the console with a -D 9 and have the output up on pastbin > > http://www.pastebin.org/21380 > > Looks like the errors are around line 475, 860 and 890. > Yeah, those are weird. What version of Java did you use to build those jar files? I note that you are using Sun Java 1.6 on Windows - we've not tested with that version, only 1.5. > I also have the build process I used when making the java components up on > pastebin aswell. > > http://www.pastebin.org/21394 > > The windows console will work fine if I delete the downloaded jars from > windows. And then copy over fc8 supplied jars > into /opt/dirsrv/share/dirsrv/html/java ( and symlink them after). So > something in the build process is breaking my jars I guess :) > I think the current jars for f8 were built with ibm java 1.5. > > Ryan > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Feb 26 21:56:19 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 14:56:19 -0700 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: Message-ID: <47C48B03.7040206@redhat.com> Anand Vaddarapu wrote: > Hi, > > when i turn on SSL i use url as a https. > (You still see that same error, but the console works anyway?) So, if you turn on SSL engine and use https, you get the X11 Display error, and nothing else. If you turn off SSL engine, and use http, you get the X11 Display error, and it continues and works. If that's the case, then I'm not really sure what to do, except suggest that you try the IBM Java 1.5. > yes, console works fine when SSL engine turn off. > > Thanks > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From Ryan.Braun at ec.gc.ca Tue Feb 26 22:12:33 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Tue, 26 Feb 2008 22:12:33 +0000 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <47C48A9D.2030706@redhat.com> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802262139.16676.Ryan.Braun@ec.gc.ca> <47C48A9D.2030706@redhat.com> Message-ID: <200802262212.33606.Ryan.Braun@ec.gc.ca> On Tuesday 26 February 2008 9:54 pm, Rich Megginson wrote: > Ryan Braun wrote: > > On Tuesday 26 February 2008 5:05 pm, Rich Megginson wrote: > >>> So that being said, is there an easy way to > >>> use FC jars, or do I need to build them for debian? (I have started > >>> trying to build jss but am having some issues) > >> > >> Yes. Just grab them from /usr/share/dirsrv/html/java. I suggest using > >> tar or another program to preserve the symlinks - but no big deal as the > >> jar files are small if you use cp and get redundant copies. The jar > >> files are platform independent. > > > > I am getting an error with my built jar files. I connect up fine (bind > > with cn=Directory Manager). When I start expanding the tree, and click > > on the + sign next to Server Group. It throws an error > > > > Failed to instantiate Server Object for Administration server > > > > com.netscape.management.admserv.AdminServer cannot be cast to > > com.netscape.management.client.topology.IServerObject > > > > I click ok, and a slightly different error comes up > > > > Failed to instantiate Server Object for Directory Server > > > > com.netscape.admin.dirserv.DSAdmin cannot be cast to > > com.netscape.management.client.topology.IServerObject > > > > If I click on the directory server under server group, it says This > > server component has not been downloaded or it could not be activated. I > > can see they were downloaded to C:\Documents and > > Settings\bullpen\.fedora-idm-console\jars. > > > > I ran the console with a -D 9 and have the output up on pastbin > > > > http://www.pastebin.org/21380 > > > > Looks like the errors are around line 475, 860 and 890. > > Yeah, those are weird. What version of Java did you use to build those > jar files? I note that you are using Sun Java 1.6 on Windows - we've > not tested with that version, only 1.5. > Hah, right when I sent this off I was thinking, I should have included java versions :) fdsbuild:/opt/dirsrv/share/dirsrv/html/java# java -version java version "1.5.0_10" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_10-b03) Java HotSpot(TM) Client VM (build 1.5.0_10-b03, mixed mode, sharing) fdsbuild:/opt/dirsrv/share/dirsrv/html/java# dpkg -l |grep sun ii sun-java5-bin 1.5.0-10-3 Sun Java(TM) Runtime Environment (JRE) 5.0 ( ii sun-java5-demo 1.5.0-10-3 Sun Java(TM) Development Kit (JDK) 5.0 demos ii sun-java5-jdk 1.5.0-10-3 Sun Java(TM) Development Kit (JDK) 5.0 ii sun-java5-jre 1.5.0-10-3 Sun Java(TM) Runtime Environment (JRE) 5.0 ( I'm not sure what happened in the build process, but the jars I made are quite alot larger in size compared to the fc8 jars. Mine are 1.1.1 fc 8 1.1.0 (at least the non _en ones anyhow) -rw-r--r-- 1 root root 37521 2008-02-26 17:22 fedora-admin-1.1.0_en.jar -rw-r--r-- 1 root root 174456 2008-02-26 17:22 fedora-admin-1.1.0.jar -rw-r--r-- 1 root root 37563 2008-02-26 18:51 fedora-admin-1.1.1_en.jar -rw-r--r-- 1 root root 2486692 2008-02-26 18:51 fedora-admin-1.1.1.jar -rw-r--r-- 1 root root 54302 2007-11-07 21:59 fedora-ds-1.1.0_en.jar -rw-r--r-- 1 root root 1409434 2007-11-07 21:59 fedora-ds-1.1.0.jar -rw-r--r-- 1 root root 54534 2008-02-26 18:50 fedora-ds-1.1.1_en.jar -rw-r--r-- 1 root root 2470933 2008-02-26 18:50 fedora-ds-1.1.1.jar > > I also have the build process I used when making the java components up > > on pastebin aswell. > > > > http://www.pastebin.org/21394 > > > > The windows console will work fine if I delete the downloaded jars from > > windows. And then copy over fc8 supplied jars > > into /opt/dirsrv/share/dirsrv/html/java ( and symlink them after). So > > something in the build process is breaking my jars I guess :) > > I think the current jars for f8 were built with ibm java 1.5. To be honest, for myself I'm fine with using the fc8 jars. I can't really see myself using the console very much other then initial setup. I've written several perl scripts for day to day stuff (user creation, editing etc). From vaddarapu at gmail.com Tue Feb 26 22:15:00 2008 From: vaddarapu at gmail.com (Anand Vaddarapu) Date: Wed, 27 Feb 2008 09:15:00 +1100 Subject: [Fedora-directory-users] Console issue In-Reply-To: <47C48B03.7040206@redhat.com> References: <47C48B03.7040206@redhat.com> Message-ID: Hi, Thats exactly right. Can i install IBM java 1.5 without removing sun java. Thanks On Wed, Feb 27, 2008 at 8:56 AM, Rich Megginson wrote: > Anand Vaddarapu wrote: > > Hi, > > > > when i turn on SSL i use url as a https. > > (You still see that same error, but the console works anyway?) > So, if you turn on SSL engine and use https, you get the X11 Display > error, and nothing else. If you turn off SSL engine, and use http, you > get the X11 Display error, and it continues and works. > > If that's the case, then I'm not really sure what to do, except suggest > that you try the IBM Java 1.5. > > yes, console works fine when SSL engine turn off. > > > > Thanks > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Feb 26 22:21:20 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 15:21:20 -0700 Subject: [Fedora-directory-users] Console issue In-Reply-To: References: <47C48B03.7040206@redhat.com> Message-ID: <47C490E0.2010606@redhat.com> Anand Vaddarapu wrote: > Hi, > > Thats exactly right. Can i install IBM java 1.5 without removing sun java. Yes. > > Thanks > > On Wed, Feb 27, 2008 at 8:56 AM, Rich Megginson > wrote: > > Anand Vaddarapu wrote: > > Hi, > > > > when i turn on SSL i use url as a https. > > (You still see that same error, but the console works anyway?) > So, if you turn on SSL engine and use https, you get the X11 Display > error, and nothing else. If you turn off SSL engine, and use > http, you > get the X11 Display error, and it continues and works. > > If that's the case, then I'm not really sure what to do, except > suggest > that you try the IBM Java 1.5. > > yes, console works fine when SSL engine turn off. > > > > Thanks > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Feb 26 22:26:06 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Feb 2008 15:26:06 -0700 Subject: [Fedora-directory-users] notes on building fds in etch and a failed build question In-Reply-To: <200802262212.33606.Ryan.Braun@ec.gc.ca> References: <200802192232.02999.Ryan.Braun@ec.gc.ca> <200802262139.16676.Ryan.Braun@ec.gc.ca> <47C48A9D.2030706@redhat.com> <200802262212.33606.Ryan.Braun@ec.gc.ca> Message-ID: <47C491FE.8020500@redhat.com> Ryan Braun wrote: > On Tuesday 26 February 2008 9:54 pm, Rich Megginson wrote: > >> Ryan Braun wrote: >> >>> On Tuesday 26 February 2008 5:05 pm, Rich Megginson wrote: >>> >>>>> So that being said, is there an easy way to >>>>> use FC jars, or do I need to build them for debian? (I have started >>>>> trying to build jss but am having some issues) >>>>> >>>> Yes. Just grab them from /usr/share/dirsrv/html/java. I suggest using >>>> tar or another program to preserve the symlinks - but no big deal as the >>>> jar files are small if you use cp and get redundant copies. The jar >>>> files are platform independent. >>>> >>> I am getting an error with my built jar files. I connect up fine (bind >>> with cn=Directory Manager). When I start expanding the tree, and click >>> on the + sign next to Server Group. It throws an error >>> >>> Failed to instantiate Server Object for Administration server >>> >>> com.netscape.management.admserv.AdminServer cannot be cast to >>> com.netscape.management.client.topology.IServerObject >>> >>> I click ok, and a slightly different error comes up >>> >>> Failed to instantiate Server Object for Directory Server >>> >>> com.netscape.admin.dirserv.DSAdmin