[Fedora-directory-users] Windows 2003 synchronization considering OU
by Christian A. Rodriguez
Hi everybody, I have the following Scenario:
I have to synchronize users in Active Directory with my Fedora
Directory considering an organizational tree representing our
departments.
For example:
Active Directory Tree to synchronize:
-------------------------------------
ou=Users
+ou=IT
(users from IT department)
+ou=Development
(users from Development department)
+ou=Security
(users from Security department)
Then when I create the Windows Sync Agreement to synchronize ou=Users
in ADS with a tree of FDS, lets say ou=Active Directory, with the
given configuration:
* DS Host: fds.example.com:389
* Windows Host: ads.example.com:636
* DS Subtree: ou=Active Directory,dc=example,dc=com
* Windows Subtree: ou=Users,dc=example-ads,dc=com
* Replicated Subtree: ou=Active Directory,dc=example,dc=com
The problem I have is that the synchronization process only works when
I manually create the Organizational Units manually, but it doesn't
seems to be created automatically by the replication process.
The question is: Can FDS deal with OU replication with Active Directory?
Thanks in advance
--
Lic. Christian A. Rodriguez
16 years, 3 months
[Fedora-directory-users] failed to decode LDAP controls - error code 12 (not documented)
by Daniel Cristian Cruz
Hello all,
I'm deploying an LDAP structure at my organization, and I saw something
weird with a CISCO equipment, where Fedora DS give an error not
documented on wiki, nor any reference on the internet. The message
follow:
[27/Dec/2007:13:37:54 -0200] conn=1 op=20 SRCH base="o=AAA BBB" scope=2 filter="(&(objectClass=posixAccount)(o=CCC))", failed to decode LDAP controls
[27/Dec/2007:13:37:54 -0200] conn=1 op=20 RESULT err=12 tag=101 nentries=0 etime=0
Does anyone know what this mean?
Thanks,
--
Daniel Cristian Cruz
Analista de Sistemas - Administrador de Banco de Dados
SENAI/SC - Servico Nacional de Aprendizagem Industrial
NTI - Núcleo de Tecnologia da Informação
Fone: (48) 3239-1422
16 years, 3 months
[Fedora-directory-users] Regarding the SSL Issue??
by Singh Raina, Ajeet
Hi,
An interesting Log I noticed on the Server while running this command on
the Client side.
It seems to work for a particular time interval but after few minutes
starts displaying :
[27/Dec/2007:15:59:34 +051800] conn=162 fd=64 slot=64 SSL connection
from 10.14.236.31 to 10.14.236.169
[27/Dec/2007:15:59:34 +051800] conn=162 op=-1 fd=64 closed - Peer
reports failure of signature verification or key exchange.
[27/Dec/2007:16:00:04 +051800] conn=163 fd=64 slot=64 SSL connection
from 10.14.236.31 to 10.14.236.169
[27/Dec/2007:16:00:04 +051800] conn=163 op=-1 fd=64 closed - Peer
reports failure of signature verification or key exchange.
Whenever I run :
# getent passwd
It run fine :
[root@pe logs]# tail -f access
[27/Dec/2007:15:58:09 +051800] conn=151 fd=64 slot=64 SSL connection
from 10.14.236.31 to 10.14.236.169
[27/Dec/2007:15:58:09 +051800] conn=151 op=-1 fd=64 closed - Peer
reports failure of signature verification or key exchange.
[27/Dec/2007:15:58:09 +051800] conn=152 fd=64 slot=64 SSL connection
from 10.14.236.31 to 10.14.236.169
[27/Dec/2007:15:58:09 +051800] conn=152 op=-1 fd=64 closed - Peer
reports failure of signature verification or key exchange.
