[Fedora-directory-users] FDS 1.0.4 and DNS host filter based ACIs
by Peter Reuterås
Hi
I have a problem with ACIs on FDS 1.0.4. After uppgrading a server from
FDS 1.0.2 to 1.0.4 "DNS host filter" based ACIs stopped working. We can
still use IP based ACIs for IPv4 access but not "DNS host filter". FDS is
running on a Red Hat Enterprise Linux 4.0 server.
Anybody else seen this problem?
/Peter
--
===========================================================================
Peter Reuterås Tel +46 8 7909558
SE-100 44 Stockholm, Sweden
16 years, 3 months
[Fedora-directory-users] error logging in first time
by Bob Wooden
I am new to Fedora Directory Server, but six or seven years linux
user.
I have built a Fedora Core 6, selected the "web server" option on build
and installed the FDS 1.0.4 version. Located java and adjusted the
symbolic link. Did my FDS setup/setup and set all the defaults. When I
perform the ./startconsole command (within the fedora-ds directory, I
get the following error message:
Cannot connect to the Admin Server "http://******.***.***:43766"
The URL is not correct or the server is not running.
I have searched the mailing list archive and I am unable to locate any
reference to this error message.
What do I do now?
16 years, 3 months
[Fedora-directory-users] deletion problem - multi-master
by Sam Smith
I have two masters and three replicas.
Master A works fine - I can add, modify, delete, and the changes
replicate OK.
Except that Master B cannot delete, either directly at the console, via
the command line, or via replication from master A. It can add and
modify just fine, and those changes replicate to the other master and
the replicas. But it can't delete.
The error message is simply LDAP OPERATIONS ERROR
Thanks for any help.
Sam Smith
16 years, 3 months
[Fedora-directory-users] GID missing? Probably minor but strange problem
by Mark Hutchinson
Fresh install of FDS 1.4.
I am using the default ( option 2 typical install ) dc=mydomain,dc=com
install.
I can add users with no problems, and configure clients ( other linux
boxes ) to authenticate against this LDAP server.
One problem though, If I create a user, with posix, specify a new uid
and gid, all is well except on login, the group is not created.
So, I go to add the group, I can add the group name, but there is no
place to specify the GID.
What am I missing?
Right click, add user is file with all posix, then do the same on group,
but no area to specify the numeric GID.
Assistance greatly appreciated.
16 years, 3 months
[Fedora-directory-users] MMR broken, can't get it started again
by Chris St. Pierre
I noticed today that replication between a few of my four FDS machines
(all MMR agreements going every which way) had failed with errors like
this:
[30/Aug/2007:00:02:04 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Incremental
protocol: event update_window_opened should not occur in state
start_backoff
[31/Aug/2007:00:03:59 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Incremental
protocol: event update_window_opened should not occur in state
start_backoff
[31/Aug/2007:07:35:59 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Incremental
update failed and requires administrator action
I tried using mmr.pl to reinitialize the agreements, but that failed
miserably and wiped all of the data from the database I was
re-initializing. I got the following errors on the supplier:
[31/Aug/2007:10:24:56 -0500] NSMMReplicationPlugin - Beginning total
update of replica "agmt="cn="Replication to chico (o=isp)""
(chico:389)".
[31/Aug/2007:10:25:36 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Failed to send
extended operation: LDAP error 81 (Can't contact LDAP server)
[31/Aug/2007:10:25:38 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Received error
89: NULL for total update operation
[31/Aug/2007:10:25:38 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Received error
89: NULL for total update operation
[31/Aug/2007:10:25:38 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Received error
89: NULL for total update operation
[31/Aug/2007:10:25:38 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Received error
89: NULL for total update operation
[31/Aug/2007:10:25:39 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Received error
89: NULL for total update operation
[31/Aug/2007:10:25:39 -0500] NSMMReplicationPlugin -
agmt="cn="Replication to chico (o=isp)"" (chico:389): Warning: unable
to send endReplication extended operation (Bad parameter to an ldap
routine)
And on the consumer:
[31/Aug/2007:10:24:54 -0500] NSMMReplicationPlugin -
multimaster_be_state_change: replica o=isp is going offline; disabling
replication
[31/Aug/2007:10:24:56 -0500] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to
access the database
[31/Aug/2007:10:25:16 -0500] - import userRoot: Processed 2036 entries
-- average rate 101.8/sec, recent rate 101.8/sec, hit ratio 0%
[31/Aug/2007:10:25:24 -0500] - ERROR bulk import abandoned
[31/Aug/2007:10:25:24 -0500] - import userRoot: Aborting all import
threads...
