[Fedora-directory-users] FDS <-> AD: UID/GID and OU sync
by Alex Davies
Hi All,
We have an AD architecture setup, and are looking to sync FDS with
this to allow us to authenticate Linux machines and network devices.
We have two AD domains, and have a winsync and passsync setup with one
of the domain controllers in each domain. This works, subject to the
limitation that we have to manually create each OU. Once we create the
OU in FDS, the users appear at the next sync. Question 1: is it
possible to automatically sync *all* OU's, including creating the OU
in FDS if it does not exist? We have hundreds of OUs, and I don't want
to have to create them all manually.
Question 2 is on UNIX UID/GID sync from AD. I've found a couple of
posts which imply that it is not possible to sync UID/GUD from AD[1],
but this was some time ago. An alternative piece of documentation
suggests that it is, but provides no details[2]. I'm also struggling
to find documentation on the libdna plugin, which I believe is
involved[3].
My questions are
- Is it possible to sync UID/GID from AD (where AD has the Unix Tools
installed, and therefore has these attributes in the schema).
- Is it possible to automatically apply a unique UID/GID to each user
that does not have a UID/GID?
Any help/pointers greatly appreciated.
Many thanks,
Alex
[1] http://www.redhat.com/archives/fedora-directory-users/2007-February/msg00...
[2] "Fedora DS gets posix/unix automatic uid generation (February 08, 2007)
The cvs head now contains a new feature for automatic generation of
sequenced numbers which is compatible with multi-master replication
environments. This feature can be used for automatic generation of
posix uidNumber and gidNumber in addition to other sequenced numeric
attributes required by your deployment. "
http://directory.fedoraproject.org/
[3] About the only referenceI can find:
http://www.redhat.com/archives/fedora-directory-users/2008-January/msg000...
15 years, 5 months
[Fedora-directory-users] error PassSync
by Marco Maccari
We passsync installed on windows 2003 server.
We have the following error when passsync part.
03/26/08 12:04:25: PassSync service stopped
03/26/08 12:04:28: PassSync service started
03/26/08 12:04:28: Failed to load entries from file
What does this error? Failed to load entries from file
What are the entries that should read?
Working with what files?
Thanks
Marco
15 years, 6 months
[Fedora-directory-users] Announcing web apps package for Fedora DS 1.1 - fedora-ds-dsgw
by Rich Megginson
The web applications have been moved into a separate package called
fedora-ds-dsgw. This package contains the Phonebook, Org Chart, and DS
Gateway applications. This package is now available as an add-on for the
fedora-ds-admin package. The shell script /usr/sbin/setup-ds-dsgw is
provided to configure the applications and enable them to be used from
the Admin Server home page (as in 1.0 and earlier versions). See the
DSGW_Install_Guide for more information.
15 years, 7 months
[Fedora-directory-users] Gateway Access
by Glenn
Is it possible to limit access to the directory through the Directory Server
Gateway? Ideally, we would like to make the gateway available only to the
10,000 users in our directory. The way it is configured now, anyone with
access to the gateway web site can search the directory. We are running
Fedora Directory 1.0.4. Thanks for any ideas. -G.
15 years, 7 months
[Fedora-directory-users] FDS - SEGFAULT
by Paulo Alberto
Hi,
I'm getting a SEGFAULT with fedora-ds-1.1.0-3.fc6. The script below can
reproduce this:
----------------------------------------
#!/bin/bash
FILTER="1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"
for a in $(seq 1 5); do
ldapsearch -w xxxxxxx -h h.h.h.h -x -b "o=xxxxxxxx" -D
"uid=zzzzzzzz,ou=yyyyyy,ou=wwwwwww,ou=vvvvvvv,o=tttttttt"
"(&(|(objectClass=inetorgperson)(objectClass=posixaccount))(|(cn=*$FILTER*)(mail=*$FILTER*)(mozillasecondemail=*$FILTER*)))"
uidNumber uid cn givenName sn audio description labeledUri o ou title street
l st postalCode telephoneNumber homePhone facsimileTelephoneNumber mobile
pager mail roomNumber jpegPhoto displayName postalAddress
userSMIMECertificate mozillaworkstreet2 c mozillahomestreet
mozillahomestreet2 mozillahomelocalityname mozillahomestate
mozillahomepostalcode mozillahomecountryname mozillasecondemail
mozillahomeurl mozillapostaladdress2 co mozillahomepostaladdress2 birthDate
note carPhone primaryPhone category businessRole assistantPhone
assistantName fileAs homeFacsimileTelephoneNumber freeBusyURI calendarURI
otherPhone callbackPhone entryuuid uid uidNumber objectClass createTimestamp
modifyTimestamp creatorsName modifiersName
done;
---------------------------------------
Is it a bug, or I can limit the search filter length?
The system is RHEL5.1 x86_64 and tested with Fedora8 i386 (same result).
15 years, 7 months
[Fedora-directory-users] Updating password issue
by Aissat, Hamza
Hi,
I have installed and configured fds with "user must change his password
after reset".
I created a normal user and when i try to update my password with
ldappasswd, i have this error message :
Password has been reset by an administrator; you must change it.
ldap_search: DSA is unwilling to perform
How Can'I do to update my password?
isn't here a chicken egg's problem?
Thank's in advance
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is
intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to
read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message
in error, please notify the sender immediately and delete all copies of this message.
15 years, 7 months
[Fedora-directory-users] ACLUserCacheSize
by Paulo Alberto
Hello,
how do I increase the ACLUserCacheSize parameter? The default is 200,
right? In the log files I see a lot of "acl__TestRights - cache overflown"
messages.
Thanks in advance.
Paulo Alberto
15 years, 7 months