[27/Dec/2007:15:58:19 +051800] conn=153 fd=64 slot=64 SSL connection
from 10.14.236.31 to 10.14.236.169
[27/Dec/2007:15:58:19 +051800] conn=153 SSL 256-bit AES
[27/Dec/2007:15:58:19 +051800] conn=153 op=0 BIND dn="" method=128
version=3
[27/Dec/2007:15:58:19 +051800] conn=153 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[27/Dec/2007:15:58:19 +051800] conn=153 op=1 SRCH
base="ou=People,dc=im,dc=logica,dc=com" scope=2
filter="(objectClass=posixAccount)" attrs="uid userPassword uidNumber
gidNumber cn homeDirectory loginShell gecos description objectClass"
[27/Dec/2007:15:58:19 +051800] conn=153 op=1 RESULT err=0 tag=101
nentries=1 etime=0
[27/Dec/2007:15:58:19 +051800] conn=153 op=-1 fd=64 closed - B1
[27/Dec/2007:15:58:20 +051800] conn=154 fd=64 slot=64 SSL connection
from 10.14.236.31 to 10.14.236.169
[27/Dec/2007:15:58:20 +051800] conn=154 SSL 256-bit AES
[27/Dec/2007:15:58:20 +051800] conn=154 op=0 BIND dn="" method=128
version=3
[27/Dec/2007:15:58:20 +051800] conn=154 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[27/Dec/2007:15:58:20 +051800] conn=154 op=1 SRCH
base="ou=People,dc=im,dc=logica,dc=com" scope=2
filter="(objectClass=posixAccount)" attrs="uid userPassword uidNumber
gidNumber cn homeDirectory loginShell gecos description objectClass"
[27/Dec/2007:15:58:20 +051800] conn=154 op=1 RESULT err=0 tag=101
nentries=1 etime=0
[27/Dec/2007:15:58:20 +051800] conn=154 op=-1 fd=64 closed - B1
[27/Dec/2007:15:58:21 +051800] conn=155 fd=64 slot=64 SSL connection
from 10.14.236.31 to 10.14.236.169
[27/Dec/2007:15:58:21 +051800] conn=155 SSL 256-bit AES
[27/Dec/2007:15:58:21 +051800] conn=155 op=0 BIND dn="" method=128
version=3
[27/Dec/2007:15:58:21 +051800] conn=155 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[27/Dec/2007:15:58:21 +051800] conn=155 op=1 SRCH
base="ou=People,dc=im,dc=logica,dc=com" scope=2
filter="(objectClass=posixAccount)" attrs="uid userPassword uidNumber
gidNumber cn homeDirectory loginShell gecos description objectClass"
[27/Dec/2007:15:58:21 +051800] conn=155 op=1 RESULT err=0 tag=101
nentries=1 etime=0
[27/Dec/2007:15:58:21 +051800] conn=155 op=-1 fd=64 closed - B1
[27/Dec/2007:15:58:22 +051800] conn=156 fd=64 slot=64 SSL connection
from 10.14.236.31 to 10.14.236.169
[27/Dec/2007:15:58:22 +051800] conn=156 SSL 256-bit AES
[27/Dec/2007:15:58:22 +051800] conn=156 op=0 BIND dn="" method=128
version=3
[27/Dec/2007:15:58:22 +051800] conn=156 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[27/Dec/2007:15:58:22 +051800] conn=156 op=1 SRCH
base="ou=People,dc=im,dc=logica,dc=com" scope=2
filter="(objectClass=posixAccount)" attrs="uid userPassword uidNumber
gidNumber cn homeDirectory loginShell gecos description objectClass"
[27/Dec/2007:15:58:22 +051800] conn=156 op=1 RESULT err=0 tag=101
nentries=1 etime=0
[27/Dec/2007:15:58:22 +051800] conn=156 op=-1 fd=64 closed - B1
[27/Dec/2007:15:58:22 +051800] conn=157 fd=64 slot=64 SSL connection
from 10.14.236.31 to 10.14.236.169
[27/Dec/2007:15:58:22 +051800] conn=157 SSL 256-bit AES
[27/Dec/2007:15:58:22 +051800] conn=157 op=0 BIND dn="" method=128
version=3
[27/Dec/2007:15:58:22 +051800] conn=157 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[27/Dec/2007:15:58:22 +051800] conn=157 op=1 SRCH
base="ou=People,dc=im,dc=logica,dc=com" scope=2
filter="(objectClass=posixAccount)" attrs="uid userPassword uidNumber
gidNumber cn homeDirectory loginShell gecos description objectClass"
[27/Dec/2007:15:58:22 +051800] conn=157 op=1 RESULT err=0 tag=101
nentries=1 etime=0
[27/Dec/2007:15:58:22 +051800] conn=157 op=-1 fd=64 closed - B1
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
16 years, 3 months
[Fedora-directory-users] nsslapd-idletimeout does not seem to work
by Anthony Mizon
Hi
Im hoping this question has not been asked before but I cant find the
mailing list archives to confirm .. do they exist?
