[Fedora-directory-users] SecurID and FDS/RHDS
by Jimmy Stewpot
Hello,
I am keen to know if anyone has any experience with RHDS or FDS with
SecurID. I asked our RSA sales consultant who said it was not supported.
I noticed that Sun Directory Server is on the list which comes from the
same base so im wondering if anyone has it working and if there are any
gotchas.
Regards,
Jimmy
15 years
[Fedora-directory-users] Prolem with pam_passthru
by Giovanni Mancuso
Hi to all,
i have a problem with pam_passthru module.
I use Fedora DS 1.04 and configure it with:
pamIDMapMethod: RDN
pamIDAttr: mail
pamIDMapMethod: ENTRY
If i try to authenticate i have:
pam_passthru-plugin - Could not find BIND dn
uid=usetest,ou=people,dc=castest.it,dc=babel,dc=int (error 32 - No such
object)
Any idea?
15 years
[Fedora-directory-users] Setting up Multiple Directory Servers - in a multi-master mesh. Having problems with admin server.
by Ben Cohen
Did anyone find a fix for this? I'm having the same problem.
Here's the interactive output from register-ds-admin.pl
[root@generic-02 ~]# register-ds-admin.pl --debug
Beginning registration of the Directory Server
=
=
=
=
=
=
========================================================================
The Directory Server locates its configuration file (dse.ldif) at /etc/
dirsrv/slapd-ID, by default. If you have Directory Server(s) which
configuration file is put at the other location, you need to input it
to register the server.
If you have such Directory Server, type the full path that stores the
configuration file.
If you don't, type return.
[configuration directory path or return]:
=
=
=
=
=
=
========================================================================
Candidate servers to register:
/etc/dirsrv/slapd-generic-02
/etc/dirsrv/slapd-temp-02
=
=
=
=
=
=
========================================================================
Do you want to use this server as Configuration Directory Server?
Directory server identifier [generic-02]:
=
=
=
=
=
=
========================================================================
Registering new Config DS: generic-02
=
=
=
=
=
=
========================================================================
Input the Directory Server password on the server generic-02:
=
=
=
=
=
=
========================================================================
Please input the password for the Administrator User uid=admin,
ou=Administrators, ou=TopologyManagement, o=NetscapeRoot:
Error: failed to register the configuration server info to the
Configuration Directory Server generic-02.
=
=
=
=
=
=
========================================================================
Please input the password for the Administrator User uid=admin,
ou=Administrators, ou=TopologyManagement, o=NetscapeRoot:
Error: failed to register the configuration server info to the
Configuration Directory Server generic-02.
=
=
=
=
=
=
========================================================================
Please input the password for the Administrator User uid=admin,
ou=Administrators, ou=TopologyManagement, o=NetscapeRoot:
and here is the output of the .log file
[root@generic-02 ~]# cat /tmp/setupJYeuBo.log
[08/03/04:13:15:25] - [Setup] Info Beginning registration of the
Directory Server[08/03/04:13:15:26] - [Setup] Info Candidate servers
to register:
[08/03/04:13:15:26] - [Setup] Info Do you want to use this server as
Configuration Directory Server?
[08/03/04:13:15:26] - [Setup] Info Directory server identifier
[08/03/04:13:15:33] - [Setup] Info generic-02
[08/03/04:13:15:33] - [Setup] Info Registering new Config DS: generic-02
[08/03/04:13:15:42] - [Setup] Warning Error: failed to register the
configuration server info to the Configuration Directory Server
generic-02.
[08/03/04:13:15:44] - [Setup] Warning Error: failed to register the
configuration server info to the Configuration Directory Server
generic-02.
Rich Megginson wrote:
>
> Howard Wilkinson wrote:
>> Richard et al,
>>
>> I have obviously confused you on this so to start again!
>>
>> I have four machines on which I am installing directory server
>> version 1.1.
>>
>> I have automated the install so that I start with a virgin install
>> every time - erase the packages and delete all of the files left
>> lying around and then reinstall the packages.
>>
>> I want to set up the four machines in a fault-tolerant fashion. So
>> I have an initial master, a secondary on a separate machine, and 2
>> consumers on the other machines.
>>
>> I can setup the servers on each machine with their own admin server
>> and can gt the SSL working and have modified the mmr script and can
>> get all other server to replicate. Master and Secondary in multi-
>> master mode, consumers fed from master and secondary.
>>
>> What I want to achieve is to have all of the servers sharing the
>> o=NetscapeRoot paritition (i.e. all having an admin server but all
>> having the same configuration for the admin server). Now this means
>> that they need to be in a mesh multi-master - OK I can set that up
>> but I can't get the servers to register cleanly with the individual
>> admin servers on each of the machines.
> Ok. I understand. First, you have to follow these guidelines - http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication...
>
> Next, it sounds like you are running into this bug - https://bugzilla.redhat.com/show_bug.cgi?id=431103
Have followed these instructions, with the fixes from the patch and we
are further along! I now have all servers registered on the master
server and can see them from there as expected.
I now face an issue with "register-ds-admin.pl" when I run it in the
secondary server I get the following output.
If you have such Directory Server, type the full path that stores the
configuration file.
If you don't, type return.
[configuration directory path or return]:
=
=
=
=
=
=
========================================================================
Candidate servers to register:
/etc/dirsrv/slapd-backus
=
=
=
=
=
=
========================================================================
Do you want to use this server as Configuration Directory Server?
Directory server identifier: backus
=
=
=
=
=
=
========================================================================
Do you want to use this server as Configuration Directory Server?
Directory server identifier:
and this justs keeps cycling asking the same question.
If I run on one of the consumers the behaviour is different but still
no very useful. I get a bit further but it refuses to recognise the
admin password.