cannot be cast to >>> com.netscape.management.client.topology.IServerObject >>> >>> If I click on the directory server under server group, it says This >>> server component has not been downloaded or it could not be activated. I >>> can see they were downloaded to C:\Documents and >>> Settings\bullpen\.fedora-idm-console\jars. >>> >>> I ran the console with a -D 9 and have the output up on pastbin >>> >>> http://www.pastebin.org/21380 >>> >>> Looks like the errors are around line 475, 860 and 890. >>> >> Yeah, those are weird. What version of Java did you use to build those >> jar files? I note that you are using Sun Java 1.6 on Windows - we've >> not tested with that version, only 1.5. >> >> > > Hah, right when I sent this off I was thinking, I should have included java > versions :) > > fdsbuild:/opt/dirsrv/share/dirsrv/html/java# java -version > java version "1.5.0_10" > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_10-b03) > Java HotSpot(TM) Client VM (build 1.5.0_10-b03, mixed mode, sharing) > fdsbuild:/opt/dirsrv/share/dirsrv/html/java# dpkg -l |grep sun > ii sun-java5-bin 1.5.0-10-3 > Sun Java(TM) Runtime Environment (JRE) 5.0 ( > ii sun-java5-demo 1.5.0-10-3 > Sun Java(TM) Development Kit (JDK) 5.0 demos > ii sun-java5-jdk 1.5.0-10-3 > Sun Java(TM) Development Kit (JDK) 5.0 > ii sun-java5-jre 1.5.0-10-3 > Sun Java(TM) Runtime Environment (JRE) 5.0 ( > > I'm not sure what happened in the build process, but the jars I made are > quite alot larger in size compared to the fc8 jars. Mine are 1.1.1 fc 8 > 1.1.0 (at least the non _en ones anyhow) > > -rw-r--r-- 1 root root 37521 2008-02-26 17:22 fedora-admin-1.1.0_en.jar > -rw-r--r-- 1 root root 174456 2008-02-26 17:22 fedora-admin-1.1.0.jar > -rw-r--r-- 1 root root 37563 2008-02-26 18:51 fedora-admin-1.1.1_en.jar > -rw-r--r-- 1 root root 2486692 2008-02-26 18:51 fedora-admin-1.1.1.jar > -rw-r--r-- 1 root root 54302 2007-11-07 21:59 fedora-ds-1.1.0_en.jar > -rw-r--r-- 1 root root 1409434 2007-11-07 21:59 fedora-ds-1.1.0.jar > -rw-r--r-- 1 root root 54534 2008-02-26 18:50 fedora-ds-1.1.1_en.jar > -rw-r--r-- 1 root root 2470933 2008-02-26 18:50 fedora-ds-1.1.1.jar > Not sure. Could be debug mode? Also, where did you get the sun java5 in .deb packages? Are those provided by Debian? > > > >>> I also have the build process I used when making the java components up >>> on pastebin aswell. >>> >>> http://www.pastebin.org/21394 >>> >>> The windows console will work fine if I delete the downloaded jars from >>> windows. And then copy over fc8 supplied jars >>> into /opt/dirsrv/share/dirsrv/html/java ( and symlink them after). So >>> something in the build process is breaking my jars I guess :) >>> >> I think the current jars for f8 were built with ibm java 1.5. >> > > To be honest, for myself I'm fine with using the fc8 jars. I can't really > see myself using the console very much other then initial setup. I've > written several perl scripts for day to day stuff (user creation, editing > etc). > Ok. I'd like to eventually get dsbuild to build all of the console components as well. But it's convenient that the jars are mostly platform independent. > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From kekkou.a at cs.ucy.ac.cy Wed Feb 27 10:53:11 2008 From: kekkou.a at cs.ucy.ac.cy (Andreas Kekkou) Date: Wed, 27 Feb 2008 12:53:11 +0200 Subject: [Fedora-directory-users] chsh Message-ID: <47C54117.6090803@cs.ucy.ac.cy> Hi all, Does anyone knows if there is a version of chsh that works with ldap? Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: kekkou.a.vcf Type: text/x-vcard Size: 303 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3525 bytes Desc: S/MIME Cryptographic Signature URL: From squid at oranged.to Wed Feb 27 15:44:21 2008 From: squid at oranged.to (Jimmy Stewpot) Date: Wed, 27 Feb 2008 15:44:21 +0000 Subject: [Fedora-directory-users] Windows and Fedora Directory Services Message-ID: <47C58555.7050506@oranged.to> Hello, I am keen to know if it is possible to have it so that on a windows system that is joined to AD you could have \\fedora-directory-server-domain\username to authenticate when it goes to AD it basically refers the authentication request to the FDS server? I am not sure if that is the correct terminology so correct me if i am wrong, but is it possible? Regards, Jimmy From johnsimcall at gmail.com Thu Feb 28 02:42:12 2008 From: johnsimcall at gmail.com (John Call) Date: Wed, 27 Feb 2008 16:42:12 -1000 Subject: [Fedora-directory-users] Apple OS X 10.5 question Message-ID: <2f05bdbb0802271842i46224c9ei657367f29933ce4f@mail.gmail.com> Aloha list, My university has been authenticating Mac OS X 10.4 clients to FDS 1.04 for about a year now. Things have been working great, as long as we keep an eye on the external SASL mechanisms. However, now that our staff is deploying the new OS X 10.5 things aren't working. To the best of our knowledge we have maintained the same client LDAP configuration from 10.4 to 10.5, but the Apple clients refuse to authenticate. Has anybody else experienced this? Mahalo (thanks), John Call From j.barber at dundee.ac.uk Thu Feb 28 09:13:27 2008 From: j.barber at dundee.ac.uk (Jonathan Barber) Date: Thu, 28 Feb 2008 09:13:27 +0000 Subject: [Fedora-directory-users] Apple OS X 10.5 question In-Reply-To: <2f05bdbb0802271842i46224c9ei657367f29933ce4f@mail.gmail.com> References: <2f05bdbb0802271842i46224c9ei657367f29933ce4f@mail.gmail.com> Message-ID: <20080228091327.GQ23283@flea.lifesci.dundee.ac.uk> On Wed, Feb 27, 2008 at 04:42:12PM -1000, John Call wrote: > Aloha list, > > My university has been authenticating Mac OS X 10.4 clients to FDS > 1.04 for about a year now. Things have been working great, as long as > we keep an eye on the external SASL mechanisms. However, now that our > staff is deploying the new OS X 10.5 things aren't working. To the > best of our knowledge we have maintained the same client LDAP > configuration from 10.4 to 10.5, but the Apple clients refuse to > authenticate. Has anybody else experienced this? Are you doing SSL to the ldap? If so, check the clientside SSL verification. I'm not big on the different Mac OS X versions, so can't say when it occured, but for one of the revisions we did see the default openldap SSL verification change from "never" to "demand" on the clients. I don't think we found a GUI widget to config this behaviour, but you can via /etc/openldap/ldap.conf like linux. > Mahalo (thanks), > John Call > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Jonathan Barber High Performance Computing Analyst Tel. +44 (0) 1382 386389 From doalmiller at convera.com Wed Feb 27 20:21:47 2008 From: doalmiller at convera.com (Doal Miller) Date: Wed, 27 Feb 2008 12:21:47 -0800 Subject: [Fedora-directory-users] Can Fedora DS ensure objectClass attributes are unique? Message-ID: <28A7A360BA52CD41AF7FC9333E0171D00128CC29@cbmail.convera.com> Can you force attributes in an objectClass to be unique? I've been reading up on Fedora DS and although I'm fairly new to it, our product has been using it for a while. I have a situation with an objectClass like the one below where I want to ensure through the directory service that both id and uniqueField are unique attributes on the objects. Is there a way to do that in Fedora DS. We are currently using fedora-ds-1.0.2-1.RHEL4.i386.opt.rpm on Fedora core 3 but we are going to Fedora core 6 at this moment. It looks like OpenLDAP can do this through slapo-unique overlay. Is there something comparable for Fedora DS? objectClasses: ( 1.3.6.1.4.1.20826.2.5.1 NAME 'Customer' DESC 'Customer Account' SUP top MUST ( id $ uniqueField ) MAY ( configItemMod $ permission ) ) -------------- next part -------------- An HTML attachment was scrubbed... URL: From maumar at datalogica.com Wed Feb 27 18:37:55 2008 From: maumar at datalogica.com (Maurizio Marini) Date: Wed, 27 Feb 2008 19:37:55 +0100 Subject: [Fedora-directory-users] Centos5 does not install In-Reply-To: <46767B8D.4030709@redhat.com> References: <200706151753.10197.maurizio.marini@cost.it> <46767B8D.4030709@redhat.com> Message-ID: <200802271937.56072.maumar@datalogica.com> On Mon June 18 2007, Rob Crittenden wrote: > Maurizio Marini wrote: > > As stated clearly here: > > http://www.mail-archive.com/fedora-directory-users at redhat.com/msg02579.ht > >ml > > > > linux distro should be support apache 2.0 not 2.2 > > > > m. > > I'm not sure what you mean. The e-mail you are referring to discussed > the change of Apache versions between Fedora Core 4 and 5. A similar > thing happened between RHEL 4 and 5 (though the release numbers is just > a coincidence). > > The directory server uses the version of Apache that comes by default > with the distribution. So in the case of RHEL 4 and Fedore Core 4 this > was Apache 2.0.x. For Fedora Core 5+ and RHEL 5 this is Apache 2.2.x. > > rob i mean this: if you try to install fedora-ds into Centos5, you get this error: httpd.worker: Syntax error on line 151 of /opt/fedora-ds/admin-serv/config/httpd.conf: Cannot load /opt/fedora-ds/bin/admin/lib/libmodrestartd.so into server: /op t/fedora-ds/bin/admin/lib/libmodrestartd.so: undefined symbol: apr_filename_of_pathname if you google for this exact error, you wilfind that: http://www.mail-archive.com/fedora-directory-users at redhat.com/msg02579.html so, fedora-ds 1.0.4 needs apache 2.0 if u install it onto a distro shipping apache 2.2 u will get the infamous: httpd.worker: Syntax error on line 151 this is frustrating, but it's so. -- Maurizio Marini Via Collemare, 14 - 61039 San Costanzo (PU) - Italy GSM +39-335-8259739 Milano +39.0245446-202 Fano Casa : +39-0721950396 C.F. MRNMRZ59E17G920X P. Iva: 01332360419 From rcritten at redhat.com Thu Feb 28 14:25:03 2008 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 28 Feb 2008 09:25:03 -0500 Subject: [Fedora-directory-users] Centos5 does not install In-Reply-To: <200802271937.56072.maumar@datalogica.com> References: <200706151753.10197.maurizio.marini@cost.it> <46767B8D.4030709@redhat.com> <200802271937.56072.maumar@datalogica.com> Message-ID: <47C6C43F.4080407@redhat.com> Maurizio Marini wrote: > On Mon June 18 2007, Rob Crittenden wrote: >> Maurizio Marini wrote: >>> As stated clearly here: >>> http://www.mail-archive.com/fedora-directory-users at redhat.com/msg02579.ht >>> ml >>> >>> linux distro should be support apache 2.0 not 2.2 >>> >>> m. >> I'm not sure what you mean. The e-mail you are referring to discussed >> the change of Apache versions between Fedora Core 4 and 5. A similar >> thing happened between RHEL 4 and 5 (though the release numbers is just >> a coincidence). >> >> The directory server uses the version of Apache that comes by default >> with the distribution. So in the case of RHEL 4 and Fedore Core 4 this >> was Apache 2.0.x. For Fedora Core 5+ and RHEL 5 this is Apache 2.2.x. >> >> rob > > i mean this: > if you try to install fedora-ds into Centos5, you get this error: > > httpd.worker: Syntax error on line 151 > of /opt/fedora-ds/admin-serv/config/httpd.conf: Cannot > load /opt/fedora-ds/bin/admin/lib/libmodrestartd.so into server: /op > t/fedora-ds/bin/admin/lib/libmodrestartd.so: undefined symbol: > apr_filename_of_pathname > > if you google for this exact error, you wilfind that: > > http://www.mail-archive.com/fedora-directory-users at redhat.com/msg02579.html > > so, fedora-ds 1.0.4 needs apache 2.0 > > if u install it onto a distro shipping apache 2.2 u will get the infamous: > httpd.worker: Syntax error on line 151 > > this is frustrating, but it's so. The *binary* of Fedora DS 1.0.4 you are using requires Apache 2.0. Fedora DS 1.0.4 can work with Apache 2.2 but the modules need to be built against the right version of Apache, as I said previously. The Fedora Core 6 fedora-ds-1.0.4 package should work fine on CentOS 5. You'd have similar problems if you took any other Apache modules from RHEL 4 and tried them in CentOS 5. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rcritten at redhat.com Thu Feb 28 15:07:32 2008 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 28 Feb 2008 10:07:32 -0500 Subject: [Fedora-directory-users] Can Fedora DS ensure objectClass attributes are unique? In-Reply-To: <28A7A360BA52CD41AF7FC9333E0171D00128CC29@cbmail.convera.com> References: <28A7A360BA52CD41AF7FC9333E0171D00128CC29@cbmail.convera.com> Message-ID: <47C6CE34.5090800@redhat.com> Doal Miller wrote: > Can you force attributes in an objectClass to be unique? I?ve been > reading up on Fedora DS and although I?m fairly new to it, our product > has been using it for a while. I have a situation with an objectClass > like the one below where I want to ensure through the directory service > that both id and uniqueField are unique attributes on the objects. Is > there a way to do that in Fedora DS. We are currently using > fedora-ds-1.0.2-1.RHEL4.i386.opt.rpm on Fedora core 3 but we are going > to Fedora core 6 at this moment. > > > > It looks like OpenLDAP can do this through slapo-unique overlay. Is > there something comparable for Fedora DS? > > > > objectClasses: ( > > 1.3.6.1.4.1.20826.2.5.1 > > NAME ?Customer? > > DESC ?Customer Account? > > SUP top > > MUST ( id $ uniqueField ) > > MAY ( configItemMod $ permission ) ) > There is an attribute uniquess plugin. http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Using_the_Attribute_Uniqueness_Plug_in.html rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From maumar at cost.it Thu Feb 28 15:12:28 2008 From: maumar at cost.it (Maurizio Marini) Date: Thu, 28 Feb 2008 16:12:28 +0100 Subject: [Fedora-directory-users] Trouble with Centos 5.1 Message-ID: <200802281612.28903.maumar@cost.it> Hi there i have installed onto Centos 5.1 using: http://directory.fedoraproject.org/wiki/Install_Guide I used: setup-ds.pl to create an instance of directory server it seemed goin' well as this test was ok: Verifying the Installation To test the basic operation of the server, use the ldapsearch command: /usr/bin/ldapsearch -x [-h ] [-p ] -s base -b "" "objectclass=*" But...but... when starting console: [root at pdc ~]# /etc/init.d/dirsrv-admin start Starting dirsrv-admin: grep: /etc/dirsrv/admin-serv/adm.conf: No such file or directory /var/run/dirsrv is not writable for [FALLITO] ok, fixed it is admserv.conf no problem but... grep sysuser /etc/dirsrv/admin-serv/admserv.conf is empty what i missed?? any advice will be apreciated should i use ds_newinst.pl?? i cannot as it is not there which package does contains Maurizio From maumar at cost.it Thu Feb 28 15:22:37 2008 From: maumar at cost.it (Maurizio Marini) Date: Thu, 28 Feb 2008 16:22:37 +0100 Subject: [Fedora-directory-users] how fix /etc/init.d/dirsrv-admin? Message-ID: <200802281622.37602.maumar@cost.it> Sorry in my previous email there are 3 lines to be discarded: should i use ds_newinst.pl?? i cannot as it is not there which package does contains discard them :) in a few words, the issue at this installation phase is: how fix /etc/init.d/dirsrv-admin? in it i see: if [ -d $piddir ] ; then owner=`grep \^sysuser /etc/dirsrv/admin-serv/admserv.conf | awk '{print $2}'` dirowner=`ls -ld $piddir | awk '{print $3}'` dirgrp=`ls -ld $piddir | awk '{print $4}'` but in /etc/dirsrv/admin-serv/admserv.conf there no sysuser any advice is welcome :) Maurizio From Ryan.Braun at ec.gc.ca Thu Feb 28 15:45:43 2008 From: Ryan.Braun at ec.gc.ca (Ryan Braun) Date: Thu, 28 Feb 2008 15:45:43 +0000 Subject: [Fedora-directory-users] Trouble with Centos 5.1 In-Reply-To: <200802281612.28903.maumar@cost.it> References: <200802281612.28903.maumar@cost.it> Message-ID: <200802281545.43817.Ryan.Braun@ec.gc.ca> On Thursday 28 February 2008 3:12 pm, Maurizio Marini wrote: > Hi there > i have installed onto Centos 5.1 using: > http://directory.fedoraproject.org/wiki/Install_Guide > > I used: > setup-ds.pl to create an instance of directory server > > it seemed goin' well as this test was ok: > Verifying the Installation > To test the basic operation of the server, use the ldapsearch command: > /usr/bin/ldapsearch -x [-h ] [-p ] -s > base -b "" "objectclass=*" > > > > But...but... > when starting console: > [root at pdc ~]# /etc/init.d/dirsrv-admin start > Starting dirsrv-admin: > grep: /etc/dirsrv/admin-serv/adm.conf: No such file or directory > /var/run/dirsrv is not writable for [FALLITO] > > ok, fixed it is admserv.conf no problem > but... > grep sysuser /etc/dirsrv/admin-serv/admserv.conf > is empty > what i missed?? > any advice will be apreciated > > should i use ds_newinst.pl?? > i cannot as it is not there > which package does contains > Maurizio When first installing, you should have run setup-ds-admin.pl. This will setup both the directory server and the admin server. By just running setup-ds.pl it only configures the directory server. Hence the missing files/configs when trying to start the admin server. Ryan From dandantheitman at gmail.com Thu Feb 28 16:00:34 2008 From: dandantheitman at gmail.com (dandantheitman) Date: Thu, 28 Feb 2008 11:00:34 -0500 Subject: [Fedora-directory-users] Apple OS X 10.5 question In-Reply-To: <20080228091327.GQ23283@flea.lifesci.dundee.ac.uk> References: <2f05bdbb0802271842i46224c9ei657367f29933ce4f@mail.gmail.com> <20080228091327.GQ23283@flea.lifesci.dundee.ac.uk> Message-ID: <9ee13d4f0802280800l5695ca48x6b04d558f17faf27@mail.gmail.com> On 28/02/2008, Jonathan Barber wrote: > On Wed, Feb 27, 2008 at 04:42:12PM -1000, John Call wrote: > > Aloha list, > > > > My university has been authenticating Mac OS X 10.4 clients to FDS > > 1.04 for about a year now. Things have been working great, as long as > > we keep an eye on the external SASL mechanisms. However, now that our > > staff is deploying the new OS X 10.5 things aren't working. To the > > best of our knowledge we have maintained the same client LDAP > > configuration from 10.4 to 10.5, but the Apple clients refuse to > > authenticate. Has anybody else experienced this? > > > Are you doing SSL to the ldap? If so, check the clientside SSL > verification. I'm not big on the different Mac OS X versions, so can't > say when it occured, but for one of the revisions we did see the default > openldap SSL verification change from "never" to "demand" on the clients. > > I don't think we found a GUI widget to config this behaviour, but you > can via /etc/openldap/ldap.conf like linux. > Jonathon is 100% correct. Starting with OSX Leopard the ldap client was 'locked down' to make it more secure out of the box. The TLS_REQCERT = never was revised to TLS_REQCERT = demand. You either need to make the change on each client in /etc/openldap/ldap.conf to reset it back to its previous state or you shall need to do the following: (01) Copy the cert to the client /etc/openldap/certs (02) Add the following line to /etc/openldap/ldap.conf: TLS_CACERT /etc/openldap/certs/bright.newshinycert.com Dan From stpierre at NebrWesleyan.edu Thu Feb 28 20:12:13 2008 From: stpierre at NebrWesleyan.edu (Chris St. Pierre) Date: Thu, 28 Feb 2008 14:12:13 -0600 (CST) Subject: [Fedora-directory-users] Looking for copy of new mmr.pl Message-ID: The link to the new version of mmr.pl at http://directory.fedoraproject.org/wiki/Howto:MultiMasterReplication is broken, and I was wondering if anyone had a copy of the mmr.pl script for Fedora DS 1.1. Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University From johnsimcall at gmail.com Thu Feb 28 20:43:11 2008 From: johnsimcall at gmail.com (John Call) Date: Thu, 28 Feb 2008 10:43:11 -1000 Subject: [Fedora-directory-users] Apple OS X 10.5 question In-Reply-To: <9ee13d4f0802280800l5695ca48x6b04d558f17faf27@mail.gmail.com> References: <2f05bdbb0802271842i46224c9ei657367f29933ce4f@mail.gmail.com> <20080228091327.GQ23283@flea.lifesci.dundee.ac.uk> <9ee13d4f0802280800l5695ca48x6b04d558f17faf27@mail.gmail.com> Message-ID: <5181D768-33B4-4CE7-B2F7-C727994664EA@gmail.com> Thank you both very much! I will take this and report back with my success. Mahalo nui loa (Thank you) John Call On Feb 28, 2008, at 6:00 AM, dandantheitman wrote: > On 28/02/2008, Jonathan Barber wrote: >> On Wed, Feb 27, 2008 at 04:42:12PM -1000, John Call wrote: >>> Aloha list, >>> >>> My university has been authenticating Mac OS X 10.4 clients to FDS >>> 1.04 for about a year now. Things have been working great, as >>> long as >>> we keep an eye on the external SASL mechanisms. However, now that >>> our >>> staff is deploying the new OS X 10.5 things aren't working. To the >>> best of our knowledge we have maintained the same client LDAP >>> configuration from 10.4 to 10.5, but the Apple clients refuse to >>> authenticate. Has anybody else experienced this? >> >> >> Are you doing SSL to the ldap? If so, check the clientside SSL >> verification. I'm not big on the different Mac OS X versions, so >> can't >> say when it occured, but for one of the revisions we did see the >> default >> openldap SSL verification change from "never" to "demand" on the >> clients. >> >> I don't think we found a GUI widget to config this behaviour, but you >> can via /etc/openldap/ldap.conf like linux. >> > > Jonathon is 100% correct. Starting with OSX Leopard the ldap client > was 'locked down' to make it more secure out of the box. The > TLS_REQCERT = never was revised to TLS_REQCERT = demand. > > You either need to make the change on each client in > /etc/openldap/ldap.conf to reset it back to its previous state or you > shall need to do the following: > > (01) Copy the cert to the client /etc/openldap/certs > (02) Add the following line to /etc/openldap/ldap.conf: > TLS_CACERT /etc/openldap/certs/bright.newshinycert.com > > Dan > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users From nick.pend at gmail.com Fri Feb 29 07:57:54 2008 From: nick.pend at gmail.com (Nick P) Date: Fri, 29 Feb 2008 02:57:54 -0500 Subject: [Fedora-directory-users] Could not register the directory server with the configuration directory server Message-ID: I am trying to install and configure my first FDS, and first LDAP server. I have spent many hours with little fruit so far. Currently, I am receiving an error at the end of the setup-ds-admin script: [08/02/29:02:37:41] - [Setup] Fatal Could not register the directory server with the configuration directory server. The error is similar to what is described in this bug: https://bugzilla.redhat.com/show_bug.cgi?id=431103. However, my configuration directory is _not_ on another host. I answered 'no' to the question of whether I would be registering with a current configuration server. I don't know if the solution presented there would work - I am forwarding a port to the server, and do not have a hostname.domain.org to use there. I have had trouble adding entries, so if I added them and it didn't fix the problem, I would not know if the solution failed or if I failed to add the entries properly. The server is NAT'ed and receiving a forwarded port. so I have been using mydomain.org for the servername and identifying the port that gets forwarded. If you can help me make some sense of this, I would very much appreciate it. If the workaround in the bug above is the answer, could you address my specific situation of not having a FQDN with a host and everything - how will this effect the entries? After failing to add entries with success many times I have started to use a windows client, Ldapadmin - could I use this, if the work around is the solution? Should the entries go in o=netscaperoot or dc=domain,dc=org ? I am also including a portion of the log file that was created during the installation. Is there anything here that shows what the root of the problem is? Thanks, Nick -------------------- +Entry cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, o=NetscapeRoot is added +++check_and_add_entry: Entry not found cn=defaultplugin, cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, o=NetscapeRoot error No such object +Entry cn=defaultplugin, cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, o=NetscapeRoot is added +++check_and_add_entry: Entry not found cn=UI,ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, o=NetscapeRoot error No such object +Entry cn=UI,ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, o=NetscapeRoot is added +Processing /usr/share/dirsrv/data/12dsconfig.mod.tmpl ... +++check_and_add_entry: Found entry cn=config +++Adding attr=aci value=(targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";) to entry cn=config +++Adding attr=aci value=(targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) to entry cn=config +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora Directory Server, cn=Server Group, cn=server, ou=admin, o=NetscapeRoot";) to entry cn=config +++check_and_add_entry: Found entry cn=SNMP,cn=config +++Adding attr=aci value=(target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) to entry cn=SNMP,cn=config +++check_and_add_entry: Found entry oid=2.16.840.1.113730.3.4.9,cn=features,cn=config +++Adding attr=aci value=(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";) to entry oid=2.16.840.1.113730.3.4.9,cn=features,cn=config +Processing /usr/share/dirsrv/data/13dsschema.mod.tmpl ... +++check_and_add_entry: Found entry cn=schema +++Adding attr=aci value=(target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";) to entry cn=schema +++Adding attr=aci value=(targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";) to entry cn=schema +++Adding attr=aci value=(targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) to entry cn=schema +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora Directory Server, cn=Server Group, cn=server, ou=admin, o=NetscapeRoot";) to entry cn=schema +Processing /usr/share/dirsrv/data/14dsmonitor.mod.tmpl ... +++check_and_add_entry: Found entry cn=monitor +++Adding attr=aci value=(target ="ldap:///cn=monitor*")(targetattr != "aci || connection")(version 3.0; acl "monitor"; allow( read, search, compare ) userdn = "ldap:///anyone";) to entry cn=monitor +Processing /usr/share/dirsrv/data/16dssuffixadmin.mod.tmpl ... +++check_and_add_entry: Entry not found dc=hpconnect,dc=org error No such object Could not authenticate as user 'uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot' to server 'ldap://server:46645/o=NetscapeRoot'. Error: Invalid credentials Could not register the directory server with the configuration directory server. ----------------------------------------------- From howard at cohtech.com Fri Feb 29 08:37:17 2008 From: howard at cohtech.com (Howard Wilkinson) Date: Fri, 29 Feb 2008 08:37:17 +0000 Subject: [Fedora-directory-users] Setting up fault tolerant mesh of FDS servers - just checking I have got it right! Message-ID: <47C7C43D.1020702@cohtech.com> Fedora-ds-1.1.1 on Fedora 7 + (the + is back ports from 8/9, all of the updates applied, and additional packages I have cross ported) I have succeeded in getting a fault tolerant mesh configured that consists of 2 or more Multi-Master servers, a number of Hub (0+) and a number of consumers (0+). I have done this by modifying mmr.pl to accept --host1_role and --host2_role parameters which can be set to supplier, hub, or consumer. For all of the usual DCROOTs i.e. not o=NetscapeRoot I set the relationships up as implied i.e. supplier<->supplier for the Multi-Master Hosts, supplier<->hub, hub<->consumer. Where the site is too small for hub servers I have gone supplier<->consumer direct. Inter-site topology and hub grouping within sites is left as an exercise for the reader (me when it comes back to bite me...) For the o=Netscape I have chosen to use supplier<->supplier relationships but to apply the same topology. Sequence of events are: * On first Master 1. Install clean environment - erase rpm's delete residual files, install rpms, patch dirsrv-admin startup to work! 2. Run setup-ds-admin.pl in silent mode, this adds schema files. The inf file has SlapdConfigMC=1, UseExistingMC=0 and points ConfigDirectoryLdapURL to this host. 3. Set up SSL certs using certutil commands and openssl supplied certificates from our CA. 4. Restart dirsrv and dirsrv-admin 5. Create 2nd and subsequent DCROOTS with default aci's and "standard" container entries 6. Preload data into DCROOTS for users and other objects being migrated. * On other servers - doing other masters first, followed by hubs and then consumers - carry out steps 1-5 above creating the o=NetscapeRoot DCROOT as well. o The inf file has SlapdConfigMC=1, UseExistingMC=1 and points ConfigDirectoryLdapUrl to the first Master * Then run the mmr.pl script on each connection for each DCROOT starting with replicating the first master to all other masters, then to hubs, then other masters to hubs and finally hubs to consumers. 