[Fedora-directory-users] Management console: no successful login
by Sam Tran
Hi all,
I managed to install Fedora Directory Server on a debian Sarge box.
I created an instance that is now running.
Next step I installed the binaries for the management console and admin server.
I launch the console and the java login windows apeared. I input the
right information but was not able to actually log in. It was hanging
...
I read in some of the doc that the admin server needs to be started in
order to use the management console. The problem is that I was not
able to find the admin server binary or its startup script.
What am I missing?
Any help would be much appreciated.
Thanks.
Sam
18 years, 10 months
[Fedora-directory-users] Integration with postfix
by Gabriele Chervatin
Hi everyone,
first i use Directory Server as a address book, and i tested it whit
Thunderbird. It's fine I'm able to search the users an their emails.
Now i try to configure postfix with virtual user but i a bit
complicated task for me.
What are the basic step for the success?
I need to add new schema?
Follow my Directory content:
version: 1
# entry-id: 1
dn: dc=example,dc=com
objectClass: top
objectClass: domain
dc: example
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120831Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9bf-1dd211b2-8050be72-f5080000
aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access";
allow (read, search, compare)userdn="ldap:///anyone";)
aci: (targetattr="carLicense ||description ||displayName ||facsimileTelephoneN
umber ||homePhone ||homePostalAddress ||initials ||jpegPhoto ||labeledURL ||
mail ||mobile ||pager ||photo ||postOfficeBox ||postalAddress ||postalCode |
|preferredDeliveryMethod ||preferredLanguage ||registeredAddress ||roomNumbe
r ||secretary ||seeAlso ||st ||street ||telephoneNumber ||telexNumber ||titl
e ||userCertificate ||userPassword ||userSMIMECertificate ||x500UniqueIdenti
fier")(version 3.0; acl "Enable self write for common attributes"; allow (wr
ite) userdn="ldap:///self";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a
ll) userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=Ne
tscapeRoot";)
aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators Group";al
low (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou
=TopologyManagement, o=NetscapeRoot");)
aci: (targetattr ="*")(version 3.0;acl "Directory Administrators Group";allow
(all) (groupdn = "ldap:///ou=Directory Administrators, dc=example,dc=c
om");)
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ld
ap:///cn=slapd-centos41, cn=Fedora Directory Server, cn=Server Group, cn=cen
tos41.example.com, ou=example.com, o=NetscapeRoot";)
# entry-id: 2
dn: cn=Directory Administrators, dc=example,dc=com
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120831Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9c0-1dd211b2-8050be72-f5080000
# entry-id: 3
dn: ou=Groups, dc=example,dc=com
objectClass: top
objectClass: organizationalunit
ou: Groups
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9ef-1dd211b2-8050be72-f5080000
# entry-id: 4
dn: ou=People, dc=example,dc=com
objectClass: top
objectClass: organizationalunit
ou: People
aci: (targetattr ="userpassword || telephonenumber || facsimiletelephonenumber
")(version 3.0;acl "Allow self entry modification";allow (write)(userdn = "l
dap:///self");)
aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Accounting)")(version
3.0;acl "Accounting Managers Group Permissions";allow (write)(groupdn = "ld
ap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");)
aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human Resources)")(ve
rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR
Managers,ou=groups,dc=example,dc=com");)
aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product Testing)")(ver
sion 3.0;acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA M
anagers,ou=groups,dc=example,dc=com");)
aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product Development)"
)(version 3.0;acl "Engineering Group Permissions";allow (write)(groupdn = "l
dap:///cn=PD Managers,ou=groups,dc=example,dc=com");)
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f0-1dd211b2-8050be72-f5080000
