[Fedora-directory-users] dbverify
by Dan Lannom
I plan to migrate to fds from SunOne 5.2 and so I want to validate the
system.
I'm currently running version 1.1.3-2 of the directory on RHEL 5.2.
When I do searches against the server everything seems to work fine, but
When I run /usr/lib/dirsrv/slapd-{{hostname}}/dbverify, with the server
off, it fails with
errors like:
[28/Oct/2008:10:52:16 -0400] - libdb: Page 4: out-of-order key at entry 2
[28/Oct/2008:10:52:16 -0400] - libdb: Page 4: out-of-order key at entry 8
[28/Oct/2008:10:52:16 -0400] - libdb: Page 4: out-of-order key at entry 11
[28/Oct/2008:10:52:16 -0400] - libdb: Page 4: out-of-order key at entry 14
...
[28/Oct/2008:10:52:16 -0400] - libdb:
/var/lib/dirsrv/slapd-hume/db/{{SUFFIX}}/{{attribute}}.db4:
DB_VERIFY_BAD: Database verification failed
[28/Oct/2008:10:52:16 -0400] DB verify - verify failed(-30975):
/var/lib/dirsrv/slapd-{{hostname}}/db/userdata/{{attribute}}.db4
reindexing does not change anything and I find the same errors for both
i386 and x86_64 and the errors are almost identical for the master and
the slaves.
Since I can find any evidence of the indexes identified as corrupted not
working I wonder why dbverify is generating these errors.
Thanks for any help,
Dan Lannom
UM-Dearborn
15 years
[Fedora-directory-users] Recover directory database files when disk fills up!
by Howard Wilkinson
We had the disk with the directory database files fill up overnight, a
rogue process :-[
Now the directory server will not start I get the following reported in
the system logs.
Jul 29 09:44:50 bastion ns-slapd: auxpropfunc error invalid
parameter supplied
Jul 29 09:44:50 bastion ns-slapd: sql_select option missing
Jul 29 09:44:50 bastion ns-slapd: auxpropfunc error no mechanism
available
What can I do to recover the database so that I can start the server?
15 years
[Fedora-directory-users] Confusion over what can/can't be synced with Windows Sync
by Jonas Courteau
Hello all:
I've been fiddling around off and on getting a fedora DS box sync'd with
our AD server. The problem is, the way the users are arranged on the AD
server, I'm not sure how to sync everything at once.
The layout (appropriately anonymized) on the AD server:
- dc=example,dc=com
|- ou=Groups
| |- a bunch of groups
|
|- ou=Unit1
| |- a bunch of users belonging to one business unit
|
|- ou=Unit2
| |- more users, different business unit
|
|- ou=Users
|- system users
On the DS side of things, I've manually created the appropriate OUs, but
the question is - how do I configure the sync agreement to sync all the
OUs at once? It only seems to work if I configure the sync agreement to
a subtree including only one of the OUs.
I'm trying to do this without having to convince the AD administrator to
change his odd layout of users - any ideas?
Thanks!
Jonas Courteau
15 years, 1 month
[Fedora-directory-users] Bug using a Browse Index and Replication?
by DANIEL CRISTIAN CRUZ
Hi all,
Does someone had an environment like this:
* Two multi-master servers and many consumers;
* A tree with a user container: ou=Users,ou=Unit,o=Organization and a
few accounts;
* A browse Index in all servers inside
ou=Users,ou=Unit,o=Organization;
* Delete ou=Users,ou=Unit,o=Organization and accounts with Fedora
Console in one master;
* The other master and all others consumers became frozen;
* Had to kill -9 all frozen servers and restart dirsrv.
May I write a bug report on this, or not?
Kind regards,
--
<span style="color: #000080">Daniel Cristian Cruz
</span>Administrador de Banco de Dados
Direção Regional - Núcleo de Tecnologia da Informação
SENAI - SC
Telefone: 48-3239-1422 (ramal 1422)
15 years, 1 month
[Fedora-directory-users] LDAP Replication default window (nsDS5ReplicaUpdateSchedule)
by Andrey Ivanov
Hi,
I have noticed that the attribute nsDS5ReplicaUpdateSchedule works in
a strange way (maybe it's how it is supposed to work). When i put it
to
nsDS5ReplicaUpdateSchedule: 0000-2359 0123456
the replication at midnight (00:00) seems to be blocked. The message
that i observe in the logs every midnight is
[28/Oct/2008:00:00:00 +0100] NSMMReplicationPlugin -
agmt="cn="Replication from ldap-1.polytechnique.fr to ldap-2.example.com"" (ldap-2:636): Incremental protocol: event update_window_opened should not occur in state wait_for_changes
[29/Oct/2008:00:00:00 +0100] NSMMReplicationPlugin -
agmt="cn="Replication from ldap-1.polytechnique.fr to ldap-2.example.com"" (ldap-2:636): Incremental protocol: event update_window_opened should not occur in state wait_for_changes
If i suppress the schedule (the attrribute nsDS5ReplicaUpdateSchedule)
completely, everything is fine.
