[Fedora-directory-users] Password expiration question
by Rankin, Kent
I've got FDS supporting RHEL 4 clients, and have apparently missed
something in setup. I've set up the password policies on my FDS
servers, but still get the following sort of error:
[root@system ~]# su - arbitrary_username
Warning: your password will expire in 7 days
System.network.tld>
Do I need to disable pam_unix.so in /etc/pam.d/system-auth now that I
have that sort of thing handled in FDS?
--
Kent Rankin
Enterprise Systems Administrator
Information Systems Department
Oak Ridge Associated Universities
16 years, 9 months
[Fedora-directory-users] Schema changes not reflected
by Ankur Agarwal
Hi,
I have a ldif file for adding new attributes and objectClass. I use ldapmodify command and i am able to add attributes and objectclass on my dev and test environments. However when i run ldapmodify on Prod env (having master-master setup), command runs fine, status shows OK but schema modification do not get reflected. Since there are no error shown during script execution i am not able to figure out the cause.
Strangely 99user.ldif file shows these new attributes but still I dont see these added using LDAP browser.
Do I need to follow different steps for master-master set-up? Or is there some other mechanism to modify schema for this set-up?
regards,
Ankur
Schema ldif contents are as given below:
==================
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( coltOnlineUser-oid NAME 'testOnlineUser' SUP inetorgperson STRUCTURAL MUST ( c $ isPartner $ isPasswordLocked $ preferredContactMethod ) MAY ( address1 $ address2 $ belongsToOCN $ city $ isDeleted $ isMemberOf $ nsAccountLock $ status ) X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( isMemberOf-oid NAME 'isMemberOf' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( address1-oid NAME 'address1' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( belongsToOCN-oid NAME 'belongsToOCN' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( isPasswordLocked-oid NAME 'isPasswordLocked' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( address2-oid NAME 'address2' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( preferredContactMethod-oid NAME 'preferredContactMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( city-oid NAME 'city' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( isDeleted-oid NAME 'isDeleted' DESC 'Whether the user is deleted from the system or not.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( isPartner-oid NAME 'isPartner' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-
add: attributeTypes
attributeTypes: ( status-oid NAME 'status' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
==================
---------------------------------
Food fight? Enjoy some healthy debate
in the Yahoo! Answers Food & Drink Q&A.
16 years, 9 months
[Fedora-directory-users] authentication linux users via Fedora directory server
by Yoram Kahana
Hi
My goal is to authenticate our users via the Fedora directory server (FDS
7.1).
The users OS is RedHat entrerprise linux 4, update 4.
I have started with openldap and everything works fine. Using the same
clients configuration file (exept changing the HOST to the fedora directory
server IP) i have fail to authenticate users to the FDS.
I created two users (via the console) and define the posixaccount parameters
as well.
I also failed to add new users via ldapadd using prepared ldif file.
I have a feeling that i miss somthing with the bind authentication. Maybe
somthing related to the why Fedora relate to the passwd (md5,Sha.....).
Any idea?
Thanks in advance
Yoram
16 years, 9 months
[Fedora-directory-users] Manually reset ldap port?
by Stephen Nesbitt
All:
For testing purposes I installed ds with the ldap port set to 65000. I am done
with my testing and now would like to change that to the standard 389 port.
I tried following the written instructions for using the console to change it,
but messed up and now am unable to start the console. I can see it is still
trying to us port 65000.
How can I get this updated? I've tried manually changing all the files in the
ds root dir which contained an instance of the old 65000 URL, but no joy.
Thanks!
-steve
16 years, 9 months
[Fedora-directory-users] Granting authority to run ldapmodify and ldapdelete
by Oscar A. Valdez
I need to grant authority to run ldapmodify and ldapdelete to a few
users (our users have these objectClass attributes: person,
organizationalPerson, inetOrgPerson, posixAccount, and dn's of this
type: dn: uid=jdoe,ou=People,dc=domain,dc=com)
How should I grant a few of these users authority to run ldapmodify and
ldapdelete?
--
Oscar A. Valdez
16 years, 9 months
[Fedora-directory-users] Admin server installation failed, which logfile should I check?
by Richard Hesse
Background:
Installing a new DS into an existing FDS configuration container. Existing
container is fds1.hq.powerset.com, I'm installing a new server as
fds1.sv.powerset.com and writing the configuration info to
fds1.hq.powerset.com.
Here's my setup log:
[slapd-fds1]: [22/Feb/2007:19:38:46 +0000] - slapd started. Listening on
All In
terfaces port 389 for LDAP requests
Your new directory server has been started.
Created new Directory Server
Start Slapd Starting Slapd server configuration.
Success Slapd Added Directory Server information to Configuration Server.
Configuring Administration Server...
Setting up Administration Server Instance...
ERROR: Administration Server configuration failed.
You can now use the console. Here is the command to use to start the
console:
cd /opt/fedora-ds
./startconsole -u admin -a http://fds1.sv.powerset.com:22628/
INFO Finished with setup, logfile is setup/setup.log
The configuration information was successfully written to fds1.hq, but the
admin server on fds1.sv was not setup correctly. I tried looking around for
any relevant logfiles, but couldn't find any. Any suggestions on where to
look? Thanks.
-richard
16 years, 9 months
[Fedora-directory-users] Preparing to upgrade to fds 1.0.4
by Bliss, Aaron
Hi everyone
I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a
slave); are there any gotchas that I should look out for before
upgrading to 1.0.4? Can I go directly to this release, or do I need to
first upgrade to .3? Thanks for your help.
Aaron
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
16 years, 9 months
[Fedora-directory-users] Setting password expiry and other rules through command line or script
by Ankur Agarwal
Hi,
I have set password rules (expiry, lockout period etc) using RedHat management console. However on Production we do not have access to this console. Hence would be great if you could help me in applying those changes/policies/rules though some command line utility or command.
Can i export from dev instance and apply to production somehow?
regards,
Ankur
---------------------------------
No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.
16 years, 9 months
