[Fedora-directory-users] /etc/init.d startup script issues on reboot
by Joe Sheehan
We are using the startup script for Fedora as
shown below with the corresponding /etc/sysconfig/ns-slapd
The problem is during a reboot ns-slapd doesn't start. (the run levels are
set to 3,4,5).
>From the command line though using this script it starts.
In the /var/log/messages for a reboot we see
sql_select option missing
auxpropfunc error no mechanism available
ns-slapd failed
For a command line start we see
sql_select option missing
auxpropfunc error no mechanism available
ns-slapd started successfully.
Those two errors seem to be consist with a permission problem similar to
openldap
but we haven't had any luck with that yet BUT is there a way to figure out
why during a reboot it doesn't start besides getting a "ns-slapd failed".
Thanks (scripts below)
Joe
# Source function library.
. /etc/init.d/functions
SLAPD_HOST=`hostname -a`
SLAPD_DIR=/opt/fedora-ds/bin/slapd/server
PIDFILE=$SLAPD_DIR/logs/pid
STARTPIDFILE=$SLAPD_DIR/logs/startpid
if [ -f /etc/sysconfig/ns-slapd ]; then
. /etc/sysconfig/ns-slapd
fi
start() {
echo -n "Starting Fedora Directory Server: "
if [ -f $STARTPIDFILE ]; then
PID=`cat $STARTPIDFILE`
echo ns-slapd already running: $PID
exit 2;
elif [ -f $PIDFILE ]; then
PID=`cat $PIDFILE`
echo ns-slapd already running: $PID
exit 2;
else
echo Here we go...
cd $SLAPD_DIR
daemon ./ns-slapd $OPTIONS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ns-slapd
return $RETVAL
fi
}
stop() {
echo -n "Shutting down Fedora Directory Server: "
echo
killproc ns-slapd
echo
rm -f /var/lock/subsys/ns-slapd
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status ns-slapd
;;
restart)
stop
start
;;
*)
echo "Usage: <servicename> {start|stop|status|restart}"
exit 1
;;
esac
exit $?
17 years, 6 months
[Fedora-directory-users] Multiple database links (chaining)
by Ben Steeves
Hi Folks,
I'm having a problem that I'm going to go bald trying to solve, it seems...
I've been tasked with creating a single searchable suffix for two
different trees (dc=one,dc=com and dc=two,dc=com for arguments sake).
The application that needs this suffix doesn't deal with referals, so
my first (and the obvious, I thought) solution won't work.
I delved into the Administrator's Guide and discovered the section on
chained suffixes (ie., Directory Links), and it seems good. The
problem? I can't make it work right.
On a test server, I've set up a "master" suffix, "dc=com", and created
directory links to "dc=one,dc=com" and "dc=two,dc=com". I've added
the proxy ACI on the One and Two LDAP directories. When I search the
test server, I can successfully find objects in the One tree, so it's
half working -- but the Two tree doesn't work. I've check and
re-checked and everything appears kosher.
Am I barking up the wrong tree? Is there an easier way to do this?
Should I give up and take up basket weaving as a nice, harmless job,
and forget systems administration altogether?
Any help or suggestions would be appreciated.
--
_ Ben Steeves bcs(a)metacon.ca
( ) The ASCII ribbon campaign ben.steeves(a)unb.ca
X against HTML e-mail GPG ID: 0xB3EBF1D9
/ \ http://www.metacon.ca/ascii Yahoo Messenger: ben_steeves
17 years, 6 months
[Fedora-directory-users] Mult-Master Replication
by Dan Hawker
Hi All,
Just about to start experimenting with multi-master replication for our
organisation and was looking at the page on the wiki.
The script that is recommended doesn't seem to be available anymore (get a
403 forbidden error). Wondered if anyone had a link to said script that
actually works.
Thanks
Dan
17 years, 6 months
[Fedora-directory-users] Solaris Client
by Jim Summers
Hello List,
I am currently in the process of switching from a Sun iPlanet ldap to FDS.