Anyway .. I am trying to close down idle client connections that have
been idle for 30 minutes a quick check of the directory server admin
guide and the code confirms that a setting for nsslapd-idletimeout: 1800
should do the trick under cn=config. Not so it seems!
I am expecting to see the socket closed down after 30 minutes of
inactivity .. I can confirm that this is not taking place with a simple
tcp dump running on the directory server machine.
Have I misunderstood what this option does?
Many thanks
Anthony
--
Anthony Mizon, <amizon(a)saviso.com>
http://www.saviso.com
Tel: +44 (0) 845 00 66 515
Fax: +44 (0) 845 00 66 525
Mobile: +44 (0) 7968 070 117
Saviso Consulting Limited,
St. John's Innovation Centre,
Cowley Road, Cambridge, CB4 0WS
16 years, 4 months
Re: [Fedora-directory-users] problem with unique search on gidNumber
by Jason Beavers
that search returns ALL results with with ANY gidNumber value set, not just those with "205"
----- Original Message ----
From: Rich Megginson <rmeggins(a)redhat.com>
To: General discussion list for the Fedora Directory server project. <fedora-directory-users(a)redhat.com>
Sent: Friday, December 14, 2007 10:57:40 AM
Subject: Re: [Fedora-directory-users] problem with unique search on gidNumber
Jason Beavers wrote:
> Yep, "gidnumber.db4" is there.
So what does a search for "(gidNumber=205)" return?
>
> ----- Original Message ----
> From: Rich Megginson <rmeggins(a)redhat.com>
> To: General discussion list for the Fedora Directory server project.
> <fedora-directory-users(a)redhat.com>
> Sent: Friday, December 14, 2007 10:19:54 AM
> Subject: Re: [Fedora-directory-users] problem with unique search on
> gidNumber
>
> Jason Beavers wrote:
> > well i cheated (lazy :-) ) and edited the index configuration using
> > the Fedora console, which regenerated the indexes.
> You can check - look in /opt/fedora-ds/slapd-instancename/db/userRoot
> and see if you have a gidNumber.db4 file.
> > Or so i was lead to believe it would based on the documentation.
> > should i be forcing it by runing the perl scripts instead?
> >
> > ----- Original Message ----
> > From: Rich Megginson <rmeggins(a)redhat.com
<mailto:rmeggins@redhat.com>>
> > To: General discussion list for the Fedora Directory server
project.
> > <fedora-directory-users(a)redhat.com
> <mailto:fedora-directory-users@redhat.com>>
> > Sent: Friday, December 14, 2007 8:08:24 AM
> > Subject: Re: [Fedora-directory-users] problem with unique search on
> > gidNumber
> >
> > Jason Beavers wrote:
> > > I'm trying to get unique searches working for "gidNumber." When
> > > trying a search as below:
> > >
> > > ./ldapsearch -b "dc=mydomain,dc=int"
> > > "(&(objectClass=groupOfNames)(gidNumber=205)(ou:dn:=Groups))" cn
> > gidNumber
> > >
> > >
> > > I'm getting results back with ALL entries with a gidNumber
attribute
> > > set, instead of just the one entry that matches "gidNumber=205."
> > > I've tried adding the gidNumber attribute to the indexes,
> > What steps did you take? You created the index configuration?
Then ran
> > db2index to generate the index files?
> > > however i cannot seem to get it to respond with a unique result.
> > Have you tried just "(gidNumber=205)" - does that work?
> > >
> > > What am I missing?
> > >
> > > Thanks in advance.
> > >
> > > -j
> > >
> > >
>
------------------------------------------------------------------------
> > > Never miss a thing. Make Yahoo your homepage.
