[Fedora-directory-users] Replication multiple suffixes
by Jo De Troy
Hello,
I was wondering what the best way to setup multi-master replication was when
multiple suffixes exist on each supplier.
Should we first setup each supplier with the same root suffix in the
userRoot DB, then setup replication. Then create the 2nd suffix in a
separare database and setup replication for this suffix ...
I'm currently trying to use the mmr script to setup replication without succes.
I have 2 Fedora DS servers running each with a different suffix in
their userRoot and would like to setup replication te each other.
Thanks in advance,
Jo
16 years, 5 months
[Fedora-directory-users] RPM/SRPM issues and old RHEL
by Oliver Hookins
Hi there,
I'm trying to get started testing out Fedora Directory Server with the
goal of replacing our OpenLDAP infrastructure. Most of our servers are
RHEL3/4 so there are no big issues there since there are already
prepackaged binary RPMS for those platforms.
But we do have two RHEL2.1 server which we will definitely need packages
for in order to do any migration to FDS. Upgrading these servers to
RHEL3/4 is not an option. Looking at the spec file of the SRPM from
RHEL3 it seems like dependencies won't be a problem, the spec file
itself is a mess and doesn't come close to building everything (which I
understand is a work in progress).
So my questions are: has anyone got FDS running well on RHEL2.1 (either
by compiling directly from source, shoehorning the RPM from RHEL3 or
building the RPM from the SRPM)? Has anyone written their own spec file
from scratch to build FDS in its entirety from sources? I also wanted to
change the installation prefix from /opt so getting a working and
complete spec file would be very desirable.
--
Regards,
Oliver Hookins
Anchor Systems
16 years, 7 months
[Fedora-directory-users] Init script to Suse 9x 10x
by Carlos Cesario
Hi peoples, I make two scripts (slapd-aplication and admin server) to
Suse 9x 10x system.
I based from scripts to RH (in wiki)
If somebody found any error please make the fix or report to list :)
Excuse me by my English :)
Instructions to setup: (to default path install)
#####fedora-ds script######
chmod 755 fedora-ds
cp fedora-ds /etc/init.d/
ln -s /etc/init.d/fedora-ds /usr/sbin/rcfedora-ds
Edit /etc/init.d/fedora-ds and change APP_NAME var valeu to name of you
aplication
and enable the service in yast or in console
chkconfing fedora-ds on
###########################
######fedora-ds-admin######
chmod 755 fedora-ds-admin
cp fedora-ds-admin /etc/init.d/
ln -s /etc/init.d/fedora-ds-admin /usr/sbin/rcfedora-ds-admin
and enable the service in yast or in console
chkconfing fedora-ds-admin on
##########################
I find that it is this
thanks
Carlos Cesario
16 years, 10 months
[Fedora-directory-users] Error at work of the utility ldapsearch.
by Safonov Alexey
Hi !
I ask to help to solve a problem with the utility ldapsearch.
is a problem to carry out synchronization between FDS and AD. Has made the
following:
1) Install FDS
2) Configuring SSL Enabled FDS. For this purpose has started script
setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh) from
HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL)
3) Restart FDS.
netstat -atupn | grep ns-
tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd
tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd
4) Enable SSL on AD.
Install Certificate Service
Check util ldp.exe:
Connected param: Server- srv-vm1.mup-example.vrn.ru
Port - 636
Checkbox "SSL"
ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1);
Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
LDAP_VERSION3);
Error <0x0> = ldap_connect(hLdap, NULL);
Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
Host supports SSL, SSL cipher strength = 128 bits
Established connection to srv-vm1.mup-example.vrn.ru.
Retrieving base DSA information...
.....
5) Import AD CA certificate in DER mode.
6) Copy, convert (PEM) and install AD CA certificate in FDS. Check:
[root@asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
slapd-asterisk1-
CA certificate CTu,u,u
server-cert u,u,u
Server-Cert u,u,u
ad-cert CT,C,C <- install this
6) [root@asterisk1 alias]# ldapsearch -Z -P
/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h
rv-vm1.mup-example.vrn.ru -p 636 -D
"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s
base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*"
Error:
ldapsearch: unabel to parse protocol version
"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db"
Help my!
Thanks
------------------------------------------------------
My Setup:
Fedora Core 5 (i386)
Fedora Directory Server 1.0.2
Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru)
------------------------------------------------------
16 years, 10 months
[Fedora-directory-users] Fedora Core 5 Blocking on Boot
by Richi Plana
Hi,
I recently set up fedora-ds and managed to configure several FC5
machines to authenticate and get user information from the LDAP server.
Unfortunately, the laptop isn't always connected to the network so when
it boots up, the process hangs when it tries to start the "message bus".
I figure the process blocks when it tries to change UID to that of the
dbus user. When the machine isn't connected to the network (ie. no cable
and wireless isn't available), the process just hangs.