All has gone well except for my one remaining solaris client. I was using the
Solaris Client Howto as a reference. It mentions using netscape and browsing
to the 636 port of my server to get the necessary certs. I did that and the
cp'd and chmod'd the files. After running ldapclient successfully, I can not
issue a successful id command and see the following in the FDS server log files:
[31/May/2006:10:33:12 -0500] conn=129250 fd=238 slot=238 SSL connection from
129.15.55.135 to 129.15.55.33
[31/May/2006:10:33:12 -0500] conn=129250 op=-1 fd=238 closed - SSL peer cannot
verify your certificate.
Not sure what I have overlooked, or a Solaris parameter that would not require
the verification?
I built the certs using the SSL howto. Which all is working great on my
linuxes and OS/X machines.
Ideas / Suggestions?
Many Thanks
--
Jim Summers
School of Computer Science-University of Oklahoma
-------------------------------------------------
17 years, 6 months
RE: [Fedora-directory-users] /etc/init.d startup script issuesonreboot
by Paul Clayton
Joe,
Question is do you really need the daemon function if it works without
it. If startup and shutdown are all you need, why make it to complex.
cheers
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Joe
Sheehan
Sent: 30 May 2006 03:18 PM
To: fedora-directory-users(a)redhat.com
Subject: Re: [Fedora-directory-users] /etc/init.d startup script
issuesonreboot
Log - the only thing
I see within the message log
is
sql_select option missing
auxpropfunc error no mechanism available ns-slapd failed
Is there a way I could get more info when I reboot the system?
If I take out "daemon" within the script below and just have
/opt/fedora-ds/slapd-'hostname'/start-slapd & for start - not problem
during a reboot.
Thanks
>From: Pete Rowley <prowley(a)redhat.com>
>Reply-To: "General discussion list for the Fedora Directory server
>project." <fedora-directory-users(a)redhat.com>
>To: "General discussion list for the Fedora Directory server project."
><fedora-directory-users(a)redhat.com>
>Subject: Re: [Fedora-directory-users] /etc/init.d startup script issues
>onreboot
>Date: Fri, 26 May 2006 11:45:41 -0700
>
>log?
>
>Joe Sheehan wrote:
>>We are using the startup script for Fedora as shown below with the
>>corresponding /etc/sysconfig/ns-slapd The problem is during a reboot
>>ns-slapd doesn't start. (the run levels are set to 3,4,5).
>>>From the command line though using this script it starts.
>>
>>In the /var/log/messages for a reboot we see sql_select option missing
>>auxpropfunc error no mechanism available ns-slapd failed
>>
>>For a command line start we see
>>sql_select option missing
>>auxpropfunc error no mechanism available ns-slapd started
>>successfully.
>>
>>Those two errors seem to be consist with a permission problem similar
>>to openldap but we haven't had any luck with that yet BUT is there a
>>way to figure out why during a reboot it doesn't start besides getting
>>a "ns-slapd failed".
>>
>>Thanks (scripts below)
>>
>>Joe
>># Source function library.
>>. /etc/init.d/functions
>>
>>SLAPD_HOST=`hostname -a`
>>SLAPD_DIR=/opt/fedora-ds/bin/slapd/server
>>PIDFILE=$SLAPD_DIR/logs/pid
>>STARTPIDFILE=$SLAPD_DIR/logs/startpid
>>
>>if [ -f /etc/sysconfig/ns-slapd ]; then
>> . /etc/sysconfig/ns-slapd
>>fi
>>
>>
>>start() {
>> echo -n "Starting Fedora Directory Server: "
>> if [ -f $STARTPIDFILE ]; then
>> PID=`cat $STARTPIDFILE`
>> echo ns-slapd already running: $PID
>> exit 2;
>> elif [ -f $PIDFILE ]; then
>> PID=`cat $PIDFILE`
>> echo ns-slapd already running: $PID
>> exit 2;
>> else
>> echo Here we go...
>> cd $SLAPD_DIR
>> daemon ./ns-slapd $OPTIONS
>> RETVAL=$?
>> echo
>> [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ns-slapd
>> return $RETVAL
>> fi
>>
>>}
>>
>>stop() {
>> echo -n "Shutting down Fedora Directory Server: "
>> echo
>> killproc ns-slapd
>> echo
>> rm -f /var/lock/subsys/ns-slapd
>> return 0
>>}
>>
>>case "$1" in
>> start)
>> start
>> ;;
>> stop)
>> stop
>> ;;
>> status)
>> status ns-slapd
>> ;;
>> restart)
>> stop
>> start
>> ;;
>> *)
>> echo "Usage: <servicename> {start|stop|status|restart}"
>> exit 1
>> ;;
>>esac
>>exit $?