[31/Aug/2007:10:25:31 -0500] - import userRoot: Import threads
aborted.
[31/Aug/2007:10:25:31 -0500] - import userRoot: Closing files...
[31/Aug/2007:10:25:35 -0500] - libdb: userRoot/owner.db4: unable to
flush: No such file or directory
[...lots of lines like that...]
[31/Aug/2007:10:25:36 -0500] - libdb: userRoot/id2entry.db4: unable to
flush: No such file or directory
[31/Aug/2007:10:25:36 -0500] - import userRoot: Import failed.
[31/Aug/2007:10:25:36 -0500] - process_bulk_import_op: NULL backend
At that point, the supplier crashes and we get the "Can't contact LDAP
server" error in the consumer.
This looked really similar to an error I'd had before, in this thread:
http://www.mail-archive.com/fedora-directory-users@redhat.com/msg04969.html
I had eventually resolved that by dismantling all replication
information, using db2ldif to import the database from the supplier to
the consumer while the consumer was down, bringing the consumer back
up, and reinitializing the replication agreements. This has not
worked this time; I get the exact same errors.
Anyone have any suggestions? Thanks!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
16 years, 3 months
[Fedora-directory-users] troubles with ldapmodify and db2ldif
by stefi
hello all,
i've a couple of problems, but before, maybe is better if i'll show you the
scenario.
We have given our students the opprotunity to access to the net (just
http and https) and for the autentication we use fds. There is (among a lot
of other ou's) an ou and a static group used for autentication purposes. I
get students' data in csv format from Oracle and by the means of a shell
script I convert them into ldif then I add, delete and update the LDAP via
ldapmodify.
Maybe my script isn't a masterpiece of style, but it works fine, and for
my purposes, at the moment, is good; sometimes it happens to me to get
errors while modifying the static group: logs report something like "could
not find value 0 (or 25, or 29, or so on) for attr uniqueMember (no such
attribute)". Now, since there isn't any value like 0 (or anyway numeric) for
uniqueMember attribute (we use social security code that is alphanumerical
and starts with 6 letters) I can only suppose that is a csv fault, that it
depends on how Oracle exports in csv queries results, but sincerely I simply
don't know how it happens. The worst is that the ldapmodify stops
immediately even if in the function call I'm using -c switch, that works
fine when operating on the ou, but simply seems not to be working when
operating on statica group.
And, second problem: I've thought to build a script that exports data
from LDAP with a db2ldif, both static group and ou, then adjusting ldif
files by the means of an executable that extracts just SS codes and sorts
them and finally makes a diff between result files (or simply counts their
lines) the way to see if ou and static group differ and in case, sending an
alert to my e-mail address (soon my script will be "cron-ized").
If I do that via java console, it works fine, but as soon as I launch
the db2ldif -a /tmp/myFile.ldif -s "ou=myOU, dc=myDomain, dc=it" it fails
with an "there is no backend instance to export from" (same thing if instead
of -s switch I use -n switch and if I use "cn=myStaticGroup, ou=gruppi,
dc=myDomain, dc=it" as object of -s switch), while if I say
db2ldif -a /tmp/myFile.ldif -s "dc=myDomain, dc=it", it works fine and
exports anything. Obviously, writing an executable that extracts the content
of my ou and my static group from the entire db is not my secret dream!
Can anyone help me?
Thanks in advance and best regards,
Stefi
16 years, 3 months
[Fedora-directory-users] Removing SSL, broke access
by Jeff
Hello:
I broke access completely to my LDAP after following
the SSL HOWTO (in part because there are 2 sets of
instructions -- one is a Redhat link appearing at the
top of that howto page, which is what I followed and
coincidently broke access with, the other set of
instructions appear on the same page shortly after
that Redhat link and was the correct way I should have
implemented my self-signed certs). I am pretty sure
this has to do with ports since there is some mention
of needing to be at a port above 1024 if installed
root, however I installed and run it as nobody.
How do I go back in and disable SSL now that I can't
access anything? I can't seem to log in anywhere now
with my directory manager password.
Thanks for the assistance.
-jeff
____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
16 years, 3 months
[Fedora-directory-users] Books on FDS/RDS?
by Jeremiah Coleman
Hi,
Does anyone know of any good books that explicitly cover setting
up/administering FDS/RDS?
Thanks,
Jay
--
Jeremiah Coleman
Systems Administrator
C & C Technologies
337-261-0660 x3421
jcoleman(a)cctechnol.com
16 years, 3 months