1. For o=NetscapeRoot run mmr.pl as supplier<->supplier, otherwise honor the role played by each server. 2. Replace entries in cn=UserDirectory, ou=Global Preferences, ou=, o=NetscapeRoot for nsDirectoryFailoverList with one for each server other than the first master which is mentioned in the nsDirectoryURL entry in the same object. *Is this the right sort of thing to do?* 3. On every host alter the cn=Pass Through Authentication,cn=plugins,cn=config object to have nssslapd-pluginarg0 to reference that host rather than the first master. *Is this correct on the consumers (or hubs)? *I am assuming that this is for authentication not for password modification purposes! Which brings up the question of where in the consumers and hubs do I put referrals to the Master(s)? 4. Edit adm.conf on each host to change the ldapurl to point to the local host. Now assuming that this was the right thing to do I now need to set up referrals for writing to the system from the consumers and hubs back to the "site" masters. Where do I put this information? I am also getting these errors logged on the first master! Feb 28 22:00:35 bastion ns-slapd: auxpropfunc error invalid parameter supplied Feb 28 22:00:35 bastion ns-slapd: sql_select option missing Feb 28 22:00:35 bastion ns-slapd: auxpropfunc error no mechanism available These are appearing about every 15 minutes. Anybody any idea where these are coming from? Finally the shutdown time for the dirsrv servers on the suppliers is extremely long - orders of minutes, what could be causing this? -- Howard Wilkinson Phone: +44(20)76907075 Coherent Technology Limited Fax: 23 Northampton Square, Mobile: +44(7980)639379 United Kingdom, EC1V 0HL Email: howard at cohtech.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Feb 29 15:30:59 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 29 Feb 2008 08:30:59 -0700 Subject: [Fedora-directory-users] Could not register the directory server with the configuration directory server In-Reply-To: References: Message-ID: <47C82533.9030807@redhat.com> Nick P wrote: > I am trying to install and configure my first FDS, and first LDAP > server. I have spent many hours with little fruit so far. Currently, > I am receiving an error at the end of the setup-ds-admin script: > [08/02/29:02:37:41] - [Setup] Fatal Could not register the directory > server with the configuration directory server. > > The error is similar to what is described in this bug: > https://bugzilla.redhat.com/show_bug.cgi?id=431103. However, my > configuration directory is _not_ on another host. I answered 'no' to > the question of whether I would be registering with a current > configuration server. I don't know if the solution presented there > would work - I am forwarding a port to the server, and do not have a > hostname.domain.org to use there. I have had trouble adding entries, > so if I added them and it didn't fix the problem, I would not know if > the solution failed or if I failed to add the entries properly. The > server is NAT'ed and receiving a forwarded port. so I have been using > mydomain.org for the servername and identifying the port that gets > forwarded. > > If you can help me make some sense of this, I would very much > appreciate it. If the workaround in the bug above is the answer, > could you address my specific situation of not having a FQDN with a > host and everything - how will this effect the entries? After failing > to add entries with success many times I have started to use a windows > client, Ldapadmin - could I use this, if the work around is the > solution? Should the entries go in o=netscaperoot or dc=domain,dc=org > ? > You should use dc=domain,dc=org for your user and group entries. > I am also including a portion of the log file that was created during > the installation. Is there anything here that shows what the root of > the problem is? > I think the problem is that the setup script assumes that if you want the server to use hostname ldap.domain.org then the hostname ldap.domain.org must be available to resolve to the setup program. I suppose an enhancement to setup would be to allow you to specify the hostname you want the client requests to use, and the hostname you want the setup program to use internally to connect to and set up the server. > Thanks, > > Nick > > -------------------- > > +Entry cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, > ou=admin, o=NetscapeRoot is added > +++check_and_add_entry: Entry not found cn=defaultplugin, > cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, > o=NetscapeRoot error No such object > +Entry cn=defaultplugin, cn=topologyplugin, ou=1.1, ou=Admin, > ou=Global Preferences, ou=admin, o=NetscapeRoot is added > +++check_and_add_entry: Entry not found cn=UI,ou=1.1, ou=Admin, > ou=Global Preferences, ou=admin, o=NetscapeRoot error No such object > +Entry cn=UI,ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, > o=NetscapeRoot is added > +Processing /usr/share/dirsrv/data/12dsconfig.mod.tmpl ... > +++check_and_add_entry: Found entry cn=config > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > "Configuration Administrators Group"; allow (all) > groupdn="ldap:///cn=Configuration Administrators, ou=Groups, > ou=TopologyManagement, o=NetscapeRoot";) to entry cn=config > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin, > ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) to entry > cn=config > +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE > Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora > Directory Server, cn=Server Group, cn=server, ou=admin, > o=NetscapeRoot";) to entry cn=config > +++check_and_add_entry: Found entry cn=SNMP,cn=config > +++Adding attr=aci > value=(target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version > 3.0;acl "snmp";allow (read, search, compare)(userdn = > "ldap:///anyone");) to entry cn=SNMP,cn=config > +++check_and_add_entry: Found entry > oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > +++Adding attr=aci value=(targetattr != "aci")(version 3.0; acl "VLV > Request Control"; allow( read, search, compare, proxy ) userdn = > "ldap:///all";) to entry > oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > +Processing /usr/share/dirsrv/data/13dsschema.mod.tmpl ... > +++check_and_add_entry: Found entry cn=schema > +++Adding attr=aci value=(target="ldap:///cn=schema")(targetattr > !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, > compare) userdn = "ldap:///anyone";) to entry cn=schema > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > "Configuration Administrators Group"; allow (all) > groupdn="ldap:///cn=Configuration Administrators, ou=Groups, > ou=TopologyManagement, o=NetscapeRoot";) to entry cn=schema > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > "Configuration Administrator"; allow (all) > userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, > o=NetscapeRoot";) to entry cn=schema > +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE > Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora > Directory Server, cn=Server Group, cn=server, ou=admin, > o=NetscapeRoot";) to entry cn=schema > +Processing /usr/share/dirsrv/data/14dsmonitor.mod.tmpl ... > +++check_and_add_entry: Found entry cn=monitor > +++Adding attr=aci value=(target ="ldap:///cn=monitor*")(targetattr != > "aci || connection")(version 3.0; acl "monitor"; allow( read, search, > compare ) userdn = "ldap:///anyone";) to entry cn=monitor > +Processing /usr/share/dirsrv/data/16dssuffixadmin.mod.tmpl ... > +++check_and_add_entry: Entry not found dc=hpconnect,dc=org error No such object > Could not authenticate as user 'uid=admin, ou=Administrators, > ou=TopologyManagement, o=NetscapeRoot' to server > 'ldap://server:46645/o=NetscapeRoot'. Error: Invalid credentials > Could not register the directory server with the configuration directory server. > > > ----------------------------------------------- > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Feb 29 15:37:02 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 29 Feb 2008 08:37:02 -0700 Subject: [Fedora-directory-users] Setting up fault tolerant mesh of FDS servers - just checking I have got it right! In-Reply-To: <47C7C43D.1020702@cohtech.com> References: <47C7C43D.1020702@cohtech.com> Message-ID: <47C8269E.90100@redhat.com> Howard Wilkinson wrote: > Fedora-ds-1.1.1 on Fedora 7 + (the + is back ports from 8/9, all of > the updates applied, and additional packages I have cross ported) > > I have succeeded in getting a fault tolerant mesh configured that > consists of 2 or more Multi-Master servers, a number of Hub (0+) and a > number of consumers (0+). > > I have done this by modifying mmr.pl to accept --host1_role and > --host2_role parameters which can be set to supplier, hub, or consumer. > > For all of the usual DCROOTs i.e. not o=NetscapeRoot I set the > relationships up as implied i.e. supplier<->supplier for the > Multi-Master Hosts, supplier<->hub, hub<->consumer. > Where the site is too small for hub servers I have gone > supplier<->consumer direct. Inter-site topology and hub grouping > within sites is left as an exercise for the reader (me when it comes > back to bite me...) > > For the o=Netscape I have chosen to use supplier<->supplier > relationships but to apply the same topology. > > Sequence of events are: > > * On first Master > > 1. Install clean environment - erase rpm's delete residual > files, install rpms, patch dirsrv-admin startup to work! > 2. Run setup-ds-admin.pl in silent mode, this adds schema > files. The inf file has SlapdConfigMC=1, UseExistingMC=0 > and points ConfigDirectoryLdapURL to this host. > 3. Set up SSL certs using certutil commands and openssl > supplied certificates from our CA. > 4. Restart dirsrv and dirsrv-admin > 5. Create 2nd and subsequent DCROOTS with default aci's and > "standard" container entries > 6. Preload data into DCROOTS for users and other objects > being migrated. > > * On other servers - doing other masters first, followed by hubs > and then consumers - carry out steps 1-5 above creating the > o=NetscapeRoot DCROOT as well. > o The inf file has SlapdConfigMC=1, UseExistingMC=1 and > points ConfigDirectoryLdapUrl to the first Master > * Then run the mmr.pl script on each connection for each DCROOT > starting with replicating the first master to all other masters, > then to hubs, then other masters to hubs and finally hubs to > consumers. > 1. For o=NetscapeRoot run mmr.pl as supplier<->supplier, > otherwise honor the role played by each server. > 2. Replace entries in cn=UserDirectory, ou=Global > Preferences, ou=, o=NetscapeRoot for > nsDirectoryFailoverList with one for each server other > than the first master which is mentioned in the > nsDirectoryURL entry in the same object. *Is this the > right sort of thing to do?