Any suggestions on fixing this?
--
Richi Plana <richip(a)richip.dhs.org>
16 years, 10 months
[Fedora-directory-users] mod_nss compile fails
by Alan Ferrier
Hi guys,
Trying to do a "one-step" build. It's failing during the compile of
mod_nss-1.0.2 with:
nss_expr_eval.c: In function `nss_expr_eval_comp':
nss_expr_eval.c:116: error: `ap_regex_t' undeclared (first use in this
function)
nss_expr_eval.c:116: error: (Each undeclared identifier is reported only
once
nss_expr_eval.c:116: error: for each function it appears in.)
nss_expr_eval.c:116: error: `regex' undeclared (first use in this function)
nss_expr_eval.c:121: error: syntax error before ')' token
nss_expr_eval.c:133: error: syntax error before ')' token
make[2]: *** [nss_expr_eval.lo] Error 1
make[2]: Leaving directory
`/usr/local/src/dsbuild-fds102/ds/mod_nss/work/mod_nss-1.0.2'
make[1]: *** [build-work/mod_nss-1.0.2/Makefile] Error 2
make[1]: Leaving directory `/usr/local/src/dsbuild-fds102/ds/mod_nss'
make: *** [dep-../../ds/mod_nss] Error 2
Any clues would be appreciated.
Regards
Alan
--
-----------------------------
e-Commerce Systems Manager
I-play
3 Pitreavie Court
Pitreavie Business Park
Dunfermline KY11 8UU
UK
Tel: +44 (0) 1383 723234
Fax: +44 (0) 1383 723235
Mob: +44 (0) 7796 148326
=============================
________________________________________________________________________
E-mail is an informal method of communication and may be subject to data corruption, interception and unauthorised amendment for which I-play, a trading name of Digital Bridges Ltd will accept no liability. Therefore, it will normally be inappropriate to rely on information contained on e-mail without obtaining written confirmation.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
(C) 2005. I-play is a trademark and trading name of Digital Bridges Limited. All Rights Reserved.
________________________________________________________________________
This message has been checked for all known viruses by the
MessageLabs Virus Scanning Service. For further information visit
http://www.messagelabs.com/stats.asp
16 years, 10 months
[Fedora-directory-users] Why is the attribute nsaccountlock a multi-value?
by Arjan Franzen
Hi all,
In an application I'm currently developing I'm using the internal
attribute nsaccountlock to lockout accounts. While trying to set the
attribute I ran into trouble since it is a multi value: the result was
that a account at one point had the nsaccountlock attribute set to
"null, true" (mutli-value).
I solved the problem by altering 00-core.ldif (sorry) and make the
nsaccountlock a single value because I can't think of a scenario in
where you would want to have the account status set to multiple values.
Since then I've not run into trouble and I'm testing it now in a MM
environment (starting to test it)
Does anyone have any experience with this approach or can someone point
out the risks I'm taking with this?
regards,
Arjan
16 years, 10 months
[Fedora-directory-users] Few Fedora Directory Server questions
by prashant n
hi,
Can Fedora Directory Server be used for :
1) to provide enterprise-wide identity for employees ?
2) can this be integrated into Access Cards - Flash / Swipe
3) can this be integrated into EPABX
4) can we replace Windows Active Directory PDC which is authentifying my windows and *NIX workstations by Samba PDC using Fedora Directory Server.
5) Can my Cisco PIX, Squid Proxy, IPSec / SSL-VPN or any other Application (Apache, Zimbra, Subversion, Jive-WildeFire IM , etc which can talk to Active Directory and OpenLDAP for authentification) be configured to get user autentification from Fedora Directory Server
6) SSO ? Can I integrate Fedora Directory Server to my windows and *NIX workstation logons? will it result into, the email client MS Outlook 200x , Mozilla ThunderBird 1.x, Kontact 1.2.x, my browsers (IE 5.x & above, Mozilla Firefox 1.x) get authenticated automagically and will serve what they are intented to ie, send / receive emails, browse internet, etc without asking the user to key in his/her email id, email password etc
Please clarify my doubts
Thanks & Regards
Shann
-----------------------------------------------------------
Sign up and get your 30GB webmail at www.30gigs.com now!
16 years, 10 months
[Fedora-directory-users] Replication question
by Jo De Troy
Hello,
I was wondering if you could do replication between 2 LDAP servers who
each have a different root suffix (eg eu.example.com and
na.example.com) and replicate the both parts to each other. Both
servers have a different suffix in their userRoot database
Another question is
When looking in the replication agreement the supplier has port 389
and the consumer has port 636. How can I get the supplier port to be
636 also? Or is this not needed for security?
Is there somewhere a list explaining the different status error codes?
Thanks again,
Jo
16 years, 10 months
