Re: [Fedora-directory-users] search problems
by Nate Bradley
I've figured it out.
By 'searching' I meant using the management console's 'Users and Groups' tab to search/add/edit users and groups.
Sorry I wasn't too specific.
But after a search of bugzilla I found that it is a 'feature' and not a bug. Just annoying to have to change directories when I want to make changes, but I'll survive.
17 years
[Fedora-directory-users] Re: Another segfault ...
by Philip Kime
> Ok. Then, how about the error log?
Just a load of these, which are common.
[03/Apr/2007:12:52:22 -0700] - loading global password policy for
uid=glink,ou=p
eople,dc=shopzilla,dc=com--local policy entry not found
[03/Apr/2007:12:52:22 -0700] - loading global password policy for
uid=glink,ou=p
eople,dc=shopzilla,dc=com--local policy entry not found
[03/Apr/2007:12:52:22 -0700] - loading global password policy for
uid=glink,ou=p
eople,dc=shopzilla,dc=com--local policy entry not found
> What are the clients? OS login?
Yes but mainly the vast majority are LDAP-based NIS netgroup queries and
a few some LDAP-baed SUDO requests.
>The mem cache should only be large enough to hold all of the
entries/indexes in your
> database - any more than that is not used. You could try increasing
it, but I doubt it > will help.
Thought so - the DB isn't that large.
PK
17 years
[Fedora-directory-users] Regarding Fedora Clients Authentication to FDS
by Chakkaradeep C C
Hi All,
I have been trying for many days in getting a fedora machine authenticated
via FDS and I am not able to. As far as I see, all the options in
nsswitch.conf, system-auth pam file and ldap.conf are proper and the nss too
mapped in ldap.conf. I have also selected the Password as Unix Crypt
Password in the Directory Server. Moreover, I used authconfig to change the
Authentication type.
I am not sure why my machine is not fetching user names from FDS. And, if i
do a ldapsearch as, ldapserach -x -b "dc=fdsdomain,dc=com" from the fedora
machine, i am able to get all the ldap details.
I would be happy if anyone could help me. I am struggling for the past 3
days :(
Thanks,
--
Regards,
C.C.Chakkaradeep,
http://chakkaradeep.wordpress.com
--
"Sometimes it's better not to ask - or to listen - when people tell you
something can't be done. I didnt ask for permission or approval. I just went
ahead and did it." - from "Direct from Dell"
17 years
[Fedora-directory-users] Re: Another segfault ...
by Philip Kime
> No. Can you post the last few lines from your errors and access logs?
Well, part of the problem is that this server gets so hammered - 99.9%
CPU devoted to nslapd all the time, that the access logs roll over so
quickly, I don't have them any more. According to the FDSgraph charts
(which are messed up because I think it's so busy, the graphs are just a
patchwork of points which aren't joined up), it does about 70k ops per
minutes, peaking at about 140k. This suddenly shot up a few weeks ago
and nobody seems to know why so I'm assuming that the load is the
problem. I was thinking about increasing the mem cache for FDS - worth
trying? It seems to be at the default (10 Meg?) and this box has easily
3Gb doing nothing at any one time.
PK
17 years
[Fedora-directory-users] search problems
by Nate Bradley
migrating from fc4 to centos.
trying to reconfigure replication.
initialized the 'new' consumer, users and groups appear to have replicated.
noticed the 'new' fedora-ds is searching NetscapeRoot and not UserRoot (dc=sky-runner,dc=com) by default, so it can't find the users or groups?
what do I do?
17 years
[Fedora-directory-users] Another segfault ...
by Philip Kime
Apr 3 13:16:04 hqldap01 kernel: ns-slapd[32384]: segfault at
0000000000000000 r
ip 0000002a955a580c rsp 0000000040b69ec8 error 4
Any ideas what this might be from the error messages?
PK
--
Philip Kime
NOPS Systems Architect
310 401 0407
17 years
[Fedora-directory-users] Two differents suffix, only one search...
by Victor Rodriguez
Good Afternoon:
Respect to this:
Richard wrote:
>Note that you can configure more than one LDAP server in the
>nsfarmserverurl attribute of your chaining backend configuration - see
>the docs.
I have read it the docs, but I have a question:
Can I configure another ldap server even if it is in a different domain?
Example:
Chain 1 suffix : o=domain1
network1
Chain 2 suffix : o=domain2
network2
When I try to connect a ldap client I need to specify one of this suffix but I would like that the search of a contact occurs on both suffix. How can I do that?
Regards,
Victor
Attention:
The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of The Gribbles Group.
Thank You.
Whilst every effort has been made to ensure that this e-mail message and any attachments are free from viruses, you should scan this message and any attachments.
Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachment.
17 years
[Fedora-directory-users] SSL Trouble - Windows Sync
by Glenn
I'm trying to get Windows Sync working between Fedora DS 1.0.4 and Active
Directory. When I try to create the Windows Sync Agreement, it
says, "Unable to contact Active Directory server". I gather this means an
SSL problem, and indeed when I try to contact the AD server using the
ldapsearch command on the DS server, it says, "certificate verify failed".
certutil says the CA certificate is included in both the slapd-server-
cert8.db and the admin-serv-cert8.db. What else should I check? Thanks. -
Glenn.
17 years
[Fedora-directory-users] Create Browsing Index gets stuck
by Ville Silventoinen
I'm sorry if this has already been discussed or reported as a bug. I tried
to find the bug report, but couldn't find it so here goes:
Quite often when I have removed all entries and put them back and tried to
create a Browsing Index with the Console, the Console gets stuck. I have
few times left it for hours but nothing happens. In this case I deleted
the previous browsing index from the GUI and tried to create it again for
People with 1400 entries. The GUI tells me it has done "Adding browsing
index entries to server" (ticked) but it is still "Creating browsing index
in server" (not ticked). It stays in this window forever. The "Server
status for creating browsing index" window is empty.
I cannot see any error messages in slapd-HOSTNAME/logs/errors or
admin-serv/logs/error log. The startconsole terminal doesn't show any Java
exceptions. Is there anywhere else I could look for clues?
If I force the window to close, the database goes to read-only mode. I
close the Console, shutdown the slapd, change the database back to
read-write mode and restart everything. The Console shows the index has
been created, but if I look at slapd-HOSTNAME/db/ebiRoot/ directory, I
cannot see a vlv#bymccoupeopledcebidcacdcuk.db4 file, so I guess the
index doesn't really exist? With just 1400 entries it's difficult to tell.
Sometimes I do get the index created, but quite often not.
I'm using Fedora DS 1.0.4 on CentOS 4.4 with following JRE:
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01)
Java HotSpot(TM) Server VM (build 1.5.0_09-b01, mixed mode)
Thanks for any help!
Ville
17 years