[389-users] Re: Fedora-directory-users Digest, Vol 55, Issue 24

Dimon dimon99 at ua.fm
Tue Dec 15 21:17:45 UTC 2009 

----------------------
> 
> Message: 8
> Date: Tue, 15 Dec 2009 09:45:11 -0700
> From: Rich Megginson <rmeggins at redhat.com>
> Subject: Re: [389-users] I need some help!
> To: "General discussion list for the 389 Directory server project."
> 	<fedora-directory-users at redhat.com>
> Message-ID: <4B27BD17.5080504 at redhat.com>
> Content-Type: text/plain; charset=windows-1251; format=flowed
> 
> Dimon wrote:
> > Hi everyone!  I'm a beginer in Fedora Directory (389 project) server so I hope that you will give me an advice to solve my problem.
> >
> > I want to synchronize my diectory server with Active Directory's users (centos-ds-8.1.0). I read the manual Red Hat 8.1 and had success. But my AD users have Posix atributes (home directory, gidnumber, uidnumber, Nis Domain) and they did not synchronize. 
> Right.  Windows Sync does not work with posix attributes.
> > I've read about DNA plugin in DS. It't written that I have to check pugin int my cn=plugins,cn=config and initialize it. I did so. I didn't have success. The probles is: my centos-ds doesn't match with the example described in the Rd Hat manual. 
> >   
> How so?  What example?  Can you provide a link?

 I found some Installing guide about directory-server in pdf - format... And found there examples how to configure DNA using  dnagidnumber,dnauidnumber, dnaNextvalue parameters. As I said ldap shema doesn't have any of them. If it necessary i will send you the Installing guide! 

> > It's written that I must have parameters such dnagidnumber,dnauidnumber, dnaNextvalue and others (it is showed on the pictures). I don't have any parameters connected with dna...My Ldap schema doesn't have any dna* nevertheless plugin DNA (libdna.so) present even in my ds-tree.
> These attributes and objectclasses are defined internally and not exported.
> > When I filled check box in order co configure DNA nothing happend!


YES this parameters are internal - I wanted to see them in Directory -> config->plugins->DNS ->Properties->advanced. I saw classes, any other parameters but I didn't se dna* in the way how it is showed in manual! I didn't see. I tryed to add them from ldap schema - but it doesn't content any off them! I tryed to Reconfigure it from file - witch content somthing like dn: cn= Distributed Advanced Plugin,cn=plugin,cn=config
Objectclass ... dnauidnumber, dnaguidnumber, dnaNextvalue and others... But when I tryed to add it via command line - I had an error - invalid dna (or nknown parameters - I'am not sure now!). I followed the manual. Configure DNA via command line!

> What check box?
On or off Configuration->DNA plugin cn=plugins,cn=config 

> > Duaring synchronization I still have no Posix account activated and parameters which I need
> Do you think DNA is going to fill in home directory and  NIS domain?

Acctually I thought that I will have an oportunity to  fill guid and uid automatically using DNA or replicate it from my AD with it. Cause AD accounts content them all. 

> > I use centos-idm-console-1.0.1 in order to manage the server. When I try to turn off DNA plugin - server says that "Server in unwilling to perform the operation. Cause the DNA plugin doesn't configure properly" - or somthing like that.
> check the directory server access and errors logs for more information.
> > I found manual about configure centos-ds with pictures - and as I said (it's written that I have to turn on DNA plugin - just fill check box).
> >   
> Enabling and disabling plugin requires a server restart.
It doesn't work! Because when I'am trying to turn off DNA plugin and  push save button - I have the error. Otherwise my settings don't save! Of cource I tryed to reboot my server! And plugin is still on. So I found it in my .lde config and turned it off manually. I have no additional information about it in my log-files! 

> > I have no idea how to solve it. May be you will have some time to give me a clue about it. I need it very much. And I have the other problem with it. I want to change the password using ldappasswd. It's required using LDAPS port 636. When I'm trying to use  ldpapasswd - or ldapsearch on 636 port, session waiting for something and it seams nothing happens, session just waits. I tryed to debug it using ldapsearch with -d. I didn't see any mistakes. I have feeling that it is connected with ldap.conf (client) but I don't know how to solve it yet. Using ldapsearch on 389 port - everything is fine.
> >   
> Can you paste the output of ldappasswd -d 1 to fpaste.org and paste the 
> link here?

I solved this problem I tryed to use ldappasswd  -x -h localhost -p 636 -D "" -W  -b "" and I didn't  work. ldappasswd needs secure connection - so I read some articles and use  -Z and -p 389 instead of 636 and everything works fine. Now I can change passwords in my DS using only one command line.

> > Thank you in advance!

-- реклама -----------------------------------------------------------
http://FREEhost.UA - при покупке хостинга домен в подарок!
Получи свою персональную скидку http://freehost.com.ua/cuponakciya.php

More information about the Fedora-directory-users mailing list