* > Yes. > > 1. On every host alter the cn=Pass Through > Authentication,cn=plugins,cn=config object to have > nssslapd-pluginarg0 to reference that host rather than the > first master. *Is this correct on the consumers (or hubs)?* > Yes. Note that you can specify failover in pass through auth by using a special form of the ldap url. See *http://tinyurl.com/32kjqy* > > 1. I am assuming that this is for authentication not for > password modification purposes! > Right. > > 1. Which brings up the question of where in the consumers and > hubs do I put referrals to the Master(s)? > They are automatically set by the replication protocol. You should not have to do anything. If you attempt to modify a hub or consumer, your client should get LDAP Error 10 and a referral to a master. > > 1. Edit adm.conf on each host to change the ldapurl to point > to the local host. > > Now assuming that this was the right thing to do I now need to set up > referrals for writing to the system from the consumers and hubs back > to the "site" masters. Where do I put this information? > > I am also getting these errors logged on the first master! > > Feb 28 22:00:35 bastion ns-slapd: auxpropfunc error invalid parameter > supplied > Feb 28 22:00:35 bastion ns-slapd: sql_select option missing > Feb 28 22:00:35 bastion ns-slapd: auxpropfunc error no mechanism available I think you can ignore these. > > These are appearing about every 15 minutes. Anybody any idea where > these are coming from? I'm not sure, but the directory server does not support SASL auxprop with sql. > > Finally the shutdown time for the dirsrv servers on the suppliers is > extremely long - orders of minutes, what could be causing this? Are they under load while shutting down? Can you post the shutdown sequence from the error log? > > -- > > Howard Wilkinson > > > > Phone: > > > > +44(20)76907075 > > Coherent Technology Limited > > > > Fax: > > > > > > 23 Northampton Square, > > > > Mobile: > > > > +44(7980)639379 > > United Kingdom, EC1V 0HL > > > > Email: > > > > howard at cohtech.com > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nick.pend at gmail.com Fri Feb 29 16:03:49 2008 From: nick.pend at gmail.com (Nick P) Date: Fri, 29 Feb 2008 11:03:49 -0500 Subject: [Fedora-directory-users] Could not register the directory server with the configuration directory server In-Reply-To: <47C82533.9030807@redhat.com> References: <47C82533.9030807@redhat.com> Message-ID: The way I have set it up, using domain.org, that host is accessible - when domain.org is contacted, it forwards it to the server. So just like I am able to ssh into the server itself by contacting domain.org and getting the port forwarded to itself, it does have access to itself via the domain. So I am not using ldap.domain.org, just domain.org >You should use dc=domain,dc=org for your user and group entries. Thanks Rich, I will add that (if it lets me). nick On Fri, Feb 29, 2008 at 10:30 AM, Rich Megginson wrote: > Nick P wrote: > > I am trying to install and configure my first FDS, and first LDAP > > server. I have spent many hours with little fruit so far. Currently, > > I am receiving an error at the end of the setup-ds-admin script: > > [08/02/29:02:37:41] - [Setup] Fatal Could not register the directory > > server with the configuration directory server. > > > > The error is similar to what is described in this bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=431103. However, my > > configuration directory is _not_ on another host. I answered 'no' to > > the question of whether I would be registering with a current > > configuration server. I don't know if the solution presented there > > would work - I am forwarding a port to the server, and do not have a > > hostname.domain.org to use there. I have had trouble adding entries, > > so if I added them and it didn't fix the problem, I would not know if > > the solution failed or if I failed to add the entries properly. The > > server is NAT'ed and receiving a forwarded port. so I have been using > > mydomain.org for the servername and identifying the port that gets > > forwarded. > > > > If you can help me make some sense of this, I would very much > > appreciate it. If the workaround in the bug above is the answer, > > could you address my specific situation of not having a FQDN with a > > host and everything - how will this effect the entries? After failing > > to add entries with success many times I have started to use a windows > > client, Ldapadmin - could I use this, if the work around is the > > solution? Should the entries go in o=netscaperoot or dc=domain,dc=org > > ? > > > You should use dc=domain,dc=org for your user and group entries. > > I am also including a portion of the log file that was created during > > the installation. Is there anything here that shows what the root of > > the problem is? > > > I think the problem is that the setup script assumes that if you want > the server to use hostname ldap.domain.org then the hostname > ldap.domain.org must be available to resolve to the setup program. I > suppose an enhancement to setup would be to allow you to specify the > hostname you want the client requests to use, and the hostname you want > the setup program to use internally to connect to and set up the server. > > Thanks, > > > > Nick > > > > -------------------- > > > > +Entry cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, > > ou=admin, o=NetscapeRoot is added > > +++check_and_add_entry: Entry not found cn=defaultplugin, > > cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, > > o=NetscapeRoot error No such object > > +Entry cn=defaultplugin, cn=topologyplugin, ou=1.1, ou=Admin, > > ou=Global Preferences, ou=admin, o=NetscapeRoot is added > > +++check_and_add_entry: Entry not found cn=UI,ou=1.1, ou=Admin, > > ou=Global Preferences, ou=admin, o=NetscapeRoot error No such object > > +Entry cn=UI,ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, > > o=NetscapeRoot is added > > +Processing /usr/share/dirsrv/data/12dsconfig.mod.tmpl ... > > +++check_and_add_entry: Found entry cn=config > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrators Group"; allow (all) > > groupdn="ldap:///cn=Configuration Administrators, ou=Groups, > > ou=TopologyManagement, o=NetscapeRoot";) to entry cn=config > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin, > > ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) to entry > > cn=config > > +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE > > Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora > > Directory Server, cn=Server Group, cn=server, ou=admin, > > o=NetscapeRoot";) to entry cn=config > > +++check_and_add_entry: Found entry cn=SNMP,cn=config > > +++Adding attr=aci > > value=(target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version > > 3.0;acl "snmp";allow (read, search, compare)(userdn = > > "ldap:///anyone");) to entry cn=SNMP,cn=config > > +++check_and_add_entry: Found entry > > oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > > +++Adding attr=aci value=(targetattr != "aci")(version 3.0; acl "VLV > > Request Control"; allow( read, search, compare, proxy ) userdn = > > "ldap:///all";) to entry > > oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > > +Processing /usr/share/dirsrv/data/13dsschema.mod.tmpl ... > > +++check_and_add_entry: Found entry cn=schema > > +++Adding attr=aci value=(target="ldap:///cn=schema")(targetattr > > !