>>
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users(a)redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>--
>Pete
>
><< smime.p7s >>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--------------------------------------------------------
This e-mail and any attachments are confidential and may also be legally
privileged and/or copyright material of Intec Telecom Systems PLC (or its
affiliated companies). If you are not an intended or authorised recipient
of this e-mail or have received it in error, please delete it immediately
and notify the sender by e-mail. In such a case, reading, reproducing,
printing or further dissemination of this e-mail or its contents is strictly
prohibited and may be unlawful.
Intec Telecom Systems PLC does not represent or warrant that an attachment
hereto is free from computer viruses or other defects. The opinions
expressed in this e-mail and any attachments may be those of the author and
are not necessarily those of Intec Telecom Systems PLC.
17 years, 6 months
RE: [Fedora-directory-users] /etc/init.d startup script issuesonreboot
by Paul Clayton
Something rings a bell here that the DAEMON command might be your
problem. I recall have some similar issue, but don't know what I did to
fix it. Does the startup script not have to be registered as an active
available script.
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Joe
Sheehan
Sent: 26 May 2006 04:31 PM
To: fedora-directory-users(a)redhat.com
Subject: RE: [Fedora-directory-users] /etc/init.d startup script
issuesonreboot
Yeah, I'm now going through the methodical approach of taking everything
out of the script except the echos and then putting it back together
piece by piece - just strange that using the same script via the command
line would give me the same failure.
Joe
>From: "Paul Clayton" <Paul.Clayton(a)intecbilling.com>
>Reply-To: "General discussion list for the Fedora Directory server
>project." <fedora-directory-users(a)redhat.com>
>To: "General discussion list for the Fedora Directory server project."
><fedora-directory-users(a)redhat.com>
>Subject: RE: [Fedora-directory-users] /etc/init.d startup script
>issuesonreboot
>Date: Fri, 26 May 2006 15:28:24 +0200
>
>Apologies, blonde moment here. That was what I meant. Have you thought
>of simplyfing your script. Do you see any messages that your script is
>being acted upon. By this I mean taking out variables and putting in
>full paths to where you want to go.
>
>cheers
>
>-----Original Message-----
>From: fedora-directory-users-bounces(a)redhat.com
>[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Joe
>Sheehan
>Sent: 26 May 2006 03:24 PM
>To: fedora-directory-users(a)redhat.com
>Subject: RE: [Fedora-directory-users] /etc/init.d startup script
>issuesonreboot
>
>Little confused - do you mean in the directory
>/opt/fedora-ds/slapd-'hostname' - run ./start-slapd If so I've done
>that and it works on command line - I still receive a failure during
>reboot using that command within my startup script. Trying to get more
>info out of the ldap during reboot but all I receive is a failure
statment.
>
>
> >From: "Paul Clayton" <Paul.Clayton(a)intecbilling.com>
> >Reply-To: "General discussion list for the Fedora Directory server
> >project." <fedora-directory-users(a)redhat.com>
> >To: "General discussion list for the Fedora Directory server
project."
> ><fedora-directory-users(a)redhat.com>
> >Subject: RE: [Fedora-directory-users] /etc/init.d startup script
> >issues
>
> >onreboot
> >Date: Fri, 26 May 2006 13:58:51 +0200
> >
> >Have tried running the command as ./slapd-`hostname` in your
> >/opt/fedora_ds directory.
> >
> >-----Original Message-----
> >From: fedora-directory-users-bounces(a)redhat.com
> >[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Joe
> >Sheehan
> >Sent: 26 May 2006 01:28 PM
> >To: fedora-directory-users(a)redhat.com
> >Subject: [Fedora-directory-users] /etc/init.d startup script issues
> >on reboot
> >
> >We are using the startup script for Fedora as shown below with the
> >corresponding /etc/sysconfig/ns-slapd The problem is during a reboot
> >ns-slapd doesn't start. (the run levels are set to 3,4,5).
> > >From the command line though using this script it starts.
> >
> >In the /var/log/messages for a reboot we see sql_select option
> >missing auxpropfunc error no mechanism available ns-slapd failed
> >
> >For a command line start we see
> >sql_select option missing
> >auxpropfunc error no mechanism available ns-slapd started
successfully.
