[Fedora-directory-users] Strange ldif export with é, è, ... french characters code
by Atr0pos
Hello all,
When users have some french characters code in fields (i.e. givenName &
cn), the ldif export file is bad. Here my ldif users import file and the
ldif export file using admin console.
import-with-french-char.ldif :
dn: uid=s.courtin,ou=people,dc=domain,dc=fr
changetype: add
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: top
objectClass: mailrecipient
uid: s.courtin
sn: COURTIN
givenName: Ségolène
cn: Ségolène COURTIN
employeeType: Etudiants
userPassword: ******
mail: s.courtin(a)domain.fr
export-bad.ldif:
dn: uid=s.courtin,ou=people,dc=domain,dc=fr
employeeType: Etudiants
givenName:: U8OpZ29sw6huZQ==
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: top
objectClass: mailrecipient
uid: s.courtin
mail: s.courtin(a)domain.fr
cn:: U8OpZ29sw6huZSBDT1VSVElO
sn: COURTIN
userPassword: *********
creatorsname: cn=manager
modifiersname: cn=manager
createtimestamp: 20050814113424Z
modifytimestamp: 20050814113424Z
nsuniqueid: 4ced0081-1dd211b2-80efc6a3-3b060000
parentid: 4
entryid: 1874
entrydn: uid=s.courtin,ou=people,dc=domain,dc=fr
numsubordinates: 0
subschemasubentry: cn=schema
hassubordinates: FALSE
If I use "cn: Segolene COURTIN" & "givenName: Segolene", the export file
is correct ... but I would use french char.
Is there a bug or (probably) a configuration error ?
For information my FDS is running on FC3 with LANG=fr_FR.UTF-8.
Thanks in advance for your help.
- Lalas -
18 years, 8 months
[Fedora-directory-users] Group members management
by Atr0pos
Hello all (and sorry for my poor english),
One simple example to illustrate my question :
I have one user in one group (all created with the admin console), when
I delete the user, the group's field "Member Name" ever include the
complete DN uid=my.user,ou=People,dc=my-domain,dc=com ... ("Member User
ID" is empty)
Is it possible to automatically clean the Member Name field (because
wirh 2000 users and 150 groups it's harder to manage )?
Thanks in advance.
- Lalas -
18 years, 8 months
[Fedora-directory-users] How mature is FDS?
by Alexander Stagun
Hi,
I am currently evaluating different Directory Server software which will
replace some part of our production NIS/Samba based authentication
system. Our first tests looked really promising except for one bug we
encountered: deleting a view crashes the ns-slapd process hard (bugzilla
bug #164610).
Now I have to admit, I am a bit unsure regarding the maturity of the FDS
project. I thought we are dealing with the good old and mature Netscape
iPlanet sources here, but I can't believe such a bug could go unnoticed.
So I'd really like to know, is there anyone outside who uses FDS in a
sort of mission critical environment? Is FDS on par with NDS or Sun's DS
regarding stability and scalability?
Regarding the bug we filed - is there anything we could do in order to
help fixing that issue?
Kind Regards,
Alex
--
Alexander Stagun
MindMatics AG
Marcel-Breuer-Str. 18
DE 80807 München
email : alexander.stagun(a)mindmatics.de
fon : +49 89 322986 15
fax : +49 89 322986 70
web : http://www.mindmatics.com http://www.mindmatics.de
------------------------------------------------------------------------
Die Information in dieser E-Mail ist vertraulich und exklusiv für den
Adressatenkreis bestimmt. Unbefugte Empfänger haben kein Recht, vom
Inhalt Kenntnis zu nehmen, fehlgeleitete E-Mails sind sofort zu löschen.
Bitte informieren Sie hierüber unverzüglich die MindMatics AG.
Weiterleiten oder Kopieren, darf auch auszugsweise nur mit
ausdrücklicher, schriftlicher Einwilligung der MindMatics AG erfolgen.