Do you want to use this server as Configuration Directory Server?
Directory server identifier: barnacle
=
=
=
=
=
=
========================================================================
Cleaning up old Config DS:
=
=
=
=
=
=
========================================================================
Please input the password for the Administrator User uid=admin,
ou=Administrators, ou=TopologyManagement, o=NetscapeRoot:
Error: failed to clean up the configuration info from the old
Configuration
Directory Server .
=
=
=
=
=
=
========================================================================
Please input the password for the Administrator User uid=admin,
ou=Administrators, ou=TopologyManagement, o=NetscapeRoot:
I get the same behaviour if I run on the Master server.
Any suggestions?
.............
15 years
[Fedora-directory-users] Is the userRoot database special?
by Ben Cohen
Is the userRoot database treated specially in any way by fedora
directory server?
I setup a directory server and made it a supplier of its userRoot
database. I installed a second server and set its default suffix to
the same as the first server's when I created the directory instance
(so the db named 'userRoot' created on the second server had the same
root suffix as the db on the first server). I then replicated the
first server's userRoot database to the second server (first server is
supplier, second is consumer).
My intention is that the second server will carry a read-only replica
of the first server's database but the worry was raised that the
userRoot database might be treated specially by some portion of the
directory server and not like being a read only replica ...?
Should this be a concern? Any clarity is appreciated.
Thanks much.
15 years
[Fedora-directory-users] Apple OS X 10.5 question
by John Call
Aloha list,
My university has been authenticating Mac OS X 10.4 clients to FDS
1.04 for about a year now. Things have been working great, as long as
we keep an eye on the external SASL mechanisms. However, now that our
staff is deploying the new OS X 10.5 things aren't working. To the
best of our knowledge we have maintained the same client LDAP
configuration from 10.4 to 10.5, but the Apple clients refuse to
authenticate. Has anybody else experienced this?
Mahalo (thanks),
John Call
15 years
[Fedora-directory-users] groups
by solarflow99
I was interested to create groups to use for authenticated access. Say for
instance I configure samba to use FDS, can it actually use those groups to
control permissions? What about the gidnumber? This all the docs had to
say about it:
5.4. Using Groups
Groups are a mechanism for associating entries for ease of administration.
This mechanism was provided with previous versions of Directory Server and
should be used primarily for compatibility with older versions of the
server.
15 years
[Fedora-directory-users] Fedora DS Graph 1.0.0 released
by Chris St. Pierre
I've released version 1.0 of Fedora DS Graph (formerly FDSGraph) at:
http://www.stpierreconsulting.com/fedora-ds-graph-1-0-0
This is a _major_ overhaul of the old code, and includes lots of new
stuff -- most notably, support for Fedora DS 1.1. (I've also tested
it with Fedora DS 1.0.4.) A larger list of changes can be found on
the page linked to above.
Fedora DS Graph is a graphing utility for graphing connections to and
operations on a Fedora Directory Server instance.
I've also requested a review of the package for eventual inclusion in
Fedora, so hopefully getting your hands on Fedora DS Graph should be
easier.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
15 years
[Fedora-directory-users] "Numeric String" attribute syntax not supported by FDS 1.1?
by Aleksander Adamowski
Hi!
I''ve installed Fedora DS 1.1 for x86_64 and am currently extending my
schema. I got some schema ldif files converted from OpenLDAP format.
I've placed the converted schema LDIFs in
/etc/dirsrv/my_instance_name/schema/, and restarted the dirsrv service.
The problem is that FDS reject a quite common attribute syntax:
[03/Mar/2008:17:47:54 +0100] dse - The entry cn=schema in file
/etc/dirsrv/my_instance_name/schema/75phpgwcontact.ldif is invalid,
error code 21 (Invalid syntax) - attribute type phpgwContactOwner:
Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.36"
[03/Mar/2008:17:47:54 +0100] dse - Please edit the file to correct the
reported problems and then restart the server.
This is very strange, considering that 1.3.6.1.4.1.1466.115.121.1.36
(Numeric String) is a quite common attribute syntax and it's present in
Netscape's own RFC 2252, section 6.23:
http://www.faqs.org/rfcs/rfc2252.html
==============================
6.23. Numeric String
( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
The encoding of a string in this syntax is the string value itself.
Example:
1997
==============================
Surely it can't be that Netscape/Fedora Directory Server doesn't
support it?
--
Best Regards,
Aleksander Adamowski
GG#: 274614
ICQ UIN: 19780575
http://olo.org.pl
--
Aleksander Adamowski
Administrator systemów korporacyjnych; Instruktor
Altkom Akademia S.A. http://www.altkom.pl
Warszawa, ul. Chłodna 51
kom. +48 601-318-080
Sąd Rejonowy dla m.st. Warszawy w Warszawie, XII Wydział Gospodarczy Krajowego Rejestru Sądowego,
KRS: 0000120139, NIP 118-00-08-391, Kapitał zakładowy: 1000 000 PLN. Adres rejestrowy Firmy - ul. Stawki 2, 00-193 Warszawa.
Niniejsza wiadomość zawiera informacje zastrzeżone i stanowiące tajemnicę przedsiębiorstwa firmy Altkom Akademia S.A.
Ujawnianie tych informacji osobom trzecim lub nieuprawnione wykorzystanie ich do własnych celów jest zabronione.
Jeżeli otrzymaliście Państwo niniejszą wiadomość omyłkowo, prosimy o niezwłoczne skontaktowanie się z nadawcą oraz usunięcie wszelkich kopii niniejszej wiadomości.
This message contains proprietary information and trade secrets of Altkom Akademia S.A. company.
Unauthorized use or disclosure of this information to any third party is prohibited.
If you received this message by mistake, please contact the sender immediately and delete all copies of this message.
15 years