> >
> >Those two errors seem to be consist with a permission problem similar
> >to
> >
> >openldap
> >but we haven't had any luck with that yet BUT is there a way to
> >figure out why during a reboot it doesn't start besides getting a
> >"ns-slapd failed".
> >
> >Thanks (scripts below)
> >
> >Joe
> ># Source function library.
> >. /etc/init.d/functions
> >
> >SLAPD_HOST=`hostname -a`
> >SLAPD_DIR=/opt/fedora-ds/bin/slapd/server
> >PIDFILE=$SLAPD_DIR/logs/pid
> >STARTPIDFILE=$SLAPD_DIR/logs/startpid
> >
> >if [ -f /etc/sysconfig/ns-slapd ]; then
> > . /etc/sysconfig/ns-slapd
> >fi
> >
> >
> >start() {
> > echo -n "Starting Fedora Directory Server: "
> > if [ -f $STARTPIDFILE ]; then
> > PID=`cat $STARTPIDFILE`
> > echo ns-slapd already running: $PID
> > exit 2;
> > elif [ -f $PIDFILE ]; then
> > PID=`cat $PIDFILE`
> > echo ns-slapd already running: $PID
> > exit 2;
> > else
> > echo Here we go...
> > cd $SLAPD_DIR
> > daemon ./ns-slapd $OPTIONS
> > RETVAL=$?
> > echo
> > [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ns-slapd
> > return $RETVAL
> > fi
> >
> >}
> >
> >stop() {
> > echo -n "Shutting down Fedora Directory Server: "
> > echo
> > killproc ns-slapd
> > echo
> > rm -f /var/lock/subsys/ns-slapd
> > return 0
> >}
> >
> >case "$1" in
> > start)
> > start
> > ;;
> > stop)
> > stop
> > ;;
> > status)
> > status ns-slapd
> > ;;
> > restart)
> > stop
> > start
> > ;;
> > *)
> > echo "Usage: <servicename> {start|stop|status|restart}"
> > exit 1
> > ;;
> >esac
> >exit $?
> >
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users(a)redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >--------------------------------------------------------
> >
> >This e-mail and any attachments are confidential and may also be
> >legally privileged and/or copyright material of Intec Telecom Systems
> >PLC (or its affiliated companies). If you are not an intended or
> >authorised recipient of this e-mail or have received it in error,
> >please delete it immediately and notify the sender by e-mail. In such
> >a
>
> >case, reading, reproducing, printing or further dissemination of this
> >e-mail or its contents is strictly prohibited and may be unlawful.
> >Intec Telecom Systems PLC does not represent or warrant that an
> >attachment hereto is free from computer viruses or other defects. The
> >opinions expressed in this e-mail and any attachments may be those of
> >the author and are not necessarily those of Intec Telecom Systems
PLC.
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users(a)redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
17 years, 6 months
RE: [Fedora-directory-users] solaris, dtlogin, and FDS
by Paul Clayton
Hi,
After some experimentaion, I came up with another pam configuration for
desk top login. This would override the settings "other", as the
application has been marked specifically as "dtlogin".
Seems what you have to do is experiment with the configuration to get
something workable. My system is basic ldap and no kerberos at this
stage.
------------------------------------------------------------------------
-------------------------
dtlogin auth sufficient pam_unix.so.1
dtlogin auth required pam_ldap.so.1 try_first_pass
dtlogin account sufficient pam_unix.so.1
dtlogin account requisite pam_roles.so.1
dtlogin account required pam_projects.so.1
dtlogin account sufficient pam_unix_account.so.1
dtlogin account required pam_ldap.so.1 try_first_pass
dtlogin session sufficient pam_unix_session.so.1
dtlogin session required pam_ldap.so.1 try_first_pass
------------------------------------------------------------------------
-------------------------
cheers
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Sam
Smith
Sent: 26 May 2006 10:49 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] solaris, dtlogin, and FDS
Susan wrote:
>I have this and my dtlogin works fine:
>
>
># Default definitions for Authentication management # Used when service
>name is not explicitly mentioned for authentication #
>other auth requisite pam_authtok_get.so.1
>other auth required pam_dhkeys.so.1
>other auth required pam_unix_cred.so.1
>other auth sufficient pam_unix_auth.so.1
>other auth required pam_ldap.so.1
>#
>
>
>
Susan, I'm pretty sure now that authentication is not the problem - it
seems to authenticate fine and then die. What other lines for "other" do
you have in your pam.conf?