# entry-id: 5
dn: ou=Special Users,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f1-1dd211b2-8050be72-f5080000
# entry-id: 6
dn: cn=Accounting Managers,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f2-1dd211b2-8050be72-f5080000
# entry-id: 7
dn: cn=HR Managers,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f3-1dd211b2-8050be72-f5080000
# entry-id: 8
dn: cn=QA Managers,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f4-1dd211b2-8050be72-f5080000
# entry-id: 9
dn: cn=PD Managers,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f5-1dd211b2-8050be72-f5080000
# entry-id: 10
dn: uid=chervatin,dc=example,dc=com
preferredLanguage: it
givenName: Gabriele
ntUserCreateNewAccount: true
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: ntuser
objectClass: posixAccount
sn;lang-af: Chervatin
facsimileTelephoneNumber: 338 175 1966
uid: chervatin
mail: gabriele.chervatin(a)example.com
uidNumber: 2000
cn: Gabriele Chervatin
ntUserComment: Accoutn Test NT
loginShell: /bin/bash
telephoneNumber;lang-af: 338 175 1966
gidNumber: 2000
ntUserDomainId: gchervatin
cn;lang-af:: R2FicmllbGUgQ2hlcnZhdGluIA==
gecos: Gabriele Chervatin
givenName;lang-af: Gabriele
homeDirectory: /home/ghcervatin
sn: Chervatin
userPassword: {SSHA}**
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20050629131933Z
modifyTimestamp: 20050629131933Z
nsUniqueId: 6d483381-1dd211b2-805abe72-f5080000
# entry-id: 15
dn: ou=domains,dc=example,dc=com
ou: domains
description: domini di posta
objectClass: top
objectClass: organizationalunit
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20050630140356Z
modifyTimestamp: 20050630140356Z
nsUniqueId: a9969501-1dd111b2-807fbe72-f5080000
# entry-id: 17
dn: ou=example.com,ou=domains,dc=example,dc=com
ou: example.com
objectClass: top
objectClass: organizationalunit
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20050630140640Z
modifyTimestamp: 20050630140640Z
nsUniqueId: 14e06701-1dd211b2-807fbe72-f5080000
# entry-id: 18
dn: uid=vtest1,ou=example.com,ou=domains,dc=example,dc=com
mail: vtest1(a)example.com
givenName: vtest1
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: vtest1
cn: vtest1
userPassword: {SSHA}**
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20050630140725Z
modifyTimestamp: 20050630142229Z
nsUniqueId: 38a3ad01-1dd211b2-807fbe72-f5080000
uid: vtest1
passwordGraceUserTime: 0
# entry-id: 19
dn: uid=vtest2,ou=example.com,ou=domains,dc=example,dc=com
mail: vtest2(a)example.com
givenName: vtest2
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: vtest2
cn: vtest2
userPassword: {SSHA}**
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: cn=server,cn=plugins,cn=config
createTimestamp: 20050630140940Z
modifyTimestamp: 20050630142223Z
nsUniqueId: 802a3901-1dd211b2-807fbe72-f5080000
uid: vtest2
passwordGraceUserTime: 0
# entry-id: 20
dn: uid=vtest3,ou=example.com,ou=domains,dc=example,dc=com
mail: Vtest3(a)example.com
givenName: vtest3
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: vtest3
cn: vtest3
userPassword: {SSHA}**
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: cn=server,cn=plugins,cn=config
createTimestamp: 20050630141046Z
modifyTimestamp: 20050630142312Z
nsUniqueId: a3ed7f01-1dd111b2-8080be72-f5080000
uid: vtest3
passwordGraceUserTime: 0
--
Gabriele Chervatin
18 years, 10 months
[Fedora-directory-users] [Fwd: Re: [LDAP-interop] LDAPv3 NOT search filter behavior]
by Rich Megginson
-------- Original Message --------
Subject: Re: [LDAP-interop] LDAPv3 NOT search filter behavior
Resent-Date: Fri, 1 Jul 2005 17:33:29 +0000 (GMT)
Resent-From: richm(a)stanfordalumni.org
Date: Fri, 01 Jul 2005 12:33:26 -0500
From: Benjamin Lewis <bhlewis(a)purdue.edu>
To: richm(a)stanfordalumni.org, OpenLDAP interoperability list
<ldap-interop(a)fini.net>
CC: quanah(a)stanford.edu
On July 1 2005, Rich Megginson wrote:
> What happens if you specify the uid attribute to be returned?
The uid attribute is returned for those entries that have one.
> ldapsearch "(!(uid=quanah))" uid
> ? Does it return only those entries that have a uid attribute? Does
> OpenLDAP omit entries from the search results that match the search
> filter but do not contain the attribute listed in the attribute list in
> the search request?