In jedem Fall ist sicherzustellen, dass keinerlei inhaltliche
Veränderungen erfolgen. Die MindMatics AG ist von der Richtigkeit des
Inhalts und der Übertragung dieser E-Mail überzeugt. Eine Haftung dafür
ist jedoch ausgeschlossen.
------------------------------------------------------------------------
This is a confidential communication intended only for the named
addresses. If you receive this communication in error, please notify us
and return and delete it without reading it. This e-mail may not be
disclosed, copied or distributed in any form without the obtained
permission in writing of MindMatics AG. In any case it may not be
altered or otherwise changed. Whilst MindMatics AG believes that the
information is correct at the date of the e-mail, no warranty and
representation is given to this effect and MindMatics AG can accept no
responsibility.
18 years, 8 months
[Fedora-directory-users] Enabling SSL
by Kevin Kovach
Hello,
I've worked through the SSL howto on the FDS site and everything went
well until I got to the part where I modified the schema.
The /tmp/ssl_enable.ldif modifications that are suggested work well up
to the point where it tries to modify cn=RSA,cn=encryption,cn=config
To be specific, the recommended changes are as follows...
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
-
add: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,
+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fo
-
add: nsKeyfile
nsKeyfile: alias/slapd-directory-key3.db
-
add: nsCertfile
nsCertfile: alias/slapd-directory-cert8.db
dn: cn=RSA,cn=encryption,cn=config
changetype: modify
add: nsSSLPersonalitySSL
nsSSLPersonalitySSL: Server-Cert
dn: cn=config
changetype: modify
add: nsslapd-security
nsslapd-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off
It seems as though when I get to the point where I want to add the
'nsSSLPersonalitySSL' attribute my directory server complains that the
'cn=RSA,cn=encryption,cn=config' object does not exist to be modified.
I don't see anywhere in the HOWTO where I would have created this
object. Am I missing something? Thanks.
- Kevin
18 years, 8 months
[Fedora-directory-users] What next?
by Chris Curran
Hi, hello:
I've just installed the Fedora Directory Server (on a Fedora 3 machine) and
I seem to have all modules up and running. I've created one user and I can
"browse" the DS server from another machine using a Java based tool.
What isn't clear to me is where do I go from here? What entries do I need to
create in the Directory Console so that the user can (for example) access a
Thunderbird contact list in the DS? Or a 'favorites' url list?
thanks,
Chris Curran
18 years, 8 months
[Fedora-directory-users] Re: [Fedora Directory Users] Winsync woes
by Dimitri Yioulos
On Tuesday August 2 2005 6:15 pm, David Boreham wrote:
> >But I've checked and rechecked those. My bind DN is cn=Admin. That's the
> >correct format, isn't it?
> >
> >-
>
> Indeed no. You want the DN for the Administrator user in AD.
> Typically that would be something like 'cn=Administrator, ou=users,
> dc=company, dc=com'.
> However, I would recommend that you use ldapsearch to first establish
> the correct DN
> (search for all users in AD and go looking for the administrator user).
David,
I changed the DN as you suggested, and my sync worked (just as I imagine you
expected it would). Thank you very much!
If I may be so bold as to take advantage of your knowledge and kindness - when
I created the Windows Sync Agreement, I specified the DS subtree as
ou=People,dc=headquarters,dc=mydomain,dc=com, and the Windows subtree as
cn=People,dc=headquarters,dc=mydomain,dc=com. When the sync completed, all
Windows users and groups ended up in the FDS People subtree. How would I get
Windows groups to populate the FDS gorups subtree, and only users to populate
the People subtree?
Dimitri
18 years, 8 months
[Fedora-directory-users] too many fds open
by Craig Ayliffe
Hi,
Has anyone come across problem with directory server having too many
fds open, which then causes it to not receive any new connections?