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, > > compare) userdn = "ldap:///anyone";) to entry cn=schema > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrators Group"; allow (all) > > groupdn="ldap:///cn=Configuration Administrators, ou=Groups, > > ou=TopologyManagement, o=NetscapeRoot";) to entry cn=schema > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrator"; allow (all) > > userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, > > o=NetscapeRoot";) to entry cn=schema > > +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE > > Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora > > Directory Server, cn=Server Group, cn=server, ou=admin, > > o=NetscapeRoot";) to entry cn=schema > > +Processing /usr/share/dirsrv/data/14dsmonitor.mod.tmpl ... > > +++check_and_add_entry: Found entry cn=monitor > > +++Adding attr=aci value=(target ="ldap:///cn=monitor*")(targetattr != > > "aci || connection")(version 3.0; acl "monitor"; allow( read, search, > > compare ) userdn = "ldap:///anyone";) to entry cn=monitor > > +Processing /usr/share/dirsrv/data/16dssuffixadmin.mod.tmpl ... > > +++check_and_add_entry: Entry not found dc=hpconnect,dc=org error No > such object > > Could not authenticate as user 'uid=admin, ou=Administrators, > > ou=TopologyManagement, o=NetscapeRoot' to server > > 'ldap://server:46645/o=NetscapeRoot'. Error: Invalid credentials > > Could not register the directory server with the configuration directory > server. > > > > > > ----------------------------------------------- > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From solarflow99 at gmail.com Fri Feb 29 16:32:31 2008 From: solarflow99 at gmail.com (solarflow99) Date: Fri, 29 Feb 2008 16:32:31 +0000 Subject: [Fedora-directory-users] groups Message-ID: <7020fd000802290832h66257157o5a54d6c48f41d1a6@mail.gmail.com> I was interested to create groups to use for authenticated access. Say for instance I configure samba to use FDS, can it actually use those groups to control permissions? What about the gidnumber? This all the docs had to say about it: 5.4. Using Groups Groups are a mechanism for associating entries for ease of administration. This mechanism was provided with previous versions of Directory Server and should be used primarily for compatibility with older versions of the server. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Feb 29 16:43:33 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 29 Feb 2008 09:43:33 -0700 Subject: [Fedora-directory-users] groups In-Reply-To: <7020fd000802290832h66257157o5a54d6c48f41d1a6@mail.gmail.com> References: <7020fd000802290832h66257157o5a54d6c48f41d1a6@mail.gmail.com> Message-ID: <47C83635.7060607@redhat.com> solarflow99 wrote: > I was interested to create groups to use for authenticated access. > Say for instance I configure samba to use FDS, can it actually use > those groups to control permissions? What about the gidnumber? This > all the docs had to say about it: > > > > 5.4. Using Groups > > Groups are a mechanism for associating entries for ease of > administration. This mechanism was provided with previous versions of > Directory Server and should be used primarily for compatibility with > older versions of the server. > See http://tinyurl.com/3yo88r and http://tinyurl.com/2snfle and http://tinyurl.com/337g46 for some examples using groups with ACIs. > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nick.pend at gmail.com Fri Feb 29 17:28:30 2008 From: nick.pend at gmail.com (Nick P) Date: Fri, 29 Feb 2008 12:28:30 -0500 Subject: [Fedora-directory-users] Could not register the directory server with the configuration directory server In-Reply-To: <47C82533.9030807@redhat.com> References: <47C82533.9030807@redhat.com> Message-ID: I have been attempting to add the entries suggested in https://bugzilla.redhat.com/show_bug.cgi?id=431103. When i go to users and groups in the Directory Console, it is blank. When i choose create, it gives me an option to connect to another DS. when i select that, the default values for User Directory Host and User Directory subtree are (null). Bind userID is blank. If I update these to Host to localhost and Bind User ID to cn=Directory Manager, I get this error: "Specified Base DN is not valid: netscape.ldap.LDAPException: error result(32); No such object" Does User Directory Subtree affect this error? What should it be? I tried dc=domain,dc=org. I also get a "No such object" error when I try to connect to the directory now with the LDAP Admin client. So at this point, I am unable to add to the Directory, so I cannot try the workaround suggested in Bug 431103. Additional information: from the host itself, i am able to query /usr/bin/ldapsearch -x -h domain.org -p portNumber -s base -b "" "objectclass=*" and it returns result: 32 No such object This seems to show to me that the host can access itself via the domain, and that something else is still wrong, because it is now returning error 32. nick On Fri, Feb 29, 2008 at 10:30 AM, Rich Megginson wrote: > Nick P wrote: > > I am trying to install and configure my first FDS, and first LDAP > > server. I have spent many hours with little fruit so far. Currently, > > I am receiving an error at the end of the setup-ds-admin script: > > [08/02/29:02:37:41] - [Setup] Fatal Could not register the directory > > server with the configuration directory server. > > > > The error is similar to what is described in this bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=431103. However, my > > configuration directory is _not_ on another host. I answered 'no' to > > the question of whether I would be registering with a current > > configuration server. I don't know if the solution presented there > > would work - I am forwarding a port to the server, and do not have a > > hostname.domain.org to use there. I have had trouble adding entries, > > so if I added them and it didn't fix the problem, I would not know if > > the solution failed or if I failed to add the entries properly. The > > server is NAT'ed and receiving a forwarded port. so I have been using > > mydomain.org for the servername and identifying the port that gets > > forwarded. > > > > If you can help me make some sense of this, I would very much > > appreciate it. If the workaround in the bug above is the answer, > > could you address my specific situation of not having a FQDN with a > > host and everything - how will this effect the entries? After failing > > to add entries with success many times I have started to use a windows > > client, Ldapadmin - could I use this, if the work around is the > > solution? Should the entries go in o=netscaperoot or dc=domain,dc=org > > ? > > > You should use dc=domain,dc=org for your user and group entries. > > I am also including a portion of the log file that was created during > > the installation. Is there anything here that shows what the root of > > the problem is? > > > I think the problem is that the setup script assumes that if you want > the server to use hostname ldap.domain.org then the hostname > ldap.domain.org must be available to resolve to the setup program. I > suppose an enhancement to setup would be to allow you to specify the > hostname you want the client requests to use, and the hostname you want > the setup program to use internally to connect to and set up the server. > > Thanks, > > > > Nick > > > > -------------------- > > > > +Entry cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, > > ou=admin, o=NetscapeRoot is added > > +++check_and_add_entry: Entry not found cn=defaultplugin, > > cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, > > o=NetscapeRoot error No such object > > +Entry cn=defaultplugin, cn=topologyplugin, ou=1.1, ou=Admin, > > ou=Global Preferences, ou=admin, o=NetscapeRoot is added > > +++check_and_add_entry: Entry not found cn=UI,ou=1.1, ou=Admin, > > ou=Global Preferences, ou=admin, o=NetscapeRoot error No such object > > +Entry cn=UI,ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, > > o=NetscapeRoot is added > > +Processing /usr/share/dirsrv/data/12dsconfig.mod.tmpl ... > > +++check_and_add_entry: Found entry cn=config > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrators Group"; allow (all) > > groupdn="ldap:///cn=Configuration Administrators, ou=Groups, > > ou=TopologyManagement, o=NetscapeRoot";) to entry cn=config > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin, > > ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) to entry > > cn=config > > +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE > > Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora > > Directory Server, cn=Server Group, cn=server, ou=admin, > > o=NetscapeRoot";) to entry cn=config > > +++check_and_add_entry: Found entry cn=SNMP,cn=config > > +++Adding attr=aci > > value=(target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version > > 3.0;acl "snmp";allow (read, search, compare)(userdn = > > "ldap:///anyone");) to entry cn=SNMP,cn=config > > +++check_and_add_entry: Found entry > > oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > > +++Adding attr=aci value=(targetattr != "aci")(version 3.0; acl "VLV > > Request Control"; allow( read, search, compare, proxy ) userdn = > > "ldap:///all";) to entry > > oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > > +Processing /usr/share/dirsrv/data/13dsschema.mod.tmpl ... > > +++check_and_add_entry: Found entry cn=schema > > +++Adding attr=aci value=(target="ldap:///cn=schema")(targetattr > > !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, > > compare) userdn = "ldap:///anyone";) to entry cn=schema > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrators Group"; allow (all) > > groupdn="ldap:///cn=Configuration Administrators, ou=Groups, > > ou=TopologyManagement, o=NetscapeRoot";) to entry cn=schema > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrator"; allow (all) > > userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, > > o=NetscapeRoot";) to entry cn=schema > > +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE > > Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora > > Directory Server, cn=Server Group, cn=server, ou=admin, > > o=NetscapeRoot";) to entry cn=schema > > +Processing /usr/share/dirsrv/data/14dsmonitor.mod.tmpl ... > > +++check_and_add_entry: Found entry cn=monitor > > +++Adding attr=aci value=(target ="ldap:///cn=monitor*")(targetattr != > > "aci || connection")(version 3.0; acl "monitor"; allow( read, search, > > compare ) userdn = "ldap:///anyone";) to entry cn=monitor > > +Processing /usr/share/dirsrv/data/16dssuffixadmin.mod.tmpl ... > > +++check_and_add_entry: Entry not found dc=hpconnect,dc=org error No > such object > > Could not authenticate as user 'uid=admin, ou=Administrators, > > ou=TopologyManagement, o=NetscapeRoot' to server > > 'ldap://server:46645/o=NetscapeRoot'. Error: Invalid credentials > > Could not register the directory server with the configuration directory > server. > > > > > > ----------------------------------------------- > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ipvx.low at gmail.com Fri Feb 29 18:16:51 2008 From: ipvx.low at gmail.com (M Vallapan) Date: Sat, 1 Mar 2008 02:16:51 +0800 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <47C44CEE.5080905@redhat.