I've got FDS supporting RHEL 4 clients, and have apparently missed
something in setup. I've set up the password policies on my FDS
servers, but still get the following sort of error:
[root@system ~]# su - arbitrary_username
Warning: your password will expire in 7 days
Do I need to disable pam_unix.so in /etc/pam.d/system-auth now that I
have that sort of thing handled in FDS?
Enterprise Systems Administrator
Information Systems Department
Oak Ridge Associated Universities
I have a ldif file for adding new attributes and objectClass. I use ldapmodify command and i am able to add attributes and objectclass on my dev and test environments. However when i run ldapmodify on Prod env (having master-master setup), command runs fine, status shows OK but schema modification do not get reflected. Since there are no error shown during script execution i am not able to figure out the cause.
Strangely 99user.ldif file shows these new attributes but still I dont see these added using LDAP browser.
Do I need to follow different steps for master-master set-up? Or is there some other mechanism to modify schema for this set-up?
Schema ldif contents are as given below:
objectClasses: ( coltOnlineUser-oid NAME 'testOnlineUser' SUP inetorgperson STRUCTURAL MUST ( c $ isPartner $ isPasswordLocked $ preferredContactMethod ) MAY ( address1 $ address2 $ belongsToOCN $ city $ isDeleted $ isMemberOf $ nsAccountLock $ status ) X-ORIGIN 'user defined' )
attributeTypes: ( isMemberOf-oid NAME 'isMemberOf' SYNTAX 188.8.131.52.4.1.14184.108.40.206.12 X-ORIGIN 'user defined' )
attributeTypes: ( address1-oid NAME 'address1' SYNTAX 220.127.116.11.4.1.1418.104.22.168.26 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( belongsToOCN-oid NAME 'belongsToOCN' SYNTAX 22.214.171.124.4.1.146 126.96.36.199.15 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( isPasswordLocked-oid NAME 'isPasswordLocked' SYNTAX 188.8.131.52.4.1.14184.108.40.206.27 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( address2-oid NAME 'address2' SYNTAX 220.127.116.11.4.1.1418.104.22.168.26 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( preferredContactMethod-oid NAME 'preferredContactMethod' SYNTAX 22.214.171.124.4.1.14126.96.36.199.26 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( city-oid NAME 'city' SYNTAX 188.8.131.52.4.1.14184.108.40.206.26 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( isDeleted-oid NAME 'isDeleted' DESC 'Whether the user is deleted from the system or not.' SYNTAX 220.127.116.11.4.1.1418.104.22.168.7 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( isPartner-oid NAME 'isPartner' SYNTAX 22.214.171.124.4.1.14126.96.36.199.27 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( status-oid NAME 'status' SYNTAX 188.8.131.52.4.1.14184.108.40.206.26 SINGLE-VALUE X-ORIGIN 'user defined' )
Food fight? Enjoy some healthy debate
in the Yahoo! Answers Food & Drink Q&A.
My goal is to authenticate our users via the Fedora directory server (FDS
The users OS is RedHat entrerprise linux 4, update 4.
I have started with openldap and everything works fine. Using the same
clients configuration file (exept changing the HOST to the fedora directory
server IP) i have fail to authenticate users to the FDS.
I created two users (via the console) and define the posixaccount parameters
I also failed to add new users via ldapadd using prepared ldif file.
I have a feeling that i miss somthing with the bind authentication. Maybe
somthing related to the why Fedora relate to the passwd (md5,Sha.....).
Thanks in advance
For testing purposes I installed ds with the ldap port set to 65000. I am done
with my testing and now would like to change that to the standard 389 port.
I tried following the written instructions for using the console to change it,
but messed up and now am unable to start the console. I can see it is still
trying to us port 65000.
How can I get this updated? I've tried manually changing all the files in the
ds root dir which contained an instance of the old 65000 URL, but no joy.
I need to grant authority to run ldapmodify and ldapdelete to a few
users (our users have these objectClass attributes: person,
organizationalPerson, inetOrgPerson, posixAccount, and dn's of this
type: dn: uid=jdoe,ou=People,dc=domain,dc=com)
How should I grant a few of these users authority to run ldapmodify and
Oscar A. Valdez
Installing a new DS into an existing FDS configuration container. Existing
container is fds1.hq.powerset.com, I'm installing a new server as
fds1.sv.powerset.com and writing the configuration info to
Here's my setup log:
[slapd-fds1]: [22/Feb/2007:19:38:46 +0000] - slapd started. Listening on
terfaces port 389 for LDAP requests
Your new directory server has been started.
Created new Directory Server
Start Slapd Starting Slapd server configuration.
Success Slapd Added Directory Server information to Configuration Server.
Configuring Administration Server...
Setting up Administration Server Instance...
ERROR: Administration Server configuration failed.
You can now use the console. Here is the command to use to start the
./startconsole -u admin -a http://fds1.sv.powerset.com:22628/
INFO Finished with setup, logfile is setup/setup.log
The configuration information was successfully written to fds1.hq, but the
admin server on fds1.sv was not setup correctly. I tried looking around for
any relevant logfiles, but couldn't find any. Any suggestions on where to
I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a
slave); are there any gotchas that I should look out for before
upgrading to 1.0.4? Can I go directly to this release, or do I need to
first upgrade to .3? Thanks for your help.
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
I have set password rules (expiry, lockout period etc) using RedHat management console. However on Production we do not have access to this console. Hence would be great if you could help me in applying those changes/policies/rules though some command line utility or command.
Can i export from dev instance and apply to production somehow?
No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.