[Fedora-directory-users] Uninstall FDS
by Nicolas Roussi
Hi, I installed Fedora Directory on Fedora 9 but I need to completely
uninstall it and install it again. I tried searching online as to how
to remove it and the only thing I found was: yum erase fedora-ds.
That does not uninstall it, it just removes the package. Does anyone
know how to uninstall it?
Thanks
15 years, 11 months
[Fedora-directory-users] Uninstall FDS
by Nicolas Roussi
Hi, I installed Fedora Directory on Fedora 9 but I need to completely
uninstall it and install it again. I tried searching online as to how
to remove it and the only thing I found was: yum erase fedora-ds.
That does not uninstall it, it just removes the package. Does anyone
know how to uninstall it?
Thanks
On May 18, 2008, at 12:00 PM, fedora-directory-users-
request(a)redhat.com wrote:
> Send Fedora-directory-users mailing list submissions to
> fedora-directory-users(a)redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> or, via email, send a message with subject or body 'help' to
> fedora-directory-users-request(a)redhat.com
>
> You can reach the person managing the list at
> fedora-directory-users-owner(a)redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Fedora-directory-users digest..."
>
>
> Today's Topics:
>
> 1. Re: question on ldapsearching (Howard Chu)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 17 May 2008 09:11:45 -0700
> From: Howard Chu <hyc(a)symas.com>
> Subject: Re: [Fedora-directory-users] question on ldapsearching
> To: fedora-directory-users(a)redhat.com
> Message-ID: <482F03C1.3050603(a)symas.com>
> Content-Type: text/plain; charset=us-ascii; format=flowed
>
>> Date: Fri, 16 May 2008 10:06:38 -0600
>> From: Rich Megginson<rmeggins(a)redhat.com>
>
>> Aaron Bliss wrote:
>>> Hi everyone,
>>> I'm looking to do an ldapsearch and to display only a subset of the
>>> objectclasses and attributes that a list of user has. For example,
>>> I'm only interested in seeing the top, person and organizatoinPerson
>>> objectclasses and their cn, dn and sn attributes. Any ideas?
>>> Thanks.
>> for the cn dn and sn, that's easy;
>> ldapsearch .... "(uid=someperson)" cn dn sn
>>
>> For specific objectclass values, I don't think that's possible.
>>> Aaron
>
> Well, there's RFC3876 for specifying a values return filter, to get
> only the
> desired values. OpenLDAP supports this, anyway.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
>
>
> ------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> End of Fedora-directory-users Digest, Vol 36, Issue 20
> ******************************************************
15 years, 11 months
[Fedora-directory-users] Ldapsearh on dynamic group
by Brian PASSANTE
Hi All,
I use dynamic group to organize my users by I don't know how make a ldapsearch request which anwser all the member of a dynamic group.
Is is possible to do that ?
Does it completely depend on the client side ?
My goal is to set a Role of all the members of a dynamic group to be able to ldapsearch with the nsrole attribute.
Does anybody already try this ? I do not find any information about that.
Thanks for all
Regards
Brian
15 years, 11 months
Re: [Fedora-directory-users] question on ldapsearching
by Howard Chu
> Date: Fri, 16 May 2008 10:06:38 -0600
> From: Rich Megginson<rmeggins(a)redhat.com>
> Aaron Bliss wrote:
>> Hi everyone,
>> I'm looking to do an ldapsearch and to display only a subset of the
>> objectclasses and attributes that a list of user has. For example,
>> I'm only interested in seeing the top, person and organizatoinPerson
>> objectclasses and their cn, dn and sn attributes. Any ideas? Thanks.
> for the cn dn and sn, that's easy;
> ldapsearch .... "(uid=someperson)" cn dn sn
>
> For specific objectclass values, I don't think that's possible.
>> Aaron
Well, there's RFC3876 for specifying a values return filter, to get only the
desired values. OpenLDAP supports this, anyway.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
15 years, 11 months
[Fedora-directory-users] cant lookup unix group
by Sanga M. Collins
I have successfully installed Fedora DS 1.0.4 on an Ubuntu 804 server. I
am trying to setup samba integration and keep running into the same
problem over and over at this step
# net groupmap add rid=2512 ntgroup='Domain Admins' unixgroup='Domain
Admins'
I have searched the net, and this message list for a week trying to find
an answer and haven't been successful. I made sure PAM was working and
communicating with the LDAP server, as well as created the required
groups in FDS (not in /etc/groups). What else do I need to do?? Our
company would like to eliminate AD and go with something different. I am
hoping the FDS will fulfill our needs. Below is the debug from the
command.