Sam
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--------------------------------------------------------
This e-mail and any attachments are confidential and may also be legally
privileged and/or copyright material of Intec Telecom Systems PLC (or its
affiliated companies). If you are not an intended or authorised recipient
of this e-mail or have received it in error, please delete it immediately
and notify the sender by e-mail. In such a case, reading, reproducing,
printing or further dissemination of this e-mail or its contents is strictly
prohibited and may be unlawful.
Intec Telecom Systems PLC does not represent or warrant that an attachment
hereto is free from computer viruses or other defects. The opinions
expressed in this e-mail and any attachments may be those of the author and
are not necessarily those of Intec Telecom Systems PLC.
17 years, 6 months
[Fedora-directory-users] View all groups of choosen user
by Pavel 'Blaze' Vinogradov
Hello General,
How in Admin console view all Group which contain current user. In
case of static group i can do it with simple query with filter on
uniquemember field, but how do it with dynamic group?
And how i can show result for Admin Console user?
--
Best regards,
Pavel mailto:blaze@elewise.com
17 years, 6 months
[Fedora-directory-users] CPanel + FedoraDS
by Paul Singh
Hi all,
I've got 10 CPanel servers that I administrate now and I'm bringing
on some additional support staff to begin helping with that. The
problem here is that I don't want to go into every machine and create
an individual account on each box for the admins.
I started working with FedoraDS and was able to successfully get the
machines to pull data from the LDAP server. The problem is, it seems
to check every hosting account username too and this slows the
machines down quite a bit since it's looking for accounts that are
not in LDAP at all.
When looking in /etc/nssswitch.conf, I thought that the system would
read left to write so I have:
passwd: files ldap
shadow: files ldap
group: files ldap
Shouldn't that read left to right? If an account is found in the
local files, the system should not be going to ldap to confirm. Does
anyone know how to make this work the way I would like it to?
Thanks in advance.
--Paul
17 years, 6 months
RE: [Fedora-directory-users] solaris, dtlogin, and FDS
by Paul Clayton
But can you use files based users with this method 'cause I can't.
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Susan
Sent: 26 May 2006 05:07 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] solaris, dtlogin, and FDS
I have this and my dtlogin works fine:
# Default definitions for Authentication management # Used when service
name is not explicitly mentioned for authentication #
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1
#
--- Sam Smith <sam.smith(a)ece.gatech.edu> wrote:
> I have a bunch of fully patched and up-to-date Solaris 2.9 machines,
> using an FDS ldap server. I just converted them over from NIS, thanks
> to the help from the documentation on the web site.
>
> I can login at the command line, I can ssh to them, I thought
> everything was working great.
>
> But when I sit down in front of the console, and try to login with
> dtlogin to CDE (the gui), it kicks me out.
>
> It's using the "other" lines from my pam.conf, which look like this:
>
> #
> # Default definitions for Authentication management # Used when
> service name is not explicitly mentioned for authentication #
> other auth requisite pam_authtok_get.so.1
> other auth required pam_dhkeys.so.1
> other auth binding pam_unix_auth.so.1 server_policy
> other auth required pam_ldap.so.1
>
> If I look at the log file in the FDS server ("access"), everything
> looks fine.
>
> Has anyone else had a problem with dtlogin?
>
> Thanks for any help,
> Sam
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--------------------------------------------------------
This e-mail and any attachments are confidential and may also be legally
privileged and/or copyright material of Intec Telecom Systems PLC (or its
affiliated companies). If you are not an intended or authorised recipient
of this e-mail or have received it in error, please delete it immediately
and notify the sender by e-mail. In such a case, reading, reproducing,
printing or further dissemination of this e-mail or its contents is strictly
prohibited and may be unlawful.
Intec Telecom Systems PLC does not represent or warrant that an attachment
hereto is free from computer viruses or other defects. The opinions
expressed in this e-mail and any attachments may be those of the author and
are not necessarily those of Intec Telecom Systems PLC.
17 years, 6 months
