[Fedora-directory-users] Replication multiple suffixes
by Jo De Troy
Hello,
I was wondering what the best way to setup multi-master replication was when
multiple suffixes exist on each supplier.
Should we first setup each supplier with the same root suffix in the
userRoot DB, then setup replication. Then create the 2nd suffix in a
separare database and setup replication for this suffix ...
I'm currently trying to use the mmr script to setup replication without succes.
I have 2 Fedora DS servers running each with a different suffix in
their userRoot and would like to setup replication te each other.
Thanks in advance,
Jo
16 years, 5 months
[Fedora-directory-users] RPM/SRPM issues and old RHEL
by Oliver Hookins
Hi there,
I'm trying to get started testing out Fedora Directory Server with the
goal of replacing our OpenLDAP infrastructure. Most of our servers are
RHEL3/4 so there are no big issues there since there are already
prepackaged binary RPMS for those platforms.
But we do have two RHEL2.1 server which we will definitely need packages
for in order to do any migration to FDS. Upgrading these servers to
RHEL3/4 is not an option. Looking at the spec file of the SRPM from
RHEL3 it seems like dependencies won't be a problem, the spec file
itself is a mess and doesn't come close to building everything (which I
understand is a work in progress).
So my questions are: has anyone got FDS running well on RHEL2.1 (either
by compiling directly from source, shoehorning the RPM from RHEL3 or
building the RPM from the SRPM)? Has anyone written their own spec file
from scratch to build FDS in its entirety from sources? I also wanted to
change the installation prefix from /opt so getting a working and
complete spec file would be very desirable.
--
Regards,
Oliver Hookins
Anchor Systems
16 years, 7 months
[Fedora-directory-users] install/uninstall admin-serv
by Diana Shepard
The problem is that whenever I try to start the
Directory Server Console via command line
"startconsole", I get the following error (libjss3.so
is in /opt/fedora-ds/lib, and readable):
Exception in thread "main" java.lang.UnsatisfiedLinkError:
/opt/fedora-ds/lib/libjss3.so: /opt/fedora-ds/lib/libjss3.so: cannot
open shared object file: No such file or directory
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485)
at java.lang.Runtime.loadLibrary0(Runtime.java:788)
at java.lang.System.loadLibrary(System.java:834)
at
org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:133
0)
at
org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822)
at
org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795)
at
com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown
Source)
at
com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocketF
actory(Unknown Source)
at
com.netscape.management.client.console.Console.LDAPinitialization(Unknow
n Source)
at com.netscape.management.client.console.Console.<init>(Unknown
Source)
at com.netscape.management.client.console.Console.main(Unknown
Source)
Diana Shepard
Date: Mon, 28 Aug 2006 15:59:40 -0600
From: Richard Megginson <rmeggins(a)redhat.com>
Subject: Re: [Fedora-directory-users] install/uninstall admin-serv
only
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Message-ID: <44F3674C.1090202(a)redhat.com>
Content-Type: text/plain; charset="iso-8859-1"
Diana Shepard wrote:
>
> Is there a way to unistall and reinstall the
> admin-serv only?
>
Maybe, it depends.
>
> Mine seems to have gotten corrupted
> somehow.
>
What seems to be the problem?
>
> Diana Shepard
> University of Colorado
>
16 years, 9 months
[Fedora-directory-users] Howto on Basic Setup
by James Richardson
Hi All,
There seems to be a lot of install/design documentation regarding FDS,
however I've not been able to find a quick "howto" on setting a FDS up
for a small company. For example, say a shop with 25-50 linux machines
and 150 or so user accounts.
For example, what all attributes should I be applying to my user
objects? Is it necessary to subclass the schema or is there something
already that fits my needs out there? Ninty-Five percent of the job of
this FDS will be authentication user accounts to linux machines (other
5% could be authenticating web access or something like that).
Thanks,
James T. Richardson, Jr.
jrichardson(a)x-iss.com
eXcellence in IS Solutions, Inc.
Office: 713-862-9200 x226
NOTICE:
This message may contain privileged or otherwise confidential information. If you are not the intended recipient, please immediately advise the sender by reply email and delete the message and any attachments without using, copying or disclosing the contents.
16 years, 9 months
[Fedora-directory-users] LD_LIBRARY_PATH question
by Philip Kime
I've just build an LDAP dev server, the same as my prod servers.
However, I can't start the console via HTTPS under X (no problems under
windows). I have the same libraries etc. on my dev box (copied from
PROD, where it works, in fact). I get the "libnss3.s0 not found". This
library is certainly in /opt/fedora-ds/shared/lib, where LD_LIBRARY_PATH
points to in startconsole. I found out why it works on PROD but not on
DEV - this is because /usr/lib/libnss3.s0 exists on PROD but not on DEV.
HOWEVER - why is it looking in /usr/lib when LD_LIBRARY_PATH is set to
look in /opt/fedora-ds/shared/lib? Here is the output on PROD, where it
works:
[root@hqldap01 ~]# echo $LD_LIBRARY_PATH
/opt/fedora-ds/shared/lib
[root@hqldap01 ~]# ldd /opt/fedora-ds/lib/libjss3.so
linux-gate.so.1 => (0xffffe000)
libnss3.so => /usr/lib/libnss3.so (0xf7f48000)
libsmime3.so => /usr/lib/libsmime3.so (0xf7f28000)
libssl3.so => /usr/lib/libssl3.so (0xf7f08000)
libplc4.so => /usr/lib/libplc4.so (0xf7f04000)
libplds4.so => /usr/lib/libplds4.so (0xf7f01000)
libnspr4.so => /usr/lib/libnspr4.so (0xf7ed0000)
libjvm.so => not found
libjava.so => not found
libc.so.6 => /lib/tls/libc.so.6 (0xf7da5000)
libsoftokn3.so => /usr/lib/libsoftokn3.so (0xf7d3f000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0xf7d2d000)
libdl.so.2 => /lib/libdl.so.2 (0xf7d28000)
/lib/ld-linux.so.2 (0x56555000)
This upsets me as I assumed that it was using the nice new libnss3 etc.
libs from the fedora tree. LD_LIBRARY_PATH seems to be doing nothing at
all. I can't see any SUID/SGID things in there which would disable
LD_LIBRARY_PATH? On DEV, it doesn't work because:
[root@ldapdev001 ~]# echo $LD_LIBRARY_PATH
/opt/fedora-ds/shared/lib
[root@ldapdev001 ~]# ldd /opt/fedora-ds/lib/libjss3.so
linux-gate.so.1 => (0xffffe000)
libnss3.so => not found
libsmime3.so => not found
libssl3.so => not found
libplc4.so => not found
libplds4.so => not found
libnspr4.so => not found
libjvm.so => not found
libjava.so => not found
libc.so.6 => /lib/tls/libc.so.6 (0xf7e4a000)
/lib/ld-linux.so.2 (0x56555000)
Now I'm worried that by PROD servers are using older libraries by
finding them in /usr/lib ...
PK
--
Philip Kime
NOPS Systems Architect
310 401 0407
16 years, 9 months
[Fedora-directory-users] FDS + pGina vs FDS + SAMBA
by notinh notien
Hi, I am a newbie with FDS and LDAP and I would like to ask for some
suggestions.
My LAN consists of Windows XP workstations and laptops, File server (capable
of UNIX NIS), Linux servers, Open Exchange server (LDAP).
Currently, each user use their assigned PCs. There are computers in the lab
and some laptops in conference rooms and they have shared accounts to use
them. There are no need for roaming profiles. My users store their files
locally on their PCs and file server.
I would like to unify their accounts so that they only need at most 2
accounts + 2 passwords (1 for Open Exchange and 1 for their assigned PCs +
file server + Linux Shell accounts), for the computers in the lab and
conference rooms only people with access will have access to special
accounts.
With my environment, I want Windows (PCs + laptops) to authenticate directly
to FDS and not through SAMBA with the help of pGina. I can set up Linux
server to authenticate directly to FDS. However, I am wondering about my
file server because this file server is commercial product and it is only
capable of doing UNIX NIS or Windows AD. I do not want any Windows server
in my LAN, so ... Will I be able to integrate this file server to the FDS
server?
In my environment, SAMBA would only be used for print server and it could be
on the same box with FDS. Do you see any problems here? Should I also
connect SAMBA to FDS for printer access?
I do not care much about other fancy things of PDC, however, I am afraid
that I might not see all the benefits of having FDS + SAMBA = PDC setup.
Could someone tell me what you think of my environments? Should I go with
or without PDC?
What is best suited for my environments?
Thank you for any suggestions.
NN.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
16 years, 9 months
[Fedora-directory-users] Time Skew Error
by Sam Barnard
I have done everything I can to find documentation on where this error
comes from and how to fix it, however I cannot find anything. The
information I have found is that the time of the two servers has to be
more than 24 hours off in order for this to happen. However my time is
well within the suggested limits.