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> <47BB1DEE.7010807@redhat.com> <7cea65400802192020o32915bddyee33df6cea0bee3e@mail.gmail.com> <7cea65400802251921w3fd76b79mf822b96dd08192a8@mail.gmail.com> <47C387D2.207@redhat.com> <7cea65400802252006r2e710562r1390aa84edb81fcf@mail.gmail.com> <7cea65400802252010ra41fd5bl311ccd6adde9beb9@mail.gmail.com> <47C44CEE.5080905@redhat.com> Message-ID: <7cea65400802291016s5b317ef7y6b645cc143c6e96a@mail.gmail.com> Thanks ! the settings you mentioned work, but only for some time then the problem arises again. then I have to manually restart fedora-ds to break off all the idle sessions for it to be okay again for a little while. How do I go about this ? On Wed, Feb 27, 2008 at 1:31 AM, Rich Megginson wrote: > Low Kian Seong wrote: > > Wow ... a bit of ip information there could someone please take out > > the last email i sent ? How do i request an email be removed ? > > > And in your reply, you copied the entire previous message - I've > contacted Red Hat support to remove the messages from the archive. But > there is no way to revoke the messages once they are sent. > > This information is interesting: > > > ----- Total Connection Codes ----- > > B1 11480 Bad Ber Tag Encountered > U1 5877 Cleanly Closed Connections > T1 2187 Idle Timeout Exceeded > > B1 usually means the client just exit()'ed without first calling close() > or shutdown() on the TCP/IP socket. Which is fine. It's the T1 which > are odd. Of these 2187, 1864 come from the same client: > > 13800 XXX.XXX.XXX.129 > > 8254 - B1 Bad Ber Tag Encountered > 3608 - U1 Cleanly Closed Connections > 1864 - T1 Idle Timeout Exceeded > > Take a look at the access log where you get the T1 error upon > disconnect. You want to find out what the conn=XXXXX is. From there, > go back in the access log looking for the operations on that > connection. What are they? What application are they from? Why is > that application opening connections and just leaving them open? If it > is a monitoring application like nagios, you will need to increase the > idle timeout for that application. You can do this by using a dedicated > BIND dn for that application, then you can increase the idle timeout for > that user without affecting any of the other users - see > http://tinyurl.com/2sy8bl > > If you have a lot of applications that open connections and leave them > open for a long time, you will need to figure out how many file > descriptors you need for other clients, and you will need to increase > the number of file descriptors available for the directory server as > well as the size of the directory server connection table - > http://tinyurl.com/35qddb and > http://directory.fedoraproject.org/wiki/Performance_Tuning#Linux > > See http://tinyurl.com/35qddb for real time server connection monitoring > information. > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > From rmeggins at redhat.com Fri Feb 29 18:32:49 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 29 Feb 2008 11:32:49 -0700 Subject: [Fedora-directory-users] temporary resource unavailable problem with fedora directory server In-Reply-To: <7cea65400802291016s5b317ef7y6b645cc143c6e96a@mail.gmail.com> References: <7cea65400802171907r6c4d7904x666b60d119ba2a87@mail.gmail.com> <47B904A4.9010705@suburbia.org.au> <7cea65400802172251s1424c177weadef54f0e65afe5@mail.gmail.com> <47BB1DEE.7010807@redhat.com> <7cea65400802192020o32915bddyee33df6cea0bee3e@mail.gmail.com> <7cea65400802251921w3fd76b79mf822b96dd08192a8@mail.gmail.com> <47C387D2.207@redhat.com> <7cea65400802252006r2e710562r1390aa84edb81fcf@mail.gmail.com> <7cea65400802252010ra41fd5bl311ccd6adde9beb9@mail.gmail.com> <47C44CEE.5080905@redhat.com> <7cea65400802291016s5b317ef7y6b645cc143c6e96a@mail.gmail.com> Message-ID: <47C84FD1.7030407@redhat.com> M Vallapan wrote: > Thanks ! the settings you mentioned work, but only for some time then > the problem arises again. then I have to manually restart fedora-ds to > break off all the idle sessions for it to be okay again for a little > while. How do I go about this ? > First, figure out what the clients are which are grabbing all of the available connections and not letting them go . . . The server does not close idle connections until some other connection is made. So you could use ldapsearch to write a script that "pings" the server every few minutes to force it to close idle connections. > > On Wed, Feb 27, 2008 at 1:31 AM, Rich Megginson wrote: > >> Low Kian Seong wrote: >> > Wow ... a bit of ip information there could someone please take out >> > the last email i sent ? How do i request an email be removed ? >> > >> And in your reply, you copied the entire previous message - I've >> contacted Red Hat support to remove the messages from the archive. But >> there is no way to revoke the messages once they are sent. >> >> This information is interesting: >> >> >> ----- Total Connection Codes ----- >> >> B1 11480 Bad Ber Tag Encountered >> U1 5877 Cleanly Closed Connections >> T1 2187 Idle Timeout Exceeded >> >> B1 usually means the client just exit()'ed without first calling close() >> or shutdown() on the TCP/IP socket. Which is fine. It's the T1 which >> are odd. Of these 2187, 1864 come from the same client: >> >> 13800 XXX.XXX.XXX.129 >> >> 8254 - B1 Bad Ber Tag Encountered >> 3608 - U1 Cleanly Closed Connections >> 1864 - T1 Idle Timeout Exceeded >> >> Take a look at the access log where you get the T1 error upon >> disconnect. You want to find out what the conn=XXXXX is. From there, >> go back in the access log looking for the operations on that >> connection. What are they? What application are they from? Why is >> that application opening connections and just leaving them open? If it >> is a monitoring application like nagios, you will need to increase the >> idle timeout for that application. You can do this by using a dedicated >> BIND dn for that application, then you can increase the idle timeout for >> that user without affecting any of the other users - see >> http://tinyurl.com/2sy8bl >> >> If you have a lot of applications that open connections and leave them >> open for a long time, you will need to figure out how many file >> descriptors you need for other clients, and you will need to increase >> the number of file descriptors available for the directory server as >> well as the size of the directory server connection table - >> http://tinyurl.com/35qddb and >> http://directory.fedoraproject.org/wiki/Performance_Tuning#Linux >> >> See http://tinyurl.com/35qddb for real time server connection monitoring >> information. >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From suuuper at messinalug.org Fri Feb 29 19:08:17 2008 From: suuuper at messinalug.org (Giovanni Mancuso) Date: Fri, 29 Feb 2008 20:08:17 +0100 Subject: [Fedora-directory-users] FedoraDs and saslauthd Message-ID: <47C85821.1060902@messinalug.org> Hi to all, can i configure my FedoraDS to authenticate with saslauthd ??? Thanks From sujay at ASCnet.COM Fri Feb 29 20:33:09 2008 From: sujay at ASCnet.COM (Sujay D'Souza) Date: Fri, 29 Feb 2008 15:33:09 -0500 Subject: [Fedora-directory-users] Individual Passwordpolicies Message-ID: <47C86C05.5080502@ascnet.com> Hello, I was wondering if anyone could shed some light on passwordpolicies within FDS 1.0.4. It is possible to setup individual passwordpolicies within Sun Directory 5.2 and then assign the specific policy to either a single entry as the value of passwordPolicySubentry or managing the policy via CoS and roles. From the FDS documentation, it is possible to apply an individual policy either globally, user or subtree, but no mention of applying the policy via roles.... Any input would be appreciated. tia Sujay From rmeggins at redhat.com Fri Feb 29 20:37:39 2008 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 29 Feb 2008 13:37:39 -0700 Subject: [Fedora-directory-users] Individual Passwordpolicies In-Reply-To: <47C86C05.5080502@ascnet.com> References: <47C86C05.5080502@ascnet.com> Message-ID: <47C86D13.8090209@redhat.com> Sujay D'Souza wrote: > Hello, > > I was wondering if anyone could shed some light on passwordpolicies > within FDS > 1.0.4. > > It is possible to setup individual passwordpolicies within Sun > Directory 5.2 and > then assign the specific policy to either a single entry as the value of > passwordPolicySubentry or managing the policy via CoS and roles. > > From the FDS documentation, it is possible to apply an individual > policy either > globally, user or subtree, but no mention of applying the policy via > roles.... I think it mostly works the same way in Fedora DS as it does in Sun DS. > > > Any input would be appreciated. > > tia > > Sujay > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: