March 2007 - 389-users - Fedora Mailing-Lists

[Fedora-directory-users] LDAP Server Unwilling to perform replication?

by James S. White

So I'm trying to set up a repication agreement and I get "LDAP server unwilling to perform". Any thoughts as to why this error might occur. It's not very descriptive. This is a replication agreement Name:: sapphire-topaz Replica Entry DN:: cn=replica,cn="dc=int,dc=domain,dc=com",cn=mapping tree,cn=config Supplier: sapphire.int.domain.com:636 Consumer: topaz.int.domain.com:636 Using encrypted SSL connection Authenticate using: Simple authentication Replicated subtree:: dc=int,dc=domain,dc=com Attributes: null Schedule: Always keep directories in sync ----------------------------------------------------------------------- James S. White primary/voip: (615) 469-0268 220 Hidden Valley Rd. .O. mobile: (256) 476-2619 Danville, AL 35619 ..O work: (615) 445-7338 http://www.jameswhite.org OOO work cell: (615) 517-6552 james(a)jameswhite.org fax: (866) 260-5465 ----------------------------------------------------------------------- America will never be destroyed from the outside. If we falter and lose our freedoms, it will be because we destroyed ourselves. -- Abraham Lincoln

16 years

2
1
0 / 0

[Fedora-directory-users] Adding custom attributes without the gui

by James S. White

How does one add custom attributes and objectclasses without using the GUI in fedora-ds? ----------------------------------------------------------------------- James S. White primary/voip: (615) 469-0268 220 Hidden Valley Rd. .O. mobile: (256) 476-2619 Danville, AL 35619 ..O work: (615) 445-7338 http://www.jameswhite.org OOO work cell: (615) 517-6552 james(a)jameswhite.org fax: (866) 260-5465 ----------------------------------------------------------------------- America will never be destroyed from the outside. If we falter and lose our freedoms, it will be because we destroyed ourselves. -- Abraham Lincoln

16 years

3
2
0 / 0

[Fedora-directory-users] Can't Create Root Entry

by James S. White

So I'm logged in as cn="Directory Manager" on Fedora Directory Server 1.0.4 and I've created the database for dc=ama,dc=domain,dc=com under the configuratio n tab, but when I try to create the new root object under the Directory tab is complains: Can't Create Root Entry Only the Directory Manager has the right to create the Root Entry Log in as Directory Manager to be able to perform this operation. ----------------------------------------------------------------------- James S. White primary/voip: (615) 469-0268 220 Hidden Valley Rd. .O. mobile: (256) 476-2619 Danville, AL 35619 ..O work: (615) 445-7338 http://www.jameswhite.org OOO work cell: (615) 517-6552 james(a)jameswhite.org fax: (866) 260-5465 ----------------------------------------------------------------------- America will never be destroyed from the outside. If we falter and lose our freedoms, it will be because we destroyed ourselves. -- Abraham Lincoln

16 years

1
1
0 / 0

[Fedora-directory-users] VLV index and uid attribute

by Ville Silventoinen

I know there was an earlier thread about using uid attribute for sorting and that it's not supported by the Console: http://www.mail-archive.com/fedora-directory-users@redhat.com/msg04439.html However, I thought I'd try following approach: 1. I deleted previous Browsing index for People by using the Console. 2. I created following VLV entries as it suggests in the Admin Guide "Managing Indexes" chapter (my database is called "ebiRoot"): dn: cn=MCC ou=People dc=ebi dc=ac dc=uk,cn=ebiRoot,cn=ldbm database,cn=plugins,cn=config objectClass: top objectClass: vlvSearch cn: MCC ou=People dc=ebi dc=ac dc=uk vlvBase: ou=People,dc=ebi,dc=ac,dc=uk vlvScope: 1 vlvFilter: (|(objectclass=*)(objectclass=ldapsubentry)) dn: cn=by MCC ou=People dc=ebi dc=ac dc=uk,cn=MCC ou=People dc=ebi dc=ac dc=uk,cn=ebiRoot,cn=ldbm database,cn=plugins,cn=config objectClass: top objectClass: vlvIndex cn: by MCC ou=People dc=ebi dc=ac dc=uk vlvSort: uid 3. Then I shutdown slapd and ran the vlvindex command: $ ./vlvindex -n ebiRoot -T "by MCC ou=People dc=ebi dc=ac dc=uk" [23/Mar/2007:16:47:05 +0000] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [23/Mar/2007:16:47:05 +0000] - dblayer_instance_start: pagesize: 4096, pages: 518726, procpages: 6433 [23/Mar/2007:16:47:05 +0000] - cache autosizing: import cache: 204800k [23/Mar/2007:16:47:05 +0000] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [23/Mar/2007:16:47:06 +0000] - ebiRoot: Indexing VLV: by MCC ou=People dc=ebi dc=ac dc=uk [23/Mar/2007:16:47:06 +0000] - ebiRoot: Indexed 1000 entries (70%). [23/Mar/2007:16:47:06 +0000] - ebiRoot: Finished indexing. Looks like everything went well from the output. 4. Start slapd, start the console. When I view People, they are still sorted by cn. Why does it ignore the VLV config that created above? I also confirmed from Console that vlvsort is set to "uid". This is not a major problem, I'm just curious why the above solution doesn't work? It looks like Console doesn't care what the vlvSort value is? I don't understand how it can sort with cn when there is no index. Thanks! Ville

16 years

3
3
0 / 0

[Fedora-directory-users] Deleting database

by Ville Silventoinen

I'm using Fedora DS 1.0.4. I've written an application that uses Fedora DS and next I'm planning to write unit tests. I'm wondering if there is a way to delete the whole userRoot database and create it again? I searched the documentation and there seems to be a way to create the database from command line, but no way to delete it, except from the GUI? The reason I'd like to re-create the database is that it simplifies writing unit tests. Before each test case I'd like to re-create the database and import a fixture. Well, that's how I've done unit tests for database applications before, perhaps someone has a better approach? Thank you for any advice! Best regards, Ville

16 years

3
9
0 / 0

[Fedora-directory-users] java 64bit libjss3.0 Can't load AMD 64-bit .so on a AMD 64-bit platform

by Nguyen, A (Alex)

Hi, I'm fairly new to FDS and was going thru the manual on configuring encryption for the Administration and Directory Servers. The problem begins after configuring SSL for the Admin Server and restarting the console. Attempts to start the console yielded this Java exception listed below. I've read in previous threads where there was a mismatch between the lib and the Java version but in this case, both are 64bit. [root@brpswg01 fedora-ds]# ./startconsole -u admin -a https://`hostname`:43811 Exception in thread "main" java.lang.UnsatisfiedLinkError: /opt/app/fedora-ds/lib/libjss3.so: Can't load AMD 64-bit .so on a AMD 64-bit platform at java.lang.ClassLoader$NativeLibrary.load(Native Method) at java.lang.ClassLoader.loadLibrary0(Unknown Source) at java.lang.ClassLoader.loadLibrary(Unknown Source) at java.lang.Runtime.loadLibrary0(Unknown Source) at java.lang.System.loadLibrary(Unknown Source) at org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:133 0) at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822) at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795) at com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown Source) at com.netscape.management.client.comm.HttpsChannel.<clinit>(Unknown Source) at com.netscape.management.client.comm.HttpManager.createChannel(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.HttpManager.get(Unknown Source) at com.netscape.management.client.console.Console.invoke_task(Unknown Source) at com.netscape.management.client.console.Console.authenticate_user(Unknown Source) at com.netscape.management.client.console.Console.<init>(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) [root@brpswg01 fedora-ds]# file /opt/app/fedora-ds/lib/libjss3.so /opt/app/fedora-ds/lib/libjss3.so: ELF 64-bit LSB shared object, AMD x86-64, version 1 (SYSV), not stripped [root@brpswg01 fedora-ds]# file `which java` /opt/app/jre1.5.0_11/bin/java: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.4.0, dynamically linked (uses shared libs), stripped [root@brpswg01 fedora-ds]# md5sum /opt/app/fedora-ds/lib/libjss3.so 2098364ec91d9b354e9086806852ae5d /opt/app/fedora-ds/lib/libjss3.so At this point, the console will not startup but the Directory Server is fine (I can query and modify userRoot db just fine). I'm running FDS 1.0.4 on RHEL 4 Update 4 (2.6.9-42.0.10.ELsmp) with Sun JRE 1.5.0_11. If someone has some pointers on where I'm going wrong, that'll be much appreciated. Thx, -an