[31/Aug/2006:13:43:06 -0400] NSMMReplicationPlugin -
agmt="cn=To_SLP-CT02" (SLP-CT02:389): Unable to acquire replica:
Excessive clock skew between the supplier and the consumer. Replication
is aborting.
[31/Aug/2006:13:43:06 -0400] NSMMReplicationPlugin -
agmt="cn=To_SLP-CT02" (SLP-CT02:389): Incremental update failed and
requires administrator action
Fedora-Directory/1.0.2 B2006.060.1925
SLP-CT01.velocitypayment.com:389 (/opt/fedora-ds/slapd-SLP-CT01)
[root@SLP-CT01 logs]# ntpdate -q time.nist.gov
server 192.43.244.18, stratum 1, offset 0.245936, delay 0.07451
31 Aug 14:23:09 ntpdate[8092]: adjust time server 192.43.244.18 offset
0.245936 sec
[root@SLP-CT02 root]# ntpdate -q time.nist.gov
server 192.43.244.18, stratum 1, offset 0.372832, delay 0.07402
31 Aug 14:23:37 ntpdate[8734]: adjust time server 192.43.244.18 offset
0.372832 sec
These two servers are setup in a multimaster configuration, contantly
replicating to each other. Up until a week ago the servers had been
replicating without interruption for about at least a two month (I
started here a month ago) and now they do not seem to want to replicate
any more.
I am new to LDAP in general, so if you need more information please let
me know what.
Thanks in advance.
Sam Barnard
Systems Administrator
Govolution LLC
(703) 894-5000 x 5703
sbarnard(a)govolution.com
This electronic mail message and any attachments contain information
intended for the exclusive use of the party to whom it is addressed and
may contain information that is proprietary, privileged, confidential
and/or exempt from disclosure. If you are not the intended recipient,
you are hereby notified that any viewing, copying, disclosure or
distribution of this information is prohibited.
16 years, 9 months
[Fedora-directory-users] windows sync SSL issues
by Dustin Ebert
I have been struggling with windows sync for a while now. I am
running FDS 1.0 on Centos 4.3. I have read Howto:SSL and when
doing an "ldapsearch -x -ZZ" and "netstat -an | grep 636" all
look okay.
Once this was complete on the FDS side, I setup the windows
2003 standard server via the instructions listed previously
on the list.
www.archivesat.com/Fedora_Directory_server_developer_discussion./thread92993
4.htm
Most of this was a bit confusing to me because I am somewhat
new to LDAP and SSL cert setup. When I attempt to sync, I get
the error:
The consumer initialization has unsuccessfully completed.
The error received by the replica is: '49 -LDAP error: Invalid credentials'.
simple authentication
I used bind as: cn=administrator
I must be missing some step. Any idea or methods to
troubleshoot this?
Is there a more complete "FDS with PassSync Howto" out there?
Thanks
16 years, 9 months
RE: [Fedora-directory-users] Howto on Basic Setup
by HAWKER, Dan
> Then you would want to use a client that allows a single
> password entry and encodes it for the userPassword
> (posixAccount/shadowAccount) attribute and for the
> sambaNTPassword and optionally the sambaLMPassword. Clients
> for this purpose are listed here...
>
I'm using LDAPAdmin (http://ldapadmin.sourceforge.net) to accomplish this
part of the equation. It's a Win32 app that connects fine and can add
objects using a GUI and default mechanism (easy
addition/deletion/modification) and can set Samba/Posix passwords at the
same time. With new releases you can create XML based templates that
integrate fully into the interface. This enables you to add extra attributes
you may need in addition to LDAPAdmins default set when adding/modifying an
object (a user for instance).
The one pain at the moment is that it doesn't use
groupofuniquenames/uniqueMember for groups (uses posixGroup/uid) so I have
to add that bit manually (has a manual edit function too) if required rather
than doing it automagically using the GUI. However the developer is very
quick and on the ball, so after explaining this to him, hes adding that
functionality in the next release.
Dan
--
Dan Hawker
Linux System Administrator
EADS Astrium
--
This email is for the intended addressee only.
If you have received it in error then you must not use, retain, disseminate or otherwise deal with it.
Please notify the sender by return email.
The views of the author may not necessarily constitute the views of Astrium Limited.
Nothing in this email shall bind Astrium Limited in any contract or obligation.
Astrium Limited, Registered in England and Wales No. 2449259
Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England
16 years, 9 months
