[Fedora-directory-users] admin console stays empty
by Marko Karg
Hi all,
I've freshly installed ds 1.0.4-1, got rid of hopefully all java issues,
and am now confronted with a empty admin console.
A connection to localhost:<adminport> via browser works well, slapd is
running, but the window after the login prompt stays empty.
Can please someone advise where I have to search for the error?
Thank you in advance!
Marko
17 years, 2 months
[Fedora-directory-users] Admin console's default view is empty
by Oscar A. Valdez
I'm running fedora-ds-1.0.4 on FC5. The server starts normally
with /opt/fedora-ds/slapd-pendragon/start-slapd, and serves ldap queries
normally.
However, when I start-admin or restart-admin, and then startconsole
(with the J2RE properly in my $PATH), I can log into the console, but
it's "Servers and Applications" tab is empty. The admin-serv logs don't
record anything out of the ordinary.
I'll appreciate help in getting my console back to work.
--
Oscar A. Valdez
Industrias Duraflex, S.A. de C.V.
17 years, 2 months
[Fedora-directory-users] How to ensure case sensitive authorisation?
by Ankur Agarwal
Hi,
In our LDAP I have a userID = "aagarwal" existing. My application authenticates successfully when i provide username as "aagarwal" or even as "Aagarwal". Is there a way to ensure case-sensitive authentcation?
In documentation i see some plugins :
Case Exact String Syntax Plug-in and
Case Ignore String Syntax Plug-in
Any idea if these are to be used to enforce case sensitive authentication? If yes then how to configure these?
regards,
Ankur
---------------------------------
The fish are biting.
Get more visitors on your site using Yahoo! Search Marketing.
17 years, 2 months
Re: [Fedora-directory-users] FDS / PAM Integration Questions
by Jonathan Schreiter
> 2) I've setup a second FDS to be act as a consumer (single master replication). I've followed the administator's documentation and set a simple cn=replication manager, cn=config on both servers to act as the bind for replication (via replication agreement). I've tested this and everything is working great (directory entries, GSSAPI, etc). I would imagine that when the replication binds, the password is sent in clear text. Is this true? If I create a new user in the cn=config and create a new sasl mapping (uid=\1,cn=config) can I simply create a kerberos principal with the same name and use GSSAPI for the bind? The same question as #1 above is will this session be encrypted via GSSAPI as well?
>
Server to server GSSAPI does not currently work. If you don't want to
send unencrypted clear text passwords over the wire, your best bet is to
set up SSL between the servers.
Hi Richard,
I've created a CA using openssl and installed the cacert on both FDS servers. I've then requested certificates from both servers, created certificates using the CA, and installed. I then enabled SSL on both servers and reset them. I deleted my old replication and created a new one that's identical except I've checked "Using encrypted SSL connection". I'm still using a Simple Authentication with uid=RManager,cn=config and password. The replication works great.
Is this password now sent encrypted (even though I'm not using SSL client authentication)? I'd like to keep this as simple as possible and didn't want to deal with client certificates at this point because I'm using GSSAPI.
Thanks again for all your help.
Regards,
Jonathan
17 years, 2 months
[Fedora-directory-users] Too many fds open
by Ankur Agarwal
Hi,
We ran a performance run on our application. With 20 users hitting the application we got this error in logs.
1) What operations in LDAP cause fds to open and exceed the limit specified?
2) If i use connection pool in my application to connect to LDAP will that get rid of the problem?
Thanks,
Ankur
===========================
[02/Feb/2007:15:04:44 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:15:12:29 +051800] - Listening for new connections again
[02/Feb/2007:15:12:29 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:15:12:29 +051800] - Listening for new connections again
[02/Feb/2007:15:41:37 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:15:41:38 +051800] - Listening for new connections again
[02/Feb/2007:15:41:38 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:15:41:38 +051800] - Listening for new connections again
[02/Feb/2007:15:41:38 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:15:47:25 +051800] - Listening for new connections again
[02/Feb/2007:16:25:28 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:16:44:12 +051800] - Listening for new connections again
[02/Feb/2007:16:44:12 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:16:44:14 +051800] - Listening for new connections again
[02/Feb/2007:16:44:14 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:16:44:14 +051800] - Listening for new connections again
[02/Feb/2007:16:44:14 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:16:52:00 +051800] - Listening for new connections again
[02/Feb/2007:16:52:00 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:16:52:00 +051800] - Listening for new connections again
[02/Feb/2007:16:52:00 +051800] - Not listening for new connections - too many fds open
[02/Feb/2007:16:54:10 +051800] - slapd shutting down - signaling operation threads
============================
---------------------------------
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.
17 years, 2 months
Re: [Fedora-directory-users] FDS / PAM Integration Questions
by Jonathan Schreiter
>
>Or, just use
>nsSaslMapBaseDNTemplate: ou=People,dc=myexample,dc=com
>nsSaslMapFilterTemplate: (uid=\1)
Hi Richard,
I found the root cause of my problems, and they are as follows (in case anyone else happens to be searching these archives). I was using a keytab file that was readable only by root, while I was running the server as the default install user of nobody. As soon as I opened read access to that user, all kerberos / gssapi / sasl mechanisms worked. Also, the confusion I had earlier of if I should enter in the detail via the console was due to the fact I hadn't refreshed all after making the addition to the config - sasl -mapping - mymap entry with the nssaslmapping. After I refreshed, this mapping appeared under the SASL Mapping in the configuration tab. I realize this probably isn't the most secure way of doing this, so I'll probably change the default user that the server runs as.
I have a few more questions regarding GSSAPI with FDS.
1) Because I have GSSAPI / SASL enabled, does this automatically enable encryption via GSSAPI? It mentioned that it will do this in the documentation, but I was unable to find the details of this.
2) I've setup a second FDS to be act as a consumer (single master replication). I've followed the administator's documentation and set a simple cn=replication manager, cn=config on both servers to act as the bind for replication (via replication agreement). I've tested this and everything is working great (directory entries, GSSAPI, etc). I would imagine that when the replication binds, the password is sent in clear text. Is this true? If I create a new user in the cn=config and create a new sasl mapping (uid=\1,cn=config) can I simply create a kerberos principal with the same name and use GSSAPI for the bind? The same question as #1 above is will this session be encrypted via GSSAPI as well?
Any help would be greatly appreciated. Thanks!
Jonathan
17 years, 2 months
[Fedora-directory-users] Message in error log
by Renato Ribeiro da Silva
The following message is frequently appearing in my slapd error log.
[01/Feb/2007:15:36:52 -0200] acl__TestRights - cache overflown
Any idea?
Thanks in advance,
Renato.
17 years, 2 months
Re:[Fedora-directory-users] set dite end time to fedora-ds
by Renato Ribeiro da Silva
This is happening because you enabled the option "User must change password after reset". In the Directory Server Console go to Configuration Tab, select Data, go to "Passwords" Tab and then uncheck this option.
> Hi to all, i have a problem with passwordExpirationTime.
> the problem is:
> my fedora-ds is set to " password expires after 180 days.
> and every user have "passwordExpirationTime: 20070807102527Z"
> but when i try to import this messagge appear "The error sent by the
> server was 'Object class violation. single-valued attribute
> "passwordExpirationTime" has multiple values".
> so if i delete the attribute "passwordExpirationTime" from the user,
> import work fine, but the date for the expiration password is set
> automatically by fedora-ds to "19001023000000Z ( or simil )".
> How i shoud set the ntp or the right date from fedora-ds 1.0.4 ???
> thanks to all
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
17 years, 2 months