Version: Fedora-Directory/7.1 B2005.146.2010
OS: Linux ds01 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686
i686 i386 GNU/Linux
>From the logs/error:
[28/Jul/2005:19:22:42 +1000] - Listening for new connections again
[28/Jul/2005:19:22:42 +1000] - Not listening for new connections - too
many fds open
[28/Jul/2005:19:22:42 +1000] - Listening for new connections again
[28/Jul/2005:19:22:42 +1000] - Not listening for new connections - too
many fds open
[28/Jul/2005:21:00:22 +1000] - Listening for new connections again
One thing I have noticed is a lot of tcp connections owned by the
ns-slapd process, that are suspended in the CLOSE_WAIT state.
# netstat -nap
...
tcp 0 0 ::ffff:10.10.246.31:389
::ffff:10.10.245.12:54566 CLOSE_WAIT 17118/ns-slapd
tcp 0 0 ::ffff:10.10.246.31:389
::ffff:10.10.245.12:54502 CLOSE_WAIT 17118/ns-slapd
tcp 0 0 ::ffff:10.10.246.31:389
::ffff:10.10.245.12:54758 CLOSE_WAIT 17118/ns-slapd
tcp 0 0 ::ffff:10.10.246.31:389
::ffff:10.10.245.12:54569 CLOSE_WAIT 17118/ns-slapd
tcp 0 0 ::ffff:10.10.246.31:389
::ffff:10.10.245.12:54312 CLOSE_WAIT 17118/ns-slapd
tcp 0 0 ::ffff:10.10.246.31:389
::ffff:10.10.245.12:54440 CLOSE_WAIT 17118/ns-slapd
tcp 0 0 ::ffff:10.10.246.31:389
::ffff:10.10.245.12:54379 CLOSE_WAIT 17118/ns-slapd
tcp 0 0 ::ffff:10.10.246.31:389
::ffff:10.10.245.12:54315 CLOSE_WAIT 17118/ns-slapd
Regards,
--
Craig Ayliffe
18 years, 8 months
[Fedora-directory-users] Winsync woes
by Dimitri Yioulos
Hello to all.
I recently installed FDS on a CentOS 3 box. My network authenticates to a
win2k3 AD box. I'd like to use the Winsync feature of FDS to keep it
automatically updated.
Firstly, FDS does work, to the extent that I populated ou=People, and can see
and use those entries in Kmail. I've followed the Admin manual regarding
installation and configuration of Winsync on both the FDS and AD boxes, but
I can't get it to work. I receive an error "81- LDAP error: can't contact
LDAP server". By now, it's entirely probable that I've munged up the
configuration, having tried so many tweaks.
I'm really not sure where to begin in terms of providing info to you so that
you can help me out. With your kind indulgence, it might be better for you
to ask me questions about my setup, and we can go from there (I realize
that's a bassackwards way to ask for help, but ...).
Here, at least, are some basics: I obtained server and CA certs from
CACert.org, and plugged those into FDS. I created the user Admin on both the
FDS and ADS boxes. I created a Replica Agreement. I ran the Winsync utility
on the ADS box. I'm trying to use port 636.
I do have a couple of questions: what's the proper way to specify a Supplier
DN, and should I use "SSL client authentication" or simple authentication" in
the Replica Agreement?
Many thanks.
Dimitri
18 years, 8 months
[Fedora-directory-users] Manager login on port 389?
by Vsevolod (Simon) Ilyushchenko
Hi,
I'm trying to bind to FDS as "cn=Manager, ..." and looks like it does
not work unless I use SSL (I can only do it from an application, not
from command-line tools, though). TLS on port 389 does not work either.
Is it a feature or am I missing something?
Thanks,
Simon
--
Simon (Vsevolod ILyushchenko) simonf(a)cshl.edu
http://www.simonf.com
Terrorism is a tactic and so to declare war on terrorism
is equivalent to Roosevelt's declaring war on blitzkrieg.
Zbigniew Brzezinski, U.S. national security advisor, 1977-81
18 years, 8 months