So, it seems that the server excludes the first value in the time
range (xxxx-yyyy ddddddd) from the authorized interval. Is it a bug or
it is supposed to work that way?
Andrey Ivanov
tel +33-(0)1-69-33-99-24
fax +33-(0)1-69-33-99-55
Direction des Systemes d'Information
Ecole Polytechnique
91128 Palaiseau CEDEX
France
15 years, 1 month
[Fedora-directory-users] Win Sync and userAccountControl
by John Dickinson
Hi,
I am testing what happens when you create a new user and sync it to
AD. Using Fedora DS 1.1.3 and AD 2003 R2 SP2.
If I use the console to create a new user and tick the Enable NT User
Attributes, Create New NT Account etc the new user appears in AD but
is disabled.
Looking at the code it seems that send_accountcontrol_modify() gets
the userAccountControl settings from AD adds 0x0200 (Normal Account)
and sends it back.
Looking at the traffic between Fedora DS and AD it appears that Fedora
DS is getting ACCOUNTDISABLE in userAccountControl from AD.
Should FedoraDS be unsetting ACCOUNTDISABLE or should AD not be
setting it in the first place? If it is a problem with AD then can
anyone point me to where I tell it to do the right thing?
Thanks
John
15 years, 1 month
[Fedora-directory-users] FDS - The whoami Response
by Wilmer Jaramillo M.
I was writing a program in python and trying a response "Who am I
Operation(RFC4532)" implemented in the python API with
ldap.whoami_s(), working with a FDS backend I get the following error:
"unsupported extended operation - desc: Protocol Error"
so, the LDAP Who Am I extended operation is unsupported in FDS?
Thanks.
--
Wilmer Jaramillo M., Fedora Project
yum isn't useful for geeks, is just for lazy people
irc.freenode.net: k0k @ #fedora-ve, #talug
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A
15 years, 1 month
[Fedora-directory-users] Problem with Password Policy : dirsrv service restart required !
by Hugo Etievant
Hello,
I try to use the global password policy in order to forbid the change of
user password.
I put the field "User may change password" unchecked with console.
But normal users can change their own password with
/usr/lib/mozldap/ldappasswd command :
# /usr/lib/mozldap/ldappasswd -P /etc/dirsrv/slapd-fds1/ -m
/etc/dirsrv/slapd-fds1/ -D "uid=user1,ou=People,dc=example,dc=com" -w - -S
New Password:
Re-enter new Password:
Enter bind password:
ldappasswd: password successfully changed
a command-line verification into cn=config entree of DIT show the
passwordChange attribut value as "Off" :
# /usr/lib/mozldap/ldapsearch -s base -b "cn=config" -D "cn=Directory
Manager" -w - "(cn=config)" passwordChange
Enter bind password:
version: 1
dn: cn=config
passwordChange: off
I have created local password policy for my "ou=People" subtree and for
my user "User1", but user can change their own password !!!!!!
If i restart the dirsrv service on system, this item of policy is used.
CONCLUSION = All change of the field "User may change password" on
Password Policy require a restart of the LDAP daemon !
--
* Hugo Étiévant *
15 years, 1 month
[Fedora-directory-users] SYNC without password ...
by Vipul Ramani
Hi All ,
I am doing Active directory ----> FDS ( ssl) , all attribute is replicated
from ADC ---> FDS .. But i am not able to see password attribute in FDS ?
Replication
FDS - working as master
Passync for replication
replication is happening from Active Directory:636 ---- > FDS : 636 .
Am i am missing something ...
