[Fedora-directory-users] Fedora 7 and FDS 1.0.4-FC6
by Del
Hi,
Following an earlier suggestion on this thread, I have tried to get FDS
running on a Fedora 7 box using the binary RPM from the download area
for Fedora Core 6.
The directory server appears to run fine, but the admin server just spews
a torrent of log messages saying:
[Wed Aug 08 18:00:07 2007] [notice] child pid 19260 exit signal Segmentation fault (11)
... etc.
Has anyone else seen this and can anyone offer any suggestions as to how
to get it going? It's quite tricky to run strace / gdb on the httpd binary
as all I get is as far as the fork, and it appears to be the httpd.worker
child processes that are dying.
--
Del
Babel Com Australia
http://www.babel.com.au/
ph: 02 9368 0728
fax: 02 9368 0758
16 years, 6 months
[Fedora-directory-users] password lenght problem
by Gabriele Di Giambelardini
Hi to all, I have a big problem with my fedora-ds.
I didn't checked the box "check password syntax", so if I set the password
longer than 8 characters, my fedora-ds for authenticaded me need only
first 8 characters, aren't necessary all password characters,
Somebody has some ideas?
excume me for my english
16 years, 6 months
[Fedora-directory-users] Dublicated entries appears, the initialization don't finish its work
by kalinmlists@aol.com
Hello all,
I would like to ask you to help me to resolve an issue with fedora Directory server whose purpose is to be synchronized from Windows 2003 R2 Active Directory server.
The Windows server contents a huge amount of LDAP entries into its Active Directory LDAP database - currently they are more than 5 600 000 in number.
The initial initialization of replica was made by importing the big LDIF file, generated by Windows server, into Fedora Directory database.
All initially imported entries have kind of? DN like "dn: cn=<something>, ou=<org. unit>, dc=<domain>,dc=<top domain>", where the text between < and > replaces the actual data.? Due the huge amount of data, I suppose, the import operations prolonged many days, more than 10 days. After initialization, the? replication was successfully started and was working well.
After some time it was detected a newly automatically started initialization and many new LDAP entries, added as a result of replication to Fedora Directory server database were detected too. However these new entries actually were duplicates of already existing LDAP entries into FDS server, but with different kind of DNs: "dn: uid=<something the same as that above>,ou=<org.unit>,dc=<domain>,dc=<top domain>", i.e. with DNs with UID attribute instead of CN attribute. There were other differences between initially imported data and duplicated data was one additional attribute describing object class of entries - into initial data there were
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: ntUser
but, into data of entries that are duplicated there were
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: ntUser
The duplicated entries of kind "dn: uid=...." were deleted and the replication agreement was created again.? The log level was increased to debug and the full replica initialization was started through GUI of FDS.
So, this recently started full initialization is still working, already for more then 10 days. It's not a normal behavior, even the data is very huge, I think.
Now the error log od Fedora Directory server is filling constantly with such messages :
[28/Aug/2007:11:36:45 +0100] - slapi_str2entry: flags=0x0, entry="dn: CN=<something>,OU=<org.unit>,DC=<domain>,DC=<top domain>
It seems the process is passing through something like a cycle, because I see the same data is appearing after some time over and over again in the log files, without the initialization to finish.
My questions are:
1) Why have the duplicated entries with other kind of DNs spring up? These duplicated entries continue to appear again, but they are not desired. I need to know how to clear duplicates in order to such additions to be avoided. ?
2) Why the full replica initialization fall into such a cyclic recurrence and do not finish its work.
Best regards,
Kalin Krustev
________________________________________________________________________
Email and AIM finally together. You've gotta check out free AOL Mail! - http://mail.aol.com
16 years, 6 months
[Fedora-directory-users] Changing the supplier port on FDS
by Ian Meyer
Version: 1.0.4
Right now, we have our suppliers and consumers using port 389, and
we'd like to change them to 636 and switch replication to SSL (but the
port change is more important).. we have some network ACLs that don't
allow us to send traffic between datacenters over port 389.
I was able to change the consumer to receive updates on port 636, but
I can't find where to change the supplier.
Thanks in advance for your help!
- Ian
16 years, 6 months
[Fedora-directory-users] home directories
by Pryakhin Dimitry
Hello.
Am currently new to FDS.
Just installed it on FC6 and run FDS.
Installation went smooth and now I can login from any workstation, but
still trying to guess how to automount
users home directories?
I actually want to move from MS Windows 2003AD to FDS. And want to store
users homes at my server.
Does anybody did that before?
Can you share you experience?
Thank advance, Dmitry
16 years, 6 months
[Fedora-directory-users] Host based authentication
by zdenek.kolar@veba.cz
Hi,
I use FDS for authentication on linux. I set hostobject and host
attribute for user and everything is OK.
