[389-users] Re: Fedora-directory-users Digest, Vol 55, Issue 24
Dimon
dimon99 at ua.fm
Tue Dec 15 21:17:45 UTC 2009
----------------------
>
> Message: 8
> Date: Tue, 15 Dec 2009 09:45:11 -0700
> From: Rich Megginson <rmeggins at redhat.com>
> Subject: Re: [389-users] I need some help!
> To: "General discussion list for the 389 Directory server project."
> <fedora-directory-users at redhat.com>
> Message-ID: <4B27BD17.5080504 at redhat.com>
> Content-Type: text/plain; charset=windows-1251; format=flowed
>
> Dimon wrote:
> > Hi everyone! I'm a beginer in Fedora Directory (389 project) server so I hope that you will give me an advice to solve my problem.
> >
> > I want to synchronize my diectory server with Active Directory's users (centos-ds-8.1.0). I read the manual Red Hat 8.1 and had success. But my AD users have Posix atributes (home directory, gidnumber, uidnumber, Nis Domain) and they did not synchronize.
> Right. Windows Sync does not work with posix attributes.
> > I've read about DNA plugin in DS. It't written that I have to check pugin int my cn=plugins,cn=config and initialize it. I did so. I didn't have success. The probles is: my centos-ds doesn't match with the example described in the Rd Hat manual.
> >
> How so? What example? Can you provide a link?
I found some Installing guide about directory-server in pdf - format... And found there examples how to configure DNA using dnagidnumber,dnauidnumber, dnaNextvalue parameters. As I said ldap shema doesn't have any of them. If it necessary i will send you the Installing guide!
> > It's written that I must have parameters such dnagidnumber,dnauidnumber, dnaNextvalue and others (it is showed on the pictures). I don't have any parameters connected with dna...My Ldap schema doesn't have any dna* nevertheless plugin DNA (libdna.so) present even in my ds-tree.
> These attributes and objectclasses are defined internally and not exported.
> > When I filled check box in order co configure DNA nothing happend!
YES this parameters are internal - I wanted to see them in Directory -> config->plugins->DNS ->Properties->advanced. I saw classes, any other parameters but I didn't se dna* in the way how it is showed in manual! I didn't see. I tryed to add them from ldap schema - but it doesn't content any off them! I tryed to Reconfigure it from file - witch content somthing like dn: cn= Distributed Advanced Plugin,cn=plugin,cn=config
Objectclass ... dnauidnumber, dnaguidnumber, dnaNextvalue and others... But when I tryed to add it via command line - I had an error - invalid dna (or nknown parameters - I'am not sure now!). I followed the manual. Configure DNA via command line!
> What check box?
On or off Configuration->DNA plugin cn=plugins,cn=config
> > Duaring synchronization I still have no Posix account activated and parameters which I need
> Do you think DNA is going to fill in home directory and NIS domain?
Acctually I thought that I will have an oportunity to fill guid and uid automatically using DNA or replicate it from my AD with it. Cause AD accounts content them all.
> > I use centos-idm-console-1.0.1 in order to manage the server. When I try to turn off DNA plugin - server says that "Server in unwilling to perform the operation. Cause the DNA plugin doesn't configure properly" - or somthing like that.
> check the directory server access and errors logs for more information.
> > I found manual about configure centos-ds with pictures - and as I said (it's written that I have to turn on DNA plugin - just fill check box).
> >
> Enabling and disabling plugin requires a server restart.
It doesn't work! Because when I'am trying to turn off DNA plugin and push save button - I have the error. Otherwise my settings don't save! Of cource I tryed to reboot my server! And plugin is still on. So I found it in my .lde config and turned it off manually. I have no additional information about it in my log-files!
> > I have no idea how to solve it. May be you will have some time to give me a clue about it. I need it very much. And I have the other problem with it. I want to change the password using ldappasswd. It's required using LDAPS port 636. When I'm trying to use ldpapasswd - or ldapsearch on 636 port, session waiting for something and it seams nothing happens, session just waits. I tryed to debug it using ldapsearch with -d. I didn't see any mistakes. I have feeling that it is connected with ldap.conf (client) but I don't know how to solve it yet. Using ldapsearch on 389 port - everything is fine.
> >
> Can you paste the output of ldappasswd -d 1 to fpaste.org and paste the
> link here?
I solved this problem I tryed to use ldappasswd -x -h localhost -p 636 -D "" -W -b "" and I didn't work. ldappasswd needs secure connection - so I read some articles and use -Z and -p 389 instead of 636 and everything works fine. Now I can change passwords in my DS using only one command line.
> > Thank you in advance!
-- реклама -----------------------------------------------------------
http://FREEhost.UA - при покупке хостинга домен в подарок!
Получи свою персональную скидку http://freehost.com.ua/cuponakciya.php
More information about the Fedora-directory-users
mailing list