16 years

1
0
0 / 0

[Fedora-directory-users] MMR broken, reinitialization erases db

by Chris St. Pierre

Sometime earlier this week (still trying to determine when), the multi-master replication on one of our databases broke. I tried to reinitialize it between a few of the hosts, and I got a bunch of errors: [22/Mar/2007:09:27:39 -0500] NSMMReplicationPlugin - multimaster_be_state_change: replica o=isp is going offline; disabling replication [22/Mar/2007:09:27:41 -0500] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [22/Mar/2007:09:27:45 -0500] - ERROR bulk import abandoned [22/Mar/2007:09:27:45 -0500] - import userRoot: Aborting all import threads... [22/Mar/2007:09:27:53 -0500] - import userRoot: Import threads aborted. [22/Mar/2007:09:27:53 -0500] - import userRoot: Closing files... [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/owner.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/mail.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/modifytimestamp.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/telephoneNumber.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/nsUniqueId.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/objectclass.db4: unable to flush:No such file or directory [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/ou.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/icsCalendar.db4: unable to flush:No such file or directory [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/sambaSID.db4: unable to flush: Nosuch file or directory [22/Mar/2007:09:27:56 -0500] - libdb: userRoot/givenName.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/gidnumber.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/createtimestamp.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/cn.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/sn.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/uid.db4: unable to flush: No suchfile or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/uidNumber.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/aci.db4: unable to flush: No suchfile or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/uniquemember.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/parentid.db4: unable to flush: Nosuch file or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/entrydn.db4: unable to flush: No such file or directory [22/Mar/2007:09:27:57 -0500] - libdb: userRoot/id2entry.db4: unable to flush: Nosuch file or directory [22/Mar/2007:09:27:57 -0500] - import userRoot: Import failed. [22/Mar/2007:09:27:57 -0500] - process_bulk_import_op: NULL backend This erased the database, and I was left with no data. Subsequently, I've restarted FDS, restored from backup using bak2db.pl, and it still doesn't work. Any ideas? Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University ---------------------------- Never send mail to thobrux(a)nebrwesleyan.edu

16 years

3
7
0 / 0

[Fedora-directory-users] consumer reinitialization ...

by Reinhard Nappert

Hi, I work with Fedora DS 1.0.4 in an replicated environment (no matter if multi-master or master slave relationship). When I switch the role of one consumer (let's say from a supplier (multi-master setup) to a dedicated consumer), I get the following error: [20/Mar/2007:11:55:24 -0400] agmt="cn=master2slave" (slave:389) - Can't locate CSN 46000257000000020000 in the changelog (DB rc=-30990). The con sumer may need to be reinitialized. Is there a way to avoid this. It really does not change anything on the master side. Thanks, -Reinhard

16 years

1
0
0 / 0

[Fedora-directory-users] Integrating EMC NAS (and Solaris How-To)

by Jim Hogan

I am trialing an EMC NS350 as a candidate NAS to serve CIFS and NFS clients (XP, OSX, and Linux). I have set up a working Samba 3.x domain with FDS 1.01 back end and I have an older, borrowed NetApp Filer (DataOnTap 6.5) working fine as a temporary NFS/CIFS server authing against LDAP/Samba. With the EMC, official support is limited to AD and Sun iPlanet LDAP. The latter limitation of support is turning out to be less theoretical than I might have hoped. It seems like the EMC wants to behave like an "official" iPlanet/Sun client. I am thinking that the solution to this problem could be to config FDS as laid out in the Solaris Client How-To here: http://directory.fedora.redhat.com/wiki/Howto:SolarisClient I have a couple of questions. First, has anybody done this (integrated an EMC) who has a cut-and-dried report on doing it? Second, the second schema for NIS domain seems relevant only if the client is also binding to a NIS domain. I'm not. Or hope not to be :) Then, is the following step -- adding nisdomain attribute -- also optional? Seems like it should be. I am going to try the EMC with the stock set of serviceSearchDescriptor listed in the How-To's example profile. If anybody else has improved on that for an EMC, I would be interested in your comments. There were both pros and cons when comparing NetApp and EMC offerings this time. It is a bit ironic that NetApp isn't nearly as Linux-y as EMCs Celerra product, yet LDAP was a breeze to set up on the Filer itself. In contrast, very little client-side non-iPlanet configuration is possible on the EMC, so I don't see much alternative to going through this server-side Solaris-style config change (and hope that it works!) Thanks, Jim