> > > <http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs>
> > >
>
------------------------------------------------------------------------
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users(a)redhat.com
> <mailto:Fedora-directory-users@redhat.com>
> > <mailto:Fedora-directory-users@redhat.com
> <mailto:Fedora-directory-users@redhat.com>>
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> >
> >
> >
> >
------------------------------------------------------------------------
> > Looking for last minute shopping deals? Find them fast with Yahoo!
> > Search.
> >
>
<http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch...>
>
> >
> >
------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users(a)redhat.com
> <mailto:Fedora-directory-users@redhat.com>
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
>
>
------------------------------------------------------------------------
> Never miss a thing. Make Yahoo your homepage.
> <http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs>
>
------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
16 years, 4 months
[Fedora-directory-users] admin command lines for Fedora DS
by dandantheitman
Hey Guys,
I Sys. Admin a small office of about 50 users and we have 6 linux
boxes and 2 openBSD boxes. I am currently using NIS for management.
Am in the process of looking at moving from NIS to LDAP and after some
'googling' it seems that Fedora DS would cover all of my requirements.
I have installed the fedora DS and have manually (via the ds gui)
added a few users. I would prefer however to get away from the GUI
and perform everything from the command line. Thus far I have not
found any command line admin stuff.
Can you guys give me a hand with this stuff - or give me a pointer or
2. I am looking how to do the following:
* create groups
* add users
* add users with posix attributes,
* disable accounts.
* change passwords
you know the basic sort of stuff. I have taken a look on amazon and
oreilly but cannot see any Fedora DS specific books.
Thanks in advance for your help.
Dan
--
_____________________________________________________________
" They that can give up liberty to obtain a little temporary safety
deserve neither liberty nor safety. Benjamin Franklin 1706 - 1790
16 years, 4 months
[Fedora-directory-users] replication with certificate
by Elisa Pellegrini
Hi!
I'm trying to configure multi-master replication with ssl and certificate.
I have only one CA that issued certificate for suppliers server A and B.
The error is :
replication bind to on consumer faild: 49 (client certificate mapping
failed) .
In replication agreement I specified the name and 636 port for server B
but it's impossible to modify supplier server A port (389).
16 years, 4 months
[Fedora-directory-users] errot on replica: the replica has the same Replica ID
by Elisa Pellegrini
Hi!
I try to configure multi master replication and I follow instuction on
the administration's guide.
I have two supplier server A and B in read-write replica
My problem is the following error messages on the supplier A:
Unable to aquire replica:the replica has the same Replica ID as this
one. Replication is aborting.
Why?
the guide say that I must have a different replica ID for each suffix
and every server must have a different replica ID
So I use ID=1 for supplier B (the consumer) and ID=2 for supplier A .
I use the replication agreement only in supplier A.
16 years, 4 months
[Fedora-directory-users] Problem in FDS 1.04 on Fedora 7
by spark plug
I install FDS 1.0.4 and working for 2 weeks, everything ok, suddenly the slapd and admin wont start anymore.
I Check in errors logs, I cant found any logs related, only pass errors.
So I decide to install new FDS.
Then I try to re install again the FDS system with different directory prefix. Everything ok until in starting slapd server process.
Server group ID to use (default: nobody)
[slapd-prc]: starting up server ...
error:server:The server could not be started.
system_errno:2
error:could not create server prc - The server could not be started.
Configuring Administration Server...
Setting up Administration Server Instance...
ERROR: Administration Server configuration failed.
Any suggestion?
Thank you.
---------------------------------
Make the switch to the world's best email. Get the new Yahoo!7 Mail now.
16 years, 4 months
[Fedora-directory-users] Windows Sync
by Scott Belnap
I have a fresh AD install and have set up a Windows Sync between FDS and
AD am able to populate AD with all my FDS accounts. My issue is when I
first make the initial full synchronization FDS won't populating AD with
the passwords. The only way I can get FDS to populate the password in
AD is if I manually change the users' password on FDS. Can anyone give
me some advice on how to get the passwords to sync on the first full
sync process.
Mahalo!
16 years, 4 months