No. You might use something like '(&(uid=*)(!(uid=quanah)))' to
return only the entries that have a uid attribute. It would probably
be better to use objectClass to restrict the search to the type of
objects you're looking for. Perhaps something like
'(&(objectclass=posixAccount)(!(uid=quanah)))'.
-Ben
--
Benjamin Lewis <bhlewis(a)purdue.edu>
Security Analyst, Identity and Access Management
IT Security and Privacy
Purdue University
18 years, 10 months
[Fedora-directory-users] [Fwd: Re: [LDAP-interop] LDAPv3 NOT search filter behavior]
by Rich Megginson
-------- Original Message --------
Subject: Re: [LDAP-interop] LDAPv3 NOT search filter behavior
Resent-Date: Fri, 1 Jul 2005 17:10:21 +0000 (GMT)
Resent-From: richm(a)stanfordalumni.org
Date: Fri, 01 Jul 2005 11:10:01 -0600
From: Rich Megginson <richm(a)netscape.net>
Reply-To: richm(a)stanfordalumni.org
To: quanah(a)stanford.edu
CC: richm(a)stanfordalumni.org, OpenLDAP interoperability list
<ldap-interop(a)fini.net>
References: <42C5750A.4040601(a)netscape.net>
<E3F6EE46A3648FC1E5DF39B9(a)[0.1.0.4]>
quanah(a)stanford.edu wrote:
>
>
> --On Friday, July 01, 2005 10:53 AM -0600 Rich Megginson
> <richm(a)netscape.net> wrote:
>
>> Does search using a NOT filter imply the presence of that attribute?
>> Specifically:
>>
>> (!(someAttr=abc))
>>
>> Should this return those entries which have the someAttr attribute
>> present AND whose someAttr value != abc? Or should this return entries
>> which do not have the someAttr attribute?
>
>
> This should return all entries that don't have someAttr=abc. I.e., if
> the entry has someAttr=joe, it will be returned. If the entry doesn't
> have any occurrence of someAttr, it will be returned.
What happens if you specify the uid attribute to be returned? Is this
specified in X.500? If so, where?
>
> For example:
>
> tribes:~> ldapsearch "(!(uid=quanah))" | more
e.g. what happens if you do
ldapsearch "(!(uid=quanah))" uid
? Does it return only those entries that have a uid attribute? Does
OpenLDAP omit entries from the search results that match the search
filter but do not contain the attribute listed in the attribute list in
the search request?
> SASL/GSSAPI authentication started
> SASL username: quanah(a)stanford.edu
> SASL SSF: 56
> SASL installing layers
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope sub
> # filter: (!(uid=quanah))
> # requesting: ALL
> #
>
> # stanford.edu
> dn: dc=stanford,dc=edu
> objectClass: dcObject
> objectClass: organization
> o: Stanford University
> dc: stanford
> l: Palo Alto
>
> # Manager, stanford.edu
> dn: cn=Manager,dc=stanford,dc=edu
> objectClass: organizationalRole
> cn: Manager
>
> # People, stanford.edu
> dn: cn=People,dc=stanford,dc=edu
> objectClass: top
> objectClass: organizationalRole
> cn: People
>
>
> --Quanah
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/Shared Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>
> "These censorship operations against schools and libraries are stronger
> than ever in the present religio-political climate. They often focus on
> fantasy and sf books, which foster that deadly enemy to bigotry and blind
> faith, the imagination." -- Ursula K. Le Guin
>
>
18 years, 10 months
[Fedora-directory-users] ldapsearch issue, FDS vs. OL
by Brian K. Jones
Hi all,
I'm getting some odd behavior from FDS when I do an ldapsearch using the
openldap "ldapsearch" command line tool. Basically, if I do a search like
this one:
ldapsearch -x -LLL '(!(roomNumber=10*))' uid
I should get back the uid's of those whose room numbers do not start with
"10".
When I do this search against openldap, I get what I would expect. The data I
asked for, and nothing else. A list of uid's.
Under FDS, I'm getting a list of every single distinguished name for every
user. If that user matches the search term, I also get the uid. If they
don't, I just get the dn. Why is this? I don't want the dn unless it matches.
I feel like I've had this issue before, but I don't remember exactly, and I
certainly don't remember how I fixed it.
Any clues are hereby solicited.
brian.
18 years, 10 months