But set this attribute for every user is very terrible.
Can I use groups, roles or acl for it?
Thanks
Zdenek
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
16 years, 7 months
[Fedora-directory-users] more on "Username not found!"
by Maurizio Marini
after issued:
/usr/share/openldap/migration/migrate_passwd.pl /tmp/sambaAdmin > /tmp/sambaAdmin.ldif
i got following ldif:
#cat sambaAdmin.ldif
dn: uid=Administrator,ou=People,dc=xxx,dc=it
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator(a)xxx.it
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {crypt}x
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin
i think it's correct.
i load it into ldap db to create Adminstrator entry using:
/opt/fedora-ds/slapd-<server>/ldif2ldap "cn=Directory manager" password /tmp/sambaAdmin.ldif
i wonder if at this point Admnistrator should be created with sambaSamAccount objectclass
or later when issuing
smbpasswd -a Administrator -w<ldap-admin-password>
what i see is that in ldap db Administrator entry has only what is in ldif file.
-- maurizio
16 years, 7 months
[Fedora-directory-users] still Username not found!
by Maurizio Marini
Richard,
as u did previously, i hope u will so nice to help me now :)
i installed a centos 4 by scratch using serverCd
i was sure that after so many months spent on fedorads it was a ride to
install a new one, instaed...:(
after following howto step by step i stucked here:
pdbedit -U S-1-5-21-1021296036-3260500371-205587421-500 -u Administrator -r
Username not found!
i read carefully this thread:
http://www.mail-archive.com/fedora-directory-users@redhat.com/msg00450.html
and i modified ldd stuff as Gary suggestd to do but nothing :(
issuing ldapsearch i get:
# ldapsearch -b "dc=xxx,dc=it" '(uid=Administrator)'
version: 1
dn: uid=Administrator,ou=People,dc=xxx,dc=it
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator(a)xxx.it
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin
as i reported here
http://osdir.com/ml/linux.redhat.fedora.directory.user/2005-07/msg00176.html
"So it looks like perhaps the administrator account needs the objectclass
sambaSamAccount added to the entry manually then you should be able to
proceed"
i have no smbldap-tools installed yet
so i wonder:
-> why following carefully howto i get an amdinistrator entry without
the objectclass sambaSamAccount? <-
i am sure i am not the first neither the last the have this issue!
if necessary i can restart the installation
TIA Richard :)
Maurizio
--
Dr. Maurizio Marini
CoST Computers Services and Technologies s.r.l.
http://www.cost.it
e-mail: maurizio.marini(a)cost.it
phone: +39.0245446202 fax: +39.0245446333
mobile: +39.3358259739
16 years, 7 months
[Fedora-directory-users] Kerberos SASL connections using service principals
by Howard Wilkinson
Has anybody any thoughts on how one would set up to allow services to
connect to FDS using Service Principals.
We have a Kerberos infrastructure and would like to allow servers e.h.
web servers to connect to the FDS instance using their Service Principal
e.g. HTTP/<hostname>@<REALM>.
This looks like we need to reflect the computer objects into the FDS
from the AD and add Service principal entries for checking against. And
then add a suitable SASL mapping entry. Any suggestions?
--
Howard Wilkinson
Phone:
+44(20)76907075
Coherent Technology Limited
Fax:
23 Northampton Square,
Mobile:
+44(7980)639379
United Kingdom, EC1V 0HL
Email:
howard(a)cohtech.com
16 years, 7 months
[Fedora-directory-users] Installing passsync in a AD domain with multiple domain controllers?
by Howard Wilkinson
I think I have worked this out but want ot make sure I have got it correct!
Whereas the sync agreement for the FDS <-> AD is from a single FDS
server to a single AD domain controller the Passsync facilitiy needs to
be installed on all Domain Controllers (am I right?)
The reason for this is that the password is hashed before injection into
the AD and propagated to other DC's so it is then useless to the
Passsync code. The hook therefore needs to be on the DC that receives
the password change, which can be any DC in the environment....
A further concern arises with a multi-master FDS and a multiple DC AD.
Can the system be set up with multiple FDS <-> AD sync agreements and
still allow the results to propagate within the FDS. This would make
sense from a fault-tolerant perspective, and off-hand I think the
replications should preserve behaviour, but can anybody spot a problem?
--
Howard Wilkinson
Phone:
+44(20)76907075
Coherent Technology Limited
Fax:
23 Northampton Square,
Mobile:
+44(7980)639379
United Kingdom, EC1V 0HL
Email:
howard(a)cohtech.com
16 years, 7 months