March 2008 - 389-users - Fedora Mailing-Lists

[Fedora-directory-users] Security update for fedora-idm-console package

by Rich Megginson

fedora-idm-console 1.1.0 has a security vulnerability - details are in https://bugzilla.redhat.com/show_bug.cgi?id=436101 There is a new version available - fedora-idm-console-1.1.1-1 - which you should install immediately. yum upgrade fedora-idm-console Download instructions are here - http://directory.fedoraproject.org/wiki/Download

15 years

1
0
0 / 0

[Fedora-directory-users] Announcing Project DogTag - Open Source Certificate System

by Rich Megginson

Project DogTag is the culmination of many months of work to prepare the code of Red Hat Certificate System to be open sourced. I'm mentioning here because several people on this list have asked about it in the past, and this project is our "sister" project - Certificate System is the second major project to be made open source from Red Hat's Netscape acquisition, and Certificate System uses Fedora DS. Project DogTag wiki - http://pki-svn.fedora.redhat.com/wiki/PKI_Main_Page Press Release - http://www.press.redhat.com/2008/03/19/source-code-for-red-hat-certificat...

15 years

2
1
0 / 0

[Fedora-directory-users] windows sync and password "clear"

by Luigi Santangelo

Hi everybody, this is my problem: I configured my Fedora DS and now I can sync the LDAP's users with Windows 2003 Active Directory. Then, I created a new user with this code ldif dn: uid=red,ou=Other,ou=Students,ou=People,dc=xxxxx,dc=xx givenName: red sn: red objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: ntuser uid: red ntUserCreateNewAccount: true ntUserDeleteAccount: true cn: red ntUserDomainId: red userPassword: redpwd creatorsName: uid=root,ou=administrators,ou=topologymanagement, o=netscaperoot modifiersName: uid=root,ou=administrators,ou=topologymanagement, o=netscaperoot createTimestamp: 20080318153555Z modifyTimestamp: 20080318153555Z nsUniqueId: f8f6c801-f50011dc-80ebbfe2-cc3ccdae Note that I wrote the user's password in "clear". Now, I can logon the Windows AD with the username red and the password redpwd. Then I added another user (yellow) with this code ldif dn: uid=yellow,ou=Other,ou=Students,ou=People,dc=xxxxx,dc=xx givenName: yellow sn: yellow objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: ntuser uid: yellow ntUserCreateNewAccount: true ntUserDeleteAccount: true cn: yellow ntUserDomainId: yellow userPassword: {MD5}8cb32079718c657b02bbbb176b97d030 creatorsName: uid=root,ou=administrators,ou=topologymanagement, o=netscaperoot modifiersName: uid=root,ou=administrators,ou=topologymanagement, o=netscaperoot createTimestamp: 20080318153555Z modifyTimestamp: 20080318153555Z nsUniqueId: f8f6c801-f50011dc-80ebbfe2-cc3ccdae Note the MD5(yellowpwd) = 8cb32079718c657b02bbbb176b97d030 Then If I try logon the Windows AD (from Windows) with the username yellow and the password yellowred, I cannot log in. Instead, if I try logon the Windows AD with the username yellow and the password {MD5}8cb32079718c657b02bbbb176b97d030 I can log in. Do you think that this is a problem strictly related to Windows' problem? How can I get over it? Thank you in advance. ______________________________________________ Adotta un bambino a distanza. Avrà vestiti, cibo, scuola?e avrà te! http://social.tiscali.it/promo/C02/sos/

15 years

2
1
0 / 0

[Fedora-directory-users] Re: FDS 1.1 console doesn't show DS

by Ken Marsh

Hi again, I think I have a small bug report. I removed all RPM's related to FDS 1.1-4 and admin on my RHEL5.1/x86_64 system, rm -fr /etc/dirsrv/slapd-server, and reinstalled it and ran setup-ds-admin.pl again using 3 for custom and saving the config data locally this time. I couldn't start the Admin Server on my custom port, so I tried 9830 and it worked. I did the grep \^Listen /etc/dirsrv/admin-serv/console.conf command as suggested in the documentation and it came up with 9830. My terminal history was still scrollable and I can see for a fact that I asked for a different port. What's more, it did set that port correctly on the previous attempt when I used "2" and saved data on a different DS. The admin server as desired ran on my custom port. I also did the grep command after the first attempt, and verified that it was running on my custom port. I'm not sure if the bug exerted itself because of the reinstall over the extant /etc/dirsrv/admin-serv directory and/or because I chose 3-custom instead of 2. This is a very small bug as there are two obvious workarounds; either start the Admin console on the default port, or manually edit /etc/dirsrv/admin-serv/console.conf, change it to the desired port, and do a service dirsrv-admin stop and start. -Ken.