------Adc user profile , which is replicated in FDS -------
dn: uid=vramani, ou=People, dc=tf-lab,dc=test,dc=com
ntUniqueId: f96921fe188c4b47a243ab088512103d
givenName: vipul
sn: r
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: ntUser
uid: vramani
ntUserDeleteAccount: true
cn: vipul r
ntUserDomainId: vramani
ntUserAcctExpires: 9223372036854775807
ntUserCodePage: 0
------
----acess------
[14/Oct/2008:08:37:16 -0700] conn=4 op=170 SRCH base="ou=People,
dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Oct/2008:08:37:16 -0700] conn=4 op=170 RESULT err=0 tag=101 nentries=1
etime=0
[14/Oct/2008:08:37:17 -0700] conn=4 op=171 SRCH base="ou=People,
dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)"
attrs="objectClass"
[14/Oct/2008:08:37:17 -0700] conn=4 op=171 RESULT err=0 tag=101 nentries=0
etime=1
[14/Oct/2008:08:37:19 -0700] conn=4 op=173 SRCH
base="dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)"
attrs=ALL[14/Oct/2008:08:37:19 -0700] conn=4 op=173 RESULT err=0 tag=101
nentries=1 etime=0
[14/Oct/2008:08:37:19 -0700] conn=4 op=174 SRCH
base="dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)"
attrs="objectClass"
[14/Oct/2008:08:37:19 -0700] conn=4 op=174 RESULT err=0 tag=101 nentries=1
etime=0
[14/Oct/2008:08:37:20 -0700] conn=4 op=175 SRCH base="ou=People,
dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Oct/2008:08:37:20 -0700] conn=4 op=175 RESULT err=0 tag=101 nentries=1
etime=0[14/Oct/2008:08:37:26 -0700] conn=3 op=122 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL
[14/Oct/2008:08:37:26 -0700] conn=3 op=122 RESULT err=0 tag=101 nentries=1
etime=0
[14/Oct/2008:08:37:27 -0700] conn=3 op=124 MOD dn="cn=Vedant, cn=replica,
cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config"
[14/Oct/2008:08:37:27 -0700] conn=3 op=124 RESULT err=0 tag=103 nentries=0
etime=0[14/Oct/2008:08:37:27 -0700] conn=3 op=125 SRCH base="cn=Vedant,
cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config"
scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[14/Oct/2008:08:37:27 -0700] conn=3 op=125 RESULT err=0 tag=101 nentries=1
etime=0
[14/Oct/2008:08:37:31 -0700] conn=3 op=126 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)"
attrs=ALL[14/Oct/2008:08:37:31 -0700] conn=3 op=126 RESULT err=0 tag=101
nentries=1 etime=0
[14/Oct/2008:08:37:31 -0700] conn=3 op=127 MOD dn="cn=Vedant, cn=replica,
cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config"
[14/Oct/2008:08:37:31 -0700] conn=3 op=127 RESULT err=0 tag=103 nentries=0
etime=0[14/Oct/2008:08:37:31 -0700] conn=3 op=128 MOD dn="cn=Vedant,
cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config"
[14/Oct/2008:08:37:31 -0700] conn=3 op=128 RESULT err=0 tag=103 nentries=0
etime=0
[14/Oct/2008:08:37:37 -0700] conn=4 op=176 SRCH base="ou=People,
dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)"
attrs="objectClass"
[14/Oct/2008:08:37:37 -0700] conn=4 op=176 RESULT err=0 tag=101 nentries=18
etime=0
------
thanks in Adv...
--
Regards
Vipul Ramani
15 years, 1 month
[Fedora-directory-users] Re:Re: java error in console task
by Eric
the system is centos 5, fedora-ds version is fedora-ds-1.0.2-1.Linux.
the result of ./startconsole -D when clicking "manage certificate" is:
*CommManager> New CommRecord (
http://ldap.iut.ac.ir:61312/admin-serv/tasks/configuration/SecurityOp)
java.net.ConnectException: Connection refused
admserv version = null
Focus lost
javax.swing.JButton[,0,0,38x37,layout=javax.swing.OverlayLayout,alignmentX=0.0,alignmentY=0.5,
border=javax.swing.plaf.BorderUIResource$CompoundBorderUIResource@7df60a
,flags=296,maximumSize=,
minimumSize=,preferredSize=,defaultIcon=com/netscape/management/client/images/task.gif,disabledIcon=,
disabledSelectedIcon=,margin=java.awt.Insets[top=0,left=0,bottom=0,right=0],paintBorder=true,paintFocus=true,
pressedIcon=,rolloverEnabled=false,rolloverIcon=,rolloverSelectedIcon=,selectedIcon=,text=,defaultCapable=true]
*I couldn't find out why only this tab of console has problem. other parts
work well!the system is centos 5, fedora-ds version is
fedora-ds-1.0.2-1.Linux.
the result of ./startconsole -D when clicking "manage certificate" is:
*CommManager> New CommRecord (
http://ldap.iut.ac.ir:61312/admin-serv/tasks/configuration/SecurityOp)
java.net.ConnectException: Connection refused
admserv version = null
Focus lost
javax.swing.JButton[,0,0,38x37,layout=javax.swing.OverlayLayout,alignmentX=0.0,alignmentY=0.5,
border=javax.swing.plaf.BorderUIResource$CompoundBorderUIResource@7df60a
,flags=296,maximumSize=,
minimumSize=,preferredSize=,defaultIcon=com/netscape/management/client/images/task.gif,disabledIcon=,
disabledSelectedIcon=,margin=java.awt.Insets[top=0,left=0,bottom=0,right=0],paintBorder=true,paintFocus=true,
pressedIcon=,rolloverEnabled=false,rolloverIcon=,rolloverSelectedIcon=,selectedIcon=,text=,defaultCapable=true]
*I couldn't find out why only this tab of console has problem. other parts
work well!
15 years, 1 month