16 years

2
2
0 / 0

[Fedora-directory-users] nisDomain/Solaris schema not loading???

by Jim Hogan

I am running FDS 1.02 in master/client setup on Centos 4.4. With respect to an earlier query about an EMC NAS and Solaris client config, I am running into a more basic problem with one of the two schema from the Solaris How-To (http://directory.fedora.redhat.com/wiki/Howto:SolarisClient), (I named these 62DUAConfigProfile.ldif and 63nisDomain.ldif because I already had a Samba schema on 61). I was easily able to load the provided 62DUAConfigProfile schema file (and I created a profile object for the EMC client that relied on attributes in that schema). I can see those new DUA attributes like profileTTL. However, When I attempted to add the 63nisDomain.ldif schema, I can restart the FDS slapd without error, but the nis* attributes do not then show up in the FDS directory schema no matter how I look (try to add attribute in phpLDAPadmin, or via FDS console under config-->schema or elsewhere). I have a 2 server master/client setup and have added the schema files on both and restarted slapd on both several times There are a few other nis* attributes visible (nismap, nisnetgroup, nisobject) but none of these seem to duplicate what are provided by 63nisDomain.ldif. This config file appeared elsewhere on line and I tried it from 2 sources but it looked to be identical. I was able to make the slapd fail on restart by adding an unwanted space/CR to the file, so it seems like slapd is definitely trying to read it. I have verified that the LDIF on both FDS servers is identical. I turned logging up to 64 on slapd to get config processing errors, but it didn't yield much: config - Unknown attribute mod will be ignored [21/Mar/2007:10:21:28 -0700] - Fedora-Directory/1.0.2 B2006.060.1928 starting up [21/Mar/2007:10:21:28 -0700] - Unknown config attribute readonly [21/Mar/2007:10:21:28 -0700] - DNS ldap.example.com -> DN dc=ldap,dc=example,dc=com [21/Mar/2007:10:21:28 -0700] - slapd started. Listening on All Interfaces port 389 for LDAP requests [21/Mar/2007:10:21:29 -0700] - Listening on All Interfaces port 636 for LDAPS requests Not sure what those unknowns are, but I removed the nisDomain.ldif from config/schema and restarted; the error log output was unchanged. In case there was some unknown precedence issue, I changed the order of the 2 new LDIF to make nisDomain first, 62. I then moved it ahead of Samba schema to "59". No change. The LDIF I am using now is pasted below -- a one-attribute-per-line format. I am at a bit of a stand on this. I am *really* not understanding why I can't find any of these attributes. But, it feels like one of those times (they come about 10 times a year) where somebody may hit Jim with a very large clue stick -- like I am really missing something :( Any insight appreciated. Jim Current 63NisDomain.ldif: dn: cn=schema attributeTypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.1.1.1.12 SUP name NAME 'nisDomain' DESC 'NIS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNetIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisNetIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNetIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectClasses: ( 1.3.6.1.1.1.2.14 NAME 'NisKeyObject' DESC 'NisKeyObject' SUP top MUST ( cn $ nisPublickey $ nisSecretkey ) MAY ( uidNumber $ description ) ) objectClasses: ( 1.3.1.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'nisDomainObject' SUP top AUXILIARY MUST ( nisDomain ) ) objectClasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'mailGroup' SUP top MUST ( mail ) MAY ( cn $ mgrpRFC822MailMember ) ) objectClasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' DESC 'nisNetId' SUP top MUST ( cn ) MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost ) )

16 years

2
2
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users March 2007