sanga@ubuntu-fds:~$ sudo net -debuglevel=10 groupmap add rid=2512
ntgroup='Domain Admins' unixgroup='Domain Admins'
[sudo] password for sanga:
[2008/05/16 10:36:14, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2008/05/16 10:36:14, 3] param/loadparm.c:lp_load(5063)
lp_load: refreshing parameters
[2008/05/16 10:36:14, 3] param/loadparm.c:init_globals(1448)
Initialising global parameters
[2008/05/16 10:36:14, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2008/05/16 10:36:14, 3] param/loadparm.c:do_section(3802)
Processing section "[global]"
doing parameter workgroup = facility
doing parameter security = user
doing parameter passdb backend = ldapsam:ldap://ubuntu-fds.it-mgt.com
doing parameter ldap admin dn = cn=Directory Manager
doing parameter ldap suffix = dc=it-mgt,dc=com
doing parameter ldap user suffix = ou=People
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap group suffix = ou=Groups
doing parameter log file = /var/log/%m.log
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
doing parameter os level = 33
doing parameter domain logons = yes
doing parameter domain master = yes
doing parameter local master = yes
doing parameter preferred master = yes
doing parameter wins support = yes
doing parameter logon home = \\%L\%u\profiles
doing parameter logon path = \\%L\profiles\%u
doing parameter logon drive = H:
doing parameter template shell = /bin/false
doing parameter winbind use default domain = no
[2008/05/16 10:36:14, 4] param/loadparm.c:lp_load(5094)
pm_process() returned Yes
[2008/05/16 10:36:14, 7] param/loadparm.c:lp_servicenumber(5232)
lp_servicenumber: couldn't find homes
[2008/05/16 10:36:14, 10] param/loadparm.c:set_server_role(4338)
set_server_role: role = ROLE_DOMAIN_PDC
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2LE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16LE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16LE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2BE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2BE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16BE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16BE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF8
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF8
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-8
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-8
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ASCII
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ASCII
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset 646
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset 646
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ISO-8859-1
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ISO-8859-1
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS2-HEX
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS2-HEX
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/util.c:init_names(287)
Netbios name list:-
my_netbios_names[0]="UBUNTU-FDS"
[2008/05/16 10:36:14, 2] lib/interface.c:add_interface(81)
added interface ip=10.160.4.145 bcast=10.160.4.255 nmask=255.255.255.0
[2008/05/16 10:36:14, 10] intl/lang_tdb.c:lang_tdb_init(138)
lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or
directory
Can't lookup UNIX group Domain Admins
[2008/05/16 10:36:14, 2] utils/net.c:main(1046)
return code = -1
sanga@ubuntu-fds:~$
Sanga M. Collins
Network Engineering
~~~~~~~~~~~~~~~~~~~~~~~
IT Management LLC
6491 Sunset Strip #5,
Sunrise Fl, 33313
Tel: (954) 572 7411,
Fax: (435) 578 7411
15 years, 11 months
[Fedora-directory-users] question on ldapsearching
by Aaron Bliss
Hi everyone,
I'm looking to do an ldapsearch and to display only a subset of the
objectclasses and attributes that a list of user has. For example, I'm
only interested in seeing the top, person and organizatoinPerson
objectclasses and their cn, dn and sn attributes. Any ideas? Thanks.
Aaron
15 years, 11 months
[Fedora-directory-users] mod_nss and FIPS mode
by Mark Price
Hello,
I am having trouble getting mod_nss to work in FIPS mode. Summary of
the problem: mod_nss works fine before FIPS mode is enabled, then
cannot find the certificate after enabling it.
Here is my setup:
CentOS 5 64-bit
Apache 2.2.3 from distro RPM, pre-fork MPM
NSS libraries, tools, etc from distro RPMs (3.11.7-1.3)
I have tried both mod_nss from distro rpm (1.0.3-4) and 1.0.7 compiled
from source
Here is the configuration for mod_nss I am using in Apache. It is
basically the defaults
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
NSSPassPhraseDialog builtin
NSSPassPhraseHelper /usr/sbin/nss_pcache
NSSSessionCacheSize 10000
NSSSessionCacheTimeout 100
NSSSession3CacheTimeout 86400
NSSRandomSeed startup builtin
<VirtualHost _default_:443>
LogLevel warn
NSSEngine on
NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
NSSNickname Server-Cert
NSSCertificateDatabase /etc/httpd/alias
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
NSSOptions +StdEnvVars
</Files>
<Directory "/etc/httpd/cgi-bin">
NSSOptions +StdEnvVars
</Directory>
</VirtualHost>
This is using the /etc/httpd/alias cert database, that the mod_nss RPM
created with a default certificate named Server-Cert.
Using that default configuration, the Apache server starts fine and
loads mod_nss.
However, when I enable FIPS mode in mod_nss (By adding "NSSFIPS on" to
Apache config), I can't get it to find the same server certificate
[Thu May 15 13:41:21 2008] [info] Init: Initializing NSS library
[Thu May 15 13:41:21 2008] [info] Initializing SSL Session Cache of
size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Thu May 15 13:41:21 2008] [error] The server key database has not
been initialized.
[Thu May 15 13:41:21 2008] [info] Init: Initializing (virtual) servers for SSL
[Thu May 15 13:41:21 2008] [error] Certificate not found: 'Server-Cert'
I also tried using modutil to enable FIPS mode on the cert database,
but that did not help:
# modutil -fips true -dbdir /etc/httpd/alias
<snipped warning>
Using database directory /etc/httpd/alias...
FIPS mode enabled.
# modutil -chkfips true -dbdir /etc/httpd/alias
Using database directory /etc/httpd/alias...
FIPS mode enabled.
Could someone please clue me in here. Is there some more extensive
process I need to go through in converting the certificate database to
FIPS mode? I have searched for more relevant info with certutil and
modutil but haven't been able to find anything.
Thanks,
Mark
15 years, 11 months
[Fedora-directory-users] questions
by solarflow99
I have a couple of questions about FDS:
- Is it possible to set a root user (UID=0) I noticed it doesn't seem to let
me log in that way.
- If the clients are authenticating to hostname, how does failover work if
that host went offline? Having a secondary LDAP instance wouldnt really
help would it?
Thanks,
15 years, 11 months