15 years

2
1
0 / 0

[Fedora-directory-users] how to plan the directory server?

by Marco Strullato

Hi all, I have to set up a directory service storing permissions and users and file locations into ldap. Is there a schema that implements what I need? Do you suggest me any way to procede? Thanks Marco

15 years

1
0
0 / 0

[Fedora-directory-users] SELinux policy for Fedora Directory Server 1.1.0

by Pär Aronsson

Hello, Attached is a SELinux policy for the Fedora Directory Server 1.1.0. It is composed of three parts. * dirsrv - directory server and setup programs * dirsrv-admin - administration server and setup programs * fedora-idm-console - java based console for administration The policies were developed on a CentOS 5.1 with the following packages: fedora-ds-base-1.1.0-3.fc6 fedora-ds-admin-1.1.1-1.fc6 fedora-ds-console-1.1.0-5.fc6 selinux-policy-2.4.6-106.el5_1.3 kernel-2.6.18-53.1.4.el5 I've succesfully tested the policies in targeted and strict mode. The dirsrv-admin policy requires that the apache policy module is loaded. Also run: setsebool -P httpd_enable_cgi on Comment out the following in /usr/sbin/start-ds-admin (line 63-65): if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then SELINUX_CMD="runcon -t unconfined_t --" fi I had trouble with the replication plugin so I haven't been able to do any testing with replication. Any comments are welcome. // Pär Aronsson

15 years

2
1
0 / 0

[Fedora-directory-users] How-To Password Policy/Account Locking/Samba Integration

by Alex Fauss

Hi List. After reading a lot of topics on the list about password policy and locking and samba integration ..., my brain is burning, because I can't get it working. Can someone point me to the right way? A few words about my actual configuration. OS: CentOS 5.1 FDS: 1.1 Samba: 3.x ldap.conf: pam_lookup_policy yes pam_password exop pam_password clear (for password history matching) smb.conf: encrypt passwords = yes obey pam restrictions = no pam password change = no passwd chat debug = Yes ldap passwd sync = no unix password sync = yes passwd program = /usr/sbin/smbldap-passwd -u %U passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\spassword:* %n\n . fds: Password policy enabled in "data-tab" plus fine-grained for another sub-tree policy, where the users reside. Thx

15 years

1
0
0 / 0

[Fedora-directory-users] Log rotation problems

by Jazcek Braden

I have three FDS 1.0.4 servers, one master and replication clients. On all three of them I have set the log files to rotate everynight at 2am. On the two replica the logs rotate fine as expected, however on the master whenever the log rotates it deletes the old log, which is causing my to lose a lot of accounting information. Is there a way to debug why this is happening? -- Jazcek Braden System Administrator 431 Dirac Science Library Florida State University Tallahassee, FL 32306-4120 Phone 850-644-6490 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

15 years

1
0
0 / 0

[Fedora-directory-users] FDS 1.1 console doesn't show DS

by Ken Marsh

Hi, I installed FDS 1.1 on RHEL 5.1 x86-64 using the instructions in http://directory.fedoraproject.org/wiki/Release_Notes . I used the same answers that worked in previous 1.0.4-1 installs, choosing "2" and storing the config data on a 1.0.4-1 server. I used a different Admin port > 9830, using the same port that my other, older FDS systems use. When I started fedora-idm-console, it didn't already know what URL to use. I had to enter it manually (a step backwards from 1.0.4-1 installs). Once entered, a console came up, but under the Servers and Applications tab there are no DS instances to administer. When I try to Admin from the 1.0.4-1 server, I get a Java dump when expanding the Server Group for the 1.1 server. At first empty icons for Administration Server and Directory Server show up, but the DS link does not work. Perhaps it is too much to ask to Admin a 1.1 from an older version, but if I cannot also admin it from itself, what am I to do? I am trying to lever up from three 1.0.4-1 DS to 1.1, and this is the first step in the process. Did I miss something on install or setup, or is there a bug in the RHEL 5.1/Fedora 6 x86_64 version, possibly related to choosing an alternate admin port? -Ken

15 years

1
0
0 / 0

[Fedora-directory-users] Server-Admin - SSL error blocks ability to configure Admin Server component

by Carol Gibbons

Hello there, I have Fedora DS v 1.0.4 installed on a Red Hat 4 workstation system. I added a SSL certificate to the Fedora DS system today via command line. But, the certificate hasn't been activated. The certificate is listed correctly in java GUI Directory Server -> Manage Certificates panel. When I go to the java GUI for the Administration Server and try to launch Config Admin - I get an SSL error: SSL related initialization failed. I also get this error when I click on the Manage Certificates button: Could not open file in admin-serv-mail-cert8.db. I get an SSL error when I click on any of the other admin server buttons. I looked in the error logs for admin and slapd and no details are given. System messages log doesn't have anything listed as expected. Any ideas? Thanks in advance, Carol

